From 347c164c35eddab388009470e6848cb361ac93f8 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 18 May 2024 15:22:53 +0200
Subject: Merging upstream version 1:10.11.8.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 extra/CMakeLists.txt                               |     2 +-
 extra/mariabackup/CMakeLists.txt                   |    15 +-
 extra/mariabackup/aria_backup_client.cc            |  1016 +
 extra/mariabackup/aria_backup_client.h             |    38 +
 extra/mariabackup/backup_copy.cc                   |   495 +-
 extra/mariabackup/backup_copy.h                    |    32 +-
 extra/mariabackup/backup_debug.h                   |    21 +-
 extra/mariabackup/backup_mysql.cc                  |   356 +-
 extra/mariabackup/backup_mysql.h                   |    24 +-
 extra/mariabackup/changed_page_bitmap.cc           |  1040 -
 extra/mariabackup/changed_page_bitmap.h            |    85 -
 extra/mariabackup/common.h                         |     3 +-
 extra/mariabackup/common_engine.cc                 |   512 +
 extra/mariabackup/common_engine.h                  |    39 +
 extra/mariabackup/datasink.cc                      |    28 +-
 extra/mariabackup/datasink.h                       |    17 +-
 extra/mariabackup/ddl_log.cc                       |   553 +
 extra/mariabackup/ddl_log.h                        |    15 +
 extra/mariabackup/ds_buffer.cc                     |     9 +-
 extra/mariabackup/ds_compress.cc                   |     9 +-
 extra/mariabackup/ds_local.cc                      |   105 +-
 extra/mariabackup/ds_stdout.cc                     |     8 +-
 extra/mariabackup/ds_tmpfile.cc                    |     8 +-
 extra/mariabackup/ds_xbstream.cc                   |    61 +-
 extra/mariabackup/encryption_plugin.cc             |   249 +
 extra/mariabackup/encryption_plugin.h              |     7 +
 extra/mariabackup/fil_cur.cc                       |    19 +-
 extra/mariabackup/fil_cur.h                        |     1 +
 extra/mariabackup/innobackupex.cc                  |    78 +-
 extra/mariabackup/read_filt.cc                     |   142 +-
 extra/mariabackup/read_filt.h                      |    29 +-
 extra/mariabackup/thread_pool.cc                   |    50 +
 extra/mariabackup/thread_pool.h                    |    62 +
 extra/mariabackup/write_filt.cc                    |    12 +
 extra/mariabackup/wsrep.cc                         |    48 +-
 extra/mariabackup/xb_plugin.cc                     |   229 -
 extra/mariabackup/xb_plugin.h                      |     5 -
 extra/mariabackup/xbstream.cc                      |    64 +-
 extra/mariabackup/xbstream.h                       |    19 +-
 extra/mariabackup/xbstream_read.cc                 |   107 +-
 extra/mariabackup/xbstream_write.cc                |   152 +-
 extra/mariabackup/xtrabackup.cc                    |  1005 +-
 extra/mariabackup/xtrabackup.h                     |    57 +-
 extra/wolfssl/CMakeLists.txt                       |   184 +-
 extra/wolfssl/user_settings.h.in                   |    18 +-
 extra/wolfssl/wolfssl/.github/workflows/async.yml  |     2 +-
 extra/wolfssl/wolfssl/.github/workflows/curl.yml   |     8 +-
 .../wolfssl/.github/workflows/docker-Espressif.yml |     6 +-
 .../wolfssl/.github/workflows/docker-OpenWrt.yml   |    16 +-
 .../wolfssl/wolfssl/.github/workflows/haproxy.yml  |     4 +-
 extra/wolfssl/wolfssl/.github/workflows/hitch.yml  |    10 +-
 extra/wolfssl/wolfssl/.github/workflows/hostap.yml |    14 +-
 extra/wolfssl/wolfssl/.github/workflows/krb5.yml   |    20 +-
 .../wolfssl/wolfssl/.github/workflows/libssh2.yml  |    58 +
 extra/wolfssl/wolfssl/.github/workflows/main.yml   |     5 +
 .../wolfssl/.github/workflows/memcached.yml        |    10 +-
 .../wolfssl/.github/workflows/multi-arch.yml       |     2 +-
 .../wolfssl/.github/workflows/multi-compiler.yml   |     2 +-
 extra/wolfssl/wolfssl/.github/workflows/nginx.yml  |    18 +-
 .../wolfssl/wolfssl/.github/workflows/openssh.yml  |    68 +
 .../wolfssl/wolfssl/.github/workflows/openvpn.yml  |    14 +-
 .../wolfssl/wolfssl/.github/workflows/os-check.yml |     7 +-
 .../wolfssl/.github/workflows/packaging.yml        |     2 +-
 .../wolfssl/wolfssl/.github/workflows/stunnel.yml  |     8 +-
 extra/wolfssl/wolfssl/.github/workflows/zephyr.yml |     8 +-
 extra/wolfssl/wolfssl/.gitignore                   |    40 +-
 extra/wolfssl/wolfssl/CMakeLists.txt               |   227 +-
 extra/wolfssl/wolfssl/ChangeLog.md                 |    94 +
 extra/wolfssl/wolfssl/Docker/Dockerfile            |     5 +-
 .../wolfssl/Docker/Dockerfile.cross-compiler       |     2 +-
 extra/wolfssl/wolfssl/Docker/yocto/Dockerfile      |    27 +
 extra/wolfssl/wolfssl/Docker/yocto/buildAndPush.sh |    27 +
 .../wolfssl/IDE/ARDUINO/Arduino_README_prepend.md  |    13 +
 extra/wolfssl/wolfssl/IDE/ARDUINO/README.md        |   185 +-
 extra/wolfssl/wolfssl/IDE/ARDUINO/include.am       |     9 +
 extra/wolfssl/wolfssl/IDE/ARDUINO/keywords.txt     |    21 +
 .../IDE/ARDUINO/library.properties.template        |     9 +
 .../wolfssl/wolfssl/IDE/ARDUINO/sketches/README.md |    12 +
 .../IDE/ARDUINO/sketches/wolfssl_client/README.md  |    22 +
 .../sketches/wolfssl_client/wolfssl_client.ino     |   928 +-
 .../IDE/ARDUINO/sketches/wolfssl_server/README.md  |   134 +
 .../sketches/wolfssl_server/wolfssl_server.ino     |   913 +-
 .../IDE/ARDUINO/sketches/wolfssl_version/README.md |     3 +
 .../sketches/wolfssl_version/wolfssl_version.ino   |    24 +
 .../wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.sh |   347 +-
 extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h        |    39 +
 .../template/components/wolfssl/CMakeLists.txt     |     6 +-
 .../components/wolfssl/CMakeLists.txt              |     6 +-
 .../ESP-IDF/examples/wolfssl_benchmark/main/main.c |    33 +-
 .../ESP-IDF/examples/wolfssl_client/Makefile       |   128 +-
 .../ESP-IDF/examples/wolfssl_client/README.md      |   122 +-
 .../VisualGDB/wolfssl_client_IDF_v5_ESP32.sln      |     5 +
 .../components/wolfssl/CMakeLists.txt              |    10 +-
 .../wolfssl_client/components/wolfssl/component.mk |   230 +-
 .../components/wolfssl/include/user_settings.h     |   199 +-
 .../examples/wolfssl_client/main/client-tls.c      |   122 +-
 .../examples/wolfssl_client/main/component.mk      |     6 +-
 .../wolfssl_client/main/include/client-tls.h       |    26 +-
 .../examples/wolfssl_client/main/include/main.h    |     4 +-
 .../wolfssl_client/main/include/time_helper.h      |    15 +-
 .../wolfssl_client/main/include/wifi_connect.h     |    58 +-
 .../ESP-IDF/examples/wolfssl_client/main/main.c    |   114 +-
 .../examples/wolfssl_client/main/time_helper.c     |   162 +-
 .../examples/wolfssl_client/main/wifi_connect.c    |   136 +-
 .../examples/wolfssl_client/sdkconfig.defaults     |    29 +-
 .../wolfssl_client/wolfssl_client_ESP8266.vgdbproj |   292 +
 .../components/wolfssl/CMakeLists.txt              |     6 +-
 .../wolfssl_test/components/wolfssl/CMakeLists.txt |     6 +-
 .../ESP-IDF/examples/wolfssl_test/main/main.c      |    20 +-
 extra/wolfssl/wolfssl/IDE/Espressif/README.md      |    43 +-
 extra/wolfssl/wolfssl/IDE/Espressif/include.am     |     1 +
 .../wolfssl/IDE/IAR-EWARM/Projects/user_settings.h |    52 +-
 .../settings/wolfcrypt_benchmark_Debug.jlink       |    39 -
 .../wolfcrypt_benchmark.ewt                        |  2382 --
 .../wolfcrypt_lib.ewt                              |  2400 --
 .../settings/wolfcrypt_test_Debug.jlink            |    39 -
 .../wolfcrypt_test.ewt                             |  2382 --
 .../wolfssl/wolfssl/IDE/LINUX-SGX/sgx_t_static.mk  |     1 +
 extra/wolfssl/wolfssl/IDE/MPLABX16/README.md       |    62 +
 extra/wolfssl/wolfssl/IDE/MPLABX16/include.am      |     8 +
 extra/wolfssl/wolfssl/IDE/MPLABX16/main.c          |    39 +
 extra/wolfssl/wolfssl/IDE/MPLABX16/user_settings.h |   414 +
 .../wolfssl/IDE/MPLABX16/wolfcrypt_test.X/Makefile |   113 +
 .../wolfcrypt_test.X/nbproject/configurations.xml  |   285 +
 .../MPLABX16/wolfcrypt_test.X/nbproject/include.am |     8 +
 .../nbproject/private/configurations.xml           |    25 +
 .../wolfcrypt_test.X/nbproject/private/private.xml |     7 +
 .../wolfcrypt_test.X/nbproject/project.xml         |    33 +
 .../wolfssl/IDE/MPLABX16/wolfssl.X/Makefile        |   113 +
 .../wolfssl.X/nbproject/configurations.xml         |   290 +
 .../IDE/MPLABX16/wolfssl.X/nbproject/include.am    |     7 +
 .../IDE/MPLABX16/wolfssl.X/nbproject/project.xml   |    34 +
 .../wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h   |     1 +
 .../Renesas/e2studio/RA6M4/common/user_settings.h  |     3 +-
 .../IDE/Renesas/e2studio/RA6M4/test/.cproject      |     4 +-
 .../wolfssl/IDE/STM32Cube/STM32_Benchmarks.md      |    75 +
 .../wolfssl/wolfssl/IDE/STM32Cube/default_conf.ftl |    47 +-
 extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc    |     8 +-
 extra/wolfssl/wolfssl/IDE/include.am               |     3 +
 extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c     |     5 +-
 extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h  |    16 +-
 extra/wolfssl/wolfssl/IPP/.gitkeep                 |     0
 extra/wolfssl/wolfssl/Makefile.am                  |     4 -
 extra/wolfssl/wolfssl/README                       |   140 +-
 extra/wolfssl/wolfssl/README.md                    |   187 +-
 extra/wolfssl/wolfssl/autogen.sh                   |    28 -
 extra/wolfssl/wolfssl/certs/crl/caEcc384Crl.pem    |    12 +-
 extra/wolfssl/wolfssl/certs/crl/caEccCrl.pem       |    12 +-
 extra/wolfssl/wolfssl/certs/crl/cliCrl.pem         |    54 +-
 extra/wolfssl/wolfssl/certs/crl/crl.der            |   Bin 520 -> 520 bytes
 extra/wolfssl/wolfssl/certs/crl/crl.pem            |    52 +-
 extra/wolfssl/wolfssl/certs/crl/crl.revoked        |    56 +-
 extra/wolfssl/wolfssl/certs/crl/crl2.der           |   Bin 520 -> 520 bytes
 extra/wolfssl/wolfssl/certs/crl/crl2.pem           |   102 +-
 extra/wolfssl/wolfssl/certs/crl/crl_rsapss.pem     |    53 +
 extra/wolfssl/wolfssl/certs/crl/eccCliCRL.pem      |    22 +-
 extra/wolfssl/wolfssl/certs/crl/eccSrvCRL.pem      |    22 +-
 .../certs/crl/extra-crls/ca-int-cert-revoked.pem   |    16 +-
 .../certs/crl/extra-crls/general-server-crl.pem    |    16 +-
 extra/wolfssl/wolfssl/certs/crl/gencrls.sh         |    17 +
 extra/wolfssl/wolfssl/certs/crl/include.am         |     3 +-
 extra/wolfssl/wolfssl/certs/include.am             |     1 +
 extra/wolfssl/wolfssl/certs/renewcerts.sh          |     5 +
 extra/wolfssl/wolfssl/certs/test-stream-sign.p7b   |   Bin 0 -> 6228 bytes
 extra/wolfssl/wolfssl/cmake/config.in              |     6 +
 extra/wolfssl/wolfssl/cmake/functions.cmake        |    30 +-
 extra/wolfssl/wolfssl/configure.ac                 |   465 +-
 .../doc/dox_comments/header_files-ja/cmac.h        |    54 +-
 .../dox_comments/header_files-ja/doxygen_groups.h  |     1 +
 .../dox_comments/header_files-ja/doxygen_pages.h   |     1 +
 .../wolfssl/doc/dox_comments/header_files-ja/rsa.h |     2 -
 .../wolfssl/doc/dox_comments/header_files/aes.h    |    22 +-
 .../wolfssl/doc/dox_comments/header_files/cmac.h   |     5 +-
 .../wolfssl/doc/dox_comments/header_files/ecc.h    |     8 +-
 .../wolfssl/doc/dox_comments/header_files/hmac.h   |   439 +
 .../doc/dox_comments/header_files/iotsafe.h        |     8 +-
 .../wolfssl/doc/dox_comments/header_files/rsa.h    |    51 +-
 .../wolfssl/doc/dox_comments/header_files/ssl.h    |   208 +-
 extra/wolfssl/wolfssl/examples/asn1/asn1.c         |     4 +-
 extra/wolfssl/wolfssl/examples/client/client.c     |    18 +
 extra/wolfssl/wolfssl/examples/configs/include.am  |     2 +
 .../examples/configs/user_settings_arduino.h       |   486 +
 .../wolfssl/examples/configs/user_settings_tls12.h |   158 +
 extra/wolfssl/wolfssl/examples/pem/pem.c           |     4 +-
 extra/wolfssl/wolfssl/examples/server/server.c     |    37 +-
 extra/wolfssl/wolfssl/fips-check.sh                |    40 +-
 extra/wolfssl/wolfssl/lib/dummy                    |     2 -
 extra/wolfssl/wolfssl/linuxkm/Kbuild               |    21 +-
 extra/wolfssl/wolfssl/linuxkm/Makefile             |     4 +
 extra/wolfssl/wolfssl/linuxkm/include.am           |     3 +-
 extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c     |   124 +-
 extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h    |   280 +-
 extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c        |  2739 ++
 extra/wolfssl/wolfssl/linuxkm/module_hooks.c       |   144 +-
 extra/wolfssl/wolfssl/pre-commit.sh                |    45 -
 extra/wolfssl/wolfssl/pre-push.sh                  |    19 -
 extra/wolfssl/wolfssl/rpm/spec.in                  |     1 -
 extra/wolfssl/wolfssl/scripts/makedistsmall.sh     |     1 -
 extra/wolfssl/wolfssl/scripts/openssl.test         |     2 +-
 extra/wolfssl/wolfssl/src/bio.c                    |    69 +-
 extra/wolfssl/wolfssl/src/crl.c                    |    64 +-
 extra/wolfssl/wolfssl/src/dtls.c                   |     8 +
 extra/wolfssl/wolfssl/src/dtls13.c                 |     1 +
 extra/wolfssl/wolfssl/src/include.am               |    59 +-
 extra/wolfssl/wolfssl/src/internal.c               |   880 +-
 extra/wolfssl/wolfssl/src/pk.c                     |    93 +-
 extra/wolfssl/wolfssl/src/quic.c                   |    13 +
 extra/wolfssl/wolfssl/src/sniffer.c                |    19 +-
 extra/wolfssl/wolfssl/src/ssl.c                    |   852 +-
 extra/wolfssl/wolfssl/src/ssl_bn.c                 |     3 +-
 extra/wolfssl/wolfssl/src/ssl_certman.c            |    87 +-
 extra/wolfssl/wolfssl/src/tls.c                    |   328 +-
 extra/wolfssl/wolfssl/src/tls13.c                  |   934 +-
 extra/wolfssl/wolfssl/src/wolfio.c                 |    53 +
 extra/wolfssl/wolfssl/src/x509.c                   |   152 +-
 extra/wolfssl/wolfssl/src/x509_str.c               |    10 +-
 extra/wolfssl/wolfssl/support/wolfssl.pc.in        |     1 +
 extra/wolfssl/wolfssl/tests/api.c                  |  2731 +-
 extra/wolfssl/wolfssl/tests/srp.c                  |     2 +
 extra/wolfssl/wolfssl/tests/suites.c               |     2 +-
 extra/wolfssl/wolfssl/tests/test-dtls.conf         |    14 +
 extra/wolfssl/wolfssl/tests/test.conf              |    12 +
 extra/wolfssl/wolfssl/tests/unit.h                 |     3 +-
 extra/wolfssl/wolfssl/tests/utils.h                |    70 +-
 extra/wolfssl/wolfssl/testsuite/testsuite.c        |     4 +-
 .../wolfssl/wolfcrypt/benchmark/benchmark.c        |  2552 +-
 .../wolfssl/wolfcrypt/benchmark/benchmark.h        |     2 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/aes.c          |   251 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S      |     6 +-
 .../wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S        |   300 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/asn.c          |  1298 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c       |     9 +-
 .../wolfssl/wolfcrypt/src/chacha20_poly1305.c      |    52 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c         |   162 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c        |     1 +
 extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c     |   314 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c   |     8 +
 extra/wolfssl/wolfssl/wolfcrypt/src/dh.c           |    18 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c    |   206 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c          |     8 +
 extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c          |   284 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c        |     8 +
 extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c      |    26 +
 extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c        |    36 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/error.c        |     3 +
 extra/wolfssl/wolfssl/wolfcrypt/src/evp.c          |    92 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/ext_kyber.c    |    76 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c     |    64 +
 extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c       |   190 +-
 .../wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S  |    36 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c       |    46 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/hash.c         |   305 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c         |    27 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/include.am     |     6 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/integer.c      |     3 +
 extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c          |   121 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/logging.c      |    13 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/md5.c          |     5 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/memory.c       |    57 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/misc.c         |    62 +
 extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c       |     2 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c        |  2181 +-
 .../wolfcrypt/src/port/Espressif/esp32_mp.c        |    10 +-
 .../wolfcrypt/src/port/Espressif/esp32_sha.c       |    36 +-
 .../wolfcrypt/src/port/Espressif/esp32_util.c      |    17 +-
 .../wolfssl/wolfcrypt/src/port/aria/aria-crypt.c   |     5 +
 .../wolfcrypt/src/port/aria/aria-cryptocb.c        |    28 +-
 .../wolfssl/wolfcrypt/src/port/arm/armv8-aes.c     |    76 +-
 .../wolfssl/wolfcrypt/src/port/arm/armv8-chacha.c  |    34 +-
 .../wolfssl/wolfcrypt/src/port/arm/armv8-sha256.c  |   198 +-
 .../wolfcrypt/src/port/arm/thumb2-aes-asm.S        |    29 +-
 .../wolfcrypt/src/port/arm/thumb2-aes-asm_c.c      |   104 +-
 .../wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c   |     5 +-
 .../wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c   |     3 +-
 .../wolfssl/wolfcrypt/src/port/autosar/README.md   |    45 +
 .../wolfssl/wolfcrypt/src/port/autosar/cryif.c     |   103 +
 .../wolfssl/wolfcrypt/src/port/autosar/crypto.c    |   495 +
 .../wolfssl/wolfcrypt/src/port/autosar/csm.c       |   298 +
 .../wolfssl/wolfcrypt/src/port/autosar/include.am  |    23 +
 .../wolfssl/wolfcrypt/src/port/autosar/test.c      |   430 +
 .../wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c   |    44 +-
 .../wolfssl/wolfcrypt/src/port/liboqs/liboqs.c     |   132 +
 .../wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c  |    52 +-
 .../wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c |  1066 +-
 .../wolfssl/wolfcrypt/src/port/ti/ti-hash.c        |    39 +-
 .../wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c |    33 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/random.c       |   359 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c          |    93 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c        |     9 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sha.c          |    66 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c       |   407 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S   |   942 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c       |    83 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c      |    12 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c     |    48 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c     |    42 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c  |    48 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c       |    24 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c       |    24 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c   |    48 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c     |     6 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c       |    59 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c    |    32 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c      |    23 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c          |    24 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c       |     6 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber.c     |  1247 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_asm.S | 27812 ++++++++++++++++++-
 .../wolfssl/wolfssl/wolfcrypt/src/wc_kyber_poly.c  |  3020 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c       |     2 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c  |    26 +
 extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c      |    78 +-
 extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c |    26 +
 extra/wolfssl/wolfssl/wolfcrypt/test/test.c        |  1393 +-
 .../wolfssl/wolfcrypt/user-crypto/Makefile.am      |     9 -
 .../wolfssl/wolfcrypt/user-crypto/README.txt       |    78 -
 .../wolfssl/wolfcrypt/user-crypto/autogen.sh       |    23 -
 .../wolfssl/wolfcrypt/user-crypto/configure.ac     |    44 -
 .../wolfssl/wolfcrypt/user-crypto/include.am       |    13 -
 .../wolfcrypt/user-crypto/include/user_rsa.h       |   137 -
 .../wolfssl/wolfcrypt/user-crypto/lib/.gitkeep     |     0
 .../wolfssl/wolfcrypt/user-crypto/src/rsa.c        |  2797 --
 extra/wolfssl/wolfssl/wolfssl.rc                   |   Bin 4918 -> 4918 bytes
 extra/wolfssl/wolfssl/wolfssl/internal.h           |   121 +-
 extra/wolfssl/wolfssl/wolfssl/openssl/bio.h        |     1 +
 extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h     |     8 +-
 extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h   |     9 +-
 extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h        |     3 +
 extra/wolfssl/wolfssl/wolfssl/quic.h               |    11 +
 extra/wolfssl/wolfssl/wolfssl/ssl.h                |    58 +-
 extra/wolfssl/wolfssl/wolfssl/test.h               |   147 +-
 extra/wolfssl/wolfssl/wolfssl/version.h            |     4 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h      |    14 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h      |    76 +-
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h |    30 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h     |    14 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h    |     2 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h |   106 +
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h  |    41 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h      |     6 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h  |     2 -
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h    |     2 +-
 .../wolfssl/wolfssl/wolfcrypt/error-crypt.h        |    11 +
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/ext_kyber.h  |    10 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h   |    42 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h   |     2 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h     |    33 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h     |     8 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am |    12 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h      |    11 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kyber.h    |     6 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h  |     5 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h   |    47 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h     |     3 +
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h    |    21 +
 .../wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h |    38 +-
 .../wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h |    49 +
 .../wolfssl/wolfcrypt/port/autosar/Crypto.h        |    55 +
 .../wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h   |   295 +
 .../wolfssl/wolfcrypt/port/autosar/StandardTypes.h |    66 +
 .../wolfssl/wolfcrypt/port/iotsafe/iotsafe.h       |     5 +
 .../wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h |    62 +
 .../wolfssl/wolfssl/wolfcrypt/port/psa/psa.h       |     7 -
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h   |     5 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h      |     9 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h |   310 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h      |    66 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h   |     6 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h   |     2 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h   |     2 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h  |     5 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h      |     5 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h    |   332 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_kyber.h |   280 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h   |     2 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h  |   127 +-
 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h     |    95 +-
 extra/wolfssl/wolfssl/wolfssl/wolfio.h             |    12 +-
 extra/wolfssl/wolfssl/zephyr/CMakeLists.txt        |     4 +
 .../zephyr/samples/wolfssl_benchmark/prj.conf      |     1 +
 380 files changed, 67559 insertions(+), 20107 deletions(-)
 create mode 100644 extra/mariabackup/aria_backup_client.cc
 create mode 100644 extra/mariabackup/aria_backup_client.h
 delete mode 100644 extra/mariabackup/changed_page_bitmap.cc
 delete mode 100644 extra/mariabackup/changed_page_bitmap.h
 create mode 100644 extra/mariabackup/common_engine.cc
 create mode 100644 extra/mariabackup/common_engine.h
 create mode 100644 extra/mariabackup/ddl_log.cc
 create mode 100644 extra/mariabackup/ddl_log.h
 create mode 100644 extra/mariabackup/encryption_plugin.cc
 create mode 100644 extra/mariabackup/encryption_plugin.h
 create mode 100644 extra/mariabackup/thread_pool.cc
 create mode 100644 extra/mariabackup/thread_pool.h
 delete mode 100644 extra/mariabackup/xb_plugin.cc
 delete mode 100644 extra/mariabackup/xb_plugin.h
 create mode 100644 extra/wolfssl/wolfssl/.github/workflows/libssh2.yml
 create mode 100644 extra/wolfssl/wolfssl/.github/workflows/openssh.yml
 create mode 100644 extra/wolfssl/wolfssl/Docker/yocto/Dockerfile
 create mode 100755 extra/wolfssl/wolfssl/Docker/yocto/buildAndPush.sh
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/Arduino_README_prepend.md
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/keywords.txt
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/library.properties.template
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/README.md
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/README.md
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/README.md
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/README.md
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
 create mode 100644 extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h
 create mode 100644 extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
 delete mode 100644 extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink
 delete mode 100644 extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt
 delete mode 100644 extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt
 delete mode 100644 extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink
 delete mode 100644 extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/README.md
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/include.am
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/main.c
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/user_settings.h
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/Makefile
 create mode 100755 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/configurations.xml
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/private.xml
 create mode 100755 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/Makefile
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/include.am
 create mode 100644 extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/project.xml
 delete mode 100644 extra/wolfssl/wolfssl/IPP/.gitkeep
 create mode 100644 extra/wolfssl/wolfssl/certs/crl/crl_rsapss.pem
 create mode 100644 extra/wolfssl/wolfssl/certs/test-stream-sign.p7b
 create mode 100644 extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h
 create mode 100644 extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h
 delete mode 100644 extra/wolfssl/wolfssl/lib/dummy
 create mode 100644 extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c
 delete mode 100755 extra/wolfssl/wolfssl/pre-commit.sh
 delete mode 100755 extra/wolfssl/wolfssl/pre-push.sh
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/README.md
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/include.am
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c
 create mode 100644 extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c
 delete mode 100644 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/Makefile.am
 delete mode 100644 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/README.txt
 delete mode 100755 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/autogen.sh
 delete mode 100644 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/configure.ac
 delete mode 100644 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include.am
 delete mode 100644 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include/user_rsa.h
 delete mode 100644 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/lib/.gitkeep
 delete mode 100644 extra/wolfssl/wolfssl/wolfcrypt/user-crypto/src/rsa.c
 create mode 100644 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h
 create mode 100644 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h
 create mode 100644 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h
 create mode 100644 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
 create mode 100644 extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h

(limited to 'extra')

diff --git a/extra/CMakeLists.txt b/extra/CMakeLists.txt
index 5021128e..06dc8900 100644
--- a/extra/CMakeLists.txt
+++ b/extra/CMakeLists.txt
@@ -13,7 +13,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1335 USA
 
-INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include ${ZLIB_INCLUDE_DIR})
+INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include ${ZLIB_INCLUDE_DIRS})
 
 # Default install component for the files is Server here
 SET(MYSQL_INSTALL_COMPONENT Server)
diff --git a/extra/mariabackup/CMakeLists.txt b/extra/mariabackup/CMakeLists.txt
index f1c9dca7..63ac8cf3 100644
--- a/extra/mariabackup/CMakeLists.txt
+++ b/extra/mariabackup/CMakeLists.txt
@@ -31,6 +31,7 @@ ENDIF()
 INCLUDE_DIRECTORIES(
   ${CMAKE_SOURCE_DIR}/include
   ${CMAKE_SOURCE_DIR}/sql
+  ${CMAKE_SOURCE_DIR}/storage/maria
   ${CMAKE_CURRENT_SOURCE_DIR}/quicklz
   ${CMAKE_CURRENT_SOURCE_DIR}
   )
@@ -49,14 +50,9 @@ ADD_DEFINITIONS(-UMYSQL_SERVER)
 ADD_DEFINITIONS(-DPCRE_STATIC=1)
 ADD_DEFINITIONS(${SSL_DEFINES})
 
-IF(PMEM_FOUND)
-  ADD_COMPILE_FLAGS(xtrabackup.cc COMPILE_FLAGS "-DHAVE_PMEM")
-ENDIF()
-
 MYSQL_ADD_EXECUTABLE(mariadb-backup
   xtrabackup.cc
   innobackupex.cc
-  changed_page_bitmap.cc
   datasink.cc
   ds_buffer.cc
   ds_compress.cc
@@ -72,8 +68,12 @@ MYSQL_ADD_EXECUTABLE(mariadb-backup
   xbstream_write.cc
   backup_mysql.cc
   backup_copy.cc
-  xb_plugin.cc
+  encryption_plugin.cc
   ${PROJECT_BINARY_DIR}/sql/sql_builtin.cc
+  aria_backup_client.cc
+  thread_pool.cc
+  ddl_log.cc
+  common_engine.cc
   ${PROJECT_SOURCE_DIR}/sql/net_serv.cc
   ${PROJECT_SOURCE_DIR}/libmysqld/libmysql.c
   COMPONENT backup
@@ -82,7 +82,8 @@ MYSQL_ADD_EXECUTABLE(mariadb-backup
 # Export all symbols on Unix, for better crash callstacks
 SET_TARGET_PROPERTIES(mariadb-backup PROPERTIES ENABLE_EXPORTS TRUE)
 
-TARGET_LINK_LIBRARIES(mariadb-backup sql sql_builtins)
+TARGET_LINK_LIBRARIES(mariadb-backup  sql sql_builtins aria)
+
 IF(NOT HAVE_SYSTEM_REGEX)
   TARGET_LINK_LIBRARIES(mariadb-backup pcre2-posix)
 ENDIF()
diff --git a/extra/mariabackup/aria_backup_client.cc b/extra/mariabackup/aria_backup_client.cc
new file mode 100644
index 00000000..25468148
--- /dev/null
+++ b/extra/mariabackup/aria_backup_client.cc
@@ -0,0 +1,1016 @@
+#include <my_global.h>
+#include <m_string.h>
+extern "C" {
+#include "maria_def.h"
+}
+#undef LSN_MAX
+#include "aria_backup_client.h"
+#include "backup_copy.h"
+#include "common.h"
+#include "sql_table.h"
+#include "ma_checkpoint.h"
+#include "ma_recovery.h"
+#include "backup_debug.h"
+#include "aria_backup.h"
+#include <thread>
+#include <string>
+#include <vector>
+#include <memory>
+#include <limits>
+#include <unordered_map>
+#include <atomic>
+#include <utility>
+#include <sstream>
+#include <iomanip>
+#include <cstdlib>
+
+namespace aria {
+
+const char *log_preffix = "aria_log.";
+
+
+static std::string log_file_name_only(size_t log_num) {
+	std::string log_file;
+	{
+		std::stringstream ss;
+		ss << std::setw(8) << std::setfill('0') << log_num;
+		log_file.append(log_preffix).append(ss.str());
+	}
+	return log_file;
+}
+
+
+static std::string log_file_name(const char *datadir_path, size_t log_num) {
+	std::string log_file(datadir_path);
+	return log_file.append("/").append(log_file_name_only(log_num));
+}
+
+
+class LogFileCollection
+{
+  uint32 m_first;
+  uint32 m_count;
+public:
+  uint32 first() const { return m_first; }
+  uint32 count() const { return m_count; }
+  uint32 last() const
+  {
+    DBUG_ASSERT(m_count > 0);
+    return m_first + m_count - 1;
+  }
+
+  // Initialize by checking existing log files on the disk
+  LogFileCollection(const char *datadir, uint32 max_log_no)
+  {
+    uint32 end= find_greatest_existing_log(datadir, max_log_no);
+    if (!end)
+    {
+      // No log files were found at all
+      m_first= 0;
+      m_count= 0;
+    }
+    else if (end == 1)
+    {
+      // Just the very first one log file (aria_log.00000001) was found.
+      m_first= 1;
+      m_count= 1;
+    }
+    else
+    {
+      // Multiple files were found
+      m_first= find_greatest_missing_log(datadir, end - 1) + 1;
+      m_count= 1 + end - m_first;
+    }
+  }
+
+  /*
+    Skip all missing log files and find the greatest existing log file, or
+    Skip all existing log files and find the greatest missing log file.
+
+    @param datadir  - Search files in this directory
+    @param start    - Start searching from this log number and go downto 1.
+    @param kind     - true  - search for an existing file
+                      false - search for a missing file.
+    @returns        - [1..start] - the greatest found log file
+                                   of the searched kind
+                    - 0  - if no log files of this kind
+                           were found in the range [1..start].
+  */
+  static uint32 find_greatest_existing_or_missing_log(const char *datadir,
+                                                      uint32 start,
+                                                      bool kind)
+  {
+    DBUG_ASSERT(start > 0);
+    for (uint32 i= start; i > 0; i--)
+    {
+      if (file_exists(log_file_name(datadir, i).c_str()) == kind)
+        return i;
+    }
+    return 0; // No log files of the searched kind were found
+  }
+
+  static uint32 find_greatest_existing_log(const char *datadir, uint32 start)
+  {
+    return find_greatest_existing_or_missing_log(datadir, start, true);
+  }
+
+  static uint32 find_greatest_missing_log(const char *datadir, uint32 start)
+  {
+    return find_greatest_existing_or_missing_log(datadir, start, false);
+  }
+
+  /*
+    In some scenarios (e.g. log rotate) some new log files can appear
+    outside of the initially assumed [first,last] log number range.
+    This function adds all extra files behind "last".
+  */
+  void find_logs_after_last(const char *datadir)
+  {
+    DBUG_ASSERT(m_count > 0);
+    for ( ;
+         file_exists(log_file_name(datadir, last() + 1).c_str()) ;
+         m_count++)
+    {  }
+  }
+
+  void report_found(unsigned thread_num) const
+  {
+    if (m_count)
+      msg(thread_num,
+          "Found %u aria log files, "
+          "minimum log number %u, "
+          "maximum log number %u",
+          m_count, m_first, last());
+  }
+
+  void die_if_missing(uint32 logno) const
+  {
+    DBUG_ASSERT(logno > 0);
+    if (!m_count || m_first > logno || last() < logno)
+      die("Aria log file %u does not exists.", logno);
+  }
+};
+
+
+class Table {
+public:
+	struct Partition {
+		std::string m_file_path;
+		File m_index_file = -1;
+		MY_STAT m_index_file_stat;
+		File m_data_file = -1;
+		MY_STAT m_data_file_stat;
+	};
+	Table() = default;
+	Table (Table &&other) = delete;
+	Table &  operator= (Table &&other) = delete;
+	Table(const Table &) = delete;
+	Table & operator= (const Table &) = delete;
+	~Table();
+	bool init(const char *data_file_path);
+	bool open(MYSQL *con, bool opt_no_lock, unsigned thread_num);
+	bool close();
+	bool copy(ds_ctxt_t *ds, unsigned thread_num);
+
+	bool is_online_backup_safe() const {
+		DBUG_ASSERT(is_opened());
+		return m_cap.online_backup_safe;
+	}
+	bool is_stats() const {
+		return is_stats_table(m_db.c_str(), m_table.c_str());
+	}
+	bool is_log() const {
+		return is_log_table(m_db.c_str(), m_table.c_str());
+	}
+	bool is_opened() const {
+		return !m_partitions.empty() &&
+			m_partitions[0].m_index_file >= 0 && m_partitions[0].m_data_file >= 0;
+	};
+	std::string &get_full_name() {
+		return m_full_name;
+	}
+	std::string &get_db() { return m_db; }
+	std::string &get_table() { return m_table; }
+	std::string &get_version() { return m_table_version; }
+	bool is_partitioned() const { return m_partitioned; }
+	void add_partition(const Table &partition) {
+		DBUG_ASSERT(is_partitioned());
+		m_partitions.push_back(partition.m_partitions[0]);
+	}
+#ifndef DBUG_OFF
+	const std::string& get_sql_name() const { return m_sql_name; }
+#endif //DBUG_OFF
+private:
+
+	bool copy(ds_ctxt_t *ds, bool is_index, unsigned thread_num);
+	// frm and par files will be copied under BLOCK_DDL stage in
+	// backup_copy_non_system()
+	bool copy_frm_and_par(ds_ctxt_t *ds, unsigned thread_num);
+	bool read_table_version_id(File file);
+
+	std::string m_db;
+	std::string m_table;
+	std::string m_full_name;
+	std::string m_frm_par_path;
+	std::string m_table_version;
+#ifndef DBUG_OFF
+	std::string m_sql_name;
+#endif //DBUG_OFF
+	bool m_partitioned = false;
+	std::vector<Partition> m_partitions;
+	ARIA_TABLE_CAPABILITIES m_cap;
+};
+
+Table::~Table() {
+	(void)close();
+}
+
+bool Table::init(const char *data_file_path) {
+		DBUG_ASSERT(data_file_path);
+
+		const char *ext_pos = strrchr(data_file_path, '.');
+		if (!ext_pos)
+			return false;
+
+		char db_name_orig[FN_REFLEN];
+		char table_name_orig[FN_REFLEN];
+		parse_db_table_from_file_path(
+			data_file_path, db_name_orig, table_name_orig);
+		if (!db_name_orig[0] || !table_name_orig[0])
+			return false;
+		char db_name_conv[FN_REFLEN];
+		char table_name_conv[FN_REFLEN];
+		filename_to_tablename(db_name_orig, db_name_conv, sizeof(db_name_conv));
+		filename_to_tablename(
+			table_name_orig, table_name_conv, sizeof(table_name_conv));
+		if (!db_name_conv[0] || !table_name_conv[0])
+			return false;
+
+		if (strstr(data_file_path, "#P#"))
+			m_partitioned = true;
+
+		const char *table_name_begin = strrchr(data_file_path, FN_LIBCHAR);
+		if (!table_name_begin)
+			return false;
+		m_frm_par_path.assign(data_file_path, table_name_begin + 1).
+			append(table_name_orig);
+
+		m_db.assign(db_name_conv);
+		m_table.assign(table_name_conv);
+		// TODO: find the correct way to represent quoted table/db names
+		m_full_name.assign("`").append(m_db).append("`.`").
+			append(m_table).append("`");
+#ifndef DBUG_OFF
+		m_sql_name.assign(m_db).append("/").append(m_table);
+#endif // DBUG_OFF
+		Partition partition;
+		partition.m_file_path.assign(data_file_path, ext_pos - data_file_path);
+		m_partitions.push_back(std::move(partition));
+		return true;
+}
+
+bool Table::read_table_version_id(File file) {
+	m_table_version = ::read_table_version_id(file);
+	return m_table_version.empty();
+}
+
+bool Table::open(MYSQL *con, bool opt_no_lock, unsigned thread_num) {
+	int error= 1;
+	bool have_capabilities = false;
+	File frm_file = -1;
+
+	if (!opt_no_lock && !backup_lock(con, m_full_name.c_str())) {
+		msg(thread_num, "Error on BACKUP LOCK for aria table %s",
+			m_full_name.c_str());
+		goto exit;
+	}
+
+	for (Partition &partition : m_partitions) {
+		std::string file_path = partition.m_file_path + ".MAI";
+		if ((partition.m_index_file= my_open(file_path.c_str(),
+						O_RDONLY | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
+						MYF(MY_WME))) < 0) {
+			msg(thread_num, "Error on aria table file open %s", file_path.c_str());
+			goto exit;
+		}
+		if (!my_stat(file_path.c_str(), &partition.m_index_file_stat, MYF(0))) {
+			msg(thread_num, "Error on aria table file stat %s", file_path.c_str());
+			goto exit;
+		}
+		if (!have_capabilities) {
+			if ((error= aria_get_capabilities(partition.m_index_file, &m_cap))) {
+				msg(thread_num, "aria_get_capabilities failed: %d", error);
+				goto exit;
+			}
+			have_capabilities = true;
+		}
+
+		file_path = partition.m_file_path + ".MAD";
+		if ((partition.m_data_file= my_open(file_path.c_str(),
+						O_RDONLY | O_SHARE | O_NOFOLLOW | O_CLOEXEC, MYF(MY_WME))) < 0) {
+			msg(thread_num, "Error on aria table file open %s", file_path.c_str());
+			goto exit;
+		}
+		if (!my_stat(file_path.c_str(), &partition.m_data_file_stat, MYF(0))) {
+			msg(thread_num, "Error on aria table file stat %s", file_path.c_str());
+			goto exit;
+		}
+	}
+
+	if ((frm_file = mysql_file_open(
+		key_file_frm, (m_frm_par_path + ".frm").c_str(),
+		O_RDONLY | O_SHARE, MYF(0))) < 0) {
+		msg(thread_num, "Error on aria table %s file open",
+			(m_frm_par_path + ".frm").c_str());
+		goto exit;
+	}
+
+	error = 0;
+
+exit:
+	if (!opt_no_lock && !backup_unlock(con)) {
+		msg(thread_num, "Error on BACKUP UNLOCK for aria table %s",
+			m_full_name.c_str());
+		error = 1;
+	}
+	if (error)
+		(void)close();
+	else {
+		(void)read_table_version_id(frm_file);
+		mysql_file_close(frm_file, MYF(MY_WME));
+	}
+	return !error;
+}
+
+bool Table::close() {
+	for (Partition &partition : m_partitions) {
+		if (partition.m_index_file >= 0) {
+			my_close(partition.m_index_file, MYF(MY_WME));
+			partition.m_index_file = -1;
+		}
+		if (partition.m_data_file >= 0) {
+			my_close(partition.m_data_file, MYF(MY_WME));
+			partition.m_data_file = -1;
+		}
+	}
+	return true;
+}
+
+bool Table::copy(ds_ctxt_t *ds, unsigned thread_num) {
+	DBUG_ASSERT(is_opened());
+	DBUG_MARIABACKUP_EVENT_LOCK("before_aria_table_copy",
+          fil_space_t::name_type(m_sql_name.data(), m_sql_name.size()));
+	bool result =
+//		copy_frm_and_par(ds, thread_num) &&
+			copy(ds, true, thread_num) && copy(ds, false, thread_num);
+	return result;
+}
+
+bool Table::copy(ds_ctxt_t *ds, bool is_index, unsigned thread_num) {
+	DBUG_ASSERT(ds);
+	const char *ext = is_index ? ".MAI" : ".MAD";
+	int error= 1;
+	for (const Partition &partition : m_partitions) {
+		ds_file_t		*dst_file = nullptr;
+		uchar *copy_buffer = nullptr;
+		std::string full_name = partition.m_file_path + ext;
+		const char	*dst_path =
+			(xtrabackup_copy_back || xtrabackup_move_back) ?
+			full_name.c_str() : trim_dotslash(full_name.c_str());
+
+		dst_file = ds_open(ds, dst_path,
+			is_index ? &partition.m_index_file_stat : &partition.m_data_file_stat);
+		if (!dst_file) {
+			msg(thread_num, "error: cannot open the destination stream for %s",
+				dst_path);
+			goto err;
+		}
+
+		copy_buffer =
+			reinterpret_cast<uchar *>(my_malloc(PSI_NOT_INSTRUMENTED,
+			m_cap.block_size, MYF(0)));
+
+		DBUG_MARIABACKUP_EVENT_LOCK(
+			is_index ?
+				"before_aria_index_file_copy":
+				"before_aria_data_file_copy",
+			fil_space_t::name_type(m_sql_name.data(),
+                        m_sql_name.size()));
+
+		for (ulonglong block= 0 ; ; block++) {
+			size_t length = m_cap.block_size;
+			if (is_index) {
+				if ((error= aria_read_index(
+							partition.m_index_file, &m_cap, block, copy_buffer) ==
+							HA_ERR_END_OF_FILE))
+					break;
+			} else {
+				if ((error= aria_read_data(
+							partition.m_data_file, &m_cap, block, copy_buffer, &length) ==
+							HA_ERR_END_OF_FILE))
+					break;
+			}
+			if (error) {
+				msg(thread_num, "error: aria_read %s failed:  %d",
+					is_index ? "index" : "data", error);
+				goto err;
+			}
+			xtrabackup_io_throttling();
+			if ((error = ds_write(dst_file, copy_buffer, length))) {
+				msg(thread_num, "error: aria_write failed:  %d", error);
+				goto err;
+			}
+		}
+
+		DBUG_MARIABACKUP_EVENT_LOCK(
+			is_index ?
+				"after_aria_index_file_copy":
+				"after_aria_data_file_copy",
+			fil_space_t::name_type(m_sql_name.data(),
+                        m_sql_name.size()));
+
+		error = 0;
+		msg(thread_num, "aria table file %s is copied successfully.",
+			full_name.c_str());
+
+	err:
+		if (dst_file)
+			ds_close(dst_file);
+		if (copy_buffer)
+			my_free(copy_buffer);
+		if (error)
+			break;
+	}
+	return !error;
+}
+
+class BackupImpl {
+public:
+	BackupImpl(
+		const char *datadir_path,
+		const char *aria_log_path,
+		ds_ctxt_t *datasink, bool opt_no_lock,
+		std::vector<MYSQL *> &con_pool, ThreadPool &thread_pool) :
+		m_datadir_path(datadir_path),
+		m_aria_log_dir_path(aria_log_path),
+		m_ds(datasink), m_con_pool(con_pool),
+		m_tasks_group(thread_pool), m_thread_pool(thread_pool) { }
+	~BackupImpl() { destroy(); }
+	bool init();
+	bool start(bool no_lock);
+	bool wait_for_finish();
+	bool copy_offline_tables(
+		const std::unordered_set<table_key_t> *exclude_tables, bool no_lock,
+		bool copy_stats);
+	bool finalize();
+	void set_post_copy_table_hook(const post_copy_table_hook_t &hook) {
+		m_table_post_copy_hook = hook;
+	}
+	bool copy_log_tail() { return copy_log_tail(0, false); }
+private:
+	void destroy();
+	void scan_job(bool no_lock, unsigned thread_num);
+	bool copy_log_tail(unsigned thread_num, bool finalize);
+	void copy_log_file_job(size_t log_num, unsigned thread_num);
+	void destroy_log_tail();
+	void process_table_job(Table *table, bool online_only, bool copy_stats,
+		bool no_lock, unsigned thread_num);
+
+	const char *m_datadir_path;
+	const char *m_aria_log_dir_path;
+	std::string aria_log_dir_path() const
+	{
+	  if (!m_aria_log_dir_path || !m_aria_log_dir_path[0])
+	    return m_datadir_path;
+          if (is_absolute_path(m_aria_log_dir_path))
+            return m_aria_log_dir_path;
+          return std::string(m_datadir_path).append("/")
+                                            .append(m_aria_log_dir_path);
+	}
+	ds_ctxt_t *m_ds;
+	std::vector<MYSQL *> &m_con_pool;
+
+	TasksGroup m_tasks_group;
+
+	std::mutex m_offline_tables_mutex;
+	std::vector<std::unique_ptr<Table>> m_offline_tables;
+	post_copy_table_hook_t m_table_post_copy_hook;
+
+	ThreadPool &m_thread_pool;
+
+	size_t m_last_log_num = 0;
+	ds_file_t*	m_last_log_dst = nullptr;
+	File m_last_log_src = -1;
+};
+
+bool BackupImpl::init() {
+	DBUG_ASSERT(m_tasks_group.is_finished());
+	return true;
+};
+
+void BackupImpl::destroy() {
+	DBUG_ASSERT(m_tasks_group.is_finished());
+	destroy_log_tail();
+}
+
+bool BackupImpl::start(bool no_lock) {
+	DBUG_ASSERT(m_tasks_group.is_finished());
+	m_tasks_group.push_task(
+		std::bind(&BackupImpl::scan_job, this, no_lock, std::placeholders::_1));
+	return true;
+}
+
+void BackupImpl::process_table_job(
+	Table *table_ptr, bool online_only, bool copy_stats, bool no_lock,
+	unsigned thread_num) {
+	DBUG_ASSERT(table_ptr);
+	DBUG_ASSERT(thread_num < m_con_pool.size());
+	std::unique_ptr<Table> table(table_ptr);
+	bool is_online;
+	bool is_stats;
+	bool need_copy;
+	int result = 1;
+
+	if (!m_tasks_group.get_result())
+		goto exit;
+
+	if (!table->open(m_con_pool[thread_num], no_lock, thread_num)) {
+		// if table can't be opened, it might be removed or renamed, this is not
+		// error for transactional tables
+		table->close(); // Close opened table files
+		goto exit;
+	}
+
+	is_online = table->is_online_backup_safe();
+	is_stats = table->is_stats();
+
+	need_copy = (!online_only || is_online) && (copy_stats || !is_stats);
+
+	if (need_copy && !table->copy(m_ds, thread_num)) {
+		table->close();
+		DBUG_MARIABACKUP_EVENT_LOCK("after_aria_table_copy",
+			fil_space_t::name_type(table->get_sql_name().data(),
+                                               table->get_sql_name().size()));
+		// if table is opened, it must be copied,
+		// the corresponding diagnostic messages must be issued in Table::copy()
+		result = 0;
+		goto exit;
+	}
+
+	if (!table->close()) {
+		msg(thread_num, "Can't close aria table %s.\n",
+			table->get_full_name().c_str());
+		result = 0;
+		goto exit;
+	}
+
+	if (!need_copy) {
+		std::lock_guard<std::mutex> lock(m_offline_tables_mutex);
+		m_offline_tables.push_back(std::move(table));
+	}
+	else {
+		DBUG_MARIABACKUP_EVENT_LOCK("after_aria_table_copy",
+			fil_space_t::name_type(table->get_sql_name().data(),
+                                               table->get_sql_name().size()));
+		if (m_table_post_copy_hook)
+			m_table_post_copy_hook(
+				std::move(table->get_db()),
+				std::move(table->get_table()),
+				std::move(table->get_version()));
+	}
+exit:
+	m_tasks_group.finish_task(result);
+}
+
+
+void BackupImpl::scan_job(bool no_lock, unsigned thread_num) {
+	std::unordered_map<std::string, std::unique_ptr<Table>> partitioned_tables;
+
+	std::string aria_log_dir_path_cache(aria_log_dir_path());
+	std::string log_control_file_path(aria_log_dir_path_cache);
+	log_control_file_path.append("/aria_log_control");
+	if (!m_ds->copy_file(
+		log_control_file_path.c_str(), "aria_log_control",
+		0, false)) {
+		msg("Aria log control file copying error.");
+		m_tasks_group.finish_task(0);
+		return;
+	}
+
+	msg(thread_num, "Loading aria_log_control.");
+	aria_readonly= 1;
+	maria_data_root= aria_log_dir_path_cache.c_str();
+	if (ma_control_file_open(FALSE, FALSE, FALSE, O_RDONLY))
+		die("Can't open Aria control file (%d)", errno);
+	uint32 aria_log_control_last_log_number= last_logno;
+	msg(thread_num, "aria_log_control: last_log_number: %d",
+	    aria_log_control_last_log_number);
+	ma_control_file_end();
+
+	msg(thread_num, "Start scanning aria tables.");
+
+	foreach_file_in_db_dirs(m_datadir_path, [&](const char *file_path)->bool {
+
+		if (check_if_skip_table(file_path)) {
+			msg(thread_num, "Skipping %s.", file_path);
+			return true;
+		}
+
+		if (!ends_with(file_path, ".MAD"))
+			return true;
+
+		std::unique_ptr<Table> table(new Table());
+		if (!table->init(file_path)) {
+			msg(thread_num, "Can't init aria table %s.\n", file_path);
+			return true;
+		}
+
+		if (table->is_log())
+			return true;
+
+		if (table->is_partitioned()) {
+			auto table_it = partitioned_tables.find(table->get_full_name());
+			if (table_it == partitioned_tables.end()) {
+				partitioned_tables[table->get_full_name()] = std::move(table);
+			} else {
+				table_it->second->add_partition(*table);
+			}
+			return true;
+		}
+
+		m_tasks_group.push_task(
+			std::bind(&BackupImpl::process_table_job, this, table.release(), true,
+					false, no_lock, std::placeholders::_1));
+		return true;
+	});
+
+	for (auto &table_it : partitioned_tables) {
+		m_tasks_group.push_task(
+			std::bind(&BackupImpl::process_table_job, this, table_it.second.release(),
+				true, false, no_lock, std::placeholders::_1));
+	}
+
+	msg(thread_num, "Start scanning aria log files.");
+
+        LogFileCollection logs(aria_log_dir_path_cache.c_str(),
+                               aria_log_control_last_log_number);
+        logs.report_found(thread_num);
+        logs.die_if_missing(aria_log_control_last_log_number);
+
+        m_last_log_num= logs.last();
+
+        DBUG_MARIABACKUP_EVENT("after_scanning_log_files", {});
+
+        for (uint32 i= logs.first(); i <= logs.last(); ++i)
+          m_tasks_group.push_task(
+            std::bind(&BackupImpl::copy_log_file_job, this,
+                      i, std::placeholders::_1));
+
+	msg(thread_num, "Stop scanning aria tables.");
+
+	m_tasks_group.finish_task(1);
+}
+
+template<typename T>
+T align_down(T n, ulint align_no)
+{
+	DBUG_ASSERT(align_no > 0);
+	DBUG_ASSERT(ut_is_2pow(align_no));
+	return n & ~(static_cast<T>(align_no) - 1);
+}
+
+static ssize_t copy_file_chunk(File src, ds_file_t* dst, size_t size) {
+	size_t bytes_read;
+	static const size_t max_buf_size = 10 * 1024 * 1024;
+	size_t buf_size = size ? std::min(size, max_buf_size) : max_buf_size;
+	std::unique_ptr<uchar[]> buf(new uchar[buf_size]);
+	ssize_t copied_size = 0;
+	bool unlim = !size;
+	while((unlim || size) && (bytes_read = my_read(src, buf.get(),
+		unlim ? buf_size : std::min(buf_size, size), MY_WME))) {
+		if (bytes_read == size_t(-1))
+			return -1;
+		xtrabackup_io_throttling();
+		if (ds_write(dst, buf.get(), bytes_read))
+			return -1;
+		copied_size += bytes_read;
+		if (!unlim)
+			size -= bytes_read;
+	}
+	return copied_size;
+}
+
+bool BackupImpl::copy_log_tail(unsigned thread_num, bool finalize) {
+	bool result = false;
+	std::string log_file = log_file_name(aria_log_dir_path().c_str(), m_last_log_num);
+	std::string prev_log_file;
+	ssize_t total_bytes_copied = 0;
+	MY_STAT stat_info;
+	my_off_t file_offset = 0;
+	size_t to_copy_size = 0;
+
+repeat:
+	memset(&stat_info, 0, sizeof(MY_STAT));
+	if (!m_tasks_group.get_result()) {
+		msg(thread_num, "Skip copying aria lof file tail %s due to error.",
+			log_file.c_str());
+		result = true;
+		goto exit;
+	}
+
+	msg(thread_num, "Start copying aria log file tail: %s", log_file.c_str());
+
+	if (m_last_log_src < 0 && (m_last_log_src =
+		my_open(log_file.c_str(), O_RDONLY | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
+			MYF(MY_WME))) < 0) {
+		msg("Aria log file %s open failed: %d", log_file.c_str(), my_errno);
+		goto exit;
+	}
+
+	if (!m_last_log_dst &&
+		!(m_last_log_dst = ds_open(m_ds,
+		                           log_file_name_only(m_last_log_num).c_str(),
+		                           &stat_info, false))) {
+		msg(thread_num, "error: failed to open the target stream for "
+			"aria log file %s.",
+			log_file.c_str());
+		goto exit;
+	}
+
+// If there is no need to finalize log file copying, calculate the size to copy
+// without the last page, which can be rewritten by the server
+// (see translog_force_current_buffer_to_finish()).
+	if (!finalize) {
+		if (my_fstat(m_last_log_src, &stat_info, MYF(0))) {
+			msg(thread_num, "error: failed to get file size for aria log file: %s.",
+					log_file.c_str());
+			goto exit;
+		}
+		if ((file_offset = my_tell(m_last_log_src, MYF(0))) == (my_off_t)(-1)) {
+			msg(thread_num, "error: failed to get file offset for aria log file: %s.",
+					log_file.c_str());
+			goto exit;
+		}
+		DBUG_ASSERT(file_offset <= static_cast<my_off_t>(stat_info.st_size));
+		to_copy_size = static_cast<size_t>(stat_info.st_size - file_offset);
+		to_copy_size = to_copy_size >= TRANSLOG_PAGE_SIZE ?
+			(align_down(to_copy_size, TRANSLOG_PAGE_SIZE) - TRANSLOG_PAGE_SIZE) : 0;
+	}
+
+// Copy from the last position to the end of file,
+// excluding the last page is there is no need to finalize the copy.
+	if ((to_copy_size || finalize) &&
+		(total_bytes_copied = copy_file_chunk(m_last_log_src,
+		m_last_log_dst, to_copy_size)) < 0) {
+			msg(thread_num, "Aria log file %s chunk copy error", log_file.c_str());
+			goto exit;
+	}
+
+	msg(thread_num, "Stop copying aria log file tail: %s, copied %zu bytes",
+		log_file.c_str(), total_bytes_copied);
+
+// Check if there is new log file, if yes, then copy the last page of the old
+// one, and fix it last LSN in the log header, as it is changed on new
+// log file creating by the server (see translog_create_new_file() and
+// translog_max_lsn_to_header()). Then close the old log file and repeat
+// the copying for the new log file.
+	prev_log_file = std::move(log_file);
+	log_file = log_file_name(aria_log_dir_path().c_str(), m_last_log_num + 1);
+	if (file_exists(log_file.c_str())) {
+		uchar lsn_buff[LSN_STORE_SIZE];
+		msg(thread_num, "Found new aria log tail file: %s, start copy %s tail",
+			log_file.c_str(), prev_log_file.c_str());
+		if ((total_bytes_copied = copy_file_chunk(m_last_log_src,
+			m_last_log_dst, 0)) < 0) {
+				msg(thread_num, "Aria log file %s tail copy error",
+					prev_log_file.c_str());
+				goto exit;
+		}
+
+		if (my_pread(m_last_log_src, lsn_buff, LSN_STORE_SIZE,
+			(LOG_HEADER_DATA_SIZE - LSN_STORE_SIZE), MYF(0)) < LSN_STORE_SIZE) {
+			msg(thread_num, "Aria lsn store read error for log file %s",
+				prev_log_file.c_str());
+			goto exit;
+		}
+
+		if (ds_seek_set(m_last_log_dst, (LOG_HEADER_DATA_SIZE - LSN_STORE_SIZE))) {
+			msg(thread_num, "Set aria log pointer error for log file %s",
+				prev_log_file.c_str());
+			goto exit;
+		}
+
+		if (ds_write(m_last_log_dst, lsn_buff, LSN_STORE_SIZE)) {
+			msg(thread_num, "LSN write error for aria log file %s",
+				prev_log_file.c_str());
+			goto exit;
+		}
+
+		msg(thread_num, "The last %zu bytes were copied for %s.",
+			total_bytes_copied, prev_log_file.c_str());
+		destroy_log_tail();
+		++m_last_log_num;
+		goto repeat;
+	}
+
+	result = true;
+
+exit:
+	if (!result)
+		destroy_log_tail();
+	return result;
+}
+
+void BackupImpl::copy_log_file_job(size_t log_num, unsigned thread_num) {
+	DBUG_ASSERT(log_num <= m_last_log_num);
+
+	if (!m_tasks_group.get_result()) {
+		msg(thread_num, "Skip copying %zu aria log file due to error", log_num);
+		m_tasks_group.finish_task(0);
+		return;
+	}
+
+// Copy log file if the file is not the last one.
+	if (log_num < m_last_log_num) {
+		std::string log_file = log_file_name(aria_log_dir_path().c_str(), log_num);
+		if (!m_ds->copy_file(log_file.c_str(),
+  			log_file_name_only(log_num).c_str(),
+			thread_num, false)) {
+			msg(thread_num, "Error on copying %s aria log file.", log_file.c_str());
+			m_tasks_group.finish_task(0);
+		}
+		else
+			m_tasks_group.finish_task(1);
+		return;
+	}
+// Copy the last log file.
+	m_tasks_group.finish_task(copy_log_tail(thread_num, false) ? 1 : 0);
+}
+
+void BackupImpl::destroy_log_tail() {
+	if (m_last_log_src >= 0) {
+		my_close(m_last_log_src, MYF(MY_WME));
+		m_last_log_src = -1;
+	}
+	if (m_last_log_dst) {
+		ds_close(m_last_log_dst);
+		m_last_log_dst = nullptr;
+	}
+}
+
+bool BackupImpl::wait_for_finish() {
+	return m_tasks_group.wait_for_finish();
+}
+
+bool BackupImpl::copy_offline_tables(
+	const std::unordered_set<table_key_t> *exclude_tables, bool no_lock,
+	bool copy_stats) {
+	DBUG_ASSERT(m_tasks_group.is_finished());
+
+	std::vector<std::unique_ptr<Table>> ignored_tables;
+
+	while (true) {
+		std::unique_lock<std::mutex> lock(m_offline_tables_mutex);
+		if (m_offline_tables.empty())
+			break;
+		auto table = std::move(m_offline_tables.back());
+		m_offline_tables.pop_back();
+		lock.unlock();
+		if ((exclude_tables &&
+			exclude_tables->count(table_key(table->get_db(), table->get_table()))) ||
+			(!copy_stats && table->is_stats())) {
+			ignored_tables.push_back(std::move(table));
+			continue;
+		}
+		m_tasks_group.push_task(
+			std::bind(&BackupImpl::process_table_job, this, table.release(), false,
+					copy_stats, no_lock, std::placeholders::_1));
+	}
+
+	if (!ignored_tables.empty()) {
+		std::lock_guard<std::mutex> lock(m_offline_tables_mutex);
+		m_offline_tables = std::move(ignored_tables);
+	}
+
+	return true;
+}
+
+bool BackupImpl::finalize() {
+	DBUG_ASSERT(m_tasks_group.is_finished());
+	DBUG_ASSERT(!m_con_pool.empty());
+	bool result = true;
+	msg("Start copying statistics aria tables.");
+	copy_offline_tables(nullptr, true, true);
+	while (!m_tasks_group.is_finished())
+		std::this_thread::sleep_for(std::chrono::milliseconds(1));
+	msg("Stop copying statistics aria tables.");
+	copy_log_tail(0, true);
+	destroy_log_tail();
+	return result;
+}
+
+Backup::Backup(const char *datadir_path,
+		const char *aria_log_path,
+               ds_ctxt_t *datasink,
+	 std::vector<MYSQL *> &con_pool, ThreadPool &thread_pool) :
+		m_backup_impl(
+			new BackupImpl(datadir_path, aria_log_path,
+			               datasink, opt_no_lock, con_pool,
+				thread_pool)) { }
+
+Backup::~Backup() {
+	delete m_backup_impl;
+}
+
+bool Backup::init() {
+	return m_backup_impl->init();
+}
+
+bool Backup::start(bool no_lock) {
+	return m_backup_impl->start(no_lock);
+}
+
+bool Backup::wait_for_finish() {
+	return m_backup_impl->wait_for_finish();
+}
+
+bool Backup::copy_offline_tables(
+	const std::unordered_set<table_key_t> *exclude_tables, bool no_lock,
+	bool copy_stats) {
+	return m_backup_impl->copy_offline_tables(exclude_tables, no_lock,
+		copy_stats);
+}
+
+bool Backup::finalize() {
+	return m_backup_impl->finalize();
+}
+
+bool Backup::copy_log_tail() {
+	return m_backup_impl->copy_log_tail();
+}
+
+void Backup::set_post_copy_table_hook(const post_copy_table_hook_t &hook) {
+	m_backup_impl->set_post_copy_table_hook(hook);
+}
+
+bool prepare(const char *target_dir) {
+	maria_data_root= (char *)target_dir;
+
+	if (maria_init())
+		die("Can't init Aria engine (%d)", errno);
+
+	maria_block_size= 0;                          /* Use block size from file */
+		/* we don't want to create a control file, it MUST exist */
+	if (ma_control_file_open(FALSE, TRUE, TRUE, control_file_open_flags))
+		die("Can't open Aria control file (%d)", errno);
+
+	if (last_logno == FILENO_IMPOSSIBLE)
+		die("Can't find any Aria log");
+
+        LogFileCollection logs(target_dir, last_logno);
+        logs.die_if_missing(last_logno); // Fatal, a broken backup.
+        /*
+          "mariadb-backup --backup" can put extra log files,
+          with log number greater than last_logno. For example,
+          this combination of files is possible:
+          - aria_log_control  (with last_logno==1)
+          - aria_log.00000001 (last_logno)
+          - aria_log.00000002 (last_logno+1, the extra log file)
+          This can happen if during the ealier run of
+          "mariadb-backup --backup" a log rotate happened.
+          The extra log file is copied to the backup directory,
+          but last_logno in aria_log_control does not get updated.
+          This mismatch is probably not good and should eventually be fixed.
+          But during "mariadb-backup --prepare" this mismatch goes away:
+          aria_log_control gets fixed to say last_logno==2.
+          See mysql-test/suite/mariabackup/aria_log_rotate_during_backup.test,
+          it covers the scenario with one extra file created during --backup.
+        */
+        logs.find_logs_after_last(target_dir);
+        last_logno= logs.last(); // Update last_logno if extra logs were found
+
+	if (init_pagecache(maria_pagecache, 1024L*1024L, 0, 0,
+		static_cast<uint>(maria_block_size), 0, MY_WME) == 0)
+		die("Got error in Aria init_pagecache() (errno: %d)", errno);
+
+	if (init_pagecache(maria_log_pagecache, 1024L*1024L,
+		0, 0, TRANSLOG_PAGE_SIZE, 0, MY_WME) == 0 ||
+		translog_init(maria_data_root, TRANSLOG_FILE_SIZE,
+		0, 0, maria_log_pagecache, TRANSLOG_DEFAULT_FLAGS, FALSE))
+		die("Can't init Aria loghandler (%d)", errno);
+
+	if (maria_recovery_from_log())
+		die("Aria log apply FAILED");
+
+	if (maria_recovery_changed_data || recovery_failures) {
+		if (ma_control_file_write_and_force(last_checkpoint_lsn, last_logno,
+			max_trid_in_control_file, 0))
+			die("Aria control file update error");
+// TODO: find out do we need checkpoint here
+	}
+
+	maria_end();
+	return true;
+}
+
+} // namespace aria
diff --git a/extra/mariabackup/aria_backup_client.h b/extra/mariabackup/aria_backup_client.h
new file mode 100644
index 00000000..7a581b58
--- /dev/null
+++ b/extra/mariabackup/aria_backup_client.h
@@ -0,0 +1,38 @@
+#pragma once
+#include "my_global.h"
+#include "datasink.h"
+#include "backup_mysql.h"
+#include "thread_pool.h"
+#include "xtrabackup.h"
+
+namespace aria {
+
+bool prepare(const char *target_dir);
+
+class BackupImpl;
+
+class Backup {
+	public:
+		Backup(const char *datadir_path,
+		       const char *aria_log_path,
+		       ds_ctxt_t *datasink,
+			std::vector<MYSQL *> &con_pool, ThreadPool &thread_pool);
+		~Backup();
+		Backup (Backup &&other) = delete;
+		Backup & operator= (Backup &&other) = delete;
+		Backup(const Backup &) = delete;
+		Backup & operator= (const Backup &) = delete;
+		bool init();
+		bool start(bool no_lock);
+		bool wait_for_finish();
+		bool copy_offline_tables(
+			const std::unordered_set<table_key_t> *exclude_tables, bool no_lock,
+			bool copy_stats);
+		bool finalize();
+		bool copy_log_tail();
+		void set_post_copy_table_hook(const post_copy_table_hook_t &hook);
+	private:
+		BackupImpl *m_backup_impl;
+};
+
+} // namespace aria
diff --git a/extra/mariabackup/backup_copy.cc b/extra/mariabackup/backup_copy.cc
index f8d315d9..198da01a 100644
--- a/extra/mariabackup/backup_copy.cc
+++ b/extra/mariabackup/backup_copy.cc
@@ -41,6 +41,9 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 *******************************************************/
 
 #include <my_global.h>
+#include <my_config.h>
+#include <unireg.h>
+#include <datadict.h>
 #include <os0file.h>
 #include <my_dir.h>
 #include <ut0mem.h>
@@ -66,19 +69,26 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include <aclapi.h>
 #endif
 
+#ifdef MYSQL_CLIENT
+#define WAS_MYSQL_CLIENT 1
+#undef MYSQL_CLIENT
+#endif
+
+#include "table.h"
+
+#ifdef WAS_MYSQL_CLIENT
+#define MYSQL_CLIENT 1
+#undef WAS_MYSQL_CLIENT
+#endif
 
 #define ROCKSDB_BACKUP_DIR "#rocksdb"
 
-/* list of files to sync for --rsync mode */
-static std::set<std::string> rsync_list;
 /* locations of tablespaces read from .isl files */
 static std::map<std::string, std::string> tablespace_locations;
 
 /* Whether LOCK BINLOG FOR BACKUP has been issued during backup */
 bool binlog_locked;
 
-static void rocksdb_create_checkpoint();
-static bool has_rocksdb_plugin();
 static void rocksdb_backup_checkpoint(ds_ctxt *ds_data);
 static void rocksdb_copy_back(ds_ctxt *ds_data);
 
@@ -135,10 +145,6 @@ struct datadir_thread_ctxt_t {
 	bool			ret;
 };
 
-static bool backup_files_from_datadir(ds_ctxt_t *ds_data,
-                                      const char *dir_path,
-                                      const char *prefix);
-
 /************************************************************************
 Retirn true if character if file separator */
 bool
@@ -585,7 +591,6 @@ datafile_read(datafile_cur_t *cursor)
 Check to see if a file exists.
 Takes name of the file to check.
 @return true if file exists. */
-static
 bool
 file_exists(const char *filename)
 {
@@ -601,7 +606,6 @@ file_exists(const char *filename)
 
 /************************************************************************
 Trim leading slashes from absolute path so it becomes relative */
-static
 const char *
 trim_dotslash(const char *path)
 {
@@ -634,7 +638,7 @@ ends_with(const char *str, const char *suffix)
 	       && strcmp(str + str_len - suffix_len, suffix) == 0);
 }
 
-static bool starts_with(const char *str, const char *prefix)
+bool starts_with(const char *str, const char *prefix)
 {
 	return strncmp(str, prefix, strlen(prefix)) == 0;
 }
@@ -785,7 +789,6 @@ directory_exists_and_empty(const char *dir, const char *comment)
 /************************************************************************
 Check if file name ends with given set of suffixes.
 @return true if it does. */
-static
 bool
 filename_matches(const char *filename, const char **ext_list)
 {
@@ -800,52 +803,127 @@ filename_matches(const char *filename, const char **ext_list)
 	return(false);
 }
 
-
-/************************************************************************
-Copy data file for backup. Also check if it is allowed to copy by
-comparing its name to the list of known data file types and checking
-if passes the rules for partial backup.
-@return true if file backed up or skipped successfully. */
+// TODO: the code can be used to find storage engine of partitions
+/*
 static
-bool
-datafile_copy_backup(ds_ctxt *ds_data, const char *filepath, uint thread_n)
-{
-	const char *ext_list[] = {"frm", "isl", "MYD", "MYI", "MAD", "MAI",
-		"MRG", "TRG", "TRN", "ARM", "ARZ", "CSM", "CSV", "opt", "par",
-		NULL};
+bool is_aria_frm_or_par(const char *path) {
+	if (!ends_with(path, ".frm") && !ends_with(path, ".par"))
+		return false;
 
-	/* Get the name and the path for the tablespace. node->name always
-	contains the path (which may be absolute for remote tablespaces in
-	5.6+). space->name contains the tablespace name in the form
-	"./database/table.ibd" (in 5.5-) or "database/table" (in 5.6+). For a
-	multi-node shared tablespace, space->name contains the name of the first
-	node, but that's irrelevant, since we only need node_name to match them
-	against filters, and the shared tablespace is always copied regardless
-	of the filters value. */
+	const char *frm_path = path;
+	if (ends_with(path, ".par")) {
+		size_t frm_path_len = strlen(path);
+		DBUG_ASSERT(frm_path_len > strlen("frm"));
+		frm_path = strdup(path);
+		strcpy(const_cast<char *>(frm_path) + frm_path_len - strlen("frm"), "frm");
+	}
 
-	if (check_if_skip_table(filepath)) {
-		msg(thread_n,"Skipping %s.", filepath);
-		return(true);
+	bool result = false;
+	File file;
+	uchar header[40];
+	legacy_db_type dbt;
+
+	if ((file= mysql_file_open(key_file_frm, frm_path, O_RDONLY | O_SHARE, MYF(0)))
+			< 0)
+		goto err;
+
+	if (mysql_file_read(file, (uchar*) header, sizeof(header), MYF(MY_NABP)))
+		goto err;
+
+	if (!strncmp((char*) header, "TYPE=VIEW\n", 10))
+		goto err;
+
+	if (!is_binary_frm_header(header))
+		goto err;
+
+	dbt = (legacy_db_type)header[3];
+
+	if (dbt == DB_TYPE_ARIA) {
+		result = true;
 	}
+	else if (dbt == DB_TYPE_PARTITION_DB) {
+		MY_STAT state;
+		uchar *frm_image= 0;
+//		uint n_length;
 
-	if (filename_matches(filepath, ext_list)) {
-		return ds_data->copy_file(filepath, filepath, thread_n);
+		if (mysql_file_fstat(file, &state, MYF(MY_WME)))
+			goto err;
+
+		if (mysql_file_seek(file, 0, SEEK_SET, MYF(MY_WME)))
+			goto err;
+
+		if (read_string(file, &frm_image, (size_t)state.st_size))
+			goto err;
+
+		dbt = (legacy_db_type)frm_image[61];
+		if (dbt == DB_TYPE_ARIA) {
+			result = true;
+		}
+		my_free(frm_image);
 	}
 
-	return(true);
+err:
+	if (file >= 0)
+		mysql_file_close(file, MYF(MY_WME));
+	if (frm_path != path)
+		free(const_cast<char *>(frm_path));
+  return result;
 }
+*/
 
+void parse_db_table_from_file_path(
+	const char *filepath, char *dbname, char *tablename) {
+	dbname[0] = '\0';
+	tablename[0] = '\0';
+	const char *dbname_start = nullptr;
+	const char *tablename_start = filepath;
+	const char *const_ptr;
+	while ((const_ptr = strchr(tablename_start, FN_LIBCHAR)) != NULL) {
+		dbname_start = tablename_start;
+		tablename_start = const_ptr + 1;
+	}
+	if (!dbname_start)
+		return;
+	size_t dbname_len = tablename_start - dbname_start - 1;
+	if (dbname_len >= FN_REFLEN)
+          dbname_len = FN_REFLEN-1;
+	strmake(dbname, dbname_start, dbname_len);
+	strmake(tablename, tablename_start, FN_REFLEN-1);
+	char *ptr;
+	if ((ptr = strchr(tablename, '.')))
+		*ptr = '\0';
+	if ((ptr = strstr(tablename, "#P#")))
+		*ptr = '\0';
+}
+
+bool is_system_table(const char *dbname, const char *tablename)
+{
+	DBUG_ASSERT(dbname);
+	DBUG_ASSERT(tablename);
+
+	LEX_CSTRING lex_dbname;
+	LEX_CSTRING lex_tablename;
+	lex_dbname.str = dbname;
+	lex_dbname.length = strlen(dbname);
+	lex_tablename.str = tablename;
+	lex_tablename.length = strlen(tablename);
+
+	TABLE_CATEGORY tg = get_table_category(&lex_dbname, &lex_tablename);
+
+	return (tg == TABLE_CATEGORY_LOG) || (tg == TABLE_CATEGORY_SYSTEM);
+}
 
 /************************************************************************
-Same as datafile_copy_backup, but put file name into the list for
-rsync command. */
+Copy data file for backup. Also check if it is allowed to copy by
+comparing its name to the list of known data file types and checking
+if passes the rules for partial backup.
+@return true if file backed up or skipped successfully. */
 static
 bool
-datafile_rsync_backup(const char *filepath, bool save_to_list, FILE *f)
+datafile_copy_backup(ds_ctxt *ds_data, const char *filepath, uint thread_n)
 {
-	const char *ext_list[] = {"frm", "isl", "MYD", "MYI", "MAD", "MAI",
-		"MRG", "TRG", "TRN", "ARM", "ARZ", "CSM", "CSV", "opt", "par",
-		NULL};
+       const char *ext_list[] = {".frm", ".isl", ".TRG", ".TRN", ".opt", ".par",
+         NULL};
 
 	/* Get the name and the path for the tablespace. node->name always
 	contains the path (which may be absolute for remote tablespaces in
@@ -857,15 +935,13 @@ datafile_rsync_backup(const char *filepath, bool save_to_list, FILE *f)
 	of the filters value. */
 
 	if (check_if_skip_table(filepath)) {
+		msg(thread_n,"Skipping %s.", filepath);
 		return(true);
 	}
 
 	if (filename_matches(filepath, ext_list)) {
-		fprintf(f, "%s\n", filepath);
-		if (save_to_list) {
-			rsync_list.insert(filepath);
-		}
-	}
+		return ds_data->copy_file(filepath, filepath, thread_n);
+        }
 
 	return(true);
 }
@@ -1004,16 +1080,15 @@ Copy file for backup/restore.
 bool
 ds_ctxt_t::copy_file(const char *src_file_path,
                      const char *dst_file_path,
-                     uint thread_n)
+		     uint thread_n,
+		     bool rewrite)
 {
 	char			 dst_name[FN_REFLEN];
 	ds_file_t		*dstfile = NULL;
 	datafile_cur_t		 cursor;
 	xb_fil_cur_result_t	 res;
 	DBUG_ASSERT(datasink->remove);
-	const char	*dst_path =
-		(xtrabackup_copy_back || xtrabackup_move_back)?
-		dst_file_path : trim_dotslash(dst_file_path);
+	const char	*dst_path = convert_dst(dst_file_path);
 
 	if (!datafile_open(src_file_path, &cursor, thread_n)) {
 		goto error_close;
@@ -1021,7 +1096,7 @@ ds_ctxt_t::copy_file(const char *src_file_path,
 
 	strncpy(dst_name, cursor.rel_path, sizeof(dst_name));
 
-	dstfile = ds_open(this, dst_path, &cursor.statinfo);
+	dstfile = ds_open(this, dst_path, &cursor.statinfo, rewrite);
 	if (dstfile == NULL) {
 		msg(thread_n,"error: "
 			"cannot open the destination stream for %s", dst_name);
@@ -1245,278 +1320,45 @@ cleanup:
 }
 
 
-
-
-static
 bool
-backup_files(ds_ctxt *ds_data, const char *from, bool prep_mode)
+backup_files(ds_ctxt *ds_data, const char *from)
 {
-	char rsync_tmpfile_name[FN_REFLEN];
-	FILE *rsync_tmpfile = NULL;
 	datadir_iter_t *it;
 	datadir_node_t node;
 	bool ret = true;
-
-	if (prep_mode && !opt_rsync) {
-		return(true);
-	}
-
-	if (opt_rsync) {
-		snprintf(rsync_tmpfile_name, sizeof(rsync_tmpfile_name),
-			"%s/%s%d", opt_mysql_tmpdir,
-			"xtrabackup_rsyncfiles_pass",
-			prep_mode ? 1 : 2);
-		rsync_tmpfile = fopen(rsync_tmpfile_name, "w");
-		if (rsync_tmpfile == NULL) {
-			msg("Error: can't create file %s",
-				rsync_tmpfile_name);
-			return(false);
-		}
-	}
-
-	msg("Starting %s non-InnoDB tables and files",
-	       prep_mode ? "prep copy of" : "to backup");
-
+	msg("Starting to backup non-InnoDB tables and files");
 	datadir_node_init(&node);
 	it = datadir_iter_new(from);
-
 	while (datadir_iter_next(it, &node)) {
-
 		if (!node.is_empty_dir) {
-			if (opt_rsync) {
-				ret = datafile_rsync_backup(node.filepath,
-					!prep_mode, rsync_tmpfile);
-			} else {
-				ret = datafile_copy_backup(ds_data, node.filepath, 1);
-			}
+			ret = datafile_copy_backup(ds_data, node.filepath, 1);
 			if (!ret) {
 				msg("Failed to copy file %s", node.filepath);
 				goto out;
 			}
-		} else if (!prep_mode) {
+		} else {
 			/* backup fake file into empty directory */
 			char path[FN_REFLEN];
-			snprintf(path, sizeof(path),
-				 "%s/db.opt", node.filepath);
-			if (!(ret = ds_data->backup_file_printf(
-					trim_dotslash(path), "%s", ""))) {
+			snprintf(path, sizeof(path), "%s/db.opt", node.filepath);
+			if (!(ret = ds_data->backup_file_printf(trim_dotslash(path), "%s", ""))) {
 				msg("Failed to create file %s", path);
 				goto out;
 			}
 		}
 	}
-
-	if (opt_rsync) {
-		std::stringstream cmd;
-		int err;
-
-		if (buffer_pool_filename && file_exists(buffer_pool_filename)) {
-			fprintf(rsync_tmpfile, "%s\n", buffer_pool_filename);
-			rsync_list.insert(buffer_pool_filename);
-		}
-		if (file_exists("ib_lru_dump")) {
-			fprintf(rsync_tmpfile, "%s\n", "ib_lru_dump");
-			rsync_list.insert("ib_lru_dump");
-		}
-
-		fclose(rsync_tmpfile);
-		rsync_tmpfile = NULL;
-
-		cmd << "rsync -t . --files-from=" << rsync_tmpfile_name
-		    << " " << xtrabackup_target_dir;
-
-		msg("Starting rsync as: %s", cmd.str().c_str());
-		if ((err = system(cmd.str().c_str()) && !prep_mode) != 0) {
-			msg("Error: rsync failed with error code %d", err);
-			ret = false;
-			goto out;
-		}
-		msg("rsync finished successfully.");
-
-		if (!prep_mode && !opt_no_lock) {
-			char path[FN_REFLEN];
-			char dst_path[FN_REFLEN];
-			char *newline;
-
-			/* Remove files that have been removed between first and
-			second passes. Cannot use "rsync --delete" because it
-			does not work with --files-from. */
-			snprintf(rsync_tmpfile_name, sizeof(rsync_tmpfile_name),
-				"%s/%s", opt_mysql_tmpdir,
-				"xtrabackup_rsyncfiles_pass1");
-
-			rsync_tmpfile = fopen(rsync_tmpfile_name, "r");
-			if (rsync_tmpfile == NULL) {
-				msg("Error: can't open file %s",
-					rsync_tmpfile_name);
-				ret = false;
-				goto out;
-			}
-
-			while (fgets(path, sizeof(path), rsync_tmpfile)) {
-
-				newline = strchr(path, '\n');
-				if (newline) {
-					*newline = 0;
-				}
-				if (rsync_list.count(path) < 1) {
-					snprintf(dst_path, sizeof(dst_path),
-						"%s/%s", xtrabackup_target_dir,
-						path);
-					msg("Removing %s", dst_path);
-					unlink(dst_path);
-				}
-			}
-
-			fclose(rsync_tmpfile);
-			rsync_tmpfile = NULL;
-		}
-	}
-
-	msg("Finished %s non-InnoDB tables and files",
-	       prep_mode ? "a prep copy of" : "backing up");
-
+	msg("Finished backing up non-InnoDB tables and files");
 out:
 	datadir_iter_free(it);
 	datadir_node_free(&node);
-
-	if (rsync_tmpfile != NULL) {
-		fclose(rsync_tmpfile);
-	}
-
 	return(ret);
 }
 
-
-lsn_t get_current_lsn(MYSQL *connection)
-{
-	static const char lsn_prefix[] = "\nLog sequence number ";
-	lsn_t lsn = 0;
-	if (MYSQL_RES *res = xb_mysql_query(connection,
-					    "SHOW ENGINE INNODB STATUS",
-					    true, false)) {
-		if (MYSQL_ROW row = mysql_fetch_row(res)) {
-			const char *p= strstr(row[2], lsn_prefix);
-			DBUG_ASSERT(p);
-			if (p) {
-				p += sizeof lsn_prefix - 1;
-				lsn = lsn_t(strtoll(p, NULL, 10));
-			}
-		}
-		mysql_free_result(res);
-	}
-	return lsn;
-}
-
 lsn_t server_lsn_after_lock;
 extern void backup_wait_for_lsn(lsn_t lsn);
-/** Start --backup */
-bool backup_start(ds_ctxt *ds_data, ds_ctxt *ds_meta,
-                  CorruptedPages &corrupted_pages)
-{
-	if (!opt_no_lock) {
-		if (opt_safe_slave_backup) {
-			if (!wait_for_safe_slave(mysql_connection)) {
-				return(false);
-			}
-		}
-
-		if (!backup_files(ds_data, fil_path_to_mysql_datadir, true)) {
-			return(false);
-		}
-
-		history_lock_time = time(NULL);
-
-		if (!lock_tables(mysql_connection)) {
-			return(false);
-		}
-		server_lsn_after_lock = get_current_lsn(mysql_connection);
-	}
-
-	if (!backup_files(ds_data, fil_path_to_mysql_datadir, false)) {
-		return(false);
-	}
-
-        if (!backup_files_from_datadir(ds_data, fil_path_to_mysql_datadir,
-	                               "aws-kms-key") ||
-            !backup_files_from_datadir(ds_data,
-                                       aria_log_dir_path,
-                                       "aria_log")) {
-		return false;
-	}
 
-	if (has_rocksdb_plugin()) {
-		rocksdb_create_checkpoint();
-	}
-
-	msg("Waiting for log copy thread to read lsn %llu", (ulonglong)server_lsn_after_lock);
-	backup_wait_for_lsn(server_lsn_after_lock);
-	DBUG_EXECUTE_FOR_KEY("sleep_after_waiting_for_lsn", {},
-		{
-			ulong milliseconds = strtoul(dbug_val, NULL, 10);
-			msg("sleep_after_waiting_for_lsn");
-			my_sleep(milliseconds*1000UL);
-		});
-
-	corrupted_pages.backup_fix_ddl(ds_data, ds_meta);
-
-	// There is no need to stop slave thread before coping non-Innodb data when
-	// --no-lock option is used because --no-lock option requires that no DDL or
-	// DML to non-transaction tables can occur.
-	if (opt_no_lock) {
-		if (opt_safe_slave_backup) {
-			if (!wait_for_safe_slave(mysql_connection)) {
-				return(false);
-			}
-		}
-	}
-
-	if (opt_slave_info) {
-		lock_binlog_maybe(mysql_connection);
-
-		if (!write_slave_info(ds_data, mysql_connection)) {
-			return(false);
-		}
-	}
-
-	/* The only reason why Galera/binlog info is written before
-	wait_for_ibbackup_log_copy_finish() is that after that call the xtrabackup
-	binary will start streamig a temporary copy of REDO log to stdout and
-	thus, any streaming from innobackupex would interfere. The only way to
-	avoid that is to have a single process, i.e. merge innobackupex and
-	xtrabackup. */
-	if (opt_galera_info) {
-		if (!write_galera_info(ds_data, mysql_connection)) {
-			return(false);
-		}
-	}
-
-	if (opt_binlog_info == BINLOG_INFO_ON) {
-
-		lock_binlog_maybe(mysql_connection);
-		write_binlog_info(ds_data, mysql_connection);
-	}
-
-	if (!opt_no_lock) {
-		msg("Executing FLUSH NO_WRITE_TO_BINLOG ENGINE LOGS...");
-		xb_mysql_query(mysql_connection,
-			"FLUSH NO_WRITE_TO_BINLOG ENGINE LOGS", false);
-	}
-
-	return(true);
-}
-
-/** Release resources after backup_start() */
+/** Release resources after backup_files() */
 void backup_release()
 {
-	/* release all locks */
-	if (!opt_no_lock) {
-		unlock_all(mysql_connection);
-		history_lock_time = 0;
-	} else {
-		history_lock_time = time(NULL) - history_lock_time;
-	}
-
 	if (opt_lock_ddl_per_table) {
 		mdl_unlock_all();
 	}
@@ -1530,11 +1372,11 @@ void backup_release()
 
 static const char *default_buffer_pool_file = "ib_buffer_pool";
 
-/** Finish after backup_start() and backup_release() */
+/** Finish after backup_files() and backup_release() */
 bool backup_finish(ds_ctxt *ds_data)
 {
 	/* Copy buffer pool dump or LRU dump */
-	if (!opt_rsync && opt_galera_info) {
+	if (opt_galera_info) {
 		if (buffer_pool_filename && file_exists(buffer_pool_filename)) {
 			ds_data->copy_file(buffer_pool_filename, default_buffer_pool_file, 0);
 		}
@@ -1893,8 +1735,6 @@ copy_back()
 		return(false);
 	}
 
-	srv_max_n_threads = 1000;
-
 	/* copy undo tablespaces */
 
 	Copy_back_dst_dir dst_dir_buf;
@@ -1922,7 +1762,8 @@ copy_back()
 
 	dst_dir = dst_dir_buf.make(srv_log_group_home_dir);
 
-	/* --backup generates a single ib_logfile0, which we must copy. */
+	/* --backup generates a single LOG_FILE_NAME, which we must copy
+	if it exists. */
 
 	ds_tmp = ds_create(dst_dir, DS_TYPE_LOCAL);
 	if (!(ret = copy_or_move_file(ds_tmp, LOG_FILE_NAME, LOG_FILE_NAME,
@@ -2155,8 +1996,6 @@ decrypt_decompress()
 	bool ret;
 	datadir_iter_t *it = NULL;
 
-	srv_max_n_threads = 1000;
-
 	/* cd to backup directory */
 	if (my_setwd(xtrabackup_target_dir, MYF(MY_WME)))
 	{
@@ -2169,8 +2008,6 @@ decrypt_decompress()
 
 	it = datadir_iter_new(".", false);
 
-	ut_a(xtrabackup_parallel >= 0);
-
 	ret = run_data_threads(it, decrypt_decompress_thread_func,
 		xtrabackup_parallel ? xtrabackup_parallel : 1);
 
@@ -2192,9 +2029,9 @@ decrypt_decompress()
   Do not copy the Innodb files (ibdata1, redo log files),
   as this is done in a separate step.
 */
-static bool backup_files_from_datadir(ds_ctxt_t *ds_data,
-                                      const char *dir_path,
-                                      const char *prefix)
+bool backup_files_from_datadir(ds_ctxt_t *ds_data,
+                               const char *dir_path,
+                               const char *prefix)
 {
 	os_file_dir_t dir = os_file_opendir(dir_path);
 	if (dir == IF_WIN(INVALID_HANDLE_VALUE, nullptr)) return false;
@@ -2218,10 +2055,6 @@ static bool backup_files_from_datadir(ds_ctxt_t *ds_data,
 			pname = info.name;
 
 		if (!starts_with(pname, prefix))
-			/* For ES exchange the above line with the following code:
-			(!xtrabackup_prepare || !xtrabackup_incremental_dir ||
-				!starts_with(pname, "aria_log")))
-			*/
 			continue;
 
 		if (xtrabackup_prepare && xtrabackup_incremental_dir &&
@@ -2244,7 +2077,7 @@ static int rocksdb_remove_checkpoint_directory()
 	return 0;
 }
 
-static bool has_rocksdb_plugin()
+bool has_rocksdb_plugin()
 {
 	static bool first_time = true;
 	static bool has_plugin= false;
@@ -2390,7 +2223,7 @@ static void rocksdb_unlock_checkpoint()
 #define MARIADB_CHECKPOINT_DIR "mariabackup-checkpoint"
 static 	char rocksdb_checkpoint_dir[FN_REFLEN];
 
-static void rocksdb_create_checkpoint()
+void rocksdb_create_checkpoint()
 {
 	MYSQL_RES *result = xb_mysql_query(mysql_connection, "SELECT @@rocksdb_datadir,@@datadir", true, true);
 	MYSQL_ROW row = mysql_fetch_row(result);
@@ -2470,3 +2303,39 @@ static void rocksdb_copy_back(ds_ctxt *ds_data) {
 	mkdirp(rocksdb_home_dir, 0777, MYF(0));
 	ds_data->copy_or_move_dir(ROCKSDB_BACKUP_DIR, rocksdb_home_dir, xtrabackup_copy_back, xtrabackup_copy_back);
 }
+
+void foreach_file_in_db_dirs(
+	const char *dir_path, std::function<bool(const char *)> func) {
+	DBUG_ASSERT(dir_path);
+
+	datadir_iter_t *it;
+	datadir_node_t node;
+
+	datadir_node_init(&node);
+	it = datadir_iter_new(dir_path);
+
+	while (datadir_iter_next(it, &node))
+		if (!node.is_empty_dir && !func(node.filepath))
+			break;
+
+	datadir_iter_free(it);
+	datadir_node_free(&node);
+}
+
+void foreach_file_in_datadir(
+	const char *dir_path, std::function<bool(const char *)> func)
+{
+	DBUG_ASSERT(dir_path);
+	os_file_dir_t dir = os_file_opendir(dir_path);
+	os_file_stat_t info;
+	while (os_file_readdir_next_file(dir_path, dir, &info) == 0) {
+		if (info.type != OS_FILE_TYPE_FILE)
+			continue;
+		const char *pname = strrchr(info.name, IF_WIN('\\', '/'));
+		if (!pname)
+			pname = info.name;
+		if (!func(pname))
+			break;
+	}
+	os_file_closedir(dir);
+}
diff --git a/extra/mariabackup/backup_copy.h b/extra/mariabackup/backup_copy.h
index b5aaf312..409e7839 100644
--- a/extra/mariabackup/backup_copy.h
+++ b/extra/mariabackup/backup_copy.h
@@ -2,6 +2,7 @@
 #ifndef XTRABACKUP_BACKUP_COPY_H
 #define XTRABACKUP_BACKUP_COPY_H
 
+#include <functional>
 #include <my_global.h>
 #include <mysql.h>
 #include "datasink.h"
@@ -21,11 +22,10 @@ bool
 equal_paths(const char *first, const char *second);
 
 /** Start --backup */
-bool backup_start(ds_ctxt *ds_data, ds_ctxt *ds_meta,
-                  CorruptedPages &corrupted_pages);
-/** Release resources after backup_start() */
+bool backup_files(ds_ctxt *ds_data, const char *from);
+/** Release resources after backup_files() */
 void backup_release();
-/** Finish after backup_start() and backup_release() */
+/** Finish after backup_files() and backup_release() */
 bool backup_finish(ds_ctxt *ds_data);
 bool
 apply_log_finish();
@@ -38,7 +38,25 @@ is_path_separator(char);
 bool
 directory_exists(const char *dir, bool create);
 
-lsn_t
-get_current_lsn(MYSQL *connection);
-
+bool has_rocksdb_plugin();
+void rocksdb_create_checkpoint();
+void foreach_file_in_db_dirs(
+	const char *dir_path, std::function<bool(const char *)> func);
+void foreach_file_in_datadir(
+	const char *dir_path, std::function<bool(const char *)> func);
+bool ends_with(const char *str, const char *suffix);
+bool starts_with(const char *str, const char *prefix);
+void parse_db_table_from_file_path(
+	const char *filepath, char *dbname, char *tablename);
+const char *trim_dotslash(const char *path);
+bool backup_files_from_datadir(ds_ctxt_t *ds_data,
+                               const char *dir_path,
+                               const char *prefix);
+
+bool is_system_table(const char *dbname, const char *tablename);
+std::unique_ptr<std::vector<std::string>>
+	find_files(const char *dir_path, const char *prefix, const char *suffix);
+bool file_exists(const char *filename);
+bool
+filename_matches(const char *filename, const char **ext_list);
 #endif
diff --git a/extra/mariabackup/backup_debug.h b/extra/mariabackup/backup_debug.h
index 777b4f4a..9286bc7b 100644
--- a/extra/mariabackup/backup_debug.h
+++ b/extra/mariabackup/backup_debug.h
@@ -1,5 +1,6 @@
 #pragma once
 #include "my_dbug.h"
+
 #ifndef DBUG_OFF
 char *dbug_mariabackup_get_val(const char *event, fil_space_t::name_type key);
 /*
@@ -14,11 +15,21 @@ To use this facility, you need to
    for the variable)
 3. start mariabackup with --dbug=+d,debug_mariabackup_events
 */
-#define DBUG_EXECUTE_FOR_KEY(EVENT, KEY, CODE)			\
-	DBUG_EXECUTE_IF("mariabackup_inject_code",		\
-	{ char *dbug_val= dbug_mariabackup_get_val(EVENT, KEY);	\
-	  if (dbug_val) CODE })
+extern void dbug_mariabackup_event(
+	const char *event, const fil_space_t::name_type key, bool need_lock);
+#define DBUG_MARIABACKUP_EVENT(A, B) \
+	DBUG_EXECUTE_IF("mariabackup_events", \
+		dbug_mariabackup_event(A,B,false););
+#define DBUG_MARIABACKUP_EVENT_LOCK(A, B) \
+	DBUG_EXECUTE_IF("mariabackup_events", \
+		dbug_mariabackup_event(A,B, true););
+#define DBUG_EXECUTE_FOR_KEY(EVENT, KEY, CODE) \
+	DBUG_EXECUTE_IF("mariabackup_inject_code", {\
+		char *dbug_val = dbug_mariabackup_get_val(EVENT, KEY); \
+		if (dbug_val && *dbug_val) CODE \
+	})
 #else
+#define DBUG_MARIABACKUP_EVENT(A,B)
+#define DBUG_MARIABACKUP_EVENT_LOCK(A,B)
 #define DBUG_EXECUTE_FOR_KEY(EVENT, KEY, CODE)
 #endif
-
diff --git a/extra/mariabackup/backup_mysql.cc b/extra/mariabackup/backup_mysql.cc
index c2f15da4..2aad6004 100644
--- a/extra/mariabackup/backup_mysql.cc
+++ b/extra/mariabackup/backup_mysql.cc
@@ -47,6 +47,12 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include <stdlib.h>
 #include <string.h>
 #include <limits>
+#ifdef HAVE_PWD_H
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <pwd.h>
+#endif
 #include "common.h"
 #include "xtrabackup.h"
 #include "srv0srv.h"
@@ -54,19 +60,19 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include "backup_copy.h"
 #include "backup_mysql.h"
 #include "mysqld.h"
-#include "xb_plugin.h"
+#include "encryption_plugin.h"
 #include <sstream>
 #include <sql_error.h>
 #include "page0zip.h"
+#include "backup_debug.h"
 
 char *tool_name;
-char tool_args[2048];
+char tool_args[8192];
 
 ulong mysql_server_version;
 
 /* server capabilities */
 bool have_changed_page_bitmaps = false;
-bool have_backup_locks = false;
 bool have_lock_wait_timeout = false;
 bool have_galera_enabled = false;
 bool have_multi_threaded_slave = false;
@@ -92,11 +98,54 @@ MYSQL *mysql_connection;
 
 extern my_bool opt_ssl_verify_server_cert, opt_use_ssl;
 
+
+/*
+  get_os_user()
+  Ressemles read_user_name() from libmariadb/libmariadb/mariadb_lib.c.
+*/
+
+#if !defined(_WIN32)
+
+#if defined(HAVE_GETPWUID) && defined(NO_GETPWUID_DECL)
+struct passwd *getpwuid(uid_t);
+char* getlogin(void);
+#endif
+
+static const char *get_os_user() // Posix
+{
+  if (!geteuid())
+    return "root";
+#ifdef HAVE_GETPWUID
+  struct passwd *pw;
+  const char *str;
+  if ((pw= getpwuid(geteuid())) != NULL)
+    return pw->pw_name;
+  if ((str= getlogin()) != NULL)
+    return str;
+#endif
+  if ((str= getenv("USER")) ||
+      (str= getenv("LOGNAME")) ||
+      (str= getenv("LOGIN")))
+    return str;
+  return NULL;
+}
+
+#else
+
+static const char *get_os_user() // Windows
+{
+  return getenv("USERNAME");
+}
+
+#endif // _WIN32
+
+
 MYSQL *
 xb_mysql_connect()
 {
 	MYSQL *connection = mysql_init(NULL);
 	char mysql_port_str[std::numeric_limits<int>::digits10 + 3];
+	const char *user= opt_user ? opt_user : get_os_user();
 
 	sprintf(mysql_port_str, "%d", opt_port);
 
@@ -126,7 +175,7 @@ xb_mysql_connect()
 
 	msg("Connecting to MariaDB server host: %s, user: %s, password: %s, "
 	       "port: %s, socket: %s", opt_host ? opt_host : "localhost",
-	       opt_user ? opt_user : "not set",
+	       user ? user : "not set",
 	       opt_password ? "set" : "not set",
 	       opt_port != 0 ? mysql_port_str : "not set",
 	       opt_socket ? opt_socket : "not set");
@@ -147,7 +196,7 @@ xb_mysql_connect()
 
 	if (!mysql_real_connect(connection,
 				opt_host ? opt_host : "localhost",
-				opt_user,
+				user,
 				opt_password,
 				"" /*database*/, opt_port,
 				opt_socket, 0)) {
@@ -203,13 +252,14 @@ struct mysql_variable {
 
 
 static
-void
+uint
 read_mysql_variables(MYSQL *connection, const char *query, mysql_variable *vars,
 	bool vertical_result)
 {
 	MYSQL_RES *mysql_result;
 	MYSQL_ROW row;
 	mysql_variable *var;
+	uint n_values=0;
 
 	mysql_result = xb_mysql_query(connection, query, true);
 
@@ -223,6 +273,7 @@ read_mysql_variables(MYSQL *connection, const char *query, mysql_variable *vars,
 				if (strcmp(var->name, name) == 0
 				    && value != NULL) {
 					*(var->value) = strdup(value);
+					n_values++;
 				}
 			}
 		}
@@ -239,6 +290,7 @@ read_mysql_variables(MYSQL *connection, const char *query, mysql_variable *vars,
 					if (strcmp(var->name, name) == 0
 					    && value != NULL) {
 						*(var->value) = strdup(value);
+						n_values++;
 					}
 				}
 				++i;
@@ -247,6 +299,7 @@ read_mysql_variables(MYSQL *connection, const char *query, mysql_variable *vars,
 	}
 
 	mysql_free_result(mysql_result);
+	return n_values;
 }
 
 
@@ -311,7 +364,6 @@ bool get_mysql_vars(MYSQL *connection)
 {
   char *gtid_mode_var= NULL;
   char *version_var= NULL;
-  char *have_backup_locks_var= NULL;
   char *log_bin_var= NULL;
   char *lock_wait_timeout_var= NULL;
   char *wsrep_on_var= NULL;
@@ -336,7 +388,6 @@ bool get_mysql_vars(MYSQL *connection)
   bool ret= true;
 
   mysql_variable mysql_vars[]= {
-      {"have_backup_locks", &have_backup_locks_var},
       {"log_bin", &log_bin_var},
       {"lock_wait_timeout", &lock_wait_timeout_var},
       {"gtid_mode", &gtid_mode_var},
@@ -361,11 +412,6 @@ bool get_mysql_vars(MYSQL *connection)
 
   read_mysql_variables(connection, "SHOW VARIABLES", mysql_vars, true);
 
-  if (have_backup_locks_var != NULL && !opt_no_backup_locks)
-  {
-    have_backup_locks= true;
-  }
-
   if (opt_binlog_info == BINLOG_INFO_AUTO)
   {
     if (log_bin_var != NULL && !strcmp(log_bin_var, "ON"))
@@ -512,24 +558,6 @@ Query the server to find out what backup capabilities it supports.
 bool
 detect_mysql_capabilities_for_backup()
 {
-	const char *query = "SELECT 'INNODB_CHANGED_PAGES', COUNT(*) FROM "
-				"INFORMATION_SCHEMA.PLUGINS "
-			    "WHERE PLUGIN_NAME LIKE 'INNODB_CHANGED_PAGES'";
-	char *innodb_changed_pages = NULL;
-	mysql_variable vars[] = {
-		{"INNODB_CHANGED_PAGES", &innodb_changed_pages}, {NULL, NULL}};
-
-	if (xtrabackup_incremental) {
-
-		read_mysql_variables(mysql_connection, query, vars, true);
-
-		ut_ad(innodb_changed_pages != NULL);
-
-		have_changed_page_bitmaps = (atoi(innodb_changed_pages) == 1);
-
-		free_mysql_variables(vars);
-	}
-
 	/* do some sanity checks */
 	if (opt_galera_info && !have_galera_enabled) {
 		msg("--galera-info is specified on the command "
@@ -837,11 +865,11 @@ static void stop_query_killer()
 
 
 /*********************************************************************//**
-Function acquires either a backup tables lock, if supported
-by the server, or a global read lock (FLUSH TABLES WITH READ LOCK)
-otherwise.
+Function acquires backup locks
 @returns true if lock acquired */
-bool lock_tables(MYSQL *connection)
+
+bool
+lock_for_backup_stage_start(MYSQL *connection)
 {
   if (have_lock_wait_timeout || opt_lock_wait_timeout)
   {
@@ -854,12 +882,6 @@ bool lock_tables(MYSQL *connection)
     xb_mysql_query(connection, buf, false);
   }
 
-  if (have_backup_locks)
-  {
-    msg("Executing LOCK TABLES FOR BACKUP...");
-    xb_mysql_query(connection, "LOCK TABLES FOR BACKUP", false);
-    return (true);
-  }
 
   if (opt_lock_wait_timeout)
   {
@@ -884,8 +906,6 @@ bool lock_tables(MYSQL *connection)
 
   xb_mysql_query(connection, "BACKUP STAGE START", true);
   DBUG_MARIABACKUP_EVENT("after_backup_stage_start", {});
-  xb_mysql_query(connection, "BACKUP STAGE BLOCK_COMMIT", true);
-  DBUG_MARIABACKUP_EVENT("after_backup_stage_block_commit", {});
   /* Set the maximum supported session value for
   lock_wait_timeout to prevent unnecessary timeouts when the
   global value is changed from the default */
@@ -901,24 +921,68 @@ bool lock_tables(MYSQL *connection)
   return (true);
 }
 
-/*********************************************************************//**
-If backup locks are used, execute LOCK BINLOG FOR BACKUP provided that we are
-not in the --no-lock mode and the lock has not been acquired already.
-@returns true if lock acquired */
 bool
-lock_binlog_maybe(MYSQL *connection)
-{
-	if (have_backup_locks && !opt_no_lock && !binlog_locked) {
-		msg("Executing LOCK BINLOG FOR BACKUP...");
-		xb_mysql_query(connection, "LOCK BINLOG FOR BACKUP", false);
-		binlog_locked = true;
+lock_for_backup_stage_flush(MYSQL *connection) {
+	if (opt_kill_long_queries_timeout) {
+		start_query_killer();
+	}
+	xb_mysql_query(connection, "BACKUP STAGE FLUSH", true);
+	if (opt_kill_long_queries_timeout) {
+		stop_query_killer();
+	}
+	return true;
+}
 
-		return(true);
+bool
+lock_for_backup_stage_block_ddl(MYSQL *connection) {
+	if (opt_kill_long_queries_timeout) {
+		start_query_killer();
+	}
+	xb_mysql_query(connection, "BACKUP STAGE BLOCK_DDL", true);
+	DBUG_MARIABACKUP_EVENT("after_backup_stage_block_ddl", {});
+	if (opt_kill_long_queries_timeout) {
+		stop_query_killer();
 	}
+	return true;
+}
 
-	return(false);
+bool
+lock_for_backup_stage_commit(MYSQL *connection) {
+	if (opt_kill_long_queries_timeout) {
+		start_query_killer();
+	}
+	xb_mysql_query(connection, "BACKUP STAGE BLOCK_COMMIT", true);
+	DBUG_MARIABACKUP_EVENT("after_backup_stage_block_commit", {});
+	if (opt_kill_long_queries_timeout) {
+		stop_query_killer();
+	}
+	return true;
 }
 
+bool backup_lock(MYSQL *con, const char *table_name) {
+	static const std::string backup_lock_prefix("BACKUP LOCK ");
+	std::string backup_lock_query = backup_lock_prefix + table_name;
+	xb_mysql_query(con, backup_lock_query.c_str(), true);
+	return true;
+}
+
+bool backup_unlock(MYSQL *con) {
+	xb_mysql_query(con, "BACKUP UNLOCK", true);
+	return true;
+}
+
+std::unordered_set<std::string>
+get_tables_in_use(MYSQL *con) {
+	std::unordered_set<std::string> result;
+	MYSQL_RES *q_res =
+		xb_mysql_query(con, "SHOW OPEN TABLES WHERE In_use = 1", true);
+	while (MYSQL_ROW row = mysql_fetch_row(q_res)) {
+		auto tk = table_key(row[0], row[1]);
+		msg("Table %s is in use", tk.c_str());
+		result.insert(std::move(tk));
+	}
+	return result;
+}
 
 /*********************************************************************//**
 Releases either global read lock acquired with FTWRL and the binlog
@@ -1353,77 +1417,103 @@ write_slave_info(ds_ctxt *datasink, MYSQL *connection)
 
 
 /*********************************************************************//**
-Retrieves MySQL Galera and
-saves it in a file. It also prints it to stdout. */
+Retrieves MySQL Galera and saves it in a file. It also prints it to stdout.
+
+We should create xtrabackup_galelera_info file even when backup locks
+are used because donor's wsrep_gtid_domain_id is needed later in joiner.
+Note that at this stage wsrep_local_state_uuid and wsrep_last_committed
+are inconsistent but they are not used in joiner. Joiner will rewrite this file
+at mariabackup --prepare phase and thus there is extra file donor_galera_info.
+Information is needed to maitain wsrep_gtid_domain_id and gtid_binlog_pos
+same across the cluster. If joiner node have different wsrep_gtid_domain_id
+we should still receive effective domain id from the donor node,
+and use it.
+*/
 bool
 write_galera_info(ds_ctxt *datasink, MYSQL *connection)
 {
-	char *state_uuid = NULL, *state_uuid55 = NULL;
-	char *last_committed = NULL, *last_committed55 = NULL;
-	char *domain_id = NULL, *domain_id55 = NULL;
-	bool result;
-
-	mysql_variable status[] = {
-		{"Wsrep_local_state_uuid", &state_uuid},
-		{"wsrep_local_state_uuid", &state_uuid55},
-		{"Wsrep_last_committed", &last_committed},
-		{"wsrep_last_committed", &last_committed55},
-		{NULL, NULL}
-	};
+  char *state_uuid = NULL, *state_uuid55 = NULL;
+  char *last_committed = NULL, *last_committed55 = NULL;
+  char *domain_id = NULL, *domain_id55 = NULL;
+  bool result=true;
+  uint n_values=0;
+  char *wsrep_on = NULL, *wsrep_on55 = NULL;
+
+  mysql_variable vars[] = {
+    {"Wsrep_on", &wsrep_on},
+    {"wsrep_on", &wsrep_on55},
+    {NULL, NULL}
+  };
+
+  mysql_variable status[] = {
+    {"Wsrep_local_state_uuid", &state_uuid},
+    {"wsrep_local_state_uuid", &state_uuid55},
+    {"Wsrep_last_committed", &last_committed},
+    {"wsrep_last_committed", &last_committed55},
+    {NULL, NULL}
+  };
+
+  mysql_variable value[] = {
+    {"Wsrep_gtid_domain_id", &domain_id},
+    {"wsrep_gtid_domain_id", &domain_id55},
+    {NULL, NULL}
+  };
+
+  n_values= read_mysql_variables(connection, "SHOW VARIABLES", vars, true);
+
+  if (n_values == 0 || (wsrep_on == NULL && wsrep_on55 == NULL))
+  {
+    msg("Server is not Galera node thus --galera-info does not "
+	"have any effect.");
+    result = true;
+    goto cleanup;
+  }
 
-	mysql_variable value[] = {
-		{"Wsrep_gtid_domain_id", &domain_id},
-		{"wsrep_gtid_domain_id", &domain_id55},
-		{NULL, NULL}
-	};
+  read_mysql_variables(connection, "SHOW STATUS", status, true);
 
-	/* When backup locks are supported by the server, we should skip
-	creating xtrabackup_galera_info file on the backup stage, because
-	wsrep_local_state_uuid and wsrep_last_committed will be inconsistent
-	without blocking commits. The state file will be created on the prepare
-	stage using the WSREP recovery procedure. */
-	if (have_backup_locks) {
-		return(true);
-	}
+  if ((state_uuid == NULL && state_uuid55 == NULL)
+      || (last_committed == NULL && last_committed55 == NULL))
+  {
+    msg("Warning: failed to get master wsrep state from SHOW STATUS.");
+    result = true;
+    goto cleanup;
+  }
 
-	read_mysql_variables(connection, "SHOW STATUS", status, true);
+  n_values= read_mysql_variables(connection, "SHOW VARIABLES LIKE 'wsrep%'", value, true);
 
-	if ((state_uuid == NULL && state_uuid55 == NULL)
-		|| (last_committed == NULL && last_committed55 == NULL)) {
-		msg("Warning: failed to get master wsrep state from SHOW STATUS.");
-		result = true;
-		goto cleanup;
-	}
+  if (n_values == 0 || (domain_id == NULL && domain_id55 == NULL))
+  {
+    msg("Warning: failed to get master wsrep state from SHOW VARIABLES.");
+    result = true;
+    goto cleanup;
+  }
 
-	read_mysql_variables(connection, "SHOW VARIABLES LIKE 'wsrep%'", value, true);
+  result= datasink->backup_file_printf(XTRABACKUP_GALERA_INFO,
+    "%s:%s %s\n", state_uuid ? state_uuid : state_uuid55,
+    last_committed ? last_committed : last_committed55,
+    domain_id ? domain_id : domain_id55);
 
-	if (domain_id == NULL && domain_id55 == NULL) {
-		msg("Warning: failed to get master wsrep state from SHOW VARIABLES.");
-		result = true;
-		goto cleanup;
-	}
+  if (result)
+  {
+    result= datasink->backup_file_printf(XTRABACKUP_DONOR_GALERA_INFO,
+      "%s:%s %s\n", state_uuid ? state_uuid : state_uuid55,
+      last_committed ? last_committed : last_committed55,
+      domain_id ? domain_id : domain_id55);
+  }
 
-	result = datasink->backup_file_printf(XTRABACKUP_GALERA_INFO,
-		"%s:%s %s\n", state_uuid ? state_uuid : state_uuid55,
-			      last_committed ? last_committed : last_committed55,
-			      domain_id ? domain_id : domain_id55);
+  if (result)
+    write_current_binlog_file(datasink, connection);
 
-	if (result)
-	{
-	  result= datasink->backup_file_printf(XTRABACKUP_DONOR_GALERA_INFO,
-		"%s:%s %s\n", state_uuid ? state_uuid : state_uuid55,
-			      last_committed ? last_committed : last_committed55,
-			      domain_id ? domain_id : domain_id55);
-	}
-	if (result)
-	{
-		write_current_binlog_file(datasink, connection);
-	}
+  if (result)
+    msg("Writing Galera info succeeded with %s:%s %s",
+      state_uuid ? state_uuid : state_uuid55,
+      last_committed ? last_committed : last_committed55,
+      domain_id ? domain_id : domain_id55);
 
 cleanup:
-	free_mysql_variables(status);
+  free_mysql_variables(status);
 
-	return(result);
+  return(result);
 }
 
 
@@ -1466,8 +1556,6 @@ write_current_binlog_file(ds_ctxt *datasink, MYSQL *connection)
 	if (gtid_exists) {
 		size_t log_bin_dir_length;
 
-		lock_binlog_maybe(connection);
-
 		xb_mysql_query(connection, "FLUSH BINARY LOGS", false);
 
 		read_mysql_variables(connection, "SHOW MASTER STATUS",
@@ -1826,13 +1914,13 @@ bool write_backup_config_file(ds_ctxt *datasink)
 		srv_log_file_size,
 		srv_page_size,
 		srv_undo_dir,
-		srv_undo_tablespaces,
+                (uint) srv_undo_tablespaces,
 		page_zip_level,
 		innobase_buffer_pool_filename ?
 			"innodb_buffer_pool_filename=" : "",
 		innobase_buffer_pool_filename ?
 			innobase_buffer_pool_filename : "",
-		xb_plugin_get_config());
+		encryption_plugin_get_config());
 		return rc;
 }
 
@@ -1851,9 +1939,11 @@ char *make_argv(char *buf, size_t len, int argc, char **argv)
 		if (strncmp(*argv, "--password", strlen("--password")) == 0) {
 			arg = "--password=...";
 		}
-		left-= snprintf(buf + len - left, left,
+		uint l= snprintf(buf + len - left, left,
 				"%s%c", arg, argc > 1 ? ' ' : 0);
 		++argv; --argc;
+                if (l < left)
+                  left-= l;
 	}
 
 	return buf;
@@ -1882,18 +1972,6 @@ select_history()
 	return(true);
 }
 
-bool
-flush_changed_page_bitmaps()
-{
-	if (xtrabackup_incremental && have_changed_page_bitmaps &&
-	    !xtrabackup_incremental_force_scan) {
-		xb_mysql_query(mysql_connection,
-			"FLUSH NO_WRITE_TO_BINLOG CHANGED_PAGE_BITMAPS", false);
-	}
-	return(true);
-}
-
-
 /*********************************************************************//**
 Deallocate memory, disconnect from server, etc.
 @return	true on success. */
@@ -1969,3 +2047,23 @@ mdl_unlock_all()
   mysql_close(mdl_con);
   spaceid_to_tablename.clear();
 }
+
+ulonglong get_current_lsn(MYSQL *connection)
+{
+	static const char lsn_prefix[] = "\nLog sequence number ";
+	ulonglong lsn = 0;
+	if (MYSQL_RES *res = xb_mysql_query(connection,
+					    "SHOW ENGINE INNODB STATUS",
+					    true, false)) {
+		if (MYSQL_ROW row = mysql_fetch_row(res)) {
+			const char *p= strstr(row[2], lsn_prefix);
+			DBUG_ASSERT(p);
+			if (p) {
+				p += sizeof lsn_prefix - 1;
+				lsn = lsn_t(strtoll(p, NULL, 10));
+			}
+		}
+		mysql_free_result(res);
+	}
+	return lsn;
+}
diff --git a/extra/mariabackup/backup_mysql.h b/extra/mariabackup/backup_mysql.h
index 4b08da0b..c87efd21 100644
--- a/extra/mariabackup/backup_mysql.h
+++ b/extra/mariabackup/backup_mysql.h
@@ -2,13 +2,15 @@
 #define XTRABACKUP_BACKUP_MYSQL_H
 
 #include <mysql.h>
+#include <string>
+#include <unordered_set>
+#include "datasink.h"
 
 /* MariaDB version */
 extern ulong mysql_server_version;
 
 /* server capabilities */
 extern bool have_changed_page_bitmaps;
-extern bool have_backup_locks;
 extern bool have_lock_wait_timeout;
 extern bool have_galera_enabled;
 extern bool have_multi_threaded_slave;
@@ -35,9 +37,6 @@ capture_tool_command(int argc, char **argv);
 bool
 select_history();
 
-bool
-flush_changed_page_bitmaps();
-
 void
 backup_cleanup();
 
@@ -75,7 +74,21 @@ bool
 lock_binlog_maybe(MYSQL *connection);
 
 bool
-lock_tables(MYSQL *connection);
+lock_for_backup_stage_start(MYSQL *connection);
+
+bool
+lock_for_backup_stage_flush(MYSQL *connection);
+
+bool
+lock_for_backup_stage_block_ddl(MYSQL *connection);
+
+bool
+lock_for_backup_stage_commit(MYSQL *connection);
+
+bool backup_lock(MYSQL *con, const char *table_name);
+bool backup_unlock(MYSQL *con);
+
+std::unordered_set<std::string> get_tables_in_use(MYSQL *con);
 
 bool
 wait_for_safe_slave(MYSQL *connection);
@@ -86,5 +99,6 @@ write_galera_info(ds_ctxt *datasink, MYSQL *connection);
 bool
 write_slave_info(ds_ctxt *datasink, MYSQL *connection);
 
+ulonglong get_current_lsn(MYSQL *connection);
 
 #endif
diff --git a/extra/mariabackup/changed_page_bitmap.cc b/extra/mariabackup/changed_page_bitmap.cc
deleted file mode 100644
index 39a07a25..00000000
--- a/extra/mariabackup/changed_page_bitmap.cc
+++ /dev/null
@@ -1,1040 +0,0 @@
-/******************************************************
-XtraBackup: hot backup tool for InnoDB
-(c) 2009-2012 Percona Inc.
-Originally Created 3/3/2009 Yasufumi Kinoshita
-Written by Alexey Kopytov, Aleksandr Kuzminsky, Stewart Smith, Vadim Tkachenko,
-Yasufumi Kinoshita, Ignacio Nin and Baron Schwartz.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
-
-*******************************************************/
-
-/* Changed page bitmap implementation */
-
-#include "changed_page_bitmap.h"
-
-#include "common.h"
-#include "xtrabackup.h"
-#include "srv0srv.h"
-
-/* TODO: copy-pasted shared definitions from the XtraDB bitmap write code.
-Remove these on the first opportunity, i.e. single-binary XtraBackup.  */
-
-/* log0online.h */
-
-/** Single bitmap file information */
-struct log_online_bitmap_file_t {
-	char		name[FN_REFLEN];	/*!< Name with full path */
-	pfs_os_file_t	file;			/*!< Handle to opened file */
-	ib_uint64_t	size;			/*!< Size of the file */
-	ib_uint64_t	offset;			/*!< Offset of the next read,
-						or count of already-read bytes
-						*/
-};
-
-/** A set of bitmap files containing some LSN range */
-struct log_online_bitmap_file_range_t {
-	size_t	count;				/*!< Number of files */
-	/*!< Dynamically-allocated array of info about individual files */
-	struct files_t {
-		char	name[FN_REFLEN];/*!< Name of a file */
-		lsn_t	start_lsn;	/*!< Starting LSN of data in this
-					file */
-		ulong	seq_num;	/*!< Sequence number of this file */
-	}	*files;
-};
-
-/* log0online.c */
-
-/** File name stem for bitmap files. */
-static const char* bmp_file_name_stem = "ib_modified_log_";
-
-/** The bitmap file block size in bytes.  All writes will be multiples of this.
- */
-enum {
-	MODIFIED_PAGE_BLOCK_SIZE = 4096
-};
-
-/** Offsets in a file bitmap block */
-enum {
-	MODIFIED_PAGE_IS_LAST_BLOCK = 0,/* 1 if last block in the current
-					write, 0 otherwise. */
-	MODIFIED_PAGE_START_LSN = 4,	/* The starting tracked LSN of this and
-					other blocks in the same write */
-	MODIFIED_PAGE_END_LSN = 12,	/* The ending tracked LSN of this and
-					other blocks in the same write */
-	MODIFIED_PAGE_SPACE_ID = 20,	/* The space ID of tracked pages in
-					this block */
-	MODIFIED_PAGE_1ST_PAGE_ID = 24,	/* The page ID of the first tracked
-					page in this block */
-	MODIFIED_PAGE_BLOCK_UNUSED_1 = 28,/* Unused in order to align the start
-					  of bitmap at 8 byte boundary */
-	MODIFIED_PAGE_BLOCK_BITMAP = 32,/* Start of the bitmap itself */
-	MODIFIED_PAGE_BLOCK_UNUSED_2 = MODIFIED_PAGE_BLOCK_SIZE - 8,
-					/* Unused in order to align the end of
-					bitmap at 8 byte boundary */
-	MODIFIED_PAGE_BLOCK_CHECKSUM = MODIFIED_PAGE_BLOCK_SIZE - 4
-					/* The checksum of the current block */
-};
-
-/** Length of the bitmap data in a block */
-enum { MODIFIED_PAGE_BLOCK_BITMAP_LEN
-       = MODIFIED_PAGE_BLOCK_UNUSED_2 - MODIFIED_PAGE_BLOCK_BITMAP };
-
-/** Length of the bitmap data in a block in page ids */
-enum { MODIFIED_PAGE_BLOCK_ID_COUNT = MODIFIED_PAGE_BLOCK_BITMAP_LEN * 8 };
-
-typedef ib_uint64_t	bitmap_word_t;
-
-/****************************************************************//**
-Calculate a bitmap block checksum.  Algorithm borrowed from
-log_block_calc_checksum.
-@return checksum */
-UNIV_INLINE
-ulint
-log_online_calc_checksum(
-/*=====================*/
-	const byte*	block);	/*!<in: bitmap block */
-
-/****************************************************************//**
-Provide a comparisson function for the RB-tree tree (space,
-block_start_page) pairs.  Actual implementation does not matter as
-long as the ordering is full.
-@return -1 if p1 < p2, 0 if p1 == p2, 1 if p1 > p2
-*/
-static
-int
-log_online_compare_bmp_keys(
-/*========================*/
-	const void* p1,	/*!<in: 1st key to compare */
-	const void* p2)	/*!<in: 2nd key to compare */
-{
-	const byte *k1 = (const byte *)p1;
-	const byte *k2 = (const byte *)p2;
-
-	ulint k1_space = mach_read_from_4(k1 + MODIFIED_PAGE_SPACE_ID);
-	ulint k2_space = mach_read_from_4(k2 + MODIFIED_PAGE_SPACE_ID);
-	if (k1_space == k2_space) {
-
-		ulint k1_start_page
-			= mach_read_from_4(k1 + MODIFIED_PAGE_1ST_PAGE_ID);
-		ulint k2_start_page
-			= mach_read_from_4(k2 + MODIFIED_PAGE_1ST_PAGE_ID);
-		return k1_start_page < k2_start_page
-			? -1 : k1_start_page > k2_start_page ? 1 : 0;
-	}
-	return k1_space < k2_space ? -1 : 1;
-}
-
-/****************************************************************//**
-Calculate a bitmap block checksum.  Algorithm borrowed from
-log_block_calc_checksum.
-@return checksum */
-UNIV_INLINE
-ulint
-log_online_calc_checksum(
-/*=====================*/
-	const byte*	block)	/*!<in: bitmap block */
-{
-	ulint	sum;
-	ulint	sh;
-	ulint	i;
-
-	sum = 1;
-	sh = 0;
-
-	for (i = 0; i < MODIFIED_PAGE_BLOCK_CHECKSUM; i++) {
-
-		ulint	b = block[i];
-		sum &= 0x7FFFFFFFUL;
-		sum += b;
-		sum += b << sh;
-		sh++;
-		if (sh > 24) {
-
-			sh = 0;
-		}
-	}
-
-	return sum;
-}
-
-/****************************************************************//**
-Read one bitmap data page and check it for corruption.
-
-@return TRUE if page read OK, FALSE if I/O error */
-static
-ibool
-log_online_read_bitmap_page(
-/*========================*/
-	log_online_bitmap_file_t	*bitmap_file,	/*!<in/out: bitmap
-							file */
-	byte				*page,	/*!<out: read page.  Must be at
-						least MODIFIED_PAGE_BLOCK_SIZE
-						bytes long */
-	ibool				*checksum_ok)	/*!<out: TRUE if page
-							checksum OK */
-{
-	ulint	checksum;
-	ulint	actual_checksum;
-
-	ut_a(bitmap_file->size >= MODIFIED_PAGE_BLOCK_SIZE);
-	ut_a(bitmap_file->offset
-	     <= bitmap_file->size - MODIFIED_PAGE_BLOCK_SIZE);
-	ut_a(bitmap_file->offset % MODIFIED_PAGE_BLOCK_SIZE == 0);
-	if (DB_SUCCESS !=
-	    os_file_read(IORequestRead, bitmap_file->file, page,
-			 bitmap_file->offset, MODIFIED_PAGE_BLOCK_SIZE,
-			 nullptr)) {
-		/* The following call prints an error message */
-		os_file_get_last_error(TRUE);
-		msg("InnoDB: Warning: failed reading changed page bitmap "
-		    "file \'%s\'", bitmap_file->name);
-		return FALSE;
-	}
-
-	bitmap_file->offset += MODIFIED_PAGE_BLOCK_SIZE;
-	ut_ad(bitmap_file->offset <= bitmap_file->size);
-
-	checksum = mach_read_from_4(page + MODIFIED_PAGE_BLOCK_CHECKSUM);
-	actual_checksum = log_online_calc_checksum(page);
-	*checksum_ok = (checksum == actual_checksum);
-
-	return TRUE;
-}
-
-/*********************************************************************//**
-Check the name of a given file if it's a changed page bitmap file and
-return file sequence and start LSN name components if it is.  If is not,
-the values of output parameters are undefined.
-
-@return TRUE if a given file is a changed page bitmap file.  */
-static
-ibool
-log_online_is_bitmap_file(
-/*======================*/
-	const os_file_stat_t*	file_info,		/*!<in: file to
-							check */
-	ulong*			bitmap_file_seq_num,	/*!<out: bitmap file
-							sequence number */
-	lsn_t*			bitmap_file_start_lsn)	/*!<out: bitmap file
-							start LSN */
-{
-	char	stem[FN_REFLEN];
-
-	ut_ad (strlen(file_info->name) < OS_FILE_MAX_PATH);
-
-	return ((file_info->type == OS_FILE_TYPE_FILE
-		 || file_info->type == OS_FILE_TYPE_LINK)
-		&& (sscanf(file_info->name, "%[a-z_]%lu_" LSN_PF ".xdb", stem,
-			   bitmap_file_seq_num, bitmap_file_start_lsn) == 3)
-		&& (!strcmp(stem, bmp_file_name_stem)));
-}
-
-/*********************************************************************//**
-List the bitmap files in srv_data_home and setup their range that contains the
-specified LSN interval.  This range, if non-empty, will start with a file that
-has the greatest LSN equal to or less than the start LSN and will include all
-the files up to the one with the greatest LSN less than the end LSN.  Caller
-must free bitmap_files->files when done if bitmap_files set to non-NULL and
-this function returned TRUE.  Field bitmap_files->count might be set to a
-larger value than the actual count of the files, and space for the unused array
-slots will be allocated but cleared to zeroes.
-
-@return TRUE if succeeded
-*/
-static
-ibool
-log_online_setup_bitmap_file_range(
-/*===============================*/
-	log_online_bitmap_file_range_t	*bitmap_files,	/*!<in/out: bitmap file
-							range */
-	lsn_t				range_start,	/*!<in: start LSN */
-	lsn_t				range_end)	/*!<in: end LSN */
-{
-	os_file_dir_t	bitmap_dir;
-	os_file_stat_t	bitmap_dir_file_info;
-	ulong		first_file_seq_num	= ULONG_MAX;
-	ulong		last_file_seq_num	= 0;
-	lsn_t		first_file_start_lsn	= LSN_MAX;
-
-	xb_ad(range_end >= range_start);
-
-	bitmap_files->count = 0;
-	bitmap_files->files = NULL;
-
-	/* 1st pass: size the info array */
-
-	bitmap_dir = os_file_opendir(srv_data_home);
-	if (UNIV_UNLIKELY(bitmap_dir == IF_WIN(INVALID_HANDLE_VALUE, NULL))) {
-		msg("InnoDB: Error: failed to open bitmap directory \'%s\'",
-		    srv_data_home);
-		return FALSE;
-	}
-
-	while (!os_file_readdir_next_file(srv_data_home, bitmap_dir,
-					  &bitmap_dir_file_info)) {
-
-		ulong	file_seq_num;
-		lsn_t	file_start_lsn;
-
-		if (!log_online_is_bitmap_file(&bitmap_dir_file_info,
-					       &file_seq_num,
-					       &file_start_lsn)
-		    || file_start_lsn >= range_end) {
-
-			continue;
-		}
-
-		if (file_seq_num > last_file_seq_num) {
-
-			last_file_seq_num = file_seq_num;
-		}
-
-		if (file_start_lsn >= range_start
-		    || file_start_lsn == first_file_start_lsn
-		    || first_file_start_lsn > range_start) {
-
-			/* A file that falls into the range */
-
-			if (file_start_lsn < first_file_start_lsn) {
-
-				first_file_start_lsn = file_start_lsn;
-			}
-			if (file_seq_num < first_file_seq_num) {
-
-				first_file_seq_num = file_seq_num;
-			}
-		} else if (file_start_lsn > first_file_start_lsn) {
-
-			/* A file that has LSN closer to the range start
-			but smaller than it, replacing another such file */
-			first_file_start_lsn = file_start_lsn;
-			first_file_seq_num = file_seq_num;
-		}
-	}
-
-	if (UNIV_UNLIKELY(os_file_closedir_failed(bitmap_dir))) {
-		os_file_get_last_error(TRUE);
-		msg("InnoDB: Error: cannot close \'%s\'",srv_data_home);
-		return FALSE;
-	}
-
-	if (first_file_seq_num == ULONG_MAX && last_file_seq_num == 0) {
-
-		bitmap_files->count = 0;
-		return TRUE;
-	}
-
-	bitmap_files->count = last_file_seq_num - first_file_seq_num + 1;
-
-	/* 2nd pass: get the file names in the file_seq_num order */
-
-	bitmap_dir = os_file_opendir(srv_data_home);
-	if (UNIV_UNLIKELY(bitmap_dir == IF_WIN(INVALID_HANDLE_VALUE, NULL))) {
-		msg("InnoDB: Error: failed to open bitmap directory \'%s\'",
-		    srv_data_home);
-		return FALSE;
-	}
-
-	bitmap_files->files =
-		static_cast<log_online_bitmap_file_range_t::files_t *>
-		(malloc(bitmap_files->count * sizeof(bitmap_files->files[0])));
-	memset(bitmap_files->files, 0,
-	       bitmap_files->count * sizeof(bitmap_files->files[0]));
-
-	while (!os_file_readdir_next_file(srv_data_home, bitmap_dir,
-					  &bitmap_dir_file_info)) {
-
-		ulong	file_seq_num;
-		lsn_t	file_start_lsn;
-		size_t	array_pos;
-
-		if (!log_online_is_bitmap_file(&bitmap_dir_file_info,
-					       &file_seq_num,
-					       &file_start_lsn)
-		    || file_start_lsn >= range_end
-		    || file_start_lsn < first_file_start_lsn) {
-
-			continue;
-		}
-
-		array_pos = file_seq_num - first_file_seq_num;
-		if (UNIV_UNLIKELY(array_pos >= bitmap_files->count)) {
-
-			msg("InnoDB: Error: inconsistent bitmap file "
-			    "directory");
-			os_file_closedir(bitmap_dir);
-			free(bitmap_files->files);
-			return FALSE;
-		}
-
-		if (file_seq_num > bitmap_files->files[array_pos].seq_num) {
-
-			bitmap_files->files[array_pos].seq_num = file_seq_num;
-			strncpy(bitmap_files->files[array_pos].name,
-				bitmap_dir_file_info.name, FN_REFLEN - 1);
-			bitmap_files->files[array_pos].name[FN_REFLEN - 1]
-				= '\0';
-			bitmap_files->files[array_pos].start_lsn
-				= file_start_lsn;
-		}
-	}
-
-	if (UNIV_UNLIKELY(os_file_closedir_failed(bitmap_dir))) {
-		os_file_get_last_error(TRUE);
-		msg("InnoDB: Error: cannot close \'%s\'", srv_data_home);
-		free(bitmap_files->files);
-		return FALSE;
-	}
-
-#ifdef UNIV_DEBUG
-	ut_ad(bitmap_files->files[0].seq_num == first_file_seq_num);
-
-	for (size_t i = 1; i < bitmap_files->count; i++) {
-		if (!bitmap_files->files[i].seq_num) {
-
-			break;
-		}
-		ut_ad(bitmap_files->files[i].seq_num
-		      > bitmap_files->files[i - 1].seq_num);
-		ut_ad(bitmap_files->files[i].start_lsn
-		      >= bitmap_files->files[i - 1].start_lsn);
-	}
-#endif
-
-	return TRUE;
-}
-
-/****************************************************************//**
-Open a bitmap file for reading.
-
-@return whether opened successfully */
-static
-bool
-log_online_open_bitmap_file_read_only(
-/*==================================*/
-	const char*			name,		/*!<in: bitmap file
-							name without directory,
-							which is assumed to be
-							srv_data_home */
-	log_online_bitmap_file_t*	bitmap_file)	/*!<out: opened bitmap
-							file */
-{
-	bool	success	= false;
-
-	xb_ad(name[0] != '\0');
-
-	snprintf(bitmap_file->name, FN_REFLEN, "%s%s", srv_data_home, name);
-	bitmap_file->file = os_file_create_simple_no_error_handling(
-		0, bitmap_file->name,
-		OS_FILE_OPEN, OS_FILE_READ_ONLY, true, &success);
-	if (UNIV_UNLIKELY(!success)) {
-
-		/* Here and below assume that bitmap file names do not
-		contain apostrophes, thus no need for ut_print_filename(). */
-		msg("InnoDB: Warning: error opening the changed page "
-		    "bitmap \'%s\'", bitmap_file->name);
-		return success;
-	}
-
-	bitmap_file->size = os_file_get_size(bitmap_file->file);
-	bitmap_file->offset = 0;
-
-#ifdef __linux__
-	posix_fadvise(bitmap_file->file, 0, 0, POSIX_FADV_SEQUENTIAL);
-	posix_fadvise(bitmap_file->file, 0, 0, POSIX_FADV_NOREUSE);
-#endif
-
-	return success;
-}
-
-/****************************************************************//**
-Diagnose one or both of the following situations if we read close to
-the end of bitmap file:
-1) Warn if the remainder of the file is less than one page.
-2) Error if we cannot read any more full pages but the last read page
-did not have the last-in-run flag set.
-
-@return FALSE for the error */
-static
-ibool
-log_online_diagnose_bitmap_eof(
-/*===========================*/
-	const log_online_bitmap_file_t*	bitmap_file,	/*!< in: bitmap file */
-	ibool				last_page_in_run)/*!< in: "last page in
-							run" flag value in the
-							last read page */
-{
-	/* Check if we are too close to EOF to read a full page */
-	if ((bitmap_file->size < MODIFIED_PAGE_BLOCK_SIZE)
-	    || (bitmap_file->offset
-		> bitmap_file->size - MODIFIED_PAGE_BLOCK_SIZE)) {
-
-		if (UNIV_UNLIKELY(bitmap_file->offset != bitmap_file->size)) {
-
-			/* If we are not at EOF and we have less than one page
-			to read, it's junk.  This error is not fatal in
-			itself. */
-
-			msg("InnoDB: Warning: junk at the end of changed "
-			    "page bitmap file \'%s\'.", bitmap_file->name);
-		}
-
-		if (UNIV_UNLIKELY(!last_page_in_run)) {
-
-			/* We are at EOF but the last read page did not finish
-			a run */
-			/* It's a "Warning" here because it's not a fatal error
-			for the whole server */
-			msg("InnoDB: Warning: changed page bitmap "
-			    "file \'%s\' does not contain a complete run "
-			    "at the end.", bitmap_file->name);
-			return FALSE;
-		}
-	}
-	return TRUE;
-}
-
-/* End of copy-pasted definitions */
-
-/** Iterator structure over changed page bitmap */
-struct xb_page_bitmap_range_struct {
-	const xb_page_bitmap	*bitmap;	/* Bitmap with data */
-	ulint			space_id;	/* Space id for this
-					        iterator */
-	ulint			bit_i;		/* Bit index of the iterator
-						position in the current page */
-	const ib_rbt_node_t	*bitmap_node;	/* Current bitmap tree node */
-	const byte		*bitmap_page;	/* Current bitmap page */
-	ulint			current_page_id;/* Current page id */
-};
-
-/****************************************************************//**
-Print a diagnostic message on missing bitmap data for an LSN range.  */
-static
-void
-xb_msg_missing_lsn_data(
-/*====================*/
-	lsn_t	missing_interval_start,	/*!<in: interval start */
-	lsn_t	missing_interval_end)	/*!<in: interval end */
-{
-	msg("mariabackup: warning: changed page data missing for LSNs between "
-	    LSN_PF " and " LSN_PF, missing_interval_start,
-	    missing_interval_end);
-}
-
-/****************************************************************//**
-Scan a bitmap file until data for a desired LSN or EOF is found and check that
-the page before the starting one is not corrupted to ensure that the found page
-indeed contains the very start of the desired LSN data.  The caller must check
-the page LSN values to determine if the bitmap file was scanned until the data
-was found or until EOF.  Page must be at least MODIFIED_PAGE_BLOCK_SIZE big.
-
-@return TRUE if the scan successful without corruption detected
-*/
-static
-ibool
-xb_find_lsn_in_bitmap_file(
-/*=======================*/
-	log_online_bitmap_file_t	*bitmap_file,	/*!<in/out: bitmap
-							file */
-	byte				*page,		/*!<in/out: last read
-							bitmap page */
-	lsn_t				*page_end_lsn,	/*!<out: end LSN of the
-							last read page */
-	lsn_t				lsn)		/*!<in: LSN to find */
-{
-	ibool		last_page_ok		= TRUE;
-	ibool		next_to_last_page_ok	= TRUE;
-
-	xb_ad (bitmap_file->size >= MODIFIED_PAGE_BLOCK_SIZE);
-
-	*page_end_lsn = 0;
-
-	while ((*page_end_lsn <= lsn)
-	       && (bitmap_file->offset
-		   <= bitmap_file->size - MODIFIED_PAGE_BLOCK_SIZE)) {
-
-		next_to_last_page_ok = last_page_ok;
-		if (!log_online_read_bitmap_page(bitmap_file, page,
-						 &last_page_ok)) {
-
-			return FALSE;
-		}
-
-		*page_end_lsn = mach_read_from_8(page + MODIFIED_PAGE_END_LSN);
-	}
-
-	/* We check two pages here because the last read page already contains
-	the required LSN data. If the next to the last one page is corrupted,
-	then we have no way of telling if that page contained the required LSN
-	range data too */
-	return last_page_ok && next_to_last_page_ok;
-}
-
-/****************************************************************//**
-Read the disk bitmap and build the changed page bitmap tree for the
-LSN interval incremental_lsn to log_sys.next_checkpoint_lsn.
-
-@return the built bitmap tree or NULL if unable to read the full interval for
-any reason. */
-xb_page_bitmap*
-xb_page_bitmap_init(void)
-/*=====================*/
-{
-	log_online_bitmap_file_t	bitmap_file;
-	lsn_t				bmp_start_lsn	= incremental_lsn;
-	const lsn_t bmp_end_lsn{log_sys.next_checkpoint_lsn};
-	byte				page[MODIFIED_PAGE_BLOCK_SIZE];
-	lsn_t				current_page_end_lsn;
-	xb_page_bitmap			*result;
-	ibool				last_page_in_run= FALSE;
-	log_online_bitmap_file_range_t	bitmap_files;
-	size_t				bmp_i;
-	ibool				last_page_ok	= TRUE;
-
-	if (UNIV_UNLIKELY(bmp_start_lsn > bmp_end_lsn)) {
-
-		msg("mariabackup: incremental backup LSN " LSN_PF
-		    " is larger than than the last checkpoint LSN " LSN_PF
-		    , bmp_start_lsn, bmp_end_lsn);
-		return NULL;
-	}
-
-	if (!log_online_setup_bitmap_file_range(&bitmap_files, bmp_start_lsn,
-						bmp_end_lsn)) {
-
-		return NULL;
-	}
-
-	/* Only accept no bitmap files returned if start LSN == end LSN */
-	if (bitmap_files.count == 0 && bmp_end_lsn != bmp_start_lsn) {
-
-		return NULL;
-	}
-
-	result = rbt_create(MODIFIED_PAGE_BLOCK_SIZE,
-			    log_online_compare_bmp_keys);
-
-	if (bmp_start_lsn == bmp_end_lsn) {
-
-		/* Empty range - empty bitmap */
-		return result;
-	}
-
-	bmp_i = 0;
-
-	if (UNIV_UNLIKELY(bitmap_files.files[bmp_i].start_lsn
-			  > bmp_start_lsn)) {
-
-		/* The 1st file does not have the starting LSN data */
-		xb_msg_missing_lsn_data(bmp_start_lsn,
-					bitmap_files.files[bmp_i].start_lsn);
-		rbt_free(result);
-		free(bitmap_files.files);
-		return NULL;
-	}
-
-	/* Skip any zero-sized files at the start */
-	while ((bmp_i < bitmap_files.count - 1)
-	       && (bitmap_files.files[bmp_i].start_lsn
-		   == bitmap_files.files[bmp_i + 1].start_lsn)) {
-
-		bmp_i++;
-	}
-
-	/* Is the 1st bitmap file missing? */
-	if (UNIV_UNLIKELY(bitmap_files.files[bmp_i].name[0] == '\0')) {
-
-		/* TODO: this is not the exact missing range */
-		xb_msg_missing_lsn_data(bmp_start_lsn, bmp_end_lsn);
-		rbt_free(result);
-		free(bitmap_files.files);
-		return NULL;
-	}
-
-	/* Open the 1st bitmap file */
-	if (UNIV_UNLIKELY(!log_online_open_bitmap_file_read_only(
-				  bitmap_files.files[bmp_i].name,
-				  &bitmap_file))) {
-
-		rbt_free(result);
-		free(bitmap_files.files);
-		return NULL;
-	}
-
-	/* If the 1st file is truncated, no data.  Not merged with the case
-	below because zero-length file indicates not a corruption but missing
-	subsequent files instead.  */
-	if (UNIV_UNLIKELY(bitmap_file.size < MODIFIED_PAGE_BLOCK_SIZE)) {
-
-		xb_msg_missing_lsn_data(bmp_start_lsn, bmp_end_lsn);
-		rbt_free(result);
-		free(bitmap_files.files);
-		os_file_close(bitmap_file.file);
-		return NULL;
-	}
-
-	/* Find the start of the required LSN range in the file */
-	if (UNIV_UNLIKELY(!xb_find_lsn_in_bitmap_file(&bitmap_file, page,
-						      &current_page_end_lsn,
-						      bmp_start_lsn))) {
-
-		msg("mariabackup: Warning: changed page bitmap file "
-		    "\'%s\' corrupted", bitmap_file.name);
-		rbt_free(result);
-		free(bitmap_files.files);
-		os_file_close(bitmap_file.file);
-		return NULL;
-	}
-
-	last_page_in_run
-		= mach_read_from_4(page + MODIFIED_PAGE_IS_LAST_BLOCK);
-
-	if (UNIV_UNLIKELY(!log_online_diagnose_bitmap_eof(&bitmap_file,
-							  last_page_in_run))) {
-
-		rbt_free(result);
-		free(bitmap_files.files);
-		os_file_close(bitmap_file.file);
-		return NULL;
-	}
-
-	if (UNIV_UNLIKELY(current_page_end_lsn < bmp_start_lsn)) {
-
-		xb_msg_missing_lsn_data(current_page_end_lsn, bmp_start_lsn);
-		rbt_free(result);
-		free(bitmap_files.files);
-		os_file_close(bitmap_file.file);
-		return NULL;
-	}
-
-	/* 1st bitmap page found, add it to the tree.  */
-	rbt_insert(result, page, page);
-
-	/* Read next pages/files until all required data is read */
-	while (last_page_ok
-	       && (current_page_end_lsn < bmp_end_lsn
-		   || (current_page_end_lsn == bmp_end_lsn
-		       && !last_page_in_run))) {
-
-		ib_rbt_bound_t	tree_search_pos;
-
-		/* If EOF, advance the file skipping over any empty files */
-		while (bitmap_file.size < MODIFIED_PAGE_BLOCK_SIZE
-		       || (bitmap_file.offset
-			   > bitmap_file.size - MODIFIED_PAGE_BLOCK_SIZE)) {
-
-			os_file_close(bitmap_file.file);
-
-			if (UNIV_UNLIKELY(
-				!log_online_diagnose_bitmap_eof(
-					&bitmap_file, last_page_in_run))) {
-
-				rbt_free(result);
-				free(bitmap_files.files);
-				return NULL;
-			}
-
-			bmp_i++;
-
-			if (UNIV_UNLIKELY(bmp_i == bitmap_files.count
-					  || (bitmap_files.files[bmp_i].seq_num
-					      == 0))) {
-
-				xb_msg_missing_lsn_data(current_page_end_lsn,
-							bmp_end_lsn);
-				rbt_free(result);
-				free(bitmap_files.files);
-				return NULL;
-			}
-
-			/* Is the next file missing? */
-			if (UNIV_UNLIKELY(bitmap_files.files[bmp_i].name[0]
-					  == '\0')) {
-
-				/* TODO: this is not the exact missing range */
-				xb_msg_missing_lsn_data(bitmap_files.files
-							[bmp_i - 1].start_lsn,
-							bmp_end_lsn);
-				rbt_free(result);
-				free(bitmap_files.files);
-				return NULL;
-			}
-
-			if (UNIV_UNLIKELY(
-				    !log_online_open_bitmap_file_read_only(
-					    bitmap_files.files[bmp_i].name,
-					    &bitmap_file))) {
-
-				rbt_free(result);
-				free(bitmap_files.files);
-				return NULL;
-			}
-		}
-
-		if (UNIV_UNLIKELY(
-			    !log_online_read_bitmap_page(&bitmap_file, page,
-							 &last_page_ok))) {
-
-			rbt_free(result);
-			free(bitmap_files.files);
-			os_file_close(bitmap_file.file);
-			return NULL;
-		}
-
-		if (UNIV_UNLIKELY(!last_page_ok)) {
-
-			msg("mariabackup: warning: changed page bitmap file "
-			    "\'%s\' corrupted.", bitmap_file.name);
-			rbt_free(result);
-			free(bitmap_files.files);
-			os_file_close(bitmap_file.file);
-			return NULL;
-		}
-
-		/* Merge the current page with an existing page or insert a new
-		page into the tree */
-
-		if (!rbt_search(result, &tree_search_pos, page)) {
-
-			/* Merge the bitmap pages */
-			byte	*existing_page
-				= rbt_value(byte, tree_search_pos.last);
-			bitmap_word_t *bmp_word_1	= (bitmap_word_t *)
-				(existing_page + MODIFIED_PAGE_BLOCK_BITMAP);
-			bitmap_word_t *bmp_end = (bitmap_word_t *)
-				(existing_page + MODIFIED_PAGE_BLOCK_UNUSED_2);
-			bitmap_word_t *bmp_word_2	= (bitmap_word_t *)
-				(page + MODIFIED_PAGE_BLOCK_BITMAP);
-			while (bmp_word_1 < bmp_end) {
-
-				*bmp_word_1++ |= *bmp_word_2++;
-			}
-			xb_a (bmp_word_1 == bmp_end);
-		} else {
-
-			/* Add a new page */
-			rbt_add_node(result, &tree_search_pos, page);
-		}
-
-		current_page_end_lsn
-			= mach_read_from_8(page + MODIFIED_PAGE_END_LSN);
-		last_page_in_run
-			= mach_read_from_4(page + MODIFIED_PAGE_IS_LAST_BLOCK);
-	}
-
-	xb_a (current_page_end_lsn >= bmp_end_lsn);
-
-	free(bitmap_files.files);
-	os_file_close(bitmap_file.file);
-
-	return result;
-}
-
-/****************************************************************//**
-Free the bitmap tree. */
-void
-xb_page_bitmap_deinit(
-/*==================*/
-	xb_page_bitmap*	bitmap)	/*!<in/out: bitmap tree */
-{
-	if (bitmap) {
-
-		rbt_free(bitmap);
-	}
-}
-
-/****************************************************************//**
-Advance to the next bitmap page or setup the first bitmap page for the
-given bitmap range.  Assumes that bitmap_range->bitmap_page has been
-already found/bumped by rbt_search()/rbt_next().
-
-@return FALSE if no more bitmap data for the range space ID */
-static
-ibool
-xb_page_bitmap_setup_next_page(
-/*===========================*/
-	xb_page_bitmap_range*	bitmap_range)	/*!<in/out: the bitmap range */
-{
-	ulint	new_space_id;
-	ulint	new_1st_page_id;
-
-	if (bitmap_range->bitmap_node == NULL) {
-
-		bitmap_range->current_page_id = ULINT_UNDEFINED;
-		return FALSE;
-	}
-
-	bitmap_range->bitmap_page = rbt_value(byte, bitmap_range->bitmap_node);
-
-	new_space_id = mach_read_from_4(bitmap_range->bitmap_page
-					+ MODIFIED_PAGE_SPACE_ID);
-	if (new_space_id != bitmap_range->space_id) {
-
-		/* No more data for the current page id. */
-		xb_a(new_space_id > bitmap_range->space_id);
-		bitmap_range->current_page_id = ULINT_UNDEFINED;
-		return FALSE;
-	}
-
-	new_1st_page_id = mach_read_from_4(bitmap_range->bitmap_page +
-					   MODIFIED_PAGE_1ST_PAGE_ID);
-	xb_a (new_1st_page_id >= bitmap_range->current_page_id
-	      || bitmap_range->current_page_id == ULINT_UNDEFINED);
-
-	bitmap_range->current_page_id = new_1st_page_id;
-	bitmap_range->bit_i = 0;
-
-	return TRUE;
-}
-
-/** Find the node with the smallest key that greater than equal to search key.
-@param[in]	tree	red-black tree
-@param[in]	key	search key
-@return	node with the smallest greater-than-or-equal key
-@retval	NULL	if none was found */
-static
-const ib_rbt_node_t*
-rbt_lower_bound(const ib_rbt_t* tree, const void* key)
-{
-	ut_ad(!tree->cmp_arg);
-	const ib_rbt_node_t* ge = NULL;
-
-	for (const ib_rbt_node_t *node = tree->root->left;
-	     node != tree->nil; ) {
-		int	result = tree->compare(node->value, key);
-
-		if (result < 0) {
-			node = node->right;
-		} else {
-			ge = node;
-			if (result == 0) {
-				break;
-			}
-
-			node = node->left;
-		}
-	}
-
-	return(ge);
-}
-
-/****************************************************************//**
-Set up a new bitmap range iterator over a given space id changed
-pages in a given bitmap.
-
-@return bitmap range iterator */
-xb_page_bitmap_range*
-xb_page_bitmap_range_init(
-/*======================*/
-	xb_page_bitmap*	bitmap,		/*!< in: bitmap to iterate over */
-	ulint		space_id)	/*!< in: space id */
-{
-	byte			search_page[MODIFIED_PAGE_BLOCK_SIZE];
-	xb_page_bitmap_range	*result
-		= static_cast<xb_page_bitmap_range *>(malloc(sizeof(*result)));
-
-	memset(result, 0, sizeof(*result));
-	result->bitmap = bitmap;
-	result->space_id = space_id;
-	result->current_page_id = ULINT_UNDEFINED;
-
-	/* Search for the 1st page for the given space id */
-	/* This also sets MODIFIED_PAGE_1ST_PAGE_ID to 0, which is what we
-	want. */
-	memset(search_page, 0, MODIFIED_PAGE_BLOCK_SIZE);
-	mach_write_to_4(search_page + MODIFIED_PAGE_SPACE_ID, space_id);
-
-	result->bitmap_node = rbt_lower_bound(result->bitmap, search_page);
-
-	xb_page_bitmap_setup_next_page(result);
-
-	return result;
-}
-
-/****************************************************************//**
-Get the value of the bitmap->range->bit_i bitmap bit
-
-@return the current bit value */
-static inline
-ibool
-is_bit_set(
-/*=======*/
-	const xb_page_bitmap_range*	bitmap_range)	/*!< in: bitmap
-							range */
-{
-	return ((*(((bitmap_word_t *)(bitmap_range->bitmap_page
-				     + MODIFIED_PAGE_BLOCK_BITMAP))
-		  + (bitmap_range->bit_i >> 6)))
-		& (1ULL << (bitmap_range->bit_i & 0x3F))) ? TRUE : FALSE;
-}
-
-/****************************************************************//**
-Get the next page id that has its bit set or cleared, i.e. equal to
-bit_value.
-
-@return page id */
-ulint
-xb_page_bitmap_range_get_next_bit(
-/*==============================*/
-	xb_page_bitmap_range*	bitmap_range,	/*!< in/out: bitmap range */
-	ibool			bit_value)	/*!< in: bit value */
-{
-	if (UNIV_UNLIKELY(bitmap_range->current_page_id
-			  == ULINT_UNDEFINED)) {
-
-		return ULINT_UNDEFINED;
-	}
-
-	do {
-		while (bitmap_range->bit_i < MODIFIED_PAGE_BLOCK_ID_COUNT) {
-
-			while (is_bit_set(bitmap_range) != bit_value
-			       && (bitmap_range->bit_i
-				   < MODIFIED_PAGE_BLOCK_ID_COUNT)) {
-
-				bitmap_range->current_page_id++;
-				bitmap_range->bit_i++;
-			}
-
-			if (bitmap_range->bit_i
-			    < MODIFIED_PAGE_BLOCK_ID_COUNT) {
-
-				ulint result = bitmap_range->current_page_id;
-				bitmap_range->current_page_id++;
-				bitmap_range->bit_i++;
-				return result;
-			}
-		}
-
-		bitmap_range->bitmap_node
-			= rbt_next(bitmap_range->bitmap,
-				   bitmap_range->bitmap_node);
-
-	} while (xb_page_bitmap_setup_next_page(bitmap_range));
-
-	return ULINT_UNDEFINED;
-}
-
-/****************************************************************//**
-Free the bitmap range iterator. */
-void
-xb_page_bitmap_range_deinit(
-/*========================*/
-	xb_page_bitmap_range*	bitmap_range)	/*! in/out: bitmap range */
-{
-	free(bitmap_range);
-}
diff --git a/extra/mariabackup/changed_page_bitmap.h b/extra/mariabackup/changed_page_bitmap.h
deleted file mode 100644
index 8d504359..00000000
--- a/extra/mariabackup/changed_page_bitmap.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/******************************************************
-XtraBackup: hot backup tool for InnoDB
-(c) 2009-2012 Percona Inc.
-Originally Created 3/3/2009 Yasufumi Kinoshita
-Written by Alexey Kopytov, Aleksandr Kuzminsky, Stewart Smith, Vadim Tkachenko,
-Yasufumi Kinoshita, Ignacio Nin and Baron Schwartz.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
-
-*******************************************************/
-
-/* Changed page bitmap interface */
-
-#ifndef XB_CHANGED_PAGE_BITMAP_H
-#define XB_CHANGED_PAGE_BITMAP_H
-
-#include <ut0rbt.h>
-#include <fil0fil.h>
-
-/* The changed page bitmap structure */
-typedef ib_rbt_t xb_page_bitmap;
-
-struct xb_page_bitmap_range_struct;
-
-/* The bitmap range iterator over one space id */
-typedef struct xb_page_bitmap_range_struct xb_page_bitmap_range;
-
-/****************************************************************//**
-Read the disk bitmap and build the changed page bitmap tree for the
-LSN interval incremental_lsn to log_sys.next_checkpoint_lsn.
-
-@return the built bitmap tree */
-xb_page_bitmap*
-xb_page_bitmap_init(void);
-/*=====================*/
-
-/****************************************************************//**
-Free the bitmap tree. */
-void
-xb_page_bitmap_deinit(
-/*==================*/
-	xb_page_bitmap*	bitmap);	/*!<in/out: bitmap tree */
-
-
-/****************************************************************//**
-Set up a new bitmap range iterator over a given space id changed
-pages in a given bitmap.
-
-@return bitmap range iterator */
-xb_page_bitmap_range*
-xb_page_bitmap_range_init(
-/*======================*/
-	xb_page_bitmap*	bitmap,		/*!< in: bitmap to iterate over */
-	ulint		space_id);	/*!< in: space id */
-
-/****************************************************************//**
-Get the next page id that has its bit set or cleared, i.e. equal to
-bit_value.
-
-@return page id */
-ulint
-xb_page_bitmap_range_get_next_bit(
-/*==============================*/
-	xb_page_bitmap_range*	bitmap_range,	/*!< in/out: bitmap range */
-	ibool			bit_value);	/*!< in: bit value */
-
-/****************************************************************//**
-Free the bitmap range iterator. */
-void
-xb_page_bitmap_range_deinit(
-/*========================*/
-	xb_page_bitmap_range*	bitmap_range);	/*! in/out: bitmap range */
-
-#endif
diff --git a/extra/mariabackup/common.h b/extra/mariabackup/common.h
index 89b189e3..6fde514e 100644
--- a/extra/mariabackup/common.h
+++ b/extra/mariabackup/common.h
@@ -23,7 +23,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
 
 #include <my_global.h>
 #include <mysql_version.h>
-#include <fcntl.h>
 #include <stdarg.h>
 #include <my_sys.h>
 
@@ -143,7 +142,7 @@ static inline ATTRIBUTE_FORMAT(printf, 1,2) ATTRIBUTE_NORETURN void die(const ch
 # define POSIX_FADV_NORMAL
 # define POSIX_FADV_SEQUENTIAL
 # define POSIX_FADV_DONTNEED
-# define posix_fadvise(a,b,c,d) do {} while(0)
+# define posix_fadvise(fd, offset, len, advice) do { (void)offset; } while(0)
 #endif
 
 /***********************************************************************
diff --git a/extra/mariabackup/common_engine.cc b/extra/mariabackup/common_engine.cc
new file mode 100644
index 00000000..a4a87062
--- /dev/null
+++ b/extra/mariabackup/common_engine.cc
@@ -0,0 +1,512 @@
+#include "common_engine.h"
+#include "backup_copy.h"
+#include "xtrabackup.h"
+#include "common.h"
+#include "backup_debug.h"
+
+#include <unordered_map>
+#include <atomic>
+#include <memory>
+#include <chrono>
+
+namespace common_engine {
+
+class Table {
+public:
+	Table(std::string &db, std::string &table, std::string &fs_name) :
+		m_db(std::move(db)), m_table(std::move(table)),
+		m_fs_name(std::move(fs_name)) {}
+	virtual ~Table() {}
+	void add_file_name(const char *file_name) { m_fnames.push_back(file_name); }
+	virtual bool copy(ds_ctxt_t *ds, MYSQL *con, bool no_lock,
+		bool finalize, unsigned thread_num);
+	std::string &get_db() { return m_db; }
+	std::string &get_table() { return m_table; }
+	std::string &get_version() { return m_version; }
+
+protected:
+	std::string m_db;
+	std::string m_table;
+	std::string m_fs_name;
+	std::string m_version;
+	std::vector<std::string> m_fnames;
+};
+
+bool
+Table::copy(ds_ctxt_t *ds, MYSQL *con, bool no_lock, bool, unsigned thread_num) {
+	static const size_t buf_size = 10 * 1024 * 1024;
+	std::unique_ptr<uchar[]> buf;
+	bool result = false;
+	File frm_file = -1;
+	std::vector<File> files;
+	bool locked = false;
+	std::string full_tname("`");
+	full_tname.append(m_db).append("`.`").append(m_table).append("`");
+
+	if (!no_lock && !backup_lock(con, full_tname.c_str())) {
+		msg(thread_num, "Error on executing BACKUP LOCK for table %s",
+			full_tname.c_str());
+		goto exit;
+	}
+	else
+		locked = !no_lock;
+
+	if ((frm_file = mysql_file_open(key_file_frm, (m_fs_name + ".frm").c_str(),
+		O_RDONLY | O_SHARE, MYF(0))) < 0 && !m_fnames.empty() &&
+		!ends_with(m_fnames[0].c_str(), ".ARZ") &&
+		!ends_with(m_fnames[0].c_str(), ".ARM")) {
+		// Don't treat it as error, as the table can be dropped after it
+		// was added to queue for copying
+		result = true;
+		goto exit;
+	}
+
+	for (const auto &fname : m_fnames) {
+		File file = mysql_file_open(0, fname.c_str(),O_RDONLY | O_SHARE, MYF(0));
+		if (file < 0) {
+			msg(thread_num, "Error on file %s open during %s table copy",
+				fname.c_str(), full_tname.c_str());
+			goto exit;
+		}
+		files.push_back(file);
+	}
+
+	if (locked && !backup_unlock(con)) {
+		msg(thread_num, "Error on BACKUP UNLOCK for table %s", full_tname.c_str());
+		locked = false;
+		goto exit;
+	}
+
+	locked = false;
+
+	buf.reset(new uchar[buf_size]);
+
+	for (size_t i = 0; i < m_fnames.size(); ++i) {
+		ds_file_t *dst_file = nullptr;
+		size_t bytes_read;
+		size_t copied_size = 0;
+		MY_STAT stat_info;
+
+		if (my_fstat(files[i], &stat_info, MYF(0))) {
+			msg(thread_num, "error: failed to get stat info for file %s of "
+					"table %s", m_fnames[i].c_str(), full_tname.c_str());
+			goto exit;
+		}
+
+		const char	*dst_path =
+			(xtrabackup_copy_back || xtrabackup_move_back) ?
+			m_fnames[i].c_str() : trim_dotslash(m_fnames[i].c_str());
+
+		dst_file = ds_open(ds, dst_path, &stat_info, false);
+		if (!dst_file) {
+			msg(thread_num, "error: cannot open destination stream for %s, table %s",
+				dst_path, full_tname.c_str());
+			goto exit;
+		}
+
+		while ((bytes_read = my_read(files[i], buf.get(), buf_size, MY_WME))) {
+			if (bytes_read == size_t(-1)) {
+				msg(thread_num, "error: file %s read for table %s",
+					m_fnames[i].c_str(), full_tname.c_str());
+				ds_close(dst_file);
+				goto exit;
+			}
+			xtrabackup_io_throttling();
+			if (ds_write(dst_file, buf.get(), bytes_read)) {
+				msg(thread_num, "error: file %s write for table %s",
+					dst_path, full_tname.c_str());
+				ds_close(dst_file);
+				goto exit;
+			}
+			copied_size += bytes_read;
+		}
+		mysql_file_close(files[i], MYF(MY_WME));
+		files[i] = -1;
+		ds_close(dst_file);
+		msg(thread_num, "Copied file %s for table %s, %zu bytes",
+			m_fnames[i].c_str(), full_tname.c_str(), copied_size);
+	}
+
+	result = true;
+
+#ifndef DBUG_OFF
+	{
+		std::string sql_name(m_db);
+		sql_name.append("/").append(m_table);
+		DBUG_MARIABACKUP_EVENT_LOCK("after_ce_table_copy", fil_space_t::name_type(sql_name.data(), sql_name.size()));
+	}
+#endif // DBUG_OFF
+exit:
+	if (frm_file >= 0) {
+		m_version = ::read_table_version_id(frm_file);
+		mysql_file_close(frm_file, MYF(MY_WME));
+	}
+	if (locked && !backup_unlock(con)) {
+		msg(thread_num, "Error on BACKUP UNLOCK for table %s", full_tname.c_str());
+		result = false;
+	}
+	for (auto file : files)
+		if (file >= 0)
+			mysql_file_close(file, MYF(MY_WME));
+	return result;
+}
+
+// Append-only tables
+class LogTable : public Table {
+	public:
+		LogTable(std::string &db, std::string &table, std::string &fs_name) :
+			Table(db, table, fs_name) {}
+
+		virtual ~LogTable() { (void)close(); }
+		bool
+			copy(ds_ctxt_t *ds, MYSQL *con, bool no_lock, bool finalize,
+			unsigned thread_num) override;
+		bool close();
+	private:
+		bool open(ds_ctxt_t *ds, unsigned thread_num);
+		std::vector<File> m_src;
+		std::vector<ds_file_t *> m_dst;
+};
+
+bool
+LogTable::open(ds_ctxt_t *ds, unsigned thread_num) {
+	DBUG_ASSERT(m_src.empty());
+	DBUG_ASSERT(m_dst.empty());
+
+	std::string full_tname("`");
+	full_tname.append(m_db).append("`.`").append(m_table).append("`");
+
+	for (const auto &fname : m_fnames) {
+		File file = mysql_file_open(0, fname.c_str(),O_RDONLY | O_SHARE, MYF(0));
+		if (file < 0) {
+			msg(thread_num, "Error on file %s open during %s log table copy",
+				fname.c_str(), full_tname.c_str());
+			return false;
+		}
+		m_src.push_back(file);
+
+		MY_STAT stat_info;
+		if (my_fstat(file, &stat_info, MYF(0))) {
+			msg(thread_num, "error: failed to get stat info for file %s of "
+					"log table %s", fname.c_str(), full_tname.c_str());
+			return false;
+		}
+		const char	*dst_path =
+			(xtrabackup_copy_back || xtrabackup_move_back) ?
+			fname.c_str() : trim_dotslash(fname.c_str());
+		ds_file_t *dst_file = ds_open(ds, dst_path, &stat_info, false);
+		if (!dst_file) {
+			msg(thread_num, "error: cannot open destination stream for %s, "
+				"log table %s", dst_path, full_tname.c_str());
+			return false;
+		}
+		m_dst.push_back(dst_file);
+	}
+
+	File frm_file;
+	if ((frm_file = mysql_file_open(key_file_frm, (m_fs_name + ".frm").c_str(),
+		O_RDONLY | O_SHARE, MYF(0))) < 0 && !m_fnames.empty() &&
+		!ends_with(m_fnames[0].c_str(), ".ARZ") &&
+		!ends_with(m_fnames[0].c_str(), ".ARM")) {
+		msg(thread_num, "Error on .frm file open for log table %s",
+			full_tname.c_str());
+		return false;
+	}
+
+	m_version = ::read_table_version_id(frm_file);
+	mysql_file_close(frm_file, MYF(MY_WME));
+
+	return true;
+}
+
+bool LogTable::close() {
+	while (!m_src.empty()) {
+		auto f = m_src.back();
+		m_src.pop_back();
+		mysql_file_close(f, MYF(MY_WME));
+	}
+	while (!m_dst.empty()) {
+		auto f = m_dst.back();
+		m_dst.pop_back();
+		ds_close(f);
+	}
+	return true;
+}
+
+bool
+LogTable::copy(ds_ctxt_t *ds, MYSQL *con, bool no_lock, bool finalize,
+	unsigned thread_num) {
+	static const size_t buf_size = 10 * 1024 * 1024;
+	DBUG_ASSERT(ds);
+	DBUG_ASSERT(con);
+	if (m_src.empty() && !open(ds, thread_num)) {
+		close();
+		return false;
+	}
+	DBUG_ASSERT(m_src.size() == m_dst.size());
+
+	std::unique_ptr<uchar[]> buf(new uchar[buf_size]);
+	for (size_t i = 0; i < m_src.size(); ++i) {
+		// .CSM can be rewritten (see write_meta_file() usage in ha_tina.cc)
+		if (!finalize && ends_with(m_fnames[i].c_str(), ".CSM"))
+			continue;
+		size_t bytes_read;
+		size_t copied_size = 0;
+		while ((bytes_read = my_read(m_src[i], buf.get(), buf_size, MY_WME))) {
+			if (bytes_read == size_t(-1)) {
+				msg(thread_num, "error: file %s read for log table %s",
+					m_fnames[i].c_str(),
+					std::string("`").append(m_db).append("`.`").
+					append(m_table).append("`").c_str());
+				close();
+				return false;
+			}
+			xtrabackup_io_throttling();
+			if (ds_write(m_dst[i], buf.get(), bytes_read)) {
+				msg(thread_num, "error: file %s write for log table %s",
+					m_fnames[i].c_str(), std::string("`").append(m_db).append("`.`").
+					append(m_table).append("`").c_str());
+				close();
+				return false;
+			}
+			copied_size += bytes_read;
+		}
+		msg(thread_num, "Copied file %s for log table %s, %zu bytes",
+			m_fnames[i].c_str(), std::string("`").append(m_db).append("`.`").
+					append(m_table).append("`").c_str(), copied_size);
+	}
+
+	return true;
+}
+
+class BackupImpl {
+	public:
+		BackupImpl(
+				const char *datadir_path, ds_ctxt_t *datasink,
+				std::vector<MYSQL *> &con_pool, ThreadPool &thread_pool) :
+			m_datadir_path(datadir_path), m_ds(datasink), m_con_pool(con_pool),
+			m_process_table_jobs(thread_pool) {}
+		~BackupImpl() { }
+		bool scan(
+				const std::unordered_set<std::string> &exclude_tables,
+				std::unordered_set<std::string> *out_processed_tables,
+				bool no_lock, bool collect_log_and_stats);
+		void set_post_copy_table_hook(const post_copy_table_hook_t &hook) {
+			m_table_post_copy_hook = hook;
+		}
+		bool copy_log_tables(bool finalize);
+		bool copy_stats_tables();
+		bool wait_for_finish();
+		bool close_log_tables();
+	private:
+
+		void process_table_job(Table *table, bool no_lock, bool delete_table,
+			bool finalize, unsigned thread_num);
+
+		const char *m_datadir_path;
+		ds_ctxt_t *m_ds;
+		std::vector<MYSQL *> &m_con_pool;
+		TasksGroup m_process_table_jobs;
+
+		post_copy_table_hook_t m_table_post_copy_hook;
+		std::unordered_map<table_key_t, std::unique_ptr<LogTable>> m_log_tables;
+		std::unordered_map<table_key_t, std::unique_ptr<Table>> m_stats_tables;
+};
+
+void BackupImpl::process_table_job(Table *table, bool no_lock,
+	bool delete_table, bool finalize, unsigned thread_num) {
+	int result = 0;
+
+	if (!m_process_table_jobs.get_result())
+		goto exit;
+
+	if (!table->copy(m_ds, m_con_pool[thread_num], no_lock, finalize, thread_num))
+		goto exit;
+
+	if (m_table_post_copy_hook)
+		m_table_post_copy_hook(table->get_db(), table->get_table(),
+		table->get_version());
+
+	result = 1;
+
+exit:
+	if (delete_table)
+		delete table;
+	m_process_table_jobs.finish_task(result);
+}
+
+bool BackupImpl::scan(const std::unordered_set<table_key_t> &exclude_tables,
+	std::unordered_set<table_key_t> *out_processed_tables, bool no_lock,
+	bool collect_log_and_stats) {
+
+	msg("Start scanning common engine tables, need backup locks: %d, "
+		"collect log and stat tables: %d", no_lock, collect_log_and_stats);
+
+	std::unordered_map<table_key_t, std::unique_ptr<Table>> found_tables;
+
+	foreach_file_in_db_dirs(m_datadir_path,
+		[&](const char *file_path)->bool {
+
+		static const char *ext_list[] =
+			{".MYD", ".MYI", ".MRG", ".ARM", ".ARZ", ".CSM", ".CSV", NULL};
+
+		bool is_aria = ends_with(file_path, ".MAD") || ends_with(file_path, ".MAI");
+
+		if (!collect_log_and_stats && is_aria)
+			return true;
+
+		if (!is_aria && !filename_matches(file_path, ext_list))
+			return true;
+
+		if (check_if_skip_table(file_path)) {
+			msg("Skipping %s.", file_path);
+			return true;
+		}
+
+		auto db_table_fs = convert_filepath_to_tablename(file_path);
+		auto tk =
+			table_key(std::get<0>(db_table_fs), std::get<1>(db_table_fs));
+
+		// log and stats tables are only collected in this function,
+		// so there is no need to filter out them with exclude_tables.
+		if (collect_log_and_stats) {
+			if (is_log_table(std::get<0>(db_table_fs).c_str(),
+				std::get<1>(db_table_fs).c_str())) {
+				auto table_it = m_log_tables.find(tk);
+				if (table_it == m_log_tables.end()) {
+					msg("Log table found: %s", tk.c_str());
+					table_it = m_log_tables.emplace(tk,
+						std::unique_ptr<LogTable>(new LogTable(std::get<0>(db_table_fs),
+						std::get<1>(db_table_fs), std::get<2>(db_table_fs)))).first;
+				}
+				msg("Collect log table file: %s", file_path);
+				table_it->second->add_file_name(file_path);
+				return true;
+			}
+			// Aria can handle statistics tables
+			else if (is_stats_table(std::get<0>(db_table_fs).c_str(),
+				std::get<1>(db_table_fs).c_str()) && !is_aria) {
+				auto table_it = m_stats_tables.find(tk);
+				if (table_it == m_stats_tables.end()) {
+					msg("Stats table found: %s", tk.c_str());
+					table_it = m_stats_tables.emplace(tk,
+						std::unique_ptr<Table>(new Table(std::get<0>(db_table_fs),
+						std::get<1>(db_table_fs), std::get<2>(db_table_fs)))).first;
+				}
+				msg("Collect stats table file: %s", file_path);
+				table_it->second->add_file_name(file_path);
+				return true;
+			}
+		} else if (is_log_table(std::get<0>(db_table_fs).c_str(),
+			std::get<1>(db_table_fs).c_str()) ||
+			is_stats_table(std::get<0>(db_table_fs).c_str(),
+			std::get<1>(db_table_fs).c_str()))
+			return true;
+
+		if (is_aria)
+			return true;
+
+		if (exclude_tables.count(tk)) {
+			msg("Skip table %s at it is in exclude list", tk.c_str());
+			return true;
+		}
+
+		auto table_it = found_tables.find(tk);
+		if (table_it == found_tables.end()) {
+			table_it = found_tables.emplace(tk,
+				std::unique_ptr<Table>(new Table(std::get<0>(db_table_fs),
+				std::get<1>(db_table_fs), std::get<2>(db_table_fs)))).first;
+		}
+
+		table_it->second->add_file_name(file_path);
+
+		return true;
+	});
+
+	for (auto &table_it : found_tables) {
+		m_process_table_jobs.push_task(
+			std::bind(&BackupImpl::process_table_job, this, table_it.second.release(),
+					no_lock, true, false, std::placeholders::_1));
+		if (out_processed_tables)
+			out_processed_tables->insert(table_it.first);
+	}
+
+	msg("Stop scanning common engine tables");
+	return true;
+}
+
+bool BackupImpl::copy_log_tables(bool finalize) {
+	for (auto &table_it : m_log_tables) {
+		// Do not execute BACKUP LOCK for log tables as it's supposed
+		// that they must be copied on BLOCK_DDL and BLOCK_COMMIT locks.
+		m_process_table_jobs.push_task(
+			std::bind(&BackupImpl::process_table_job, this, table_it.second.get(),
+					true, false, finalize, std::placeholders::_1));
+	}
+	return true;
+}
+
+bool BackupImpl::copy_stats_tables() {
+	for (auto &table_it : m_stats_tables) {
+		// Do not execute BACKUP LOCK for stats tables as it's supposed
+		// that they must be copied on BLOCK_DDL and BLOCK_COMMIT locks.
+		// Delete stats table object after copy (see process_table_job())
+		m_process_table_jobs.push_task(
+			std::bind(&BackupImpl::process_table_job, this, table_it.second.release(),
+					true, true, false, std::placeholders::_1));
+	}
+	m_stats_tables.clear();
+	return true;
+}
+
+bool BackupImpl::wait_for_finish() {
+	/* Wait for threads to exit */
+	return m_process_table_jobs.wait_for_finish();
+}
+
+bool BackupImpl::close_log_tables() {
+	bool result = wait_for_finish();
+	for (auto &table_it : m_log_tables)
+		table_it.second->close();
+	return result;
+}
+
+Backup::Backup(const char *datadir_path, ds_ctxt_t *datasink,
+	std::vector<MYSQL *> &con_pool, ThreadPool &thread_pool) :
+		m_backup_impl(
+			new BackupImpl(datadir_path, datasink, con_pool,
+			thread_pool)) { }
+
+Backup::~Backup() {
+	delete m_backup_impl;
+}
+
+bool Backup::scan(
+	const std::unordered_set<table_key_t> &exclude_tables,
+	std::unordered_set<table_key_t> *out_processed_tables,
+	bool no_lock, bool collect_log_and_stats) {
+	return m_backup_impl->scan(exclude_tables, out_processed_tables, no_lock,
+		collect_log_and_stats);
+}
+
+bool Backup::copy_log_tables(bool finalize) {
+	return m_backup_impl->copy_log_tables(finalize);
+}
+
+bool Backup::copy_stats_tables() {
+	return m_backup_impl->copy_stats_tables();
+}
+
+bool Backup::wait_for_finish() {
+	return m_backup_impl->wait_for_finish();
+}
+
+bool Backup::close_log_tables() {
+	return m_backup_impl->close_log_tables();
+}
+
+void Backup::set_post_copy_table_hook(const post_copy_table_hook_t &hook) {
+	m_backup_impl->set_post_copy_table_hook(hook);
+}
+
+} // namespace common_engine
diff --git a/extra/mariabackup/common_engine.h b/extra/mariabackup/common_engine.h
new file mode 100644
index 00000000..6f5d8062
--- /dev/null
+++ b/extra/mariabackup/common_engine.h
@@ -0,0 +1,39 @@
+#pragma once
+#include "my_global.h"
+#include "backup_mysql.h"
+#include "datasink.h"
+#include "thread_pool.h"
+#include "xtrabackup.h"
+
+#include <unordered_set>
+#include <string>
+#include <vector>
+
+namespace common_engine {
+
+class BackupImpl;
+
+class Backup {
+	public:
+		Backup(const char *datadir_path, ds_ctxt_t *datasink,
+				std::vector<MYSQL *> &con_pool, ThreadPool &thread_pool);
+		~Backup();
+		Backup (Backup &&other) = delete;
+		Backup & operator= (Backup &&other) = delete;
+		Backup(const Backup &) = delete;
+		Backup & operator= (const Backup &) = delete;
+		bool scan(
+				const std::unordered_set<table_key_t> &exclude_tables,
+				std::unordered_set<table_key_t> *out_processed_tables,
+				bool no_lock, bool collect_log_and_stats);
+		bool copy_log_tables(bool finalize);
+		bool copy_stats_tables();
+		bool wait_for_finish();
+		bool close_log_tables();
+		void set_post_copy_table_hook(const post_copy_table_hook_t &hook);
+	private:
+		BackupImpl *m_backup_impl;
+};
+
+} // namespace common_engine
+
diff --git a/extra/mariabackup/datasink.cc b/extra/mariabackup/datasink.cc
index a576526d..132ff3fc 100644
--- a/extra/mariabackup/datasink.cc
+++ b/extra/mariabackup/datasink.cc
@@ -80,11 +80,11 @@ ds_create(const char *root, ds_type_t type)
 /************************************************************************
 Open a datasink file */
 ds_file_t *
-ds_open(ds_ctxt_t *ctxt, const char *path, MY_STAT *stat)
+ds_open(ds_ctxt_t *ctxt, const char *path, const MY_STAT *stat, bool rewrite)
 {
 	ds_file_t	*file;
 
-	file = ctxt->datasink->open(ctxt, path, stat);
+	file = ctxt->datasink->open(ctxt, path, stat, rewrite);
 	if (file != NULL) {
 		file->datasink = ctxt->datasink;
 	}
@@ -104,6 +104,30 @@ ds_write(ds_file_t *file, const void *buf, size_t len)
 	return file->datasink->write(file, (const uchar *)buf, len);
 }
 
+int ds_seek_set(ds_file_t *file, my_off_t offset) {
+	DBUG_ASSERT(file);
+	DBUG_ASSERT(file->datasink);
+	if (file->datasink->seek_set)
+		return file->datasink->seek_set(file, offset);
+	return 0;
+}
+
+int ds_rename(ds_ctxt_t *ctxt, const char *old_path, const char *new_path) {
+	DBUG_ASSERT(ctxt);
+	DBUG_ASSERT(ctxt->datasink);
+	if (ctxt->datasink->rename)
+		return ctxt->datasink->rename(ctxt, old_path, new_path);
+	return 0;
+}
+
+int ds_remove(ds_ctxt_t *ctxt, const char *path) {
+	DBUG_ASSERT(ctxt);
+	DBUG_ASSERT(ctxt->datasink);
+	if (ctxt->datasink->remove)
+		return ctxt->datasink->mremove(ctxt, path);
+	return 0;
+}
+
 /************************************************************************
 Close a datasink file.
 @return 0 on success, 1, on error. */
diff --git a/extra/mariabackup/datasink.h b/extra/mariabackup/datasink.h
index 57468e0c..98cbe525 100644
--- a/extra/mariabackup/datasink.h
+++ b/extra/mariabackup/datasink.h
@@ -43,7 +43,8 @@ typedef struct ds_ctxt {
         */
         bool copy_file(const char *src_file_path,
                        const char *dst_file_path,
-                       uint thread_n);
+                       uint thread_n,
+                       bool rewrite = false);
 
         bool move_file(const char *src_file_path,
                        const char *dst_file_path,
@@ -76,10 +77,15 @@ typedef struct {
 
 struct datasink_struct {
 	ds_ctxt_t *(*init)(const char *root);
-	ds_file_t *(*open)(ds_ctxt_t *ctxt, const char *path, MY_STAT *stat);
+	ds_file_t *(*open)(ds_ctxt_t *ctxt, const char *path,
+		const MY_STAT *stat, bool rewrite);
 	int (*write)(ds_file_t *file, const unsigned char *buf, size_t len);
+	int (*seek_set)(ds_file_t *file, my_off_t offset);
 	int (*close)(ds_file_t *file);
 	int (*remove)(const char *path);
+	// TODO: consider to return bool from "rename" and "remove"
+	int (*rename)(ds_ctxt_t *ctxt, const char *old_path, const char *new_path);
+	int (*mremove)(ds_ctxt_t *ctxt, const char *path);
 	void (*deinit)(ds_ctxt_t *ctxt);
 };
 
@@ -106,12 +112,17 @@ ds_ctxt_t *ds_create(const char *root, ds_type_t type);
 
 /************************************************************************
 Open a datasink file */
-ds_file_t *ds_open(ds_ctxt_t *ctxt, const char *path, MY_STAT *stat);
+ds_file_t *ds_open(
+	ds_ctxt_t *ctxt, const char *path, const MY_STAT *stat, bool rewrite = false);
 
 /************************************************************************
 Write to a datasink file.
 @return 0 on success, 1 on error. */
 int ds_write(ds_file_t *file, const void *buf, size_t len);
+int ds_seek_set(ds_file_t *file, my_off_t offset);
+
+int ds_rename(ds_ctxt_t *ctxt, const char *old_path, const char *new_path);
+int ds_remove(ds_ctxt_t *ctxt, const char *path);
 
 /************************************************************************
 Close a datasink file.
diff --git a/extra/mariabackup/ddl_log.cc b/extra/mariabackup/ddl_log.cc
new file mode 100644
index 00000000..6af34172
--- /dev/null
+++ b/extra/mariabackup/ddl_log.cc
@@ -0,0 +1,553 @@
+#include "ddl_log.h"
+#include "common.h"
+#include "my_sys.h"
+#include "sql_table.h"
+#include "backup_copy.h"
+#include "xtrabackup.h"
+#include <unordered_set>
+#include <functional>
+#include <memory>
+#include <cstddef>
+
+namespace ddl_log {
+
+struct Entry {
+	enum Type {
+		CREATE,
+		ALTER,
+		RENAME,
+		REPAIR,
+		OPTIMIZE,
+		DROP,
+		TRUNCATE,
+		CHANGE_INDEX,
+		BULK_INSERT
+	};
+	Type type;
+	std::string date;
+	std::string engine;
+	bool partitioned;
+	std::string db;
+	std::string table;
+	std::string id;
+	std::string new_engine;
+	bool new_partitioned;
+	std::string new_db;
+	std::string new_table;
+	std::string new_id;
+};
+
+typedef std::vector<std::unique_ptr<Entry>> entries_t;
+typedef std::function<bool(std::unique_ptr<Entry>)> store_entry_func_t;
+
+const char *aria_engine_name = "Aria";
+static const char *frm_ext = ".frm";
+static const char *database_keyword = "DATABASE";
+
+const std::unordered_map<std::string, std::vector<const char *>> engine_exts =
+{
+	{"Aria", {".MAD", ".MAI"}},
+	{"MyISAM", {".MYD", ".MYI"}},
+	{"MRG_MyISAM", {".MRG"}},
+	{"ARCHIVE", {".ARM", ".ARZ"}},
+	{"CSV", {".CSM", ".CSV"}}
+};
+
+static inline bool known_engine(const std::string &engine) {
+	return engine_exts.count(engine);
+}
+
+// TODO: add error messages
+size_t parse(const uchar *buf, size_t buf_size, bool &error_flag,
+	store_entry_func_t &store_entry_func) {
+	DBUG_ASSERT(buf);
+	static constexpr char token_delimiter = '\t';
+	static constexpr char line_delimiter = '\n';
+	enum {
+		TOKEN_FIRST = 0,
+		TOKEN_DATE = TOKEN_FIRST,
+		TOKEN_TYPE,
+		TOKEN_ENGINE,
+		TOKEN_PARTITIONED,
+		TOKEN_DB,
+		TOKEN_TABLE,
+		TOKEN_ID,
+		TOKEN_MANDATORY = TOKEN_ID,
+		TOKEN_NEW_ENGINE,
+		TOKEN_NEW_PARTITIONED,
+		TOKEN_NEW_DB,
+		TOKEN_NEW_TABLE,
+		TOKEN_NEW_ID,
+		TOKEN_LAST = TOKEN_NEW_ID
+	};
+	const size_t string_offsets[TOKEN_LAST + 1] = {
+		offsetof(Entry, date),
+		offsetof(Entry, type), // not a string, be careful
+		offsetof(Entry, engine),
+		offsetof(Entry, partitioned), // not a string, be careful
+		offsetof(Entry, db),
+		offsetof(Entry, table),
+		offsetof(Entry, id),
+		offsetof(Entry, new_engine),
+		offsetof(Entry, new_partitioned), // not a string, be careful
+		offsetof(Entry, new_db),
+		offsetof(Entry, new_table),
+		offsetof(Entry, new_id)
+	};
+	const std::unordered_map<std::string, Entry::Type> str_to_type = {
+		{"CREATE", Entry::CREATE},
+		{"ALTER", Entry::ALTER},
+		{"RENAME", Entry::RENAME},
+		// TODO: fix to use uppercase-only
+		{"repair", Entry::REPAIR},
+		{"optimize", Entry::OPTIMIZE},
+		{"DROP", Entry::DROP},
+		{"TRUNCATE", Entry::TRUNCATE},
+		{"CHANGE_INDEX", Entry::CHANGE_INDEX},
+		{"BULK_INSERT", Entry::BULK_INSERT}
+	};
+
+	const uchar *new_line = buf;
+	const uchar *token_start = buf;
+	unsigned token_num = TOKEN_FIRST;
+
+	error_flag = false;
+
+	std::unique_ptr<Entry> entry(new Entry());
+
+	for (const uchar *ptr = buf; ptr < buf + buf_size; ++ptr) {
+
+		if (*ptr != token_delimiter && *ptr != line_delimiter)
+			continue;
+
+		if (token_start != ptr) {
+			std::string token(token_start, ptr);
+
+			if (token_num == TOKEN_TYPE) {
+				const auto type_it = str_to_type.find(token);
+				if (type_it == str_to_type.end()) {
+					error_flag = true;
+					goto exit;
+				}
+				entry->type = type_it->second;
+			}
+			else if (token_num == TOKEN_PARTITIONED) {
+				entry->partitioned = token[0] - '0';
+			}
+			else if (token_num == TOKEN_NEW_PARTITIONED) {
+				entry->new_partitioned = token[0] - '0';
+			}
+			else if (token_num <= TOKEN_LAST) {
+				DBUG_ASSERT(token_num != TOKEN_TYPE);
+				DBUG_ASSERT(token_num != TOKEN_PARTITIONED);
+				DBUG_ASSERT(token_num != TOKEN_NEW_PARTITIONED);
+				reinterpret_cast<std::string *>
+					(reinterpret_cast<uchar *>(entry.get()) + string_offsets[token_num])->
+					assign(std::move(token));
+			}
+			else {
+				error_flag = true;
+				goto exit;
+			}
+		}
+		token_start = ptr + 1;
+
+		if (*ptr == line_delimiter) {
+			if (token_num < TOKEN_MANDATORY) {
+				error_flag = true;
+				goto exit;
+			}
+			if (!store_entry_func(std::move(entry))) {
+				error_flag = true;
+				goto exit;
+			}
+			entry.reset(new Entry());
+			token_num = TOKEN_FIRST;
+			new_line = ptr + 1;
+		} else
+			++token_num;
+	}
+
+exit:
+	return new_line - buf;
+}
+
+bool parse(const char *file_path, store_entry_func_t store_entry_func) {
+	DBUG_ASSERT(file_path);
+	DBUG_ASSERT(store_entry_func);
+	File file= -1;
+	bool result = true;
+	uchar buf[1024];
+	size_t bytes_read = 0;
+	size_t buf_read_offset = 0;
+
+	if ((file= my_open(file_path, O_RDONLY | O_SHARE | O_NOFOLLOW | O_CLOEXEC,
+		MYF(MY_WME))) < 0) {
+		msg("DDL log file %s open failed: %d", file_path, my_errno);
+		result = false;
+		goto exit;
+	}
+
+	while((bytes_read = my_read(
+		file, &buf[buf_read_offset], sizeof(buf) - buf_read_offset, MY_WME)) > 0) {
+		if (bytes_read == size_t(-1)) {
+			msg("DDL log file %s read error: %d", file_path, my_errno);
+			result = false;
+			break;
+		}
+		bytes_read += buf_read_offset;
+		bool parse_error_flag = false;
+		size_t bytes_parsed = parse(
+			buf, bytes_read, parse_error_flag, store_entry_func);
+		if (parse_error_flag) {
+			result = false;
+			break;
+		}
+		size_t rest_size = bytes_read - bytes_parsed;
+		if (rest_size)
+			memcpy(buf, buf + bytes_parsed, rest_size);
+		buf_read_offset = rest_size;
+	}
+
+exit:
+	if (file >= 0)
+		my_close(file, MYF(MY_WME));
+	return result;
+};
+
+
+static
+bool process_database(
+	const char *datadir_path,
+	ds_ctxt_t *ds,
+	const Entry &entry,
+	std::unordered_set<std::string> &dropped_databases) {
+
+	if (entry.type == Entry::Type::CREATE ||
+		entry.type == Entry::Type::ALTER) {
+		std::string opt_file(datadir_path);
+		opt_file.append("/").append(entry.db).append("/db.opt");
+		if (!ds->copy_file(opt_file.c_str(), opt_file.c_str(), 0, true)) {
+			msg("Failed to re-copy %s.", opt_file.c_str());
+			return false;
+		}
+		if (entry.type == Entry::Type::CREATE)
+			dropped_databases.erase(entry.db);
+		return true;
+	}
+
+	DBUG_ASSERT(entry.type == Entry::Type::DROP);
+
+	std::string db_path(datadir_path);
+	db_path.append("/").append(entry.db);
+	const char	*dst_path = convert_dst(db_path.c_str());
+	if (!ds_remove(ds, dst_path)) {
+		dropped_databases.insert(entry.db);
+		return true;
+	}
+	return false;
+}
+
+static
+std::unique_ptr<std::vector<std::string>>
+	find_table_files(
+		const char *dir_path,
+		const std::string &db,
+		const std::string &table) {
+
+	std::unique_ptr<std::vector<std::string>>
+		result(new std::vector<std::string>());
+
+	std::string prefix = convert_tablename_to_filepath(dir_path, db, table);
+	foreach_file_in_db_dirs(dir_path, [&](const char *file_name)->bool {
+		if (!strncmp(file_name, prefix.c_str(), prefix.size())) {
+			DBUG_ASSERT(strlen(file_name) >= prefix.size());
+			if (file_name[prefix.size()] == '.' ||
+				!strncmp(file_name + prefix.size(), "#P#", strlen("#P#")))
+				result->push_back(std::string(file_name));
+		}
+		return true;
+	});
+
+	return result;
+}
+
+static
+bool process_remove(
+	const char *datadir_path,
+	ds_ctxt_t *ds,
+	const Entry &entry,
+	bool remove_frm) {
+
+	if (check_if_skip_table(
+		std::string(entry.db).append("/").append(entry.table).c_str()))
+		return true;
+
+	auto ext_it = engine_exts.find(entry.engine);
+	if (ext_it == engine_exts.end())
+		return true;
+
+	std::string file_preffix = convert_tablename_to_filepath(datadir_path,
+		entry.db, entry.table);
+	const char *dst_preffix = convert_dst(file_preffix.c_str());
+
+	for (const char *ext : ext_it->second) {
+		std::string old_name(dst_preffix);
+		if (!entry.partitioned)
+			old_name.append(ext);
+		else
+			old_name.append("#P#*");
+		if (ds_remove(ds, old_name.c_str())) {
+			msg("Failed to remove %s.", old_name.c_str());
+			return false;
+		}
+	}
+
+	if (remove_frm) {
+		std::string old_frm_name(dst_preffix);
+		old_frm_name.append(frm_ext);
+		if (ds_remove(ds, old_frm_name.c_str())) {
+			msg("Failed to remove %s.", old_frm_name.c_str());
+			return false;
+		}
+	}
+	return true;
+
+}
+
+static
+bool process_recopy(
+	const char *datadir_path,
+	ds_ctxt_t *ds,
+	const Entry &entry,
+	const tables_t &tables) {
+
+	if (check_if_skip_table(
+		std::string(entry.db).append("/").append(entry.table).c_str()))
+		return true;
+
+	const std::string &new_table_id =
+		entry.new_id.empty() ? entry.id : entry.new_id;
+	DBUG_ASSERT(!new_table_id.empty());
+	const std::string &new_table =
+		entry.new_table.empty() ? entry.table : entry.new_table;
+	DBUG_ASSERT(!new_table.empty());
+	const std::string &new_db =
+		entry.new_db.empty() ? entry.db : entry.new_db;
+	DBUG_ASSERT(!new_db.empty());
+	const std::string &new_engine =
+		entry.new_engine.empty() ? entry.engine : entry.new_engine;
+	DBUG_ASSERT(!new_engine.empty());
+
+	if (entry.type != Entry::Type::BULK_INSERT) {
+		auto table_it = tables.find(table_key(new_db, new_table));
+		if (table_it != tables.end() &&
+			table_it->second == new_table_id)
+			return true;
+	}
+
+	if (!entry.new_engine.empty() &&
+		entry.engine != entry.new_engine &&
+		!known_engine(entry.new_engine)) {
+		return process_remove(datadir_path, ds, entry, false);
+	}
+
+	if ((entry.partitioned || entry.new_partitioned) &&
+		!process_remove(datadir_path, ds, entry, false))
+		return false;
+
+	if (entry.partitioned || entry.new_partitioned) {
+		auto files = find_table_files(datadir_path, new_db, new_table);
+		if (!files.get())
+			return true;
+		for (const auto &file : *files) {
+			const char *dst_path = convert_dst(file.c_str());
+			if (!ds->copy_file(file.c_str(), dst_path, 0, true)) {
+				msg("Failed to re-copy %s.", file.c_str());
+				return false;
+			}
+		}
+		return true;
+	}
+
+	auto ext_it = engine_exts.find(new_engine);
+	if (ext_it == engine_exts.end())
+		return false;
+
+	for (const char *ext : ext_it->second) {
+		std::string file_name =
+			convert_tablename_to_filepath(datadir_path, new_db, new_table).
+				append(ext);
+		const char *dst_path = convert_dst(file_name.c_str());
+		if (file_exists(file_name.c_str()) &&
+			!ds->copy_file(file_name.c_str(), dst_path, 0, true)) {
+			msg("Failed to re-copy %s.", file_name.c_str());
+			return false;
+		}
+	}
+
+	std::string frm_file =
+		convert_tablename_to_filepath(datadir_path, new_db, new_table).
+			append(frm_ext);
+	const char *frm_dst_path = convert_dst(frm_file.c_str());
+	if (file_exists(frm_file.c_str()) &&
+		!ds->copy_file(frm_file.c_str(), frm_dst_path, 0, true)) {
+		msg("Failed to re-copy %s.", frm_file.c_str());
+		return false;
+	}
+
+	return true;
+}
+
+static
+bool process_rename(
+	const char *datadir_path,
+	ds_ctxt_t *ds,
+	const Entry &entry) {
+
+	if (check_if_skip_table(
+		std::string(entry.db).append("/").append(entry.table).c_str()))
+		return true;
+
+	DBUG_ASSERT(entry.db != "partition");
+
+	auto ext_it = engine_exts.find(entry.engine);
+	if (ext_it == engine_exts.end())
+		return false;
+
+	std::string new_preffix = convert_tablename_to_filepath(datadir_path,
+		entry.new_db, entry.new_table);
+	const char	*dst_path = convert_dst(new_preffix.c_str());
+
+	std::string old_preffix = convert_tablename_to_filepath(datadir_path,
+		entry.db, entry.table);
+	const char	*src_path = convert_dst(old_preffix.c_str());
+
+	for (const char *ext : ext_it->second) {
+		std::string old_name(src_path);
+		old_name.append(ext);
+		std::string new_name(dst_path);
+		new_name.append(ext);
+		if (ds_rename(ds, old_name.c_str(), new_name.c_str())) {
+			msg("Failed to rename %s to %s.",
+				old_name.c_str(), new_name.c_str());
+			return false;
+		}
+	}
+
+	std::string new_frm_file = new_preffix + frm_ext;
+	const char	*new_frm_dst = convert_dst(new_frm_file.c_str());
+	if (file_exists(new_frm_file.c_str()) &&
+		!ds->copy_file(new_frm_file.c_str(), new_frm_dst, 0, true)) {
+		msg("Failed to re-copy %s.", new_frm_file.c_str());
+		return false;
+	}
+
+// TODO: return this code if .frm is copied not under BLOCK_DDL
+/*
+	std::string old_frm_name(src_path);
+	old_frm_name.append(frm_ext);
+	std::string new_frm_name(dst_path);
+	new_frm_name.append(frm_ext);
+	if (ds_rename(ds, old_frm_name.c_str(), new_frm_name.c_str())) {
+		msg("Failed to rename %s to %s.",
+			old_frm_name.c_str(), new_frm_name.c_str());
+		return false;
+	}
+*/
+	return true;
+}
+
+bool backup(
+	const char *datadir_path,
+	ds_ctxt_t *ds,
+	const tables_t &tables) {
+	DBUG_ASSERT(datadir_path);
+	DBUG_ASSERT(ds);
+	char ddl_log_path[FN_REFLEN];
+	fn_format(ddl_log_path, "ddl", datadir_path, ".log", 0);
+	std::vector<std::unique_ptr<Entry>> entries;
+
+	std::unordered_set<std::string> processed_tables;
+	std::unordered_set<std::string> dropped_databases;
+
+	bool parsing_result =
+		parse(ddl_log_path, [&](std::unique_ptr<Entry> entry)->bool {
+
+			if (entry->engine == database_keyword)
+				return process_database(datadir_path, ds, *entry, dropped_databases);
+
+			if (!known_engine(entry->engine) && !known_engine(entry->new_engine))
+				return true;
+
+			if (entry->type == Entry::Type::CREATE ||
+					(entry->type == Entry::Type::ALTER &&
+					!entry->new_engine.empty() &&
+					entry->engine != entry->new_engine)) {
+				if (!process_recopy(datadir_path, ds, *entry, tables))
+					return false;
+				processed_tables.insert(table_key(entry->db, entry->table));
+				if (entry->type == Entry::Type::ALTER)
+					processed_tables.insert(table_key(entry->new_db, entry->new_table));
+				return true;
+			}
+
+			if (entry->type == Entry::Type::DROP) {
+				if (!process_remove(datadir_path, ds, *entry, true))
+					return false;
+				processed_tables.insert(table_key(entry->db, entry->table));
+				return true;
+			}
+			if (entry->type == Entry::Type::RENAME) {
+				if (entry->partitioned) {
+					if (!process_remove(datadir_path, ds, *entry, true))
+						return false;
+					Entry recopy_entry {
+						entry->type,
+						{},
+						entry->new_engine.empty() ? entry->engine : entry->new_engine,
+						true,
+						entry->new_db,
+						entry->new_table,
+						entry->new_id,
+						{}, true, {}, {}, {}
+					};
+					if (!process_recopy(datadir_path, ds, recopy_entry, tables))
+						return false;
+				}
+				else if (!process_rename(datadir_path, ds, *entry))
+					return false;
+				processed_tables.insert(table_key(entry->db, entry->table));
+				processed_tables.insert(table_key(entry->new_db, entry->new_table));
+				return true;
+			}
+
+			entries.push_back(std::move(entry));
+			return true;
+
+		});
+
+	if (!parsing_result)
+		return false;
+
+
+	while (!entries.empty()) {
+		auto entry = std::move(entries.back());
+		entries.pop_back();
+		auto tk = table_key(
+			entry->new_db.empty() ? entry->db : entry->new_db,
+			entry->new_table.empty() ? entry->table : entry->new_table);
+		if (dropped_databases.count(entry->db) ||
+			dropped_databases.count(entry->new_db))
+			continue;
+		if (processed_tables.count(tk))
+			continue;
+		processed_tables.insert(std::move(tk));
+		if (!process_recopy(datadir_path, ds, *entry, tables))
+			return false;
+	}
+
+	return true;
+}
+
+} // namespace ddl_log
diff --git a/extra/mariabackup/ddl_log.h b/extra/mariabackup/ddl_log.h
new file mode 100644
index 00000000..5cac3e5d
--- /dev/null
+++ b/extra/mariabackup/ddl_log.h
@@ -0,0 +1,15 @@
+#pragma once
+#include "my_global.h"
+#include "datasink.h"
+#include "aria_backup_client.h"
+#include <string>
+#include <memory>
+#include <vector>
+#include <unordered_map>
+
+namespace ddl_log {
+
+typedef std::unordered_map<std::string, std::string> tables_t;
+bool backup(const char *datadir_path, ds_ctxt_t *ds, const tables_t &tables);
+
+} // namespace ddl_log
diff --git a/extra/mariabackup/ds_buffer.cc b/extra/mariabackup/ds_buffer.cc
index d6a42095..bc1d4663 100644
--- a/extra/mariabackup/ds_buffer.cc
+++ b/extra/mariabackup/ds_buffer.cc
@@ -44,7 +44,7 @@ typedef struct {
 
 static ds_ctxt_t *buffer_init(const char *root);
 static ds_file_t *buffer_open(ds_ctxt_t *ctxt, const char *path,
-			      MY_STAT *mystat);
+			      const MY_STAT *mystat, bool rewrite);
 static int buffer_write(ds_file_t *file, const uchar *buf, size_t len);
 static int buffer_close(ds_file_t *file);
 static void buffer_deinit(ds_ctxt_t *ctxt);
@@ -53,8 +53,11 @@ datasink_t datasink_buffer = {
 	&buffer_init,
 	&buffer_open,
 	&buffer_write,
+	nullptr,
 	&buffer_close,
 	&dummy_remove,
+	nullptr,
+	nullptr,
 	&buffer_deinit
 };
 
@@ -84,8 +87,10 @@ buffer_init(const char *root)
 }
 
 static ds_file_t *
-buffer_open(ds_ctxt_t *ctxt, const char *path, MY_STAT *mystat)
+buffer_open(ds_ctxt_t *ctxt, const char *path,
+	const MY_STAT *mystat, bool rewrite)
 {
+  DBUG_ASSERT(rewrite == false);
 	ds_buffer_ctxt_t	*buffer_ctxt;
 	ds_ctxt_t		*pipe_ctxt;
 	ds_file_t		*dst_file;
diff --git a/extra/mariabackup/ds_compress.cc b/extra/mariabackup/ds_compress.cc
index f7a9b7a1..0cb52e97 100644
--- a/extra/mariabackup/ds_compress.cc
+++ b/extra/mariabackup/ds_compress.cc
@@ -65,7 +65,7 @@ extern ulonglong	xtrabackup_compress_chunk_size;
 
 static ds_ctxt_t *compress_init(const char *root);
 static ds_file_t *compress_open(ds_ctxt_t *ctxt, const char *path,
-				MY_STAT *mystat);
+				const MY_STAT *mystat, bool rewrite);
 static int compress_write(ds_file_t *file, const uchar *buf, size_t len);
 static int compress_close(ds_file_t *file);
 static void compress_deinit(ds_ctxt_t *ctxt);
@@ -74,8 +74,11 @@ datasink_t datasink_compress = {
 	&compress_init,
 	&compress_open,
 	&compress_write,
+	nullptr,
 	&compress_close,
 	&dummy_remove,
+	nullptr,
+	nullptr,
 	&compress_deinit
 };
 
@@ -116,8 +119,10 @@ compress_init(const char *root)
 
 static
 ds_file_t *
-compress_open(ds_ctxt_t *ctxt, const char *path, MY_STAT *mystat)
+compress_open(ds_ctxt_t *ctxt, const char *path,
+	const MY_STAT *mystat, bool rewrite)
 {
+  DBUG_ASSERT(rewrite == false);
 	ds_compress_ctxt_t	*comp_ctxt;
 	ds_ctxt_t		*dest_ctxt;
  	ds_file_t		*dest_file;
diff --git a/extra/mariabackup/ds_local.cc b/extra/mariabackup/ds_local.cc
index f86612b9..ff2021fc 100644
--- a/extra/mariabackup/ds_local.cc
+++ b/extra/mariabackup/ds_local.cc
@@ -42,8 +42,9 @@ typedef struct {
 
 static ds_ctxt_t *local_init(const char *root);
 static ds_file_t *local_open(ds_ctxt_t *ctxt, const char *path,
-			     MY_STAT *mystat);
+			     const MY_STAT *mystat, bool rewrite);
 static int local_write(ds_file_t *file, const uchar *buf, size_t len);
+static int local_seek_set(ds_file_t *file, my_off_t offset);
 static int local_close(ds_file_t *file);
 static void local_deinit(ds_ctxt_t *ctxt);
 
@@ -52,13 +53,20 @@ static int local_remove(const char *path)
 	return unlink(path);
 }
 
+static int local_rename(
+	ds_ctxt_t *ctxt, const char *old_path, const char *new_path);
+static int local_mremove(ds_ctxt_t *ctxt, const char *path);
+
 extern "C" {
 datasink_t datasink_local = {
 	&local_init,
 	&local_open,
 	&local_write,
+	&local_seek_set,
 	&local_close,
 	&local_remove,
+	&local_rename,
+	&local_mremove,
 	&local_deinit
 };
 }
@@ -89,7 +97,7 @@ local_init(const char *root)
 static
 ds_file_t *
 local_open(ds_ctxt_t *ctxt, const char *path,
-	   MY_STAT *mystat __attribute__((unused)))
+	   const MY_STAT *mystat __attribute__((unused)), bool rewrite)
 {
 	char 		fullpath[FN_REFLEN];
 	char		dirpath[FN_REFLEN];
@@ -111,8 +119,10 @@ local_open(ds_ctxt_t *ctxt, const char *path,
 		return NULL;
 	}
 
-	fd = my_create(fullpath, 0, O_WRONLY | O_BINARY | O_EXCL | O_NOFOLLOW,
-		     MYF(MY_WME));
+	// TODO: check in Windows and set the corresponding flags on fail
+	fd = my_create(fullpath, 0,
+		O_WRONLY | O_BINARY | (rewrite ? O_TRUNC : O_EXCL) | O_NOFOLLOW,
+		MYF(MY_WME));
 	if (fd < 0) {
 		return NULL;
 	}
@@ -194,8 +204,8 @@ static void init_ibd_data(ds_local_file_t *local_file, const uchar *buf, size_t
 		return;
 	}
 
-	auto flags = mach_read_from_4(&buf[FIL_PAGE_DATA + FSP_SPACE_FLAGS]);
-	auto ssize = FSP_FLAGS_GET_PAGE_SSIZE(flags);
+	uint32_t flags = mach_read_from_4(&buf[FIL_PAGE_DATA + FSP_SPACE_FLAGS]);
+	uint32_t ssize = FSP_FLAGS_GET_PAGE_SSIZE(flags);
 	local_file->pagesize= ssize == 0 ? UNIV_PAGE_SIZE_ORIG : ((UNIV_ZIP_SIZE_MIN >> 1) << ssize);
 	local_file->compressed = fil_space_t::full_crc32(flags)
 		? fil_space_t::is_compressed(flags)
@@ -239,6 +249,15 @@ local_write(ds_file_t *file, const uchar *buf, size_t len)
 	return 1;
 }
 
+static
+int
+local_seek_set(ds_file_t *file, my_off_t offset) {
+	ds_local_file_t *local_file= (ds_local_file_t *)file->ptr;
+	if (my_seek(local_file->fd, offset, SEEK_SET, MYF(0)) == MY_FILEPOS_ERROR)
+		return 1;
+	return 0;
+}
+
 /* Set EOF at file's current position.*/
 static int set_eof(File fd)
 {
@@ -276,3 +295,77 @@ local_deinit(ds_ctxt_t *ctxt)
 	my_free(ctxt->root);
 	my_free(ctxt);
 }
+
+
+static int local_rename(
+	ds_ctxt_t *ctxt, const char *old_path, const char *new_path) {
+	char		full_old_path[FN_REFLEN];
+	char		full_new_path[FN_REFLEN];
+	fn_format(full_old_path, old_path, ctxt->root, "", MYF(MY_RELATIVE_PATH));
+	fn_format(full_new_path, new_path, ctxt->root, "", MYF(MY_RELATIVE_PATH));
+	// Ignore errors as .frm files can me copied separately.
+	// TODO: return error processing here after the corresponding changes in
+	// xtrabackup.cc
+	(void)my_rename(full_old_path, full_new_path, MYF(0));
+//	if (my_rename(full_old_path, full_new_path, MYF(0))) {
+//		msg("Failed to rename file %s to %s", old_path, new_path);
+//		return 1;
+//	}
+	return 0;
+}
+
+// It's ok if destination does not contain the file or folder
+static int local_mremove(ds_ctxt_t *ctxt, const char *path) {
+	char		full_path[FN_REFLEN];
+	fn_format(full_path, path, ctxt->root, "", MYF(MY_RELATIVE_PATH));
+	size_t full_path_len = strlen(full_path);
+	if (full_path[full_path_len - 1] == '*') {
+		full_path[full_path_len - 1] = '\0';
+		char *preffix = strrchr(full_path, '/');
+		const char *full_path_dir = full_path;
+		size_t preffix_len;
+		if (preffix) {
+			preffix_len = (full_path_len - 1) - (preffix - full_path);
+			*(preffix++) = '\0';
+		}
+		else {
+			preffix = full_path;
+			preffix_len = full_path_len - 1;
+			full_path_dir= IF_WIN(".\\", "./");
+		}
+		if (!preffix_len)
+			return 0;
+		MY_DIR *dir= my_dir(full_path_dir, 0);
+		if (!dir)
+			return 0;
+		for (size_t i = 0; i < dir->number_of_files; ++i) {
+			char full_fpath[FN_REFLEN];
+			if (strncmp(dir->dir_entry[i].name, preffix, preffix_len))
+				continue;
+			fn_format(full_fpath, dir->dir_entry[i].name,
+					full_path_dir, "", MYF(MY_RELATIVE_PATH));
+			(void)my_delete(full_fpath, MYF(0));
+		}
+		my_dirend(dir);
+	}
+	else {
+		MY_STAT stat;
+		if (!my_stat(full_path, &stat, MYF(0)))
+			return 0;
+		MY_DIR *dir= my_dir(full_path, 0);
+		if (!dir) {
+			// TODO: check for error here if necessary
+			(void)my_delete(full_path, MYF(0));
+			return 0;
+		}
+		for (size_t i = 0; i < dir->number_of_files; ++i) {
+			char		full_fpath[FN_REFLEN];
+			fn_format(full_fpath, dir->dir_entry[i].name,
+					full_path, "", MYF(MY_RELATIVE_PATH));
+			(void)my_delete(full_fpath, MYF(0));
+		}
+		my_dirend(dir);
+		(void)my_rmtree(full_path, MYF(0));
+	}
+	return 0;
+}
diff --git a/extra/mariabackup/ds_stdout.cc b/extra/mariabackup/ds_stdout.cc
index a9639ff7..3fc0873b 100644
--- a/extra/mariabackup/ds_stdout.cc
+++ b/extra/mariabackup/ds_stdout.cc
@@ -30,7 +30,7 @@ typedef struct {
 
 static ds_ctxt_t *stdout_init(const char *root);
 static ds_file_t *stdout_open(ds_ctxt_t *ctxt, const char *path,
-			     MY_STAT *mystat);
+			const MY_STAT *mystat, bool rewrite);
 static int stdout_write(ds_file_t *file, const uchar *buf, size_t len);
 static int stdout_close(ds_file_t *file);
 static void stdout_deinit(ds_ctxt_t *ctxt);
@@ -39,8 +39,11 @@ datasink_t datasink_stdout = {
 	&stdout_init,
 	&stdout_open,
 	&stdout_write,
+	nullptr,
 	&stdout_close,
 	&dummy_remove,
+	nullptr,
+	nullptr,
 	&stdout_deinit
 };
 
@@ -61,8 +64,9 @@ static
 ds_file_t *
 stdout_open(ds_ctxt_t *ctxt __attribute__((unused)),
 	    const char *path __attribute__((unused)),
-	    MY_STAT *mystat __attribute__((unused)))
+	    const MY_STAT *mystat __attribute__((unused)), bool rewrite)
 {
+  DBUG_ASSERT(rewrite == false);
 	ds_stdout_file_t 	*stdout_file;
 	ds_file_t		*file;
 	size_t			pathlen;
diff --git a/extra/mariabackup/ds_tmpfile.cc b/extra/mariabackup/ds_tmpfile.cc
index 80b9d3bb..6bafee25 100644
--- a/extra/mariabackup/ds_tmpfile.cc
+++ b/extra/mariabackup/ds_tmpfile.cc
@@ -41,7 +41,7 @@ typedef struct {
 
 static ds_ctxt_t *tmpfile_init(const char *root);
 static ds_file_t *tmpfile_open(ds_ctxt_t *ctxt, const char *path,
-			       MY_STAT *mystat);
+			const MY_STAT *mystat, bool rewrite);
 static int tmpfile_write(ds_file_t *file, const uchar *buf, size_t len);
 static int tmpfile_close(ds_file_t *file);
 static void tmpfile_deinit(ds_ctxt_t *ctxt);
@@ -50,8 +50,11 @@ datasink_t datasink_tmpfile = {
 	&tmpfile_init,
 	&tmpfile_open,
 	&tmpfile_write,
+	nullptr,
 	&tmpfile_close,
 	&dummy_remove,
+	nullptr,
+	nullptr,
 	&tmpfile_deinit
 };
 
@@ -80,8 +83,9 @@ tmpfile_init(const char *root)
 
 static ds_file_t *
 tmpfile_open(ds_ctxt_t *ctxt, const char *path,
-			       MY_STAT *mystat)
+			const MY_STAT *mystat, bool rewrite)
 {
+  DBUG_ASSERT(rewrite == false);
 	ds_tmpfile_ctxt_t	*tmpfile_ctxt;
 	char			 tmp_path[FN_REFLEN];
 	ds_tmp_file_t		*tmp_file;
diff --git a/extra/mariabackup/ds_xbstream.cc b/extra/mariabackup/ds_xbstream.cc
index 3bf8bd08..96e0cf7a 100644
--- a/extra/mariabackup/ds_xbstream.cc
+++ b/extra/mariabackup/ds_xbstream.cc
@@ -40,24 +40,31 @@ General streaming interface */
 
 static ds_ctxt_t *xbstream_init(const char *root);
 static ds_file_t *xbstream_open(ds_ctxt_t *ctxt, const char *path,
-			      MY_STAT *mystat);
+			const MY_STAT *mystat, bool rewrite);
 static int xbstream_write(ds_file_t *file, const uchar *buf, size_t len);
+static int xbstream_seek_set(ds_file_t *file, my_off_t offset);
 static int xbstream_close(ds_file_t *file);
 static void xbstream_deinit(ds_ctxt_t *ctxt);
 
+static int xbstream_rename(
+	ds_ctxt_t *ctxt, const char *old_path, const char *new_path);
+static int xbstream_mremove(ds_ctxt_t *ctxt, const char *path);
+
 datasink_t datasink_xbstream = {
 	&xbstream_init,
 	&xbstream_open,
 	&xbstream_write,
+	&xbstream_seek_set,
 	&xbstream_close,
 	&dummy_remove,
+	&xbstream_rename,
+	&xbstream_mremove,
 	&xbstream_deinit
 };
 
 static
 ssize_t
-my_xbstream_write_callback(xb_wstream_file_t *f __attribute__((unused)),
-		       void *userdata, const void *buf, size_t len)
+my_xbstream_write_callback(void *userdata, const void *buf, size_t len)
 {
 	ds_stream_ctxt_t	*stream_ctxt;
 
@@ -89,7 +96,7 @@ xbstream_init(const char *root __attribute__((unused)))
 		goto err;
 	}
 
-	xbstream = xb_stream_write_new();
+	xbstream = xb_stream_write_new(my_xbstream_write_callback, stream_ctxt);
 	if (xbstream == NULL) {
 		msg("xb_stream_write_new() failed.");
 		goto err;
@@ -108,7 +115,8 @@ err:
 
 static
 ds_file_t *
-xbstream_open(ds_ctxt_t *ctxt, const char *path, MY_STAT *mystat)
+xbstream_open(ds_ctxt_t *ctxt, const char *path,
+	const MY_STAT *mystat, bool rewrite)
 {
 	ds_file_t		*file;
 	ds_stream_file_t	*stream_file;
@@ -144,9 +152,7 @@ xbstream_open(ds_ctxt_t *ctxt, const char *path, MY_STAT *mystat)
 
 	xbstream = stream_ctxt->xbstream;
 
-	xbstream_file = xb_stream_write_open(xbstream, path, mystat,
-		                             stream_ctxt,
-					     my_xbstream_write_callback);
+	xbstream_file = xb_stream_write_open(xbstream, path, mystat, rewrite);
 
 	if (xbstream_file == NULL) {
 		msg("xb_stream_write_open() failed.");
@@ -190,6 +196,45 @@ xbstream_write(ds_file_t *file, const uchar *buf, size_t len)
 	return 0;
 }
 
+static
+int
+xbstream_seek_set(ds_file_t *file, my_off_t offset)
+{
+	ds_stream_file_t	*stream_file;
+	xb_wstream_file_t	*xbstream_file;
+
+
+	stream_file = (ds_stream_file_t *) file->ptr;
+
+	xbstream_file = stream_file->xbstream_file;
+
+	if (xb_stream_write_seek_set(xbstream_file, offset)) {
+		msg("xb_stream_write_seek_set() failed.");
+		return 1;
+	}
+
+	return 0;
+}
+
+static
+int
+xbstream_mremove(ds_ctxt_t *ctxt, const char *path) {
+	ds_stream_ctxt_t	*stream_ctxt =
+		reinterpret_cast<ds_stream_ctxt_t *>(ctxt->ptr);
+	xb_wstream_t		*xbstream = stream_ctxt->xbstream;
+	return xb_stream_write_remove(xbstream, path);
+}
+
+static
+int
+xbstream_rename(
+	ds_ctxt_t *ctxt, const char *old_path, const char *new_path) {
+	ds_stream_ctxt_t	*stream_ctxt =
+		reinterpret_cast<ds_stream_ctxt_t *>(ctxt->ptr);
+	xb_wstream_t		*xbstream = stream_ctxt->xbstream;
+	return xb_stream_write_rename(xbstream, old_path, new_path);
+}
+
 static
 int
 xbstream_close(ds_file_t *file)
diff --git a/extra/mariabackup/encryption_plugin.cc b/extra/mariabackup/encryption_plugin.cc
new file mode 100644
index 00000000..ab0c5140
--- /dev/null
+++ b/extra/mariabackup/encryption_plugin.cc
@@ -0,0 +1,249 @@
+/* Copyright (c) 2017, MariaDB Corporation.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA */
+
+#include <my_global.h>
+#include <mysqld.h>
+#include <mysql.h>
+#include <xtrabackup.h>
+#include <encryption_plugin.h>
+#include <sql_plugin.h>
+#include <sstream>
+#include <vector>
+#include <common.h>
+#include <backup_mysql.h>
+#include <log0crypt.h>
+
+
+extern struct st_maria_plugin *mysql_optional_plugins[];
+extern struct st_maria_plugin *mysql_mandatory_plugins[];
+static void encryption_plugin_init(int argc, char **argv);
+
+extern char *xb_plugin_load;
+extern char *xb_plugin_dir;
+
+const int PLUGIN_MAX_ARGS = 1024;
+std::vector<std::string> backup_plugins_args;
+
+const char *QUERY_PLUGIN =
+"SELECT plugin_name, plugin_library, @@plugin_dir"
+" FROM information_schema.plugins WHERE plugin_type='ENCRYPTION'"
+" OR (plugin_type = 'DAEMON' AND plugin_name LIKE 'provider\\_%')"
+" AND plugin_status='ACTIVE'";
+
+std::string encryption_plugin_config;
+
+static void add_to_plugin_load_list(const char *plugin_def)
+{
+  opt_plugin_load_list_ptr->push_back(new i_string(plugin_def));
+}
+
+static char XTRABACKUP_EXE[] = "xtrabackup";
+
+/*
+  Read "plugin-load" value (encryption plugin) from backup-my.cnf during
+  prepare phase.
+  The value is stored during backup phase.
+*/
+static std::string get_encryption_plugin_from_cnf()
+{
+  FILE *f = fopen("backup-my.cnf", "r");
+  if (!f)
+  {
+    die("Can't open backup-my.cnf for reading");
+  }
+  char line[512];
+  std::string plugin_load;
+  while (fgets(line, sizeof(line), f))
+  {
+    if (strncmp(line, "plugin_load=", 12) == 0)
+    {
+      plugin_load = line + 12;
+      // remote \n at the end of string
+      plugin_load.resize(plugin_load.size() - 1);
+    }
+
+    if (strncmp(line, "innodb_encrypt_tables=", 22) == 0)
+    {
+      if (!strncmp(line + 22, "ON", 2) ||
+          !strncmp(line + 22, "1", 1))
+        srv_encrypt_tables= 1;
+      else if (!strncmp(line + 22, "FORCE", 5) ||
+               !strncmp(line + 22, "2", 1))
+        srv_encrypt_tables= 2;
+    }
+  }
+  fclose(f);
+  return plugin_load;
+}
+
+
+void encryption_plugin_backup_init(MYSQL *mysql)
+{
+  MYSQL_RES *result;
+  MYSQL_ROW row;
+  std::ostringstream oss;
+  char *argv[PLUGIN_MAX_ARGS];
+  char show_query[1024] = "";
+  std::string plugin_load;
+  int argc;
+
+  result = xb_mysql_query(mysql, QUERY_PLUGIN, true, true);
+  while ((row = mysql_fetch_row(result)))
+  {
+    char *name= row[0];
+    char *library= row[1];
+    char *dir= row[2];
+
+    if (!plugin_load.length())
+    {
+#ifdef _WIN32
+      for (char *p = dir; *p; p++)
+        if (*p == '\\') *p = '/';
+#endif
+      strncpy(opt_plugin_dir, dir, FN_REFLEN - 1);
+      opt_plugin_dir[FN_REFLEN - 1] = '\0';
+      oss << "plugin_dir=" << '"' << dir << '"' << std::endl;
+    }
+
+    plugin_load += std::string(";") + name;
+
+    if (library)
+    {
+      /* Remove shared library suffixes, in case we'll prepare on different OS.*/
+      const char *extensions[] = { ".dll", ".so", 0 };
+      for (size_t i = 0; extensions[i]; i++)
+      {
+        const char *ext = extensions[i];
+        if (ends_with(library, ext))
+          library[strlen(library) - strlen(ext)] = 0;
+      }
+      plugin_load += std::string("=") + library;
+    }
+
+    if (strncmp(name, "provider_", 9) == 0)
+      continue;
+
+    /* Read plugin variables. */
+    snprintf(show_query, sizeof(show_query), "SHOW variables like '%s_%%'", name);
+  }
+  mysql_free_result(result);
+  if (!plugin_load.length())
+    return;
+
+  oss << "plugin_load=" << plugin_load.c_str() + 1 << std::endl;
+
+  /* Required  to load the plugin later.*/
+  add_to_plugin_load_list(plugin_load.c_str() + 1);
+
+
+  if (*show_query)
+  {
+    result = xb_mysql_query(mysql, show_query, true, true);
+    while ((row = mysql_fetch_row(result)))
+    {
+      std::string arg("--");
+      arg += row[0];
+      arg += "=";
+      arg += row[1];
+      backup_plugins_args.push_back(arg);
+      oss << row[0] << "=" << row[1] << std::endl;
+    }
+
+    mysql_free_result(result);
+
+    /* Check whether to encrypt logs. */
+    result = xb_mysql_query(mysql, "select @@innodb_encrypt_log", true, true);
+    row = mysql_fetch_row(result);
+    srv_encrypt_log = (row != 0 && row[0][0] == '1');
+    oss << "innodb_encrypt_log=" << row[0] << std::endl;
+
+    mysql_free_result(result);
+  }
+
+  result = xb_mysql_query(mysql, "select @@innodb_encrypt_tables", true, true);
+  row = mysql_fetch_row(result);
+  if (!row);
+  else if (const char *r= row[0])
+  {
+    if (!strcmp(r, "ON")) srv_encrypt_tables= 1;
+    else if (!strcmp(r, "FORCE")) srv_encrypt_tables= 2;
+    oss << "innodb_encrypt_tables=" << r << std::endl;
+  }
+
+  mysql_free_result(result);
+  encryption_plugin_config = oss.str();
+
+  argc = 0;
+  argv[argc++] = XTRABACKUP_EXE;
+  for(size_t i = 0; i <  backup_plugins_args.size(); i++)
+  {
+    argv[argc++] = (char *)backup_plugins_args[i].c_str();
+    if (argc == PLUGIN_MAX_ARGS - 2)
+      break;
+  }
+  argv[argc] = 0;
+
+  encryption_plugin_init(argc, argv);
+}
+
+const char *encryption_plugin_get_config()
+{
+  return encryption_plugin_config.c_str();
+}
+
+extern int finalize_encryption_plugin(st_plugin_int *plugin);
+
+
+void encryption_plugin_prepare_init(int argc, char **argv)
+{
+  std::string plugin_load= get_encryption_plugin_from_cnf();
+  if (plugin_load.size())
+  {
+    msg("Loading encryption plugin from %s", plugin_load.c_str());
+  }
+  else
+  {
+    finalize_encryption_plugin(0);
+    return;
+  }
+
+  add_to_plugin_load_list(plugin_load.c_str());
+
+  if (xb_plugin_dir)
+  {
+    strncpy(opt_plugin_dir, xb_plugin_dir, FN_REFLEN - 1);
+    opt_plugin_dir[FN_REFLEN - 1] = '\0';
+  }
+
+  char **new_argv = new char *[argc + 2];
+  new_argv[0] = XTRABACKUP_EXE;
+  memcpy(&new_argv[1], argv, argc*sizeof(char *));
+
+  encryption_plugin_init(argc+1, new_argv);
+
+  delete[] new_argv;
+}
+
+static void encryption_plugin_init(int argc, char **argv)
+{
+  /* Patch optional and mandatory plugins, we only need to load the one in xb_plugin_load. */
+  mysql_optional_plugins[0] = mysql_mandatory_plugins[0] = 0;
+  plugin_maturity = MariaDB_PLUGIN_MATURITY_UNKNOWN; /* mariabackup accepts all plugins */
+  msg("Loading encryption plugin");
+  for (int i= 1; i < argc; i++)
+    msg("\t Encryption plugin parameter :  '%s'", argv[i]);
+  plugin_init(&argc, argv, PLUGIN_INIT_SKIP_PLUGIN_TABLE);
+}
+
diff --git a/extra/mariabackup/encryption_plugin.h b/extra/mariabackup/encryption_plugin.h
new file mode 100644
index 00000000..16d74790
--- /dev/null
+++ b/extra/mariabackup/encryption_plugin.h
@@ -0,0 +1,7 @@
+#include <mysql.h>
+#include <string>
+extern void encryption_plugin_backup_init(MYSQL *mysql);
+extern const char* encryption_plugin_get_config();
+extern void encryption_plugin_prepare_init(int argc, char **argv);
+
+//extern  void encryption_plugin_init(int argc, char **argv);
diff --git a/extra/mariabackup/fil_cur.cc b/extra/mariabackup/fil_cur.cc
index 4f5d67a5..be871e4a 100644
--- a/extra/mariabackup/fil_cur.cc
+++ b/extra/mariabackup/fil_cur.cc
@@ -199,14 +199,6 @@ xb_fil_cur_open(
 		return(XB_FIL_CUR_SKIP);
 	}
 
-#ifdef HAVE_FCNTL_DIRECT
-	if (srv_file_flush_method == SRV_O_DIRECT
-	    || srv_file_flush_method == SRV_O_DIRECT_NO_FSYNC) {
-
-		os_file_set_nocache(cursor->file, node->name, "OPEN");
-	}
-#endif
-
 	posix_fadvise(cursor->file, 0, 0, POSIX_FADV_SEQUENTIAL);
 
 	cursor->page_size = node->space->physical_size();
@@ -239,12 +231,14 @@ xb_fil_cur_open(
 				      / cursor->page_size);
 
 	cursor->read_filter = read_filter;
-	cursor->read_filter->init(&cursor->read_filter_ctxt, cursor,
-				  node->space->id);
+	cursor->read_filter->init(&cursor->read_filter_ctxt, cursor);
 
 	return(XB_FIL_CUR_SUCCESS);
 }
 
+/* Stack usage 131224 with clang */
+PRAGMA_DISABLE_CHECK_STACK_FRAME
+
 static bool page_is_corrupted(const byte *page, ulint page_no,
 			      const xb_fil_cur_t *cursor,
 			      const fil_space_t *space)
@@ -348,6 +342,7 @@ static bool page_is_corrupted(const byte *page, ulint page_no,
 
 	return buf_page_is_corrupted(true, page, space->flags);
 }
+PRAGMA_REENABLE_CHECK_STACK_FRAME
 
 /** Reads and verifies the next block of pages from the source
 file. Positions the cursor after the last read non-corrupted page.
@@ -510,10 +505,6 @@ xb_fil_cur_close(
 /*=============*/
 	xb_fil_cur_t *cursor)	/*!< in/out: source file cursor */
 {
-	if (cursor->read_filter) {
-		cursor->read_filter->deinit(&cursor->read_filter_ctxt);
-	}
-
 	aligned_free(cursor->buf);
 	cursor->buf = NULL;
 
diff --git a/extra/mariabackup/fil_cur.h b/extra/mariabackup/fil_cur.h
index b7812f65..46c8cb03 100644
--- a/extra/mariabackup/fil_cur.h
+++ b/extra/mariabackup/fil_cur.h
@@ -27,6 +27,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
 
 #include <my_dir.h>
 #include "read_filt.h"
+#include "mtr0types.h"
 #include "srv0start.h"
 #include "srv0srv.h"
 #include "xtrabackup.h"
diff --git a/extra/mariabackup/innobackupex.cc b/extra/mariabackup/innobackupex.cc
index b925b415..2de57a14 100644
--- a/extra/mariabackup/innobackupex.cc
+++ b/extra/mariabackup/innobackupex.cc
@@ -78,10 +78,8 @@ my_bool opt_ibx_galera_info = FALSE;
 my_bool opt_ibx_slave_info = FALSE;
 my_bool opt_ibx_no_lock = FALSE;
 my_bool opt_ibx_safe_slave_backup = FALSE;
-my_bool opt_ibx_rsync = FALSE;
 my_bool opt_ibx_force_non_empty_dirs = FALSE;
 my_bool opt_ibx_noversioncheck = FALSE;
-my_bool opt_ibx_no_backup_locks = FALSE;
 my_bool opt_ibx_decompress = FALSE;
 
 char *opt_ibx_incremental_history_name = NULL;
@@ -268,8 +266,10 @@ static struct my_option ibx_long_options[] =
 	 (uchar *) &opt_ibx_incremental, (uchar *) &opt_ibx_incremental, 0,
 	 GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
-	{"no-lock", OPT_NO_LOCK, "Use this option to disable table lock "
-	 "with \"FLUSH TABLES WITH READ LOCK\". Use it only if ALL your "
+	{"no-lock", OPT_NO_LOCK, "This option should not be used as "
+         "mariadb-backup now is using BACKUP LOCKS, which minimizes the "
+         "lock time. ALTER TABLE can run in parallel with BACKUP LOCKS."
+         "Use the --no-lock option it only if ALL your "
 	 "tables are InnoDB and you DO NOT CARE about the binary log "
 	 "position of the backup. This option shouldn't be used if there "
 	 "are any DDL statements being executed or if any updates are "
@@ -297,15 +297,6 @@ static struct my_option ibx_long_options[] =
 	 (uchar *) &opt_ibx_safe_slave_backup,
 	 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
-	{"rsync", OPT_RSYNC, "Uses the rsync utility to optimize local file "
-	 "transfers. When this option is specified, innobackupex uses rsync "
-	 "to copy all non-InnoDB files instead of spawning a separate cp for "
-	 "each file, which can be much faster for servers with a large number "
-	 "of databases or tables.  This option cannot be used together with "
-	 "--stream.",
-	 (uchar *) &opt_ibx_rsync, (uchar *) &opt_ibx_rsync,
-	 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
-
 	{"force-non-empty-directories", OPT_FORCE_NON_EMPTY_DIRS, "This "
 	 "option, when specified, makes --copy-back or --move-back transfer "
 	 "files to non-empty directories. Note that no existing files will be "
@@ -330,13 +321,9 @@ static struct my_option ibx_long_options[] =
 	 (uchar *) &opt_ibx_noversioncheck,
 	 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
-	{"no-backup-locks", OPT_NO_BACKUP_LOCKS, "This option controls if "
-	 "backup locks should be used instead of FLUSH TABLES WITH READ LOCK "
-	 "on the backup stage. The option has no effect when backup locks are "
-	 "not supported by the server. This option is enabled by default, "
-	 "disable with --no-backup-locks.",
-	 (uchar *) &opt_ibx_no_backup_locks,
-	 (uchar *) &opt_ibx_no_backup_locks,
+	{"no-backup-locks", OPT_NO_BACKUP_LOCKS,
+         "Old disabled option which has no effect anymore.",
+	 (uchar *) 0, (uchar*) 0,
 	 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
 	{"decompress", OPT_DECOMPRESS, "Decompresses all files with the .qp "
@@ -402,11 +389,10 @@ static struct my_option ibx_long_options[] =
 	 REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
 	{"ftwrl-wait-query-type", OPT_LOCK_WAIT_QUERY_TYPE,
-	 "This option specifies which types of queries are allowed to complete "
-	 "before innobackupex will issue the global lock. Default is all.",
-	 (uchar*) &opt_ibx_lock_wait_query_type,
-	 (uchar*) &opt_ibx_lock_wait_query_type, &query_type_typelib,
-	 GET_ENUM, REQUIRED_ARG, QUERY_TYPE_ALL, 0, 0, 0, 0, 0},
+         "Old disabled option which has no effect anymore (not needed "
+         "with BACKUP LOCKS)",
+	 (uchar*) 0, (uchar*) 0, &query_type_typelib, GET_ENUM,
+         REQUIRED_ARG, QUERY_TYPE_ALL, 0, 0, 0, 0, 0},
 
 	{"kill-long-query-type", OPT_KILL_LONG_QUERY_TYPE,
 	 "This option specifies which types of queries should be killed to "
@@ -447,32 +433,32 @@ static struct my_option ibx_long_options[] =
 	 REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
 	{"kill-long-queries-timeout", OPT_KILL_LONG_QUERIES_TIMEOUT,
-	 "This option specifies the number of seconds innobackupex waits "
-	 "between starting FLUSH TABLES WITH READ LOCK and killing those "
-	 "queries that block it. Default is 0 seconds, which means "
-	 "innobackupex will not attempt to kill any queries.",
-	 (uchar*) &opt_ibx_kill_long_queries_timeout,
-	 (uchar*) &opt_ibx_kill_long_queries_timeout, 0, GET_UINT,
+         "Old disabled option which has no effect anymore (not needed "
+         "with BACKUP LOCKS)",
+	 (uchar*) 0, (uchar*) 0,  0, GET_UINT,
 	 REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
 	{"ftwrl-wait-timeout", OPT_LOCK_WAIT_TIMEOUT,
-	 "This option specifies time in seconds that innobackupex should wait "
-	 "for queries that would block FTWRL before running it. If there are "
-	 "still such queries when the timeout expires, innobackupex terminates "
-	 "with an error. Default is 0, in which case innobackupex does not "
-	 "wait for queries to complete and starts FTWRL immediately.",
-	 (uchar*) &opt_ibx_lock_wait_timeout,
-	 (uchar*) &opt_ibx_lock_wait_timeout, 0, GET_UINT,
+         "Alias for startup-wait-timeout",
+         (uchar*) &opt_ibx_lock_wait_timeout,
+         (uchar*) &opt_ibx_lock_wait_timeout, 0, GET_UINT,
+	 REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+
+	{"startup-wait-timeout", OPT_LOCK_WAIT_TIMEOUT,
+         "This option specifies time in seconds that mariadb-backup should wait for "
+         "BACKUP STAGE START to complete. BACKUP STAGE START has to wait until all "
+         "currently running queries using explicite LOCK TABLES has ended. "
+         "If there are still such queries when the timeout expires, mariadb-backup "
+         "terminates with an error. Default is 0, in which case mariadb-backup waits "
+         "indefinitely for BACKUP STAGE START to finish",
+         (uchar*) &opt_ibx_lock_wait_timeout,
+         (uchar*) &opt_ibx_lock_wait_timeout, 0, GET_UINT,
 	 REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
 	{"ftwrl-wait-threshold", OPT_LOCK_WAIT_THRESHOLD,
-	 "This option specifies the query run time threshold which is used by "
-	 "innobackupex to detect long-running queries with a non-zero value "
-	 "of --ftwrl-wait-timeout. FTWRL is not started until such "
-	 "long-running queries exist. This option has no effect if "
-	 "--ftwrl-wait-timeout is 0. Default value is 60 seconds.",
-	 (uchar*) &opt_ibx_lock_wait_threshold,
-	 (uchar*) &opt_ibx_lock_wait_threshold, 0, GET_UINT,
+         "Old disabled option which has no effect anymore (not needed "
+         "with BACKUP LOCKS)",
+	 (uchar*) 0, (uchar*) 0,  0, GET_UINT,
 	 REQUIRED_ARG, 60, 0, 0, 0, 0, 0},
 
 	{"safe-slave-backup-timeout", OPT_SAFE_SLAVE_BACKUP_TIMEOUT,
@@ -864,10 +850,8 @@ ibx_init()
 	opt_slave_info = opt_ibx_slave_info;
 	opt_no_lock = opt_ibx_no_lock;
 	opt_safe_slave_backup = opt_ibx_safe_slave_backup;
-	opt_rsync = opt_ibx_rsync;
 	opt_force_non_empty_dirs = opt_ibx_force_non_empty_dirs;
 	opt_noversioncheck = opt_ibx_noversioncheck;
-	opt_no_backup_locks = opt_ibx_no_backup_locks;
 	opt_decompress = opt_ibx_decompress;
 
 	opt_incremental_history_name = opt_ibx_incremental_history_name;
diff --git a/extra/mariabackup/read_filt.cc b/extra/mariabackup/read_filt.cc
index 58920055..c7c0aa55 100644
--- a/extra/mariabackup/read_filt.cc
+++ b/extra/mariabackup/read_filt.cc
@@ -32,29 +32,13 @@ Perform read filter context initialization that is common to all read
 filters.  */
 static
 void
-common_init(
-/*========*/
+rf_pass_through_init(
 	xb_read_filt_ctxt_t*	ctxt,	/*!<in/out: read filter context */
 	const xb_fil_cur_t*	cursor)	/*!<in: file cursor */
 {
 	ctxt->offset = 0;
 	ctxt->data_file_size = cursor->statinfo.st_size;
 	ctxt->buffer_capacity = cursor->buf_size;
-	ctxt->page_size = cursor->page_size;
-}
-
-/****************************************************************//**
-Initialize the pass-through read filter. */
-static
-void
-rf_pass_through_init(
-/*=================*/
-	xb_read_filt_ctxt_t*	ctxt,	/*!<in/out: read filter context */
-	const xb_fil_cur_t*	cursor,	/*!<in: file cursor */
-	ulint			space_id __attribute__((unused)))
-					/*!<in: space id we are reading */
-{
-	common_init(ctxt, cursor);
 }
 
 /****************************************************************//**
@@ -65,143 +49,25 @@ rf_pass_through_get_next_batch(
 /*===========================*/
 	xb_read_filt_ctxt_t*	ctxt,			/*!<in/out: read filter
 							context */
-	ib_int64_t*		read_batch_start,	/*!<out: starting read
+	int64_t*		read_batch_start,	/*!<out: starting read
 							offset in bytes for the
 							next batch of pages */
-	ib_int64_t*		read_batch_len)		/*!<out: length in
+	int64_t*		read_batch_len)		/*!<out: length in
 							bytes of the next batch
 							of pages */
 {
 	*read_batch_start = ctxt->offset;
 	*read_batch_len = ctxt->data_file_size - ctxt->offset;
 
-	if (*read_batch_len > (ib_int64_t)ctxt->buffer_capacity) {
-		*read_batch_len = ctxt->buffer_capacity;
-	}
-
-	ctxt->offset += *read_batch_len;
-}
-
-/****************************************************************//**
-Deinitialize the pass-through read filter.  */
-static
-void
-rf_pass_through_deinit(
-/*===================*/
-	xb_read_filt_ctxt_t*	ctxt __attribute__((unused)))
-					/*!<in: read filter context */
-{
-}
-
-/****************************************************************//**
-Initialize the changed page bitmap-based read filter.  Assumes that
-the bitmap is already set up in changed_page_bitmap.  */
-static
-void
-rf_bitmap_init(
-/*===========*/
-	xb_read_filt_ctxt_t*	ctxt,		/*!<in/out: read filter
-						context */
-	const xb_fil_cur_t*	cursor,		/*!<in: read cursor */
-	ulint			space_id)	/*!<in: space id  */
-{
-	common_init(ctxt, cursor);
-	ctxt->bitmap_range = xb_page_bitmap_range_init(changed_page_bitmap,
-						       space_id);
-	ctxt->filter_batch_end = 0;
-}
-
-/****************************************************************//**
-Get the next batch of pages for the bitmap read filter.  */
-static
-void
-rf_bitmap_get_next_batch(
-/*=====================*/
-	xb_read_filt_ctxt_t*	ctxt,			/*!<in/out: read filter
-							context */
-	ib_int64_t*		read_batch_start,	/*!<out: starting read
-							offset in bytes for the
-							next batch of pages */
-	ib_int64_t*		read_batch_len)		/*!<out: length in
-							bytes of the next batch
-							of pages */
-{
-	ulint	start_page_id;
-	const ulint	page_size	= ctxt->page_size;
-
-	start_page_id = (ulint)(ctxt->offset / page_size);
-
-	xb_a (ctxt->offset % page_size == 0);
-
-	if (start_page_id == ctxt->filter_batch_end) {
-
-		/* Used up all the previous bitmap range, get some more */
-		ulint next_page_id;
-
-		/* Find the next changed page using the bitmap */
-		next_page_id = xb_page_bitmap_range_get_next_bit
-			(ctxt->bitmap_range, TRUE);
-
-		if (next_page_id == ULINT_UNDEFINED) {
-			*read_batch_len = 0;
-			return;
-		}
-
-		ctxt->offset = next_page_id * page_size;
-
-		/* Find the end of the current changed page block by searching
-		for the next cleared bitmap bit */
-		ctxt->filter_batch_end
-			= xb_page_bitmap_range_get_next_bit(ctxt->bitmap_range,
-							    FALSE);
-		xb_a(next_page_id < ctxt->filter_batch_end);
-	}
-
-	*read_batch_start = ctxt->offset;
-	if (ctxt->filter_batch_end == ULINT_UNDEFINED) {
-		/* No more cleared bits in the bitmap, need to copy all the
-		remaining pages.  */
-		*read_batch_len = ctxt->data_file_size - ctxt->offset;
-	} else {
-		*read_batch_len = ctxt->filter_batch_end * page_size
-			- ctxt->offset;
-	}
-
-	/* If the page block is larger than the buffer capacity, limit it to
-	buffer capacity.  The subsequent invocations will continue returning
-	the current block in buffer-sized pieces until ctxt->filter_batch_end
-	is reached, trigerring the next bitmap query.  */
-	if (*read_batch_len > (ib_int64_t)ctxt->buffer_capacity) {
+	if (*read_batch_len > (int64_t)ctxt->buffer_capacity) {
 		*read_batch_len = ctxt->buffer_capacity;
 	}
 
 	ctxt->offset += *read_batch_len;
-	xb_a (ctxt->offset % page_size == 0);
-	xb_a (*read_batch_start % page_size == 0);
-	xb_a (*read_batch_len % page_size == 0);
-}
-
-/****************************************************************//**
-Deinitialize the changed page bitmap-based read filter.  */
-static
-void
-rf_bitmap_deinit(
-/*=============*/
-	xb_read_filt_ctxt_t*	ctxt)	/*!<in/out: read filter context */
-{
-	xb_page_bitmap_range_deinit(ctxt->bitmap_range);
 }
 
 /* The pass-through read filter */
 xb_read_filt_t rf_pass_through = {
 	&rf_pass_through_init,
 	&rf_pass_through_get_next_batch,
-	&rf_pass_through_deinit
-};
-
-/* The changed page bitmap-based read filter */
-xb_read_filt_t rf_bitmap = {
-	&rf_bitmap_init,
-	&rf_bitmap_get_next_batch,
-	&rf_bitmap_deinit
 };
diff --git a/extra/mariabackup/read_filt.h b/extra/mariabackup/read_filt.h
index 51150705..caf8ac56 100644
--- a/extra/mariabackup/read_filt.h
+++ b/extra/mariabackup/read_filt.h
@@ -25,42 +25,27 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
 #ifndef XB_READ_FILT_H
 #define XB_READ_FILT_H
 
-#include "changed_page_bitmap.h"
-
-typedef uint32_t space_id_t;
+#include <cstdint>
+#include <cstddef>
 
 struct xb_fil_cur_t;
 
 /* The read filter context */
 struct xb_read_filt_ctxt_t {
-	ib_int64_t		offset;		/*!< current file offset */
-	ib_int64_t		data_file_size;	/*!< data file size */
+	int64_t		offset;		/*!< current file offset */
+	int64_t		data_file_size;	/*!< data file size */
 	size_t		buffer_capacity;/*!< read buffer capacity */
-	space_id_t	space_id;	/*!< space id */
-	/* The following fields used only in bitmap filter */
-	/* Move these to union if any other filters are added in future */
-	xb_page_bitmap_range	*bitmap_range;	/*!< changed page bitmap range
-						iterator for space_id */
-	ulint		page_size;		/*!< page size */
-	ulint		filter_batch_end;/*!< the ending page id of the
-						 current changed page block in
-						 the bitmap */
-	/** TODO: remove this default constructor */
-	xb_read_filt_ctxt_t() : page_size(0) {}
 };
 
 /* The read filter */
 struct xb_read_filt_t {
 	void (*init)(xb_read_filt_ctxt_t* ctxt,
-		     const xb_fil_cur_t* cursor,
-		     ulint space_id);
+		     const xb_fil_cur_t* cursor);
 	void (*get_next_batch)(xb_read_filt_ctxt_t* ctxt,
-			       ib_int64_t* read_batch_start,
-			       ib_int64_t* read_batch_len);
-	void (*deinit)(xb_read_filt_ctxt_t* ctxt);
+			       int64_t* read_batch_start,
+			       int64_t* read_batch_len);
 };
 
 extern xb_read_filt_t rf_pass_through;
-extern xb_read_filt_t rf_bitmap;
 
 #endif
diff --git a/extra/mariabackup/thread_pool.cc b/extra/mariabackup/thread_pool.cc
new file mode 100644
index 00000000..e18581f4
--- /dev/null
+++ b/extra/mariabackup/thread_pool.cc
@@ -0,0 +1,50 @@
+#include "thread_pool.h"
+#include "common.h"
+
+bool ThreadPool::start(size_t threads_count) {
+	if (!m_stopped)
+		return false;
+	m_stopped = false;
+	for (unsigned i = 0; i < threads_count; ++i)
+		m_threads.emplace_back(&ThreadPool::thread_func, this, i);
+	return true;
+}
+
+void ThreadPool::stop() {
+	if (m_stopped)
+		return;
+	m_stop = true;
+	m_cv.notify_all();
+	for (auto &t : m_threads)
+		t.join();
+	m_stopped = true;
+};
+
+void ThreadPool::push(ThreadPool::job_t &&j) {
+	std::unique_lock<std::mutex> lock(m_mutex);
+	m_jobs.push(j);
+	lock.unlock();
+	m_cv.notify_one();
+}
+
+void ThreadPool::thread_func(unsigned thread_num) {
+	if (my_thread_init())
+		die("Can't init mysql thread");
+	std::unique_lock<std::mutex> lock(m_mutex);
+	while(true) {
+		if (m_stop)
+			goto exit;
+		while (!m_jobs.empty()) {
+			if (m_stop)
+				goto exit;
+			job_t j = std::move(m_jobs.front());
+			m_jobs.pop();
+			lock.unlock();
+			j(thread_num);
+			lock.lock();
+		}
+		m_cv.wait(lock, [&] { return m_stop || !m_jobs.empty(); });
+	}
+exit:
+	my_thread_end();
+}
diff --git a/extra/mariabackup/thread_pool.h b/extra/mariabackup/thread_pool.h
new file mode 100644
index 00000000..10ad74c6
--- /dev/null
+++ b/extra/mariabackup/thread_pool.h
@@ -0,0 +1,62 @@
+#pragma once
+#include <queue>
+#include <vector>
+#include <functional>
+#include <thread>
+#include <mutex>
+#include <condition_variable>
+#include <atomic>
+#include "trx0sys.h"
+
+class ThreadPool {
+public:
+	typedef std::function<void(unsigned)> job_t;
+
+	ThreadPool() { m_stop = false; m_stopped = true; }
+	ThreadPool (ThreadPool &&other) = delete;
+	ThreadPool &  operator= (ThreadPool &&other) = delete;
+	ThreadPool(const ThreadPool &) = delete;
+	ThreadPool & operator= (const ThreadPool &) = delete;
+
+	bool start(size_t threads_count);
+	void stop();
+	void push(job_t &&j);
+	size_t threads_count() const { return m_threads.size(); }
+private:
+	void thread_func(unsigned thread_num);
+	std::mutex m_mutex;
+	std::condition_variable m_cv;
+	std::queue<job_t> m_jobs;
+	std::atomic<bool> m_stop;
+	std::atomic<bool> m_stopped;
+	std::vector<std::thread> m_threads;
+};
+
+class TasksGroup {
+public:
+	TasksGroup(ThreadPool &thread_pool) : m_thread_pool(thread_pool) {
+		m_tasks_count = 0;
+		m_tasks_result = 1;
+	}
+	void push_task(ThreadPool::job_t &&j) {
+		++m_tasks_count;
+		m_thread_pool.push(std::forward<ThreadPool::job_t>(j));
+	}
+	void finish_task(int res) {
+		--m_tasks_count;
+		m_tasks_result.fetch_and(res);
+	}
+	int get_result() const { return m_tasks_result; }
+	bool is_finished() const {
+		return !m_tasks_count;
+	}
+	bool wait_for_finish() {
+		while (!is_finished())
+                        std::this_thread::sleep_for(std::chrono::milliseconds(1));
+		return get_result();
+	}
+private:
+	ThreadPool &m_thread_pool;
+	std::atomic<size_t> m_tasks_count;
+	std::atomic<int> m_tasks_result;
+};
diff --git a/extra/mariabackup/write_filt.cc b/extra/mariabackup/write_filt.cc
index 052cea26..13f19ca6 100644
--- a/extra/mariabackup/write_filt.cc
+++ b/extra/mariabackup/write_filt.cc
@@ -144,6 +144,18 @@ wf_incremental_process(xb_write_filt_ctxt_t *ctxt, ds_file_t *dstfile)
 			return false;
 		}
 
+		/* Check whether TRX_SYS page has been changed */
+		if (mach_read_from_4(page + FIL_PAGE_SPACE_ID)
+				== TRX_SYS_SPACE
+		    && mach_read_from_4(page + FIL_PAGE_OFFSET)
+				== TRX_SYS_PAGE_NO) {
+			msg(cursor->thread_n,
+			    "--incremental backup is impossible if "
+			    "the server had been restarted with "
+			    "different innodb_undo_tablespaces.");
+			return false;
+		}
+
 		/* updated page */
 		if (cp->npages == page_size / 4) {
 			/* flush buffer */
diff --git a/extra/mariabackup/wsrep.cc b/extra/mariabackup/wsrep.cc
index acaf5c50..15463a85 100644
--- a/extra/mariabackup/wsrep.cc
+++ b/extra/mariabackup/wsrep.cc
@@ -55,6 +55,9 @@ permission notice:
 #define XB_GALERA_INFO_FILENAME "xtrabackup_galera_info"
 #define XB_GALERA_DONOR_INFO_FILENAME "donor_galera_info"
 
+/* backup copy of galera info file as sent by donor */
+#define XB_GALERA_INFO_FILENAME_SST "xtrabackup_galera_info_SST"
+
 /***********************************************************************
 Store Galera checkpoint info in the 'xtrabackup_galera_info' file, if that
 information is present in the trx system header. Otherwise, do nothing. */
@@ -68,21 +71,47 @@ xb_write_galera_info(bool incremental_prepare)
 	long long	seqno;
 	MY_STAT		statinfo;
 
-	/* Do not overwrite an existing file to be compatible with
-	servers with older server versions */
-	if (!incremental_prepare &&
-		my_stat(XB_GALERA_INFO_FILENAME, &statinfo, MYF(0)) != NULL) {
-
-		return;
-	}
-
 	xid.null();
 
+	/* try to read last wsrep XID from innodb rsegs, we will use it
+	   instead of galera info file received from donor
+	*/
 	if (!trx_rseg_read_wsrep_checkpoint(xid)) {
-
+		/* no worries yet, SST may have brought in galera info file
+		   from some old MariaDB version, which does not support
+		   wsrep XID storing in innodb rsegs
+		*/
 		return;
 	}
 
+	/* if SST brought in galera info file, copy it as *_SST file
+	   this will not be used, saved just for future reference
+	*/
+	if (my_stat(XB_GALERA_INFO_FILENAME, &statinfo, MYF(0)) != NULL) {
+		FILE* fp_in  = fopen(XB_GALERA_INFO_FILENAME, "r");
+		FILE* fp_out = fopen(XB_GALERA_INFO_FILENAME_SST, "w");
+
+		char buf[BUFSIZ] = {'\0'};
+		size_t size;
+		while ((size = fread(buf, 1, BUFSIZ, fp_in))) {
+			if (fwrite(buf, 1, size, fp_out) != strlen(buf)) {
+				die(
+				    "could not write to "
+				    XB_GALERA_INFO_FILENAME_SST
+				    ", errno = %d\n",
+				    errno);
+			}
+		}
+		if (!feof(fp_in)) {
+			die(
+			    XB_GALERA_INFO_FILENAME_SST
+			    " not fully copied\n"
+			);
+		}
+		fclose(fp_out);
+		fclose(fp_in);
+	}
+
 	wsrep_uuid_t uuid;
 	memcpy(uuid.data, wsrep_xid_uuid(&xid), sizeof(uuid.data));
 	if (wsrep_uuid_print(&uuid, uuid_str,
@@ -97,7 +126,6 @@ xb_write_galera_info(bool incremental_prepare)
 		    "could not create " XB_GALERA_INFO_FILENAME
 		    ", errno = %d\n",
 		    errno);
-		exit(EXIT_FAILURE);
 	}
 
 	seqno = wsrep_xid_seqno(&xid);
diff --git a/extra/mariabackup/xb_plugin.cc b/extra/mariabackup/xb_plugin.cc
deleted file mode 100644
index 7470d376..00000000
--- a/extra/mariabackup/xb_plugin.cc
+++ /dev/null
@@ -1,229 +0,0 @@
-/* Copyright (c) 2017, 2022, MariaDB Corporation.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 of the License.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA */
-
-#include <my_global.h>
-#include <mysqld.h>
-#include <mysql.h>
-#include <xtrabackup.h>
-#include <xb_plugin.h>
-#include <sql_plugin.h>
-#include <sstream>
-#include <vector>
-#include <common.h>
-#include <backup_mysql.h>
-#include <srv0srv.h>
-
-
-extern struct st_maria_plugin *mysql_optional_plugins[];
-extern struct st_maria_plugin *mysql_mandatory_plugins[];
-static void xb_plugin_init(int argc, char **argv);
-
-extern char *xb_plugin_load;
-extern char *xb_plugin_dir;
-
-const int PLUGIN_MAX_ARGS = 1024;
-std::vector<std::string> backup_plugins_args;
-
-const char *QUERY_PLUGIN =
-"SELECT plugin_name, plugin_library, @@plugin_dir"
-" FROM information_schema.plugins WHERE plugin_type='ENCRYPTION'"
-" OR (plugin_type = 'DAEMON' AND plugin_name LIKE 'provider\\_%')"
-" AND plugin_status='ACTIVE'";
-
-std::string xb_plugin_config;
-
-static void add_to_plugin_load_list(const char *plugin_def)
-{
-  opt_plugin_load_list_ptr->push_back(new i_string(plugin_def));
-}
-
-static char XTRABACKUP_EXE[] = "xtrabackup";
-
-/*
-  Read "plugin-load" value from backup-my.cnf during prepare phase.
-  The value is stored during backup phase.
-*/
-static std::string get_plugin_from_cnf(const char *dir)
-{
-  std::string path = dir + std::string("/backup-my.cnf");
-  FILE *f = fopen(path.c_str(), "r");
-  if (!f)
-  {
-    die("Can't open %s for reading", path.c_str());
-  }
-  char line[512];
-  std::string plugin_load;
-  while (fgets(line, sizeof(line), f))
-  {
-    if (strncmp(line, "plugin_load=", 12) == 0)
-    {
-      plugin_load = line + 12;
-      // remote \n at the end of string
-      plugin_load.resize(plugin_load.size() - 1);
-      break;
-    }
-  }
-  fclose(f);
-  return plugin_load;
-}
-
-
-void xb_plugin_backup_init(MYSQL *mysql)
-{
-  MYSQL_RES *result;
-  MYSQL_ROW row;
-  std::ostringstream oss;
-  char *argv[PLUGIN_MAX_ARGS];
-  char show_query[1024] = "";
-  std::string plugin_load;
-  int argc;
-
-  result = xb_mysql_query(mysql, QUERY_PLUGIN, true, true);
-  while ((row = mysql_fetch_row(result)))
-  {
-    char *name= row[0];
-    char *library= row[1];
-    char *dir= row[2];
-
-    if (!plugin_load.length())
-    {
-#ifdef _WIN32
-      for (char *p = dir; *p; p++)
-        if (*p == '\\') *p = '/';
-#endif
-      strncpy(opt_plugin_dir, dir, FN_REFLEN - 1);
-      opt_plugin_dir[FN_REFLEN - 1] = '\0';
-      oss << "plugin_dir=" << '"' << dir << '"' << std::endl;
-    }
-
-    plugin_load += std::string(";") + name;
-
-    if (library)
-    {
-      /* Remove shared library suffixes, in case we'll prepare on different OS.*/
-      const char *extensions[] = { ".dll", ".so", 0 };
-      for (size_t i = 0; extensions[i]; i++)
-      {
-        const char *ext = extensions[i];
-        if (ends_with(library, ext))
-          library[strlen(library) - strlen(ext)] = 0;
-      }
-      plugin_load += std::string("=") + library;
-    }
-
-    if (strncmp(name, "provider_", 9) == 0)
-      continue;
-
-    /* Read plugin variables. */
-    snprintf(show_query, sizeof(show_query), "SHOW variables like '%s_%%'", name);
-  }
-  mysql_free_result(result);
-  if (!plugin_load.length())
-    return;
-
-  oss << "plugin_load=" << plugin_load.c_str() + 1 << std::endl;
-
-  /* Required  to load the plugin later.*/
-  add_to_plugin_load_list(plugin_load.c_str() + 1);
-
-
-  if (*show_query)
-  {
-    result = xb_mysql_query(mysql, show_query, true, true);
-    while ((row = mysql_fetch_row(result)))
-    {
-      std::string arg("--");
-      arg += row[0];
-      arg += "=";
-      arg += row[1];
-      backup_plugins_args.push_back(arg);
-      oss << row[0] << "=" << row[1] << std::endl;
-    }
-
-    mysql_free_result(result);
-
-    /* Check whether to encrypt logs. */
-    result = xb_mysql_query(mysql, "select @@innodb_encrypt_log", true, true);
-    row = mysql_fetch_row(result);
-    srv_encrypt_log = (row != 0 && row[0][0] == '1');
-    oss << "innodb_encrypt_log=" << row[0] << std::endl;
-
-    mysql_free_result(result);
-  }
-
-  xb_plugin_config = oss.str();
-
-  argc = 0;
-  argv[argc++] = XTRABACKUP_EXE;
-  for(size_t i = 0; i <  backup_plugins_args.size(); i++)
-  {
-    argv[argc++] = (char *)backup_plugins_args[i].c_str();
-    if (argc == PLUGIN_MAX_ARGS - 2)
-      break;
-  }
-  argv[argc] = 0;
-
-  xb_plugin_init(argc, argv);
-}
-
-const char *xb_plugin_get_config()
-{
-  return xb_plugin_config.c_str();
-}
-
-extern int finalize_encryption_plugin(st_plugin_int *plugin);
-
-
-void xb_plugin_prepare_init(int argc, char **argv, const char *dir)
-{
-  std::string plugin_load= get_plugin_from_cnf(dir ? dir : ".");
-  if (plugin_load.size())
-  {
-    msg("Loading plugins from %s", plugin_load.c_str());
-  }
-  else
-  {
-    finalize_encryption_plugin(0);
-    return;
-  }
-
-  add_to_plugin_load_list(plugin_load.c_str());
-
-  if (xb_plugin_dir)
-  {
-    strncpy(opt_plugin_dir, xb_plugin_dir, FN_REFLEN - 1);
-    opt_plugin_dir[FN_REFLEN - 1] = '\0';
-  }
-
-  char **new_argv = new char *[argc + 2];
-  new_argv[0] = XTRABACKUP_EXE;
-  memcpy(&new_argv[1], argv, argc*sizeof(char *));
-
-  xb_plugin_init(argc+1, new_argv);
-
-  delete[] new_argv;
-}
-
-static void xb_plugin_init(int argc, char **argv)
-{
-  /* Patch optional and mandatory plugins, we only need to load the one in xb_plugin_load. */
-  mysql_optional_plugins[0] = mysql_mandatory_plugins[0] = 0;
-  plugin_maturity = MariaDB_PLUGIN_MATURITY_UNKNOWN; /* mariabackup accepts all plugins */
-  msg("Loading plugins");
-  for (int i= 1; i < argc; i++)
-    msg("\t Plugin parameter :  '%s'", argv[i]);
-  plugin_init(&argc, argv, PLUGIN_INIT_SKIP_PLUGIN_TABLE);
-}
-
diff --git a/extra/mariabackup/xb_plugin.h b/extra/mariabackup/xb_plugin.h
deleted file mode 100644
index fea24b6b..00000000
--- a/extra/mariabackup/xb_plugin.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#include <mysql.h>
-#include <string>
-extern void xb_plugin_backup_init(MYSQL *mysql);
-extern const char* xb_plugin_get_config();
-extern void xb_plugin_prepare_init(int argc, char **argv, const char *dir);
diff --git a/extra/mariabackup/xbstream.cc b/extra/mariabackup/xbstream.cc
index 6306806b..d69a0029 100644
--- a/extra/mariabackup/xbstream.cc
+++ b/extra/mariabackup/xbstream.cc
@@ -262,7 +262,7 @@ mode_create(int argc, char **argv)
 		return 1;
 	}
 
-	stream = xb_stream_write_new();
+	stream = xb_stream_write_new(nullptr, nullptr);
 	if (stream == NULL) {
 		msg("%s: xb_stream_write_new() failed.", my_progname);
 		return 1;
@@ -287,7 +287,7 @@ mode_create(int argc, char **argv)
 			goto err;
 		}
 
-		file = xb_stream_write_open(stream, filepath, &mystat, NULL, NULL);
+		file = xb_stream_write_open(stream, filepath, &mystat, false);
 		if (file == NULL) {
 			goto err;
 		}
@@ -314,7 +314,8 @@ err:
 
 static
 file_entry_t *
-file_entry_new(extract_ctxt_t *ctxt, const char *path, uint pathlen)
+file_entry_new(extract_ctxt_t *ctxt, const char *path, uint pathlen,
+	uchar chunk_flags)
 {
 	file_entry_t	*entry;
 	ds_file_t	*file;
@@ -331,7 +332,8 @@ file_entry_new(extract_ctxt_t *ctxt, const char *path, uint pathlen)
 	}
 	entry->pathlen = pathlen;
 
-	file = ds_open(ctxt->ds_ctxt, path, NULL);
+	file = ds_open(ctxt->ds_ctxt, path, NULL,
+		chunk_flags == XB_STREAM_FLAG_REWRITE);
 
 	if (file == NULL) {
 		msg("%s: failed to create file.", my_progname);
@@ -412,10 +414,50 @@ extract_worker_thread_func(void *arg)
 							(uchar *) chunk.path,
 							chunk.pathlen);
 
+		if (entry && (chunk.type == XB_CHUNK_TYPE_REMOVE ||
+			chunk.type == XB_CHUNK_TYPE_RENAME)) {
+			msg("%s: rename and remove chunks can not be applied to opened file: %s",
+				my_progname, chunk.path);
+			pthread_mutex_unlock(ctxt->mutex);
+			break;
+		}
+
+		if (chunk.type == XB_CHUNK_TYPE_REMOVE) {
+			if (ds_remove(ctxt->ds_ctxt, chunk.path)) {
+				msg("%s: error on file removing: %s", my_progname, chunk.path);
+				pthread_mutex_unlock(ctxt->mutex);
+				res = XB_STREAM_READ_ERROR;
+				break;
+			}
+			pthread_mutex_unlock(ctxt->mutex);
+			continue;
+		}
+
+		if (chunk.type == XB_CHUNK_TYPE_RENAME) {
+			if (my_hash_search(ctxt->filehash,
+				reinterpret_cast<const uchar *>(chunk.data), chunk.length)) {
+				msg("%s: rename chunks can not be applied to opened file: %s",
+					my_progname, reinterpret_cast<const uchar *>(chunk.data));
+				pthread_mutex_unlock(ctxt->mutex);
+				break;
+			}
+			if (ds_rename(ctxt->ds_ctxt, chunk.path,
+				reinterpret_cast<const char *>(chunk.data))) {
+				msg("%s: error on file renaming: %s to %s", my_progname,
+					reinterpret_cast<const char *>(chunk.data), chunk.path);
+				pthread_mutex_unlock(ctxt->mutex);
+				res = XB_STREAM_READ_ERROR;
+				break;
+			}
+			pthread_mutex_unlock(ctxt->mutex);
+			continue;
+		}
+
 		if (entry == NULL) {
 			entry = file_entry_new(ctxt,
 					       chunk.path,
-					       chunk.pathlen);
+					       chunk.pathlen,
+								 chunk.flags);
 			if (entry == NULL) {
 				pthread_mutex_unlock(ctxt->mutex);
 				break;
@@ -432,6 +474,18 @@ extract_worker_thread_func(void *arg)
 
 		pthread_mutex_unlock(ctxt->mutex);
 
+		if (chunk.type == XB_CHUNK_TYPE_SEEK) {
+			if (ds_seek_set(entry->file, chunk.offset)) {
+				msg("%s: my_seek() failed.", my_progname);
+				pthread_mutex_unlock(&entry->mutex);
+				res = XB_STREAM_READ_ERROR;
+				break;
+			}
+			entry->offset = chunk.offset;
+			pthread_mutex_unlock(&entry->mutex);
+			continue;
+		}
+
 		res = xb_stream_validate_checksum(&chunk);
 
 		if (res != XB_STREAM_READ_CHUNK) {
diff --git a/extra/mariabackup/xbstream.h b/extra/mariabackup/xbstream.h
index 1b36ec24..c8b2997d 100644
--- a/extra/mariabackup/xbstream.h
+++ b/extra/mariabackup/xbstream.h
@@ -29,6 +29,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
 /* Chunk flags */
 /* Chunk can be ignored if unknown version/format */
 #define XB_STREAM_FLAG_IGNORABLE 0x01
+#define XB_STREAM_FLAG_REWRITE   0x02
 
 /* Magic + flags + type + path len */
 #define CHUNK_HEADER_CONSTANT_LEN ((sizeof(XB_STREAM_CHUNK_MAGIC) - 1) + \
@@ -48,18 +49,21 @@ typedef enum {
 /************************************************************************
 Write interface. */
 
-typedef ssize_t xb_stream_write_callback(xb_wstream_file_t *file,
+typedef ssize_t xb_stream_write_callback(
 					 void *userdata,
 					 const void *buf, size_t len);
 
-xb_wstream_t *xb_stream_write_new(void);
-
+xb_wstream_t *xb_stream_write_new(
+	xb_stream_write_callback *write_callback, void *user_data);
 xb_wstream_file_t *xb_stream_write_open(xb_wstream_t *stream, const char *path,
-					MY_STAT *mystat, void *userdata,
-					xb_stream_write_callback *onwrite);
+					const MY_STAT *mystat, bool rewrite);
 
 int xb_stream_write_data(xb_wstream_file_t *file, const void *buf, size_t len);
-
+int xb_stream_write_seek_set(xb_wstream_file_t *file, my_off_t offset);
+int xb_stream_write_remove(xb_wstream_t *stream, const char *path);
+int
+xb_stream_write_rename(
+	xb_wstream_t *stream, const char *old_path, const char *new_path);
 int xb_stream_write_close(xb_wstream_file_t *file);
 
 int xb_stream_write_done(xb_wstream_t *stream);
@@ -76,6 +80,9 @@ typedef enum {
 typedef enum {
 	XB_CHUNK_TYPE_UNKNOWN = '\0',
 	XB_CHUNK_TYPE_PAYLOAD = 'P',
+	XB_CHUNK_TYPE_RENAME = 'R',
+	XB_CHUNK_TYPE_REMOVE = 'D',
+	XB_CHUNK_TYPE_SEEK = 'S',
 	XB_CHUNK_TYPE_EOF = 'E'
 } xb_chunk_type_t;
 
diff --git a/extra/mariabackup/xbstream_read.cc b/extra/mariabackup/xbstream_read.cc
index b54a9815..d82176ad 100644
--- a/extra/mariabackup/xbstream_read.cc
+++ b/extra/mariabackup/xbstream_read.cc
@@ -59,6 +59,9 @@ validate_chunk_type(uchar code)
 {
 	switch ((xb_chunk_type_t) code) {
 	case XB_CHUNK_TYPE_PAYLOAD:
+	case XB_CHUNK_TYPE_RENAME:
+	case XB_CHUNK_TYPE_REMOVE:
+	case XB_CHUNK_TYPE_SEEK:
 	case XB_CHUNK_TYPE_EOF:
 		return (xb_chunk_type_t) code;
 	default:
@@ -159,57 +162,91 @@ xb_stream_read_chunk(xb_rstream_t *stream, xb_rstream_chunk_t *chunk)
 	}
 	chunk->path[pathlen] = '\0';
 
-	if (chunk->type == XB_CHUNK_TYPE_EOF) {
+	if (chunk->type == XB_CHUNK_TYPE_EOF ||
+			chunk->type == XB_CHUNK_TYPE_REMOVE) {
 		return XB_STREAM_READ_CHUNK;
 	}
 
-	/* Payload length */
-	F_READ(tmpbuf, 16);
-	ullval = uint8korr(tmpbuf);
-	if (ullval > (ulonglong) SIZE_T_MAX) {
-		msg("xb_stream_read_chunk(): chunk length is too large at "
-		    "offset 0x%llx: 0x%llx.", (ulonglong) stream->offset,
-		    ullval);
-		goto err;
+	if (chunk->type == XB_CHUNK_TYPE_RENAME) {
+		F_READ(tmpbuf, 4);
+		size_t new_pathlen = uint4korr(tmpbuf);
+		if (new_pathlen >= FN_REFLEN) {
+			msg("xb_stream_read_chunk(): path length (%lu) for new name of 'rename'"
+				"	chunk is too large", (ulong) new_pathlen);
+			goto err;
+		}
+		chunk->length = new_pathlen;
+		stream->offset +=4;
 	}
-	chunk->length = (size_t) ullval;
-	stream->offset += 8;
-
-	/* Payload offset */
-	ullval = uint8korr(tmpbuf + 8);
-	if (ullval > (ulonglong) MY_OFF_T_MAX) {
-		msg("xb_stream_read_chunk(): chunk offset is too large at "
-		    "offset 0x%llx: 0x%llx.", (ulonglong) stream->offset,
-		    ullval);
-		goto err;
+	else if (chunk->type == XB_CHUNK_TYPE_SEEK) {
+		F_READ(tmpbuf, 8);
+		chunk->offset = uint8korr(tmpbuf);
+		stream->offset += 8;
+		return XB_STREAM_READ_CHUNK;
+	}
+	else {
+		/* Payload length */
+		F_READ(tmpbuf, 16);
+		ullval = uint8korr(tmpbuf);
+		if (ullval > (ulonglong) SIZE_T_MAX) {
+			msg("xb_stream_read_chunk(): chunk length is too large at "
+					"offset 0x%llx: 0x%llx.", (ulonglong) stream->offset,
+					ullval);
+			goto err;
+		}
+		chunk->length = (size_t) ullval;
+		stream->offset += 8;
+
+		/* Payload offset */
+		ullval = uint8korr(tmpbuf + 8);
+		if (ullval > (ulonglong) MY_OFF_T_MAX) {
+			msg("xb_stream_read_chunk(): chunk offset is too large at "
+					"offset 0x%llx: 0x%llx.", (ulonglong) stream->offset,
+					ullval);
+			goto err;
+		}
+		chunk->offset = (my_off_t) ullval;
+		stream->offset += 8;
 	}
-	chunk->offset = (my_off_t) ullval;
-	stream->offset += 8;
 
-	/* Reallocate the buffer if needed */
-	if (chunk->length > chunk->buflen) {
-		chunk->data = my_realloc(PSI_NOT_INSTRUMENTED, chunk->data, chunk->length,
-					 MYF(MY_WME | MY_ALLOW_ZERO_PTR));
+	/* Reallocate the buffer if needed, take into account trailing '\0' for
+	new file name in the case of XB_CHUNK_TYPE_RENAME */
+	if (chunk->length + 1 > chunk->buflen) {
+		chunk->data = my_realloc(PSI_NOT_INSTRUMENTED, chunk->data,
+					chunk->length + 1, MYF(MY_WME | MY_ALLOW_ZERO_PTR));
 		if (chunk->data == NULL) {
 			msg("xb_stream_read_chunk(): failed to increase buffer "
-			    "to %lu bytes.", (ulong) chunk->length);
+			    "to %lu bytes.", (ulong) chunk->length + 1);
 			goto err;
 		}
-		chunk->buflen = chunk->length;
+		chunk->buflen = chunk->length + 1;
 	}
 
-	/* Checksum */
-	F_READ(tmpbuf, 4);
-	chunk->checksum = uint4korr(tmpbuf);
-	chunk->checksum_offset = stream->offset;
-
-	/* Payload */
-	if (chunk->length > 0) {
+	if (chunk->type == XB_CHUNK_TYPE_RENAME) {
+		if (chunk->length == 0) {
+			msg("xb_stream_read_chunk(): failed to read new name for file to rename "
+				": %s", chunk->path);
+			goto err;
+		}
 		F_READ(chunk->data, chunk->length);
 		stream->offset += chunk->length;
+		reinterpret_cast<char *>(chunk->data)[chunk->length] = '\0';
+		++chunk->length;
 	}
+	else {
+		/* Checksum */
+		F_READ(tmpbuf, 4);
+		chunk->checksum = uint4korr(tmpbuf);
+		chunk->checksum_offset = stream->offset;
+
+		/* Payload */
+		if (chunk->length > 0) {
+			F_READ(chunk->data, chunk->length);
+			stream->offset += chunk->length;
+		}
 
-	stream->offset += 4;
+		stream->offset += 4;
+	}
 
 	return XB_STREAM_READ_CHUNK;
 
diff --git a/extra/mariabackup/xbstream_write.cc b/extra/mariabackup/xbstream_write.cc
index 5801e867..926e091b 100644
--- a/extra/mariabackup/xbstream_write.cc
+++ b/extra/mariabackup/xbstream_write.cc
@@ -21,6 +21,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
 #include <my_global.h>
 #include <my_base.h>
 #include <zlib.h>
+#include <stdint.h>
 #include "common.h"
 #include "xbstream.h"
 
@@ -29,6 +30,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
 
 struct xb_wstream_struct {
 	pthread_mutex_t	mutex;
+	xb_stream_write_callback *write;
+	void *user_data;
 };
 
 struct xb_wstream_file_struct {
@@ -39,8 +42,7 @@ struct xb_wstream_file_struct {
 	char		*chunk_ptr;
 	size_t		chunk_free;
 	my_off_t	offset;
-	void		*userdata;
-	xb_stream_write_callback *write;
+  bool rewrite;
 };
 
 static int xb_stream_flush(xb_wstream_file_t *file);
@@ -50,7 +52,7 @@ static int xb_stream_write_eof(xb_wstream_file_t *file);
 
 static
 ssize_t
-xb_stream_default_write_callback(xb_wstream_file_t *file __attribute__((unused)),
+xb_stream_default_write_callback(
 				 void *userdata __attribute__((unused)),
 				 const void *buf, size_t len)
 {
@@ -60,21 +62,31 @@ xb_stream_default_write_callback(xb_wstream_file_t *file __attribute__((unused))
 }
 
 xb_wstream_t *
-xb_stream_write_new(void)
+xb_stream_write_new(
+	xb_stream_write_callback *write_callback, void *user_data)
 {
 	xb_wstream_t	*stream;
 
 	stream = (xb_wstream_t *) my_malloc(PSI_NOT_INSTRUMENTED, sizeof(xb_wstream_t), MYF(MY_FAE));
 	pthread_mutex_init(&stream->mutex, NULL);
+	if (write_callback) {
+#ifdef _WIN32
+		setmode(fileno(stdout), _O_BINARY);
+#endif
+		stream->write = write_callback;
+		stream->user_data = user_data;
+	}
+	else {
+		stream->write = xb_stream_default_write_callback;
+		stream->user_data = user_data;
+	}
 
 	return stream;;
 }
 
 xb_wstream_file_t *
 xb_stream_write_open(xb_wstream_t *stream, const char *path,
-		     MY_STAT *mystat __attribute__((unused)),
-		     void *userdata,
-		     xb_stream_write_callback *onwrite)
+		const MY_STAT *mystat __attribute__((unused)), bool rewrite)
 {
 	xb_wstream_file_t	*file;
 	size_t			path_len;
@@ -109,16 +121,7 @@ xb_stream_write_open(xb_wstream_t *stream, const char *path,
 	file->offset = 0;
 	file->chunk_ptr = file->chunk;
 	file->chunk_free = XB_STREAM_MIN_CHUNK_SIZE;
-	if (onwrite) {
-#ifdef _WIN32
-		setmode(fileno(stdout), _O_BINARY);
-#endif
-		file->userdata = userdata;
-		file->write = onwrite;
-	} else {
-		file->userdata = NULL;
-		file->write = xb_stream_default_write_callback;
-	}
+	file->rewrite = rewrite;
 
 	return file;
 }
@@ -202,7 +205,8 @@ xb_stream_write_chunk(xb_wstream_file_t *file, const void *buf, size_t len)
 	memcpy(ptr, XB_STREAM_CHUNK_MAGIC, sizeof(XB_STREAM_CHUNK_MAGIC) - 1);
 	ptr += sizeof(XB_STREAM_CHUNK_MAGIC) - 1;
 
-	*ptr++ = 0;                              /* Chunk flags */
+	*ptr++ =
+    file->rewrite ? XB_STREAM_FLAG_REWRITE : 0; /* Chunk flags */
 
 	*ptr++ = (uchar) XB_CHUNK_TYPE_PAYLOAD;  /* Chunk type */
 
@@ -227,11 +231,11 @@ xb_stream_write_chunk(xb_wstream_file_t *file, const void *buf, size_t len)
 
 	xb_ad(ptr <= tmpbuf + sizeof(tmpbuf));
 
-	if (file->write(file, file->userdata, tmpbuf, ptr-tmpbuf) == -1)
+	if (stream->write(stream->user_data, tmpbuf, ptr-tmpbuf) == -1)
 		goto err;
 
 
-	if (file->write(file, file->userdata, buf, len) == -1) /* Payload */
+	if (stream->write(stream->user_data, buf, len) == -1) /* Payload */
 		goto err;
 
 	file->offset+= len;
@@ -247,6 +251,38 @@ err:
 	return 1;
 }
 
+int xb_stream_write_seek_set(xb_wstream_file_t *file, my_off_t offset)
+{
+	/* Chunk magic + flags + chunk type + path_len + path + offset */
+	uchar		tmpbuf[sizeof(XB_STREAM_CHUNK_MAGIC) - 1 + 1 + 1 + 4 +
+			       FN_REFLEN + 8];
+	int error = 0;
+	xb_wstream_t	*stream = file->stream;
+	uchar		*ptr = tmpbuf;
+	/* Chunk magic */
+	memcpy(ptr, XB_STREAM_CHUNK_MAGIC, sizeof(XB_STREAM_CHUNK_MAGIC) - 1);
+	ptr += sizeof(XB_STREAM_CHUNK_MAGIC) - 1;
+	*ptr++ = 0;                              /* Chunk flags */
+	*ptr++ = (uchar) XB_CHUNK_TYPE_SEEK;   /* Chunk type */
+	int4store(ptr, file->path_len);          /* Path length */
+	ptr += 4;
+	memcpy(ptr, file->path, file->path_len); /* Path */
+	ptr += file->path_len;
+	int8store(ptr, static_cast<int64_t>(offset));  /* Offset */
+	ptr += 8;
+	if (xb_stream_flush(file))
+		return 1;
+	pthread_mutex_lock(&stream->mutex);
+	if (stream->write(stream->user_data, tmpbuf, ptr-tmpbuf) == -1)
+		error = 1;
+	if (!error)
+		file->offset = offset;
+	pthread_mutex_unlock(&stream->mutex);
+	if (xb_stream_flush(file))
+		return 1;
+	return error;
+}
+
 static
 int
 xb_stream_write_eof(xb_wstream_file_t *file)
@@ -278,7 +314,7 @@ xb_stream_write_eof(xb_wstream_file_t *file)
 
 	xb_ad(ptr <= tmpbuf + sizeof(tmpbuf));
 
-	if (file->write(file, file->userdata, tmpbuf,
+	if (stream->write(stream->user_data, tmpbuf,
 			(ulonglong) (ptr - tmpbuf)) == -1)
 		goto err;
 
@@ -291,3 +327,77 @@ err:
 
 	return 1;
 }
+
+
+int
+xb_stream_write_remove(xb_wstream_t *stream, const char *path) {
+	/* Chunk magic + flags + chunk type + path_len + path */
+	uchar		tmpbuf[sizeof(XB_STREAM_CHUNK_MAGIC) - 1 + 1 + 1 + 4 + FN_REFLEN];
+	uchar		*ptr = tmpbuf;
+	/* Chunk magic */
+	memcpy(ptr, XB_STREAM_CHUNK_MAGIC, sizeof(XB_STREAM_CHUNK_MAGIC) - 1);
+	ptr += sizeof(XB_STREAM_CHUNK_MAGIC) - 1;
+
+	*ptr++ = 0;                              /* Chunk flags */
+
+	*ptr++ = (uchar) XB_CHUNK_TYPE_REMOVE;   /* Chunk type */
+	size_t path_len = strlen(path);
+	int4store(ptr, path_len);               /* Path length */
+	ptr += 4;
+
+	memcpy(ptr, path, path_len);            /* Path */
+	ptr += path_len;
+
+	xb_ad(ptr <= tmpbuf + sizeof(tmpbuf));
+
+	pthread_mutex_lock(&stream->mutex);
+
+	ssize_t result = stream->write(stream->user_data, tmpbuf,
+		(ulonglong) (ptr - tmpbuf));
+
+	pthread_mutex_unlock(&stream->mutex);
+
+	return result < 0;
+
+}
+
+int
+xb_stream_write_rename(
+	xb_wstream_t *stream, const char *old_path, const char *new_path) {
+	/* Chunk magic + flags + chunk type + path_len + path + path_len + path*/
+	uchar		tmpbuf[sizeof(XB_STREAM_CHUNK_MAGIC) - 1 + 1 + 1 +
+		4 + FN_REFLEN + 4 + FN_REFLEN];
+	uchar		*ptr = tmpbuf;
+	/* Chunk magic */
+	memcpy(ptr, XB_STREAM_CHUNK_MAGIC, sizeof(XB_STREAM_CHUNK_MAGIC) - 1);
+	ptr += sizeof(XB_STREAM_CHUNK_MAGIC) - 1;
+
+	*ptr++ = 0;                              /* Chunk flags */
+
+	*ptr++ = (uchar) XB_CHUNK_TYPE_RENAME;   /* Chunk type */
+	size_t path_len = strlen(old_path);
+	int4store(ptr, path_len);               /* Path length */
+	ptr += 4;
+
+	memcpy(ptr, old_path, path_len);            /* Path */
+	ptr += path_len;
+
+	path_len = strlen(new_path);
+	int4store(ptr, path_len);               /* Path length */
+	ptr += 4;
+
+	memcpy(ptr, new_path, path_len);            /* Path */
+	ptr += path_len;
+
+	xb_ad(ptr <= tmpbuf + sizeof(tmpbuf));
+
+	pthread_mutex_lock(&stream->mutex);
+
+	ssize_t result = stream->write(stream->user_data, tmpbuf,
+		(ulonglong) (ptr - tmpbuf));
+
+	pthread_mutex_unlock(&stream->mutex);
+
+	return result < 0;
+}
+
diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc
index 485cb143..5979bbd3 100644
--- a/extra/mariabackup/xtrabackup.cc
+++ b/extra/mariabackup/xtrabackup.cc
@@ -4,7 +4,7 @@ MariaBackup: hot backup tool for InnoDB
 Originally Created 3/3/2009 Yasufumi Kinoshita
 Written by Alexey Kopytov, Aleksandr Kuzminsky, Stewart Smith, Vadim Tkachenko,
 Yasufumi Kinoshita, Ignacio Nin and Baron Schwartz.
-(c) 2017, 2022, MariaDB Corporation.
+(c) 2017, 2024, MariaDB Corporation.
 Portions written by Marko Mäkelä.
 
 This program is free software; you can redistribute it and/or modify
@@ -54,7 +54,6 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include <scope.h>
 #include <sql_class.h>
 
-#include <fcntl.h>
 #include <string.h>
 
 #ifdef __linux__
@@ -70,6 +69,7 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 # include <sys/sysctl.h>
 #endif
 
+#include "aria_backup_client.h"
 
 #include <btr0sea.h>
 #include <lock0lock.h>
@@ -82,6 +82,7 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include <buf0dblwr.h>
 #include <buf0flu.h>
 #include "ha_innodb.h"
+#include "fts0types.h"
 
 #include <list>
 #include <sstream>
@@ -97,23 +98,26 @@ Street, Fifth Floor, Boston, MA 02110-1335 USA
 #include "xb_regex.h"
 #include "fil_cur.h"
 #include "write_filt.h"
-#include "xtrabackup.h"
 #include "ds_buffer.h"
 #include "ds_tmpfile.h"
 #include "xbstream.h"
-#include "changed_page_bitmap.h"
 #include "read_filt.h"
 #include "backup_wsrep.h"
 #include "innobackupex.h"
 #include "backup_mysql.h"
 #include "backup_copy.h"
 #include "backup_mysql.h"
-#include "xb_plugin.h"
+#include "encryption_plugin.h"
 #include <sql_plugin.h>
 #include <srv0srv.h>
 #include <log.h>
 #include <derror.h>
 #include <thr_timer.h>
+#include <tuple>
+#include "ddl_log.h"
+#include "common_engine.h"
+#include "lex_string.h"
+#include "sql_table.h"
 #include "backup_debug.h"
 
 #define MB_CORRUPTED_PAGES_FILE "innodb_corrupted_pages"
@@ -126,6 +130,9 @@ int sd_notifyf() { return 0; }
 
 int sys_var_init();
 
+extern const char* fts_common_tables[];
+extern const  fts_index_selector_t fts_index_selector[];
+
 /* === xtrabackup specific options === */
 #define DEFAULT_TARGET_DIR "./xtrabackup_backupfiles/"
 char xtrabackup_real_target_dir[FN_REFLEN] = DEFAULT_TARGET_DIR;
@@ -140,8 +147,8 @@ my_bool xtrabackup_decrypt_decompress;
 my_bool xtrabackup_print_param;
 my_bool xtrabackup_mysqld_args;
 my_bool xtrabackup_help;
-
 my_bool xtrabackup_export;
+my_bool ignored_option;
 
 longlong xtrabackup_use_memory;
 
@@ -155,7 +162,6 @@ char *xtrabackup_incremental;
 lsn_t incremental_lsn;
 lsn_t incremental_to_lsn;
 lsn_t incremental_last_lsn;
-xb_page_bitmap *changed_page_bitmap;
 
 char *xtrabackup_incremental_basedir; /* for --backup */
 char *xtrabackup_extra_lsndir; /* for --backup with --extra-lsndir */
@@ -195,10 +201,12 @@ struct xb_filter_entry_t{
 	xb_filter_entry_t *name_hash;
 };
 
+lsn_t checkpoint_lsn_start;
+lsn_t checkpoint_no_start;
 /** whether log_copying_thread() is active; protected by recv_sys.mutex */
 static bool log_copying_running;
 
-int xtrabackup_parallel;
+uint xtrabackup_parallel;
 
 char *xtrabackup_stream_str = NULL;
 xb_stream_fmt_t xtrabackup_stream_fmt = XB_STREAM_FMT_NONE;
@@ -255,7 +263,7 @@ recv_sys.mutex. */
 static std::set<uint32_t> fail_undo_ids;
 
 longlong innobase_page_size = (1LL << 14); /* 16KB */
-char*	innobase_buffer_pool_filename = NULL;
+char *innobase_buffer_pool_filename = NULL;
 
 /* The default values for the following char* start-up parameters
 are determined in innobase_init below: */
@@ -361,10 +369,8 @@ my_bool opt_galera_info = FALSE;
 my_bool opt_slave_info = FALSE;
 my_bool opt_no_lock = FALSE;
 my_bool opt_safe_slave_backup = FALSE;
-my_bool opt_rsync = FALSE;
 my_bool opt_force_non_empty_dirs = FALSE;
 my_bool opt_noversioncheck = FALSE;
-my_bool opt_no_backup_locks = FALSE;
 my_bool opt_decompress = FALSE;
 my_bool opt_remove_original;
 my_bool opt_log_innodb_page_corruption;
@@ -422,6 +428,8 @@ pthread_cond_t  scanned_lsn_cond;
 /** Store the deferred tablespace name during --backup */
 static std::set<std::string> defer_space_names;
 
+typedef decltype(fil_space_t::id) space_id_t;
+
 typedef std::map<space_id_t,std::string> space_id_to_name_t;
 
 struct ddl_tracker_t {
@@ -696,8 +704,190 @@ typedef void (*process_single_tablespace_func_t)(const char *dirname,
                                                  uint32_t defer_space_id);
 static dberr_t enumerate_ibd_files(process_single_tablespace_func_t callback);
 
+const char *convert_dst(const char *dst) {
+	return
+		(xtrabackup_copy_back || xtrabackup_move_back) ?
+		dst : trim_dotslash(dst);
+}
+
+std::string convert_tablename_to_filepath(
+	const char *data_dir_path, const std::string &db, const std::string &table) {
+	char dbbuff[FN_REFLEN];
+	char tbbuff[FN_REFLEN];
+	(void)tablename_to_filename(db.c_str(), dbbuff, sizeof(dbbuff));
+	(void)tablename_to_filename(table.c_str(), tbbuff, sizeof(tbbuff));
+	std::string result(data_dir_path);
+	result.append(1, FN_LIBCHAR).append(dbbuff).
+		append(1, FN_LIBCHAR).append(tbbuff);
+	return result;
+}
+
+std::tuple<std::string, std::string, std::string>
+convert_filepath_to_tablename(const char *filepath) {
+	char db_name_orig[FN_REFLEN];
+	char table_name_orig[FN_REFLEN];
+	parse_db_table_from_file_path(filepath, db_name_orig, table_name_orig);
+	if (!db_name_orig[0] || !table_name_orig[0])
+			return std::make_tuple("", "", "");
+	char db_name_conv[FN_REFLEN];
+	char table_name_conv[FN_REFLEN];
+	filename_to_tablename(db_name_orig, db_name_conv, sizeof(db_name_conv));
+	filename_to_tablename(
+		table_name_orig, table_name_conv, sizeof(table_name_conv));
+	if (!db_name_conv[0] || !table_name_conv[0])
+		return std::make_tuple("", "", "");
+	return std::make_tuple(db_name_conv, table_name_conv,
+		std::string(db_name_orig).append("/").append(table_name_orig));
+}
+
+std::string get_table_version_from_image(const std::vector<uchar> &frm_image) {
+	DBUG_ASSERT(frm_image.size() >= 64);
+
+	if (!strncmp((char*) frm_image.data(), "TYPE=VIEW\n", 10))
+		return {};
+
+	if (!is_binary_frm_header(frm_image.data()))
+		return {};
+
+  /* Length of the MariaDB extra2 segment in the form file. */
+	uint len = uint2korr(frm_image.data() + 4);
+  const uchar *extra2= frm_image.data() + 64;
+
+  if (*extra2 == '/')   // old frm had '/' there
+		return {};
+
+	const uchar *e2end= extra2 + len;
+	while (extra2 + 3 <= e2end)
+	{
+		uchar type= *extra2++;
+		size_t length= *extra2++;
+		if (!length)
+		{
+			if (extra2 + 2 >= e2end)
+				return {};
+			length= uint2korr(extra2);
+			extra2+= 2;
+			if (length < 256)
+				return {};
+		}
+		if (extra2 + length > e2end)
+			return {};
+		if (type == EXTRA2_TABLEDEF_VERSION) {
+			char buff[MY_UUID_STRING_LENGTH];
+			my_uuid2str(extra2, buff, 1);
+			return std::string(buff, buff + MY_UUID_STRING_LENGTH);
+		}
+		extra2+= length;
+	}
+
+	return {};
+}
+
+std::pair<bool, legacy_db_type>
+	get_table_engine_from_image(const std::vector<uchar> &frm_image) {
+
+	DBUG_ASSERT(frm_image.size() >= 64);
+
+	if (!strncmp((char*) frm_image.data(), "TYPE=VIEW\n", 10))
+		return std::make_pair(false, DB_TYPE_UNKNOWN);
+
+	if (!is_binary_frm_header(frm_image.data()))
+		return std::make_pair(false, DB_TYPE_UNKNOWN);
+
+	legacy_db_type dbt = (legacy_db_type)frm_image[3];
+
+	if (dbt >= DB_TYPE_FIRST_DYNAMIC)
+		return std::make_pair(false, DB_TYPE_UNKNOWN);
+
+	if (dbt != DB_TYPE_PARTITION_DB)
+		return std::make_pair(false, dbt);
+
+	dbt = (legacy_db_type)frm_image[61];
+	return std::make_pair(true,
+		dbt < DB_TYPE_FIRST_DYNAMIC ? dbt : DB_TYPE_UNKNOWN);
+}
+
+std::vector<uchar> read_frm_image(File file) {
+	std::vector<uchar> frm_image;
+	MY_STAT state;
+
+	if (mysql_file_fstat(file, &state, MYF(MY_WME)))
+		return frm_image;
+
+	frm_image.resize((size_t)state.st_size, 0);
+
+	if (mysql_file_read(
+		file, frm_image.data(), (size_t)state.st_size, MYF(MY_NABP)))
+		frm_image.clear();
+
+	return frm_image;
+}
+
+std::string read_table_version_id(File file) {
+	auto frm_image = read_frm_image(file);
+	if (frm_image.empty())
+		return {};
+	return get_table_version_from_image(frm_image);
+}
+
+bool is_log_table(const char *dbname, const char *tablename) {
+	DBUG_ASSERT(dbname);
+	DBUG_ASSERT(tablename);
+
+	LEX_CSTRING lex_db;
+	LEX_CSTRING lex_table;
+	lex_db.str = dbname;
+	lex_db.length = strlen(dbname);
+	lex_table.str = tablename;
+	lex_table.length = strlen(tablename);
+
+	if (!lex_string_eq(&MYSQL_SCHEMA_NAME, &lex_db))
+		return false;
+
+	if (lex_string_eq(&GENERAL_LOG_NAME, &lex_table))
+		return true;
+
+	if (lex_string_eq(&SLOW_LOG_NAME, &lex_table))
+		return true;
+
+	return false;
+}
+
+bool is_stats_table(const char *dbname, const char *tablename) {
+	DBUG_ASSERT(dbname);
+	DBUG_ASSERT(tablename);
+
+	LEX_CSTRING lex_db;
+	LEX_CSTRING lex_table;
+	lex_db.str = dbname;
+	lex_db.length = strlen(dbname);
+	lex_table.str = tablename;
+	lex_table.length = strlen(tablename);
+
+	if (!lex_string_eq(&MYSQL_SCHEMA_NAME, &lex_db))
+		return false;
+
+	CHARSET_INFO *ci= system_charset_info;
+
+  return (lex_table.length > 4 &&
+		/* one of mysql.*_stat tables, but not mysql.innodb* tables*/
+		((my_tolower(ci, lex_table.str[lex_table.length-5]) == 's' &&
+		my_tolower(ci, lex_table.str[lex_table.length-4]) == 't' &&
+		my_tolower(ci, lex_table.str[lex_table.length-3]) == 'a' &&
+		my_tolower(ci, lex_table.str[lex_table.length-2]) == 't' &&
+		my_tolower(ci, lex_table.str[lex_table.length-1]) == 's') &&
+		!(my_tolower(ci, lex_table.str[0]) == 'i' &&
+		my_tolower(ci, lex_table.str[1]) == 'n' &&
+		my_tolower(ci, lex_table.str[2]) == 'n' &&
+		my_tolower(ci, lex_table.str[3]) == 'o')));
+}
+
 /* ======== Datafiles iterator ======== */
 struct datafiles_iter_t {
+	datafiles_iter_t() : space(fil_system.space_list.end()), node(nullptr), started(FALSE) {
+	}
+	~datafiles_iter_t() {
+	}
 	space_list_t::iterator space = fil_system.space_list.end();
 	fil_node_t	*node = nullptr;
 	bool		started = false;
@@ -777,8 +967,6 @@ static void *dbug_execute_in_new_connection(void *arg)
 	return nullptr;
 }
 
-static pthread_t dbug_alter_thread;
-
 /*
 Execute query from a new connection, in own thread.
 
@@ -789,8 +977,9 @@ Execute query from a new connection, in own thread.
 	otherwise query should return error.
 @param expected_errno - if not 0, and query finished with error,
 	expected mysql_errno()
+@return created thread id
 */
-static void dbug_start_query_thread(
+static pthread_t dbug_start_query_thread(
 	const char *query,
 	const char *wait_state,
 	int expected_err,
@@ -802,12 +991,14 @@ static void dbug_start_query_thread(
 	par->expect_err = expected_err;
 	par->expect_errno = expected_errno;
 	par->con =  xb_mysql_connect();
-
-	mysql_thread_create(0, &dbug_alter_thread, nullptr,
+	if (mysql_set_server_option(par->con, MYSQL_OPTION_MULTI_STATEMENTS_ON))
+		die("Can't set multistatement option for query: %s", query);
+	pthread_t result_thread;
+	mysql_thread_create(0, &result_thread, nullptr,
 			    dbug_execute_in_new_connection, par);
 
 	if (!wait_state)
-		return;
+		return result_thread;
 
 	char q[256];
 	snprintf(q, sizeof(q),
@@ -829,7 +1020,11 @@ static void dbug_start_query_thread(
 end:
 	msg("query '%s' on connection %lu reached state '%s'", query,
 	mysql_thread_id(par->con), wait_state);
+	return result_thread;
 }
+
+static pthread_t dbug_alter_thread;
+static pthread_t dbug_emulate_ddl_on_intermediate_table_thread;
 #endif
 
 void mdl_lock_all()
@@ -952,6 +1147,31 @@ static void backup_file_op(uint32_t space_id, int type,
 	}
 }
 
+static bool check_if_fts_table(const char *file_name) {
+	const char *table_name_start = strrchr(file_name, '/');
+	if (table_name_start)
+		++table_name_start;
+	else
+		table_name_start = file_name;
+
+	if (!starts_with(table_name_start,"FTS_"))
+		return false;
+
+	const char *table_name_end = strrchr(table_name_start, '.');
+	if (!table_name_end)
+		table_name_end = table_name_start + strlen(table_name_start);
+	ptrdiff_t table_name_len = table_name_end - table_name_end;
+
+	for (const char **suffix = fts_common_tables; *suffix; ++suffix)
+		if (!strncmp(table_name_start, *suffix, table_name_len))
+			return true;
+	for (size_t i = 0; fts_index_selector[i].suffix; ++i)
+		if (!strncmp(table_name_start, fts_index_selector[i].suffix,
+			table_name_len))
+			return true;
+
+	return false;
+}
 
 /*
  This callback is called if DDL operation is detected,
@@ -985,8 +1205,9 @@ static void backup_file_op_fail(uint32_t space_id, int type,
 		break;
 	case FILE_DELETE:
 		fail = !check_if_skip_table(
-				filename_to_spacename(name, len).c_str());
-		msg("DDL tracking : delete %u \"%.*s\"", space_id, int(len), name);
+                                filename_to_spacename(name, len).c_str())
+                       && !check_if_fts_table(reinterpret_cast<const char*>(name));
+                msg("DDL tracking : delete %u \"%.*s\"", space_id, int(len), name);
 		break;
 	default:
 		ut_ad(0);
@@ -1112,6 +1333,7 @@ enum options_xtrabackup
   OPT_INNODB_LOG_FILE_BUFFERING,
 #endif
   OPT_INNODB_LOG_FILE_SIZE,
+  OPT_INNODB_LOG_FILES_IN_GROUP,
   OPT_INNODB_OPEN_FILES,
   OPT_XTRA_DEBUG_SYNC,
   OPT_INNODB_CHECKSUM_ALGORITHM,
@@ -1129,9 +1351,9 @@ enum options_xtrabackup
   OPT_NO_LOCK,
   OPT_SAFE_SLAVE_BACKUP,
   OPT_RSYNC,
+  OPT_NO_BACKUP_LOCKS,
   OPT_FORCE_NON_EMPTY_DIRS,
   OPT_NO_VERSION_CHECK,
-  OPT_NO_BACKUP_LOCKS,
   OPT_DECOMPRESS,
   OPT_INCREMENTAL_HISTORY_NAME,
   OPT_INCREMENTAL_HISTORY_UUID,
@@ -1343,8 +1565,10 @@ struct my_option xb_client_options[]= {
      0, 0, 0, 0, 0, 0},
 
     {"no-lock", OPT_NO_LOCK,
-     "Use this option to disable table lock "
-     "with \"FLUSH TABLES WITH READ LOCK\". Use it only if ALL your "
+     "This option should not be used as "
+     "mariadb-backup now is using BACKUP LOCKS, which minimizes the "
+     "lock time. ALTER TABLE can run in parallel with BACKUP LOCKS."
+     "Use the --no-lock option it only if ALL your "
      "tables are InnoDB and you DO NOT CARE about the binary log "
      "position of the backup. This option shouldn't be used if there "
      "are any DDL statements being executed or if any updates are "
@@ -1373,14 +1597,12 @@ struct my_option xb_client_options[]= {
      GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
     {"rsync", OPT_RSYNC,
-     "Uses the rsync utility to optimize local file "
-     "transfers. When this option is specified, " XB_TOOL_NAME " uses rsync "
-     "to copy all non-InnoDB files instead of spawning a separate cp for "
-     "each file, which can be much faster for servers with a large number "
-     "of databases or tables.  This option cannot be used together with "
-     "--stream.",
-     (uchar *) &opt_rsync, (uchar *) &opt_rsync, 0, GET_BOOL, NO_ARG, 0, 0, 0,
-     0, 0, 0},
+     "Obsolete depricated option",
+     &ignored_option, &ignored_option,  0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
+
+    {"no-backup-locks", OPT_NO_BACKUP_LOCKS,
+     "Obsolete depricated option",
+     &ignored_option, &ignored_option,  0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
     {"force-non-empty-directories", OPT_FORCE_NON_EMPTY_DIRS,
      "This "
@@ -1398,15 +1620,6 @@ struct my_option xb_client_options[]= {
      (uchar *) &opt_noversioncheck, (uchar *) &opt_noversioncheck, 0, GET_BOOL,
      NO_ARG, 0, 0, 0, 0, 0, 0},
 
-    {"no-backup-locks", OPT_NO_BACKUP_LOCKS,
-     "This option controls if "
-     "backup locks should be used instead of FLUSH TABLES WITH READ LOCK "
-     "on the backup stage. The option has no effect when backup locks are "
-     "not supported by the server. This option is enabled by default, "
-     "disable with --no-backup-locks.",
-     (uchar *) &opt_no_backup_locks, (uchar *) &opt_no_backup_locks, 0,
-     GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
-
     {"decompress", OPT_DECOMPRESS,
      "Decompresses all files with the .qp "
      "extension in a backup previously made with the --compress option. "
@@ -1483,11 +1696,10 @@ struct my_option xb_client_options[]= {
      (uchar *) &opt_remove_original, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
     {"ftwrl-wait-query-type", OPT_LOCK_WAIT_QUERY_TYPE,
-     "This option specifies which types of queries are allowed to complete "
-     "before " XB_TOOL_NAME " will issue the global lock. Default is all.",
-     (uchar *) &opt_lock_wait_query_type, (uchar *) &opt_lock_wait_query_type,
-     &query_type_typelib, GET_ENUM, REQUIRED_ARG, QUERY_TYPE_ALL, 0, 0, 0, 0,
-     0},
+     "Old disabled option which has no effect anymore (not needed "
+     "with BACKUP LOCKS)",
+     (uchar*) 0, (uchar*) 0, &query_type_typelib, GET_ENUM,
+     REQUIRED_ARG, QUERY_TYPE_ALL, 0, 0, 0, 0, 0},
 
     {"kill-long-query-type", OPT_KILL_LONG_QUERY_TYPE,
      "This option specifies which types of queries should be killed to "
@@ -1504,32 +1716,31 @@ struct my_option xb_client_options[]= {
      NULL, NULL, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
 
     {"kill-long-queries-timeout", OPT_KILL_LONG_QUERIES_TIMEOUT,
-     "This option specifies the number of seconds " XB_TOOL_NAME " waits "
-     "between starting FLUSH TABLES WITH READ LOCK and killing those "
-     "queries that block it. Default is 0 seconds, which means "
-     XB_TOOL_NAME " will not attempt to kill any queries.",
-     (uchar *) &opt_kill_long_queries_timeout,
-     (uchar *) &opt_kill_long_queries_timeout, 0, GET_UINT, REQUIRED_ARG, 0, 0,
+     "Old disabled option which has no effect anymore (not needed "
+     "with BACKUP LOCKS)",
+     (uchar*) 0, (uchar*) 0,  0, GET_UINT, REQUIRED_ARG, 0, 0,
      0, 0, 0, 0},
 
     {"ftwrl-wait-timeout", OPT_LOCK_WAIT_TIMEOUT,
-     "This option specifies time in seconds that " XB_TOOL_NAME " should wait "
-     "for queries that would block FTWRL before running it. If there are "
-     "still such queries when the timeout expires, " XB_TOOL_NAME " terminates "
-     "with an error. Default is 0, in which case " XB_TOOL_NAME " does not "
-     "wait for queries to complete and starts FTWRL immediately.",
-     (uchar *) &opt_lock_wait_timeout, (uchar *) &opt_lock_wait_timeout, 0,
-     GET_UINT, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+     "Alias for startup-wait-timeout",
+     (uchar*) &opt_lock_wait_timeout, (uchar*) &opt_lock_wait_timeout,
+     0, GET_UINT, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+
+    {"startup-wait-timeout", OPT_LOCK_WAIT_TIMEOUT,
+     "This option specifies time in seconds that mariadb-backup should wait for "
+     "BACKUP STAGE START to complete. BACKUP STAGE START has to wait until all "
+     "currently running queries using explicite LOCK TABLES has ended. "
+     "If there are still such queries when the timeout expires, mariadb-backup "
+     "terminates with an error. Default is 0, in which case mariadb-backup waits "
+     "indefinitely for BACKUP STAGE START to finish",
+     (uchar*) &opt_lock_wait_timeout, (uchar*) &opt_lock_wait_timeout,
+     0, GET_UINT, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
     {"ftwrl-wait-threshold", OPT_LOCK_WAIT_THRESHOLD,
-     "This option specifies the query run time threshold which is used by "
-     XB_TOOL_NAME " to detect long-running queries with a non-zero value "
-     "of --ftwrl-wait-timeout. FTWRL is not started until such "
-     "long-running queries exist. This option has no effect if "
-     "--ftwrl-wait-timeout is 0. Default value is 60 seconds.",
-     (uchar *) &opt_lock_wait_threshold, (uchar *) &opt_lock_wait_threshold, 0,
-     GET_UINT, REQUIRED_ARG, 60, 0, 0, 0, 0, 0},
-
+     "Old disabled option which has no effect anymore (not needed "
+     "with BACKUP LOCKS)",
+     (uchar*) 0, (uchar*) 0,  0, GET_UINT,
+     REQUIRED_ARG, 60, 0, 0, 0, 0, 0},
 
     {"safe-slave-backup-timeout", OPT_SAFE_SLAVE_BACKUP_TIMEOUT,
      "How many seconds --safe-slave-backup should wait for "
@@ -1595,7 +1806,7 @@ struct my_option xb_server_options[] =
   {"parallel", OPT_XTRA_PARALLEL,
    "Number of threads to use for parallel datafiles transfer. "
    "The default value is 1.",
-   (G_PTR*) &xtrabackup_parallel, (G_PTR*) &xtrabackup_parallel, 0, GET_INT,
+   (G_PTR*) &xtrabackup_parallel, (G_PTR*) &xtrabackup_parallel, 0, GET_UINT,
    REQUIRED_ARG, 1, 1, INT_MAX, 0, 0, 0},
 
   {"extended_validation", OPT_XTRA_EXTENDED_VALIDATION,
@@ -1677,8 +1888,8 @@ struct my_option xb_server_options[] =
   {"innodb_log_buffer_size", OPT_INNODB_LOG_BUFFER_SIZE,
    "Redo log buffer size in bytes.",
    (G_PTR*) &log_sys.buf_size, (G_PTR*) &log_sys.buf_size, 0,
-   IF_WIN(GET_ULL,GET_ULONG), REQUIRED_ARG, 2U << 20,
-   2U << 20, SIZE_T_MAX, 0, 4096, 0},
+   GET_UINT, REQUIRED_ARG, 2U << 20,
+   2U << 20, log_sys.buf_size_max, 0, 4096, 0},
 #if defined __linux__ || defined _WIN32
   {"innodb_log_file_buffering", OPT_INNODB_LOG_FILE_BUFFERING,
    "Whether the file system cache for ib_logfile0 is enabled during --backup",
@@ -1754,17 +1965,17 @@ struct my_option xb_server_options[] =
    0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
   {"plugin-dir", OPT_PLUGIN_DIR,
-  "Server plugin directory. Used to load plugins during 'prepare' phase."
-  "Has no effect in the 'backup' phase (plugin directory during backup is the same as server's)",
-  &xb_plugin_dir, &xb_plugin_dir,
-  0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0 },
+   "Server plugin directory. Used to load plugins during 'prepare' phase."
+   "Has no effect in the 'backup' phase (plugin directory during backup is the same as server's)",
+   &xb_plugin_dir, &xb_plugin_dir,
+   0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0 },
 
   {"aria_log_dir_path", OPT_ARIA_LOG_DIR_PATH,
    "Path to individual files and their sizes.",
    &aria_log_dir_path, &aria_log_dir_path,
    0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
-  {"open_files_limit", OPT_OPEN_FILES_LIMIT, "the maximum number of file "
+  {"open_files_limit", 0, "the maximum number of file "
    "descriptors to reserve with setrlimit().",
    (G_PTR*) &xb_open_files_limit, (G_PTR*) &xb_open_files_limit, 0, GET_ULONG,
    REQUIRED_ARG, 0, 0, UINT_MAX, 0, 1, 0},
@@ -1885,7 +2096,7 @@ static int prepare_export()
       IF_WIN("\"","") "\"%s\" --mysqld \"%s\""
       " --defaults-extra-file=./backup-my.cnf --defaults-group-suffix=%s --datadir=."
       " --innodb --innodb-fast-shutdown=0 --loose-partition"
-      " --innodb-buffer-pool-size=%llu"
+      " --innodb_purge_rseg_truncate_frequency=1 --innodb-buffer-pool-size=%llu"
       " --console --skip-log-error --skip-log-bin --bootstrap %s< "
       BOOTSTRAP_FILENAME IF_WIN("\"",""),
       mariabackup_exe,
@@ -1899,7 +2110,7 @@ static int prepare_export()
       IF_WIN("\"","") "\"%s\" --mysqld"
       " --defaults-file=./backup-my.cnf --defaults-group-suffix=%s --datadir=."
       " --innodb --innodb-fast-shutdown=0 --loose-partition"
-      " --innodb-buffer-pool-size=%llu"
+      " --innodb_purge_rseg_truncate_frequency=1 --innodb-buffer-pool-size=%llu"
       " --console --log-error= --skip-log-bin --bootstrap %s< "
       BOOTSTRAP_FILENAME IF_WIN("\"",""),
       mariabackup_exe,
@@ -1948,7 +2159,8 @@ static void usage(void)
   puts("Open source backup tool for InnoDB and XtraDB\n\
 \n\
 Copyright (C) 2009-2015 Percona LLC and/or its affiliates.\n\
-Portions Copyright (C) 2000, 2011, MySQL AB & Innobase Oy. All Rights Reserved.\n\
+Portions Copyright (C) 2000, 2011, MySQL AB & Innobase Oy.\n\
+Portions Copyright (C) 2017-2023 MariaDB Corporation / MariaDB Plc.\n\
 \n\
 This program is free software; you can redistribute it and/or\n\
 modify it under the terms of the GNU General Public License\n\
@@ -2021,6 +2233,10 @@ xb_get_one_option(const struct my_option *opt,
     ADD_PRINT_PARAM_OPT(srv_log_group_home_dir);
     break;
 
+  case OPT_INNODB_LOG_FILES_IN_GROUP:
+  case OPT_INNODB_LOG_FILE_SIZE:
+    break;
+
   case OPT_INNODB_FLUSH_METHOD:
 #ifdef _WIN32
     /* From: storage/innobase/handler/ha_innodb.cc:innodb_init_params */
@@ -2133,6 +2349,11 @@ xb_get_one_option(const struct my_option *opt,
       }
     }
     break;
+  case OPT_RSYNC:
+  case OPT_NO_BACKUP_LOCKS:
+    if (my_handle_options_init_variables)
+      fprintf(stderr, "Obsolete option: %s. Ignored\n", opt->name);
+    break;
 #define MYSQL_CLIENT
 #include "sslopt-case.h"
 #undef MYSQL_CLIENT
@@ -2428,7 +2649,12 @@ static bool innodb_init()
   os_file_delete_if_exists_func(ib_logfile0.c_str(), nullptr);
   os_file_t file= os_file_create_func(ib_logfile0.c_str(),
                                       OS_FILE_CREATE, OS_FILE_NORMAL,
-                                      OS_DATA_FILE_NO_O_DIRECT, false, &ret);
+#if defined _WIN32 || defined O_DIRECT
+                                      OS_DATA_FILE_NO_O_DIRECT,
+#else
+                                      OS_DATA_FILE,
+#endif
+				      false, &ret);
   if (!ret)
   {
   invalid_log:
@@ -3026,12 +3252,7 @@ static my_bool xtrabackup_copy_datafile(ds_ctxt *ds_data,
 		goto skip;
 	}
 
-	if (!changed_page_bitmap) {
-		read_filter = &rf_pass_through;
-	}
-	else {
-		read_filter = &rf_bitmap;
-	}
+	read_filter = &rf_pass_through;
 
 	res = xb_fil_cur_open(&cursor, read_filter, node, thread_n, ULLONG_MAX);
 	if (res == XB_FIL_CUR_SKIP) {
@@ -3355,50 +3576,22 @@ To use this facility, you need to
 3. start mariabackup with --dbug=+d,debug_mariabackup_events
 */
 void dbug_mariabackup_event(const char *event,
-                                   const fil_space_t::name_type key)
+                            const fil_space_t::name_type key,
+                            bool need_lock)
 {
+        static std::mutex dbug_mariabackup_event_mutex;
 	char *sql = dbug_mariabackup_get_val(event, key);
 	if (sql && *sql) {
 		msg("dbug_mariabackup_event : executing '%s'", sql);
-		xb_mysql_query(mysql_connection, sql, false, true);
-	}
+                if (need_lock) {
+                        std::lock_guard<std::mutex> lock(dbug_mariabackup_event_mutex);
+                        xb_mysql_query(mysql_connection, sql, false, true);
+                } else
+                        xb_mysql_query(mysql_connection, sql, false, true);
+        }
 }
 #endif // DBUG_OFF
 
-/** Datafiles copying thread.*/
-static void data_copy_thread_func(data_thread_ctxt_t *ctxt) /* thread context */
-{
-	uint			num = ctxt->num;
-	fil_node_t*		node;
-	ut_ad(ctxt->corrupted_pages);
-
-	/*
-	  Initialize mysys thread-specific memory so we can
-	  use mysys functions in this thread.
-	*/
-	my_thread_init();
-
-	while ((node = datafiles_iter_next(ctxt->it)) != NULL) {
-		DBUG_MARIABACKUP_EVENT("before_copy", node->space->name());
-		DBUG_EXECUTE_FOR_KEY("wait_innodb_redo_before_copy",
-				     node->space->name(),
-			backup_wait_for_lsn(get_current_lsn(mysql_connection)););
-		/* copy the datafile */
-		if (xtrabackup_copy_datafile(ctxt->datasinks->m_data,
-					     ctxt->datasinks->m_meta, node, num, NULL,
-			xtrabackup_incremental ? wf_incremental : wf_write_through,
-			*ctxt->corrupted_pages))
-			die("failed to copy datafile.");
-
-		DBUG_MARIABACKUP_EVENT("after_copy", node->space->name());
-	}
-
-	pthread_mutex_lock(ctxt->count_mutex);
-	(*ctxt->count)--;
-	pthread_mutex_unlock(ctxt->count_mutex);
-
-	my_thread_end();
-}
 
 /************************************************************************
 Initialize the appropriate datasink(s). Both local backups and streaming in the
@@ -3553,6 +3746,11 @@ static void xb_load_single_table_tablespace(const char *dirname,
 	}
 
 	if (file->open_read_only(true) != DB_SUCCESS) {
+		// Ignore FTS tables, as they can be removed for intermediate tables,
+		// this code must be executed under stronger or equal to BLOCK_DDL lock,
+		// so there must not be errors for non-intermediate FTS tables.
+		if (check_if_fts_table(filname))
+			return;
 		die("Can't open datafile %s", name);
 	}
 
@@ -4558,7 +4756,6 @@ bool Backup_datasinks::backup_low()
 	if (failed_ids.size() > 0) {
 		return false;
 	}
-
 	if (!xtrabackup_incremental) {
 		safe_strcpy(metadata_type, sizeof(metadata_type),
 			    "full-backuped");
@@ -4597,16 +4794,441 @@ bool Backup_datasinks::backup_low()
 	return true;
 }
 
+class InnodbDataCopier {
+public:
+       InnodbDataCopier(Backup_datasinks &backup_datasinks,
+               CorruptedPages &corrupted_pages,
+               ThreadPool &thread_pool) :
+               m_backup_datasinks(backup_datasinks),
+               m_corrupted_pages(corrupted_pages),
+               m_tasks(thread_pool) {}
+
+	~InnodbDataCopier() {
+		DBUG_ASSERT(m_tasks.is_finished());
+	}
+
+	bool start() {
+		DBUG_ASSERT(m_tasks.is_finished());
+		m_tasks.push_task(
+			std::bind(&InnodbDataCopier::scan_job, this, std::placeholders::_1));
+		return true;
+	}
+
+	bool wait_for_finish() {
+		return m_tasks.wait_for_finish();
+	}
+
+private:
+	void scan_job(unsigned thread_num) {
+		datafiles_iter_t it;
+		fil_node_t*		node;
+		while ((node = datafiles_iter_next(&it)) != nullptr) {
+			m_tasks.push_task(
+				std::bind(&InnodbDataCopier::copy_job, this, node,
+					std::placeholders::_1));
+		}
+		m_tasks.finish_task(1);
+	}
+
+	void copy_job(fil_node_t *node, unsigned thread_num) {
+		DBUG_ASSERT(node);
+		// TODO: this came from the old code, where it was not thread-safe
+		// too, use separate mysql connection per thread here
+		DBUG_MARIABACKUP_EVENT("before_copy", node->space->name());
+                DBUG_EXECUTE_FOR_KEY("wait_innodb_redo_before_copy",
+                        node->space->name(),
+                        backup_wait_for_lsn(
+                                get_current_lsn(mysql_connection)););
+		/* copy the datafile */
+		if(xtrabackup_copy_datafile(m_backup_datasinks.m_data,
+		                            m_backup_datasinks.m_meta,
+		                            node, thread_num, NULL,
+                        xtrabackup_incremental
+                                ? wf_incremental : wf_write_through,
+                        m_corrupted_pages))
+			die("mariabackup: Error: failed to copy datafile.");
+		// TODO: this came from the old code, where it was not thread-safe
+		// too, use separate mysql connection per thread here
+		DBUG_MARIABACKUP_EVENT("after_copy", node->space->name());
+		m_tasks.finish_task(1);
+	}
+
+        Backup_datasinks &m_backup_datasinks;
+        CorruptedPages &m_corrupted_pages;
+	TasksGroup m_tasks;
+};
+
+
+class BackupStages {
+
+	public:
+
+		BackupStages(ds_ctxt_t *ds_data) :
+			m_bs_con(nullptr),
+			m_aria_backup(fil_path_to_mysql_datadir,
+			              aria_log_dir_path,
+			              ds_data, m_con_pool, m_thread_pool),
+			m_common_backup(fil_path_to_mysql_datadir, ds_data, m_con_pool,
+			m_thread_pool) {}
+
+		~BackupStages() { destroy(); }
+
+		bool init() {
+			if ((m_bs_con = xb_mysql_connect()) == nullptr)
+				return false;
+
+			while(m_con_pool.size() < xtrabackup_parallel) {
+				MYSQL *con = xb_mysql_connect();
+				if (con == nullptr)
+					return false;
+				m_con_pool.push_back(con);
+			}
+
+			if (!m_thread_pool.start(xtrabackup_parallel))
+				return false;
+			if (!m_aria_backup.init())
+				return false;
+			m_aria_backup.set_post_copy_table_hook(
+				std::bind(&BackupStages::store_table_version, this,
+					std::placeholders::_1, std::placeholders::_2, std::placeholders::_3));
+			m_common_backup.set_post_copy_table_hook(
+				std::bind(&BackupStages::store_table_version, this,
+					std::placeholders::_1, std::placeholders::_2, std::placeholders::_3));
+			return true;
+		}
+
+		void destroy() {
+			m_thread_pool.stop();
+			while (!m_con_pool.empty()) {
+				MYSQL *con = m_con_pool.back();
+				m_con_pool.pop_back();
+				mysql_close(con);
+			}
+			if (m_bs_con)
+				mysql_close(m_bs_con);
+			m_bs_con = nullptr;
+		}
+
+		bool stage_start(Backup_datasinks &backup_datasinks,
+		                 CorruptedPages &corrupted_pages) {
+			msg("BACKUP STAGE START");
+			if (!opt_no_lock) {
+				if (opt_safe_slave_backup) {
+					if (!wait_for_safe_slave(mysql_connection)) {
+						return(false);
+					}
+				}
+
+				history_lock_time = time(NULL);
+
+				if (!lock_for_backup_stage_start(m_bs_con)) {
+					msg("Error on BACKUP STAGE START query execution");
+					return(false);
+				}
+			}
+
+                        InnodbDataCopier innodb_data_copier(backup_datasinks,
+                                corrupted_pages,
+                                m_thread_pool);
+			// Start InnoDB data files copy in background
+			if (!innodb_data_copier.start()) {
+				msg("Error on starting InnoDB data files backup");
+				return false;
+			}
+			// Start online non-stats-log Aria tables copying in background
+			if (!m_aria_backup.start(opt_no_lock)) {
+				msg("Error on starting Aria data files backup");
+				innodb_data_copier.wait_for_finish();
+				return false;
+			}
+
+			// Wait for all innodb data files copy finish
+			if(!innodb_data_copier.wait_for_finish()) {
+				msg("InnoDB data files backup process is finished with error");
+				return false;
+			}
+			// Wait for online non-stats-log Aria tables copy finish
+			if (!m_aria_backup.wait_for_finish()) {
+				msg("Aria data files backup process is finished with error");
+				return false;
+			}
+
+			DBUG_MARIABACKUP_EVENT_LOCK("after_aria_background", {});
+
+			return true;
+		}
+
+		bool stage_flush() {
+			msg("BACKUP STAGE FLUSH");
+			if (!opt_no_lock && !lock_for_backup_stage_flush(m_bs_con)) {
+				msg("Error on BACKUP STAGE FLUSH query execution");
+				return false;
+			}
+			auto tables_in_use = get_tables_in_use(mysql_connection);
+			// Copy non-stats-log non-in-use tables of non-InnoDB-Aria-RocksDB engines
+			// in background
+			if (!m_common_backup.scan(tables_in_use,
+				&m_copied_common_tables, opt_no_lock, true)) {
+				msg("Error on scan data directory for common engines");
+				return false;
+			}
+			// Copy Aria offline non-stats-log non-in-use tables in background
+			if (!m_aria_backup.copy_offline_tables(&tables_in_use, opt_no_lock,
+				false)) {
+				msg("Error on start Aria tables backup");
+				return false;
+			}
+
+			if (!m_aria_backup.copy_log_tail()) {
+				msg("Error on Aria log tail copy");
+				return false;
+			};
+
+			// Wait for Aria tables copy finish
+			if (!m_aria_backup.wait_for_finish()) {
+				msg("Aria data files backup process is finished with error");
+				return false;
+			}
+			// Wait for non-InnoDB-Aria-RocksDB engines copy finish
+			if (!m_common_backup.wait_for_finish()) {
+				msg("Data files backup process is finished with error");
+				return false;
+			}
+
+			DBUG_EXECUTE_IF("emulate_ddl_on_intermediate_table",
+				dbug_emulate_ddl_on_intermediate_table_thread =
+				dbug_start_query_thread(
+					"SET debug_sync='copy_data_between_tables_after_set_backup_lock "
+					"SIGNAL copy_started';"
+					"SET debug_sync='copy_data_between_tables_before_reset_backup_lock "
+					"SIGNAL before_backup_lock_reset WAIT_FOR backup_lock_reset';"
+					"SET debug_sync='alter_table_after_temp_table_drop "
+					"SIGNAL temp_table_dropped';"
+					"SET SESSION lock_wait_timeout = 1;"
+					"ALTER TABLE test.t1 ADD COLUMN col1_copy INT, ALGORITHM = COPY;",
+					NULL, 0, 0);
+					xb_mysql_query(mysql_connection,
+						"SET debug_sync='now WAIT_FOR copy_started'", false, true);
+				);
+
+			return true;
+		}
+
+		bool stage_block_ddl(Backup_datasinks &backup_datasinks,
+                                     CorruptedPages &corrupted_pages) {
+			if (!opt_no_lock) {
+				if (!lock_for_backup_stage_block_ddl(m_bs_con)) {
+					msg("BACKUP STAGE BLOCK_DDL");
+					return false;
+				}
+				if (have_galera_enabled)
+				{
+					xb_mysql_query(mysql_connection, "SET SESSION wsrep_sync_wait=0", false);
+				}
+			}
+
+			ulonglong server_lsn_after_lock = get_current_lsn(mysql_connection);
+
+			// Copy the rest of non-stats-lognon-InnoDB-Aria-RocksDB tables
+			// Do not execute BACKUP LOCK under BLOCK_DDL stage
+			if (!m_common_backup.scan(m_copied_common_tables, &m_copied_common_tables,
+				true, false)) {
+				msg("Error on scan data directory for common engines");
+				return false;
+			}
+			// Copy log tables tail
+			if (!m_common_backup.copy_log_tables(false)) {
+				msg("Error on copy system tables");
+				return false;
+			}
+
+			// Copy the rest of non-stats Aria tables in background
+			if (!m_aria_backup.copy_offline_tables(nullptr, true, false)) {
+				msg("Error on start Aria tables backup");
+				return false;
+			}
+
+			// Copy .frm, .trn and other files
+			if (!backup_files(backup_datasinks.m_data,
+			                  fil_path_to_mysql_datadir)) {
+				msg("Backup files error");
+				return false;
+			}
+
+			msg("Waiting for log copy thread to read lsn %llu",
+				server_lsn_after_lock);
+			backup_wait_for_lsn(server_lsn_after_lock);
+			corrupted_pages.backup_fix_ddl(backup_datasinks.m_data,
+			                               backup_datasinks.m_meta);
+
+			if (!m_aria_backup.copy_log_tail()) {
+				msg("Error on Aria log tail copy");
+				return false;
+			}
+
+			// Wait for Aria tables copy finish
+			if (!m_aria_backup.wait_for_finish()) {
+				msg("Aria data files backup process is finished with error");
+				return false;
+			}
+			// Wait for non-InnoDB-Aria-RocksDB engines copy finish
+			if (!m_common_backup.wait_for_finish()) {
+				msg("Data files backup process is finished with error");
+				return false;
+			}
+
+			ddl_log::backup(fil_path_to_mysql_datadir,
+			                backup_datasinks.m_data, m_tables);
+
+			DBUG_MARIABACKUP_EVENT_LOCK("after_stage_block_ddl", {});
+
+			return true;
+		}
+
+		bool stage_block_commit(Backup_datasinks &backup_datasinks) {
+			msg("BACKUP STAGE BLOCK_COMMIT");
+			if (!opt_no_lock && !lock_for_backup_stage_commit(m_bs_con)) {
+				msg("Error on BACKUP STAGE BLOCK_COMMIT query execution");
+				return false;
+			}
+
+			// Copy log tables tail
+			if (!m_common_backup.copy_log_tables(true)) {
+				msg("Error on copy log tables");
+				return false;
+			}
+
+			// Copy stats tables
+			if (!m_common_backup.copy_stats_tables()) {
+				msg("Error on copy stats tables");
+				return false;
+			}
+
+			// Copy system Aria files
+			if (!m_aria_backup.finalize()) {
+				msg("Error on finalize Aria tables backup");
+				return false;
+			}
+
+			if (!m_common_backup.wait_for_finish()) {
+				msg("Error on finish common engines backup");
+				return false;
+			}
+
+			if (!m_common_backup.close_log_tables()) {
+				msg("Error on close log tables");
+				return false;
+			}
+
+                        if (!backup_files_from_datadir(backup_datasinks.m_data,
+                                                       fil_path_to_mysql_datadir,
+                                                       "aws-kms-key")) {
+                                msg("Error on root data dir files backup");
+                                return false;
+                        }
+
+			if (has_rocksdb_plugin()) {
+				rocksdb_create_checkpoint();
+			}
+
+			// There is no need to stop slave thread before coping non-Innodb data when
+			// --no-lock option is used because --no-lock option requires that no DDL or
+			// DML to non-transaction tables can occur.
+			if (opt_no_lock) {
+				if (opt_safe_slave_backup) {
+					if (!wait_for_safe_slave(mysql_connection)) {
+						return(false);
+					}
+				}
+			}
+
+			if (opt_slave_info) {
+                          if (!write_slave_info(backup_datasinks.m_data,
+                                                mysql_connection)) {
+					return(false);
+				}
+			}
+
+			/* The only reason why Galera/binlog info is written before
+				 wait_for_ibbackup_log_copy_finish() is that after that call the xtrabackup
+				 binary will start streamig a temporary copy of REDO log to stdout and
+				 thus, any streaming from innobackupex would interfere. The only way to
+				 avoid that is to have a single process, i.e. merge innobackupex and
+				 xtrabackup. */
+			if (opt_galera_info) {
+                          if (!write_galera_info(backup_datasinks.m_data,
+                                                 mysql_connection)) {
+					return(false);
+				}
+			}
+
+                       bool with_binlogs = opt_binlog_info == BINLOG_INFO_ON;
+
+                       if (with_binlogs || opt_galera_info) {
+                         if (!write_binlog_info(backup_datasinks.m_data,
+                                                 mysql_connection)) {
+                                       return(false);
+                               }
+			}
+
+			if (!opt_no_lock) {
+				msg("Executing FLUSH NO_WRITE_TO_BINLOG ENGINE LOGS...");
+				xb_mysql_query(mysql_connection,
+						"FLUSH NO_WRITE_TO_BINLOG ENGINE LOGS", false);
+			}
+
+			return backup_datasinks.backup_low();
+		}
+
+		bool stage_end(Backup_datasinks &backup_datasinks) {
+			msg("BACKUP STAGE END");
+			/* release all locks */
+			if (!opt_no_lock) {
+				unlock_all(m_bs_con);
+				history_lock_time = 0;
+			} else {
+				history_lock_time = time(NULL) - history_lock_time;
+			}
+			backup_release();
+			DBUG_EXECUTE_IF("check_mdl_lock_works",
+                                        pthread_join(dbug_alter_thread, nullptr);
+			);
+
+			DBUG_EXECUTE_IF("emulate_ddl_on_intermediate_table",
+				pthread_join(
+					dbug_emulate_ddl_on_intermediate_table_thread,
+					nullptr);
+			);
+
+			backup_finish(backup_datasinks.m_data);
+			return true;
+		}
+
+		void store_table_version(
+			std::string db, std::string table, std::string table_version) {
+			auto tk = table_key(db, table);
+			std::lock_guard<std::mutex> lock(m_tables_mutex);
+			m_tables[std::move(tk)] = std::move(table_version);
+		}
+
+	private:
+                Backup_datasinks *backup_datasinks;
+		MYSQL *m_bs_con;
+		ThreadPool m_thread_pool;
+		std::vector<MYSQL *> m_con_pool;
+		std::mutex m_tables_mutex;
+		ddl_log::tables_t m_tables;
+		aria::Backup m_aria_backup;
+		common_engine::Backup m_common_backup;
+		std::unordered_set<table_key_t> m_copied_common_tables;
+};
+
 /** Implement --backup
 @return	whether the operation succeeded */
 static bool xtrabackup_backup_func()
 {
 	MY_STAT			 stat_info;
-	uint			 i;
-	uint			 count;
-	pthread_mutex_t		 count_mutex;
 	CorruptedPages corrupted_pages;
-	data_thread_ctxt_t 	*data_threads;
 	Backup_datasinks backup_datasinks;
 	pthread_cond_init(&scanned_lsn_cond, NULL);
 
@@ -4622,7 +5244,7 @@ static bool xtrabackup_backup_func()
 		return(false);
 	}
 	msg("cd to %s", mysql_real_data_home);
-	xb_plugin_backup_init(mysql_connection);
+	encryption_plugin_backup_init(mysql_connection);
 	msg("open files limit requested %lu, set to %lu",
 	    xb_open_files_limit,
 	    xb_set_max_open_files(xb_open_files_limit));
@@ -4663,22 +5285,6 @@ fail:
 		return(false);
 	}
 
-	if (srv_buf_pool_size >= 1000 * 1024 * 1024) {
-                                  /* Here we still have srv_pool_size counted
-                                  in kilobytes (in 4.0 this was in bytes)
-				  srv_boot() converts the value to
-                                  pages; if buffer pool is less than 1000 MB,
-                                  assume fewer threads. */
-                srv_max_n_threads = 50000;
-
-	} else if (srv_buf_pool_size >= 8 * 1024 * 1024) {
-
-                srv_max_n_threads = 10000;
-        } else {
-		srv_max_n_threads = 1000;       /* saves several MB of memory,
-                                                especially in 64-bit
-                                                computers */
-        }
 	srv_thread_pool_init();
 	/* Reset the system variables in the recovery module. */
 	trx_pool_init();
@@ -4698,9 +5304,10 @@ fail:
 	}
 	/* get current checkpoint_lsn */
 	{
+		log_sys.latch.wr_lock(SRW_LOCK_CALL);
 		mysql_mutex_lock(&recv_sys.mutex);
-
 		dberr_t err = recv_sys.find_checkpoint();
+		log_sys.latch.wr_unlock();
 
 		if (err != DB_SUCCESS) {
 			msg("Error: cannot read redo log header");
@@ -4796,11 +5403,6 @@ fail:
 
 	std::thread(log_copying_thread).detach();
 
-	/* FLUSH CHANGED_PAGE_BITMAPS call */
-	if (!flush_changed_page_bitmaps()) {
-		goto fail;
-	}
-
 	ut_a(xtrabackup_parallel > 0);
 
 	if (xtrabackup_parallel > 1) {
@@ -4812,71 +5414,36 @@ fail:
 		mdl_lock_all();
 
 		DBUG_EXECUTE_IF("check_mdl_lock_works",
-			dbug_start_query_thread("ALTER TABLE test.t ADD COLUMN mdl_lock_column int",
+			dbug_alter_thread =
+                                dbug_start_query_thread("ALTER TABLE test.t ADD COLUMN mdl_lock_column int",
 				"Waiting for table metadata lock", 0, 0););
 	}
 
-	datafiles_iter_t it;
-
-	/* Create data copying threads */
-	data_threads = (data_thread_ctxt_t *)
-		malloc(sizeof(data_thread_ctxt_t) * xtrabackup_parallel);
-	count = xtrabackup_parallel;
-	pthread_mutex_init(&count_mutex, NULL);
-
-	for (i = 0; i < (uint) xtrabackup_parallel; i++) {
-		data_threads[i].it = &it;
-		data_threads[i].num = i+1;
-		data_threads[i].count = &count;
-		data_threads[i].count_mutex = &count_mutex;
-		data_threads[i].corrupted_pages = &corrupted_pages;
-		data_threads[i].datasinks= &backup_datasinks;
-		std::thread(data_copy_thread_func, data_threads + i).detach();
-	}
+	BackupStages stages(backup_datasinks.m_data);
 
-	/* Wait for threads to exit */
-	while (1) {
-		std::this_thread::sleep_for(std::chrono::seconds(1));
-		pthread_mutex_lock(&count_mutex);
-		bool stop = count == 0;
-		pthread_mutex_unlock(&count_mutex);
-		if (stop) {
-			break;
-		}
-	}
-
-	pthread_mutex_destroy(&count_mutex);
-	free(data_threads);
-
-	DBUG_ASSERT(backup_datasinks.m_data);
-	DBUG_ASSERT(backup_datasinks.m_meta);
-	bool ok = backup_start(backup_datasinks.m_data,
-	                       backup_datasinks.m_meta, corrupted_pages);
+	if (!stages.init())
+		goto fail;
 
-	if (ok) {
-		ok = backup_datasinks.backup_low();
+	if (!stages.stage_start(backup_datasinks, corrupted_pages))
+		goto fail;
 
-		backup_release();
+	if (!stages.stage_flush())
+		goto fail;
 
-		DBUG_EXECUTE_IF("check_mdl_lock_works",
-				pthread_join(dbug_alter_thread, nullptr););
+	if (!stages.stage_block_ddl(backup_datasinks, corrupted_pages))
+		goto fail;
 
-		if (ok) {
-			backup_finish(backup_datasinks.m_data);
-		}
-	}
+	if (!stages.stage_block_commit(backup_datasinks))
+		goto fail;
 
-	if (opt_log_innodb_page_corruption)
-		ok = corrupted_pages.print_to_file(backup_datasinks.m_data,
-						   MB_CORRUPTED_PAGES_FILE);
+	if (!stages.stage_end(backup_datasinks))
+		goto fail;
 
-	if (!ok) {
+        if (opt_log_innodb_page_corruption
+                && !corrupted_pages.print_to_file(backup_datasinks.m_data,
+                                                  MB_CORRUPTED_PAGES_FILE))
 		goto fail;
-	}
 
-	if (changed_page_bitmap) {
-		xb_page_bitmap_deinit(changed_page_bitmap);
-	}
 	backup_datasinks.destroy();
 
 	msg("Redo log (from LSN " LSN_PF " to " LSN_PF ") was copied.",
@@ -4938,6 +5505,12 @@ void CorruptedPages::backup_fix_ddl(ds_ctxt *ds_data, ds_ctxt *ds_meta)
 
 	DBUG_MARIABACKUP_EVENT("backup_fix_ddl", {});
 
+	DBUG_EXECUTE_IF("emulate_ddl_on_intermediate_table",
+			xb_mysql_query(mysql_connection,
+				"SET debug_sync='now SIGNAL backup_lock_reset "
+				"WAIT_FOR temp_table_dropped'", false, true);
+			);
+
 	for (space_id_to_name_t::iterator iter = ddl_tracker.tables_in_backup.begin();
 		iter != ddl_tracker.tables_in_backup.end();
 		iter++) {
@@ -5082,6 +5655,7 @@ void CorruptedPages::backup_fix_ddl(ds_ctxt *ds_data, ds_ctxt *ds_meta)
 	}
 }
 
+
 /* ================= prepare ================= */
 
 /***********************************************************************
@@ -5568,7 +6142,7 @@ std::string change_extension(std::string filename, std::string new_ext) {
 }
 
 
-static void rename_file(const char *from,const char *to) {
+void rename_file(const char *from,const char *to) {
 	msg("Renaming %s to %s\n", from, to);
 	if (my_rename(from, to, MY_WME)) {
 		die("Can't rename %s to %s errno %d", from, to, errno);
@@ -5590,7 +6164,7 @@ typedef ibool (*handle_datadir_entry_func_t)(
 	void*		arg);			/*!<in: caller-provided data */
 
 /** Rename, and replace destination file, if exists */
-static void rename_force(const char *from, const char *to) {
+void rename_force(const char *from, const char *to) {
 	if (access(to, R_OK) == 0) {
 		msg("Removing %s", to);
 		if (my_delete(to, MYF(MY_WME))) {
@@ -5884,7 +6458,7 @@ static std::string read_file_as_string(const std::string file) {
 }
 
 /** Delete file- Provide verbose diagnostics and exit, if operation fails. */
-static void delete_file(const std::string& file, bool if_exists = false) {
+void delete_file(const std::string& file, bool if_exists = false) {
 	if (if_exists && !file_exists(file))
 		return;
 	if (my_delete(file.c_str(), MYF(MY_WME))) {
@@ -6025,7 +6599,7 @@ static bool xtrabackup_prepare_func(char** argv)
 	}
 
 	int argc; for (argc = 0; argv[argc]; argc++) {}
-	xb_plugin_prepare_init(argc, argv, xtrabackup_incremental_dir);
+	encryption_plugin_prepare_init(argc, argv);
 
 	xtrabackup_target_dir= mysql_data_home_buff;
 	xtrabackup_target_dir[0]=FN_CURLIB;		// all paths are relative from here
@@ -6068,7 +6642,6 @@ static bool xtrabackup_prepare_func(char** argv)
 		return(false);
 	}
 
-	srv_max_n_threads = 1000;
 	srv_n_purge_threads = 1;
 
 	xb_filters_init();
@@ -6237,6 +6810,8 @@ error:
 	if (ok && xtrabackup_export)
 		ok= (prepare_export() == 0);
 
+        if (ok) ok = aria::prepare(xtrabackup_target_dir);
+
 cleanup:
 	xb_filters_free();
         return ok && !ib::error::was_logged() && corrupted_pages.empty();
@@ -6374,7 +6949,7 @@ static bool check_all_privileges()
 
 	int check_result = PRIVILEGE_OK;
 
-	/* FLUSH TABLES WITH READ LOCK */
+	/* BACKUP LOCKS */
 	if (!opt_no_lock)
 	{
 		check_result |= check_privilege(
@@ -6442,21 +7017,6 @@ xb_init()
 		return(false);
 	}
 
-	if (xtrabackup_backup && opt_rsync)
-	{
-		if (xtrabackup_stream_fmt)
-		{
-			msg("Error: --rsync doesn't work with --stream\n");
-			return(false);
-		}
-		bool have_rsync = IF_WIN(false, (system("rsync --version > /dev/null 2>&1") == 0));
-		if (!have_rsync)
-		{
-			msg("Error: rsync executable not found, cannot run backup with --rsync\n");
-			return false;
-		}
-	}
-
 	n_mixed_options = 0;
 
 	if (opt_decompress) {
@@ -6493,6 +7053,7 @@ xb_init()
 		if (opt_check_privileges && !check_all_privileges()) {
 			return(false);
 		}
+
 		history_start_time = time(NULL);
 	}
 
diff --git a/extra/mariabackup/xtrabackup.h b/extra/mariabackup/xtrabackup.h
index d091c474..38d7e5fd 100644
--- a/extra/mariabackup/xtrabackup.h
+++ b/extra/mariabackup/xtrabackup.h
@@ -24,8 +24,15 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1335  USA
 #include <my_getopt.h>
 #include "datasink.h"
 #include "xbstream.h"
-#include "changed_page_bitmap.h"
+#include "fil0fil.h"
 #include <set>
+#include "handler.h"
+
+#include <utility>
+#include <vector>
+#include <tuple>
+#include <functional>
+
 
 #define XB_TOOL_NAME "mariadb-backup"
 #define XB_HISTORY_TABLE "mysql.mariadb_backup_history"
@@ -84,8 +91,6 @@ extern my_bool	xb_backup_rocksdb;
 
 extern uint		opt_protocol;
 
-extern xb_page_bitmap *changed_page_bitmap;
-
 extern char		*xtrabackup_incremental;
 extern my_bool		xtrabackup_incremental_force_scan;
 
@@ -112,7 +117,7 @@ extern my_bool		xtrabackup_decrypt_decompress;
 extern char		*innobase_data_file_path;
 extern longlong		innobase_page_size;
 
-extern int		xtrabackup_parallel;
+extern uint		xtrabackup_parallel;
 
 extern my_bool		xb_close_files;
 extern const char	*xtrabackup_compress_alg;
@@ -131,7 +136,6 @@ extern my_bool		opt_galera_info;
 extern my_bool		opt_slave_info;
 extern my_bool		opt_no_lock;
 extern my_bool		opt_safe_slave_backup;
-extern my_bool		opt_rsync;
 extern my_bool		opt_force_non_empty_dirs;
 extern my_bool		opt_noversioncheck;
 extern my_bool		opt_no_backup_locks;
@@ -288,15 +292,40 @@ fil_file_readdir_next_file(
 	os_file_stat_t* info);	/*!< in/out: buffer where the
 				info is returned */
 
-#ifndef DBUG_OFF
-#include <fil0fil.h>
-extern void dbug_mariabackup_event(const char *event,
-                            const fil_space_t::name_type key);
+const char *convert_dst(const char *dst);
 
-#define DBUG_MARIABACKUP_EVENT(A, B)                                          \
-  DBUG_EXECUTE_IF("mariabackup_events", dbug_mariabackup_event(A, B);)
-#else
-#define DBUG_MARIABACKUP_EVENT(A, B) /* empty */
-#endif // DBUG_OFF
+std::string get_table_version_from_image(const std::vector<uchar> &frm_image);
+std::pair<bool, legacy_db_type>
+	get_table_engine_from_image(const std::vector<uchar> &frm_image);
+std::string read_table_version_id(File file);
+
+std::string convert_tablename_to_filepath(
+	const char *data_dir_path, const std::string &db, const std::string &table);
+
+std::tuple<std::string, std::string, std::string>
+convert_filepath_to_tablename(const char *filepath);
+
+typedef std::string table_key_t;
+
+inline table_key_t table_key(const std::string &db, const std::string &table) {
+	return std::string(db).append(".").append(table);
+};
+
+inline table_key_t table_key(const char *db, const char *table) {
+	return std::string(db).append(".").append(table);
+};
+
+typedef std::function<void(std::string, std::string, std::string)>
+  post_copy_table_hook_t;
+
+my_bool
+check_if_skip_table(
+/******************/
+	const char*	name);	/*!< in: path to the table */
+
+bool is_log_table(const char *dbname, const char *tablename);
+bool is_stats_table(const char *dbname, const char *tablename);
 
+extern my_bool xtrabackup_copy_back;
+extern my_bool xtrabackup_move_back;
 #endif /* XB_XTRABACKUP_H */
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt
index 271e76b8..e3f8da21 100644
--- a/extra/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/CMakeLists.txt
@@ -1,86 +1,57 @@
 IF(MSVC_INTEL)
   PROJECT(wolfssl C ASM_MASM)
 ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64")
-   PROJECT(wolfssl C ASM)
+  PROJECT(wolfssl C ASM)
 ELSE()
   PROJECT(wolfssl C)
 ENDIF()
 
 IF(CMAKE_SIZEOF_VOID_P MATCHES 8)
-IF(MSVC_INTEL)
+IF(MSVC_INTEL AND NOT (CMAKE_C_COMPILER_ID MATCHES Clang))
   SET(WOLFSSL_INTELASM ON)
-  SET(WOLFSSL_X86_64_BUILD 1)
   SET(HAVE_INTEL_RDSEED 1)
   SET(HAVE_INTEL_RDRAND 1)
-ELSEIF(CMAKE_ASM_COMPILER_ID MATCHES "Clang" AND CMAKE_VERSION VERSION_LESS 3.16)
-
-  # WolfSSL 5.5.4 bug workaround below does not work, due to some CMake bug
 ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64")
-  SET(WOLFSSL_X86_64_BUILD 1)
   IF(CMAKE_C_COMPILER_ID MATCHES GNU  AND CMAKE_C_COMPILER_VERSION VERSION_LESS 4.9)
     MESSAGE_ONCE(NO_INTEL_ASSEMBLY "Disable Intel assembly for WolfSSL - compiler is too old")
+  ELSEIF(WITH_MSAN)
+    MESSAGE_ONCE(MSAN_CANT_HANDLE_IT "Disable Intel assembly for WolfSSL - MSAN can't handle it")
   ELSE()
-    IF(WITH_MSAN)
-      MESSAGE_ONCE(MSAN_CANT_HANDLE_IT
-	"Disable Intel assembly for WolfSSL - MSAN can't handle it")
-    ELSE()
-      MY_CHECK_C_COMPILER_FLAG(-maes)
-      MY_CHECK_C_COMPILER_FLAG(-msse4)
-      MY_CHECK_C_COMPILER_FLAG(-mpclmul)
-      IF(have_C__maes AND have_C__msse4 AND have_C__mpclmul)
-        SET(WOLFSSL_INTELASM ON)
+    MY_CHECK_C_COMPILER_FLAG(-maes)
+    MY_CHECK_C_COMPILER_FLAG(-msse4)
+    MY_CHECK_C_COMPILER_FLAG(-mpclmul)
+    IF(have_C__maes AND have_C__msse4 AND have_C__mpclmul)
+      SET(WOLFSSL_INTELASM ON)
+      MY_CHECK_C_COMPILER_FLAG(-mrdrnd)
+      MY_CHECK_C_COMPILER_FLAG(-mrdseed)
+      IF(have_C__mrdrnd)
+        SET(HAVE_INTEL_RDRAND ON)
+      ENDIF()
+      IF(have_C__mrdseed)
+        SET(HAVE_INTEL_RDSEED ON)
       ENDIF()
-    ENDIF()
-    MY_CHECK_C_COMPILER_FLAG(-mrdrnd)
-    MY_CHECK_C_COMPILER_FLAG(-mrdseed)
-    IF(have_C__mrdrnd)
-      SET(HAVE_INTEL_RDRAND ON)
-    ENDIF()
-    IF(have_C__mrdseed)
-      SET(HAVE_INTEL_RDSEED ON)
     ENDIF()
   ENDIF()
 ENDIF()
 ENDIF()
 
 SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src)
+SET(WOLFCRYPT_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/wolfcrypt/src)
 ADD_DEFINITIONS(${SSL_DEFINES})
-
-SET(WOLFSSL_SOURCES  
-   ${WOLFSSL_SRCDIR}/crl.c
-   ${WOLFSSL_SRCDIR}/internal.c
-   ${WOLFSSL_SRCDIR}/keys.c
-   ${WOLFSSL_SRCDIR}/tls.c
-   ${WOLFSSL_SRCDIR}/wolfio.c
-   ${WOLFSSL_SRCDIR}/ocsp.c
-   ${WOLFSSL_SRCDIR}/ssl.c
-   ${WOLFSSL_SRCDIR}/tls13.c)
-
 ADD_DEFINITIONS(-DWOLFSSL_LIB -DBUILDING_WOLFSSL)
-
+ADD_DEFINITIONS(-DWOLFSSL_SP_4096)
 INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
-IF(MSVC)
-  # size_t to long truncation warning
-  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334 -wd4028 -wd4244")
-ENDIF()
-
-ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES})
-
-# Workaround linker crash with older Ubuntu binutils
-# e.g aborting at ../../bfd/merge.c line 873 in _bfd_merged_section_offset
-IF(CMAKE_SYSTEM_NAME MATCHES "Linux")
-  STRING(REPLACE "-g " "-g1 " CMAKE_C_FLAGS_RELWITHDEBINFO 
-   ${CMAKE_C_FLAGS_RELWITHDEBINFO})
-  STRING(REPLACE "-g " "-g1 " CMAKE_C_FLAGS_DEBUG 
-     ${CMAKE_C_FLAGS_DEBUG})
-  STRING(REPLACE "-ggdb3 " " " CMAKE_C_FLAGS_RELWITHDEBINFO 
-    ${CMAKE_C_FLAGS_RELWITHDEBINFO})
-  STRING(REPLACE "-ggdb3 " " " CMAKE_C_FLAGS_DEBUG 
-     ${CMAKE_C_FLAGS_DEBUG})
-ENDIF()
+INCLUDE_DIRECTORIES(${SSL_INCLUDE_DIRS})
 
-SET(WOLFCRYPT_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/wolfcrypt/src)
-SET(WOLFCRYPT_SOURCES
+add_library(wolfssl STATIC
+${WOLFSSL_SRCDIR}/crl.c
+${WOLFSSL_SRCDIR}/internal.c
+${WOLFSSL_SRCDIR}/keys.c
+${WOLFSSL_SRCDIR}/tls.c
+${WOLFSSL_SRCDIR}/wolfio.c
+${WOLFSSL_SRCDIR}/ocsp.c
+${WOLFSSL_SRCDIR}/ssl.c
+${WOLFSSL_SRCDIR}/tls13.c
 ${WOLFCRYPT_SRCDIR}/aes.c
 ${WOLFCRYPT_SRCDIR}/arc4.c
 ${WOLFCRYPT_SRCDIR}/asn.c
@@ -110,69 +81,56 @@ ${WOLFCRYPT_SRCDIR}/wc_encrypt.c
 ${WOLFCRYPT_SRCDIR}/hash.c
 ${WOLFCRYPT_SRCDIR}/wolfmath.c
 ${WOLFCRYPT_SRCDIR}/kdf.c
+${WOLFCRYPT_SRCDIR}/sp_int.c
+${WOLFCRYPT_SRCDIR}/sp_c32.c
+${WOLFCRYPT_SRCDIR}/sp_c64.c
 )
 
-# Use fastmath large number math library.
-IF(NOT (MSVC AND CMAKE_C_COMPILER_ID MATCHES Clang))
-  # Can't use clang-cl with WOLFSSL_FASTMATH
-  # due to https://bugs.llvm.org/show_bug.cgi?id=25305
-  SET(WOLFSSL_FASTMATH 1)
-ENDIF()
-
-IF(WOLFSSL_FASTMATH)
-  SET(USE_FAST_MATH 1)
-  SET(TFM_TIMING_RESISTANT 1)
-  # FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
-  # WolfSSL will use more stack space with it
-  SET(FP_MAX_BITS 16384)
-  SET(WOLFCRYPT_SOURCES  ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c)
-  IF((CMAKE_SIZEOF_VOID_P MATCHES 4) AND (CMAKE_SYSTEM_PROCESSOR MATCHES "86")
-     AND (NOT MSVC))
-   # Workaround https://github.com/wolfSSL/wolfssl/issues/4245
-   # On 32bit Intel, to satisfy inline assembly's wish for free registers
-   # 1. use -fomit-frame-pointer
-   # 2. With  GCC 4, additionally use -fno-PIC, which works on x86
-   #    (modern GCC has PIC optimizations, that make it unnecessary)
-   # The following assumes GCC or Clang
-   SET(TFM_COMPILE_FLAGS  "-fomit-frame-pointer")
-   IF(CMAKE_C_COMPILER_VERSION VERSION_LESS "5")
-     SET(TFM_COMPILE_FLAGS  "${TFM_COMPILE_FLAGS} -fno-PIC")
-   ENDIF()
-   SET_SOURCE_FILES_PROPERTIES(${WOLFCRYPT_SRCDIR}/tfm.c
-      PROPERTIES COMPILE_FLAGS ${TFM_COMPILE_FLAGS})
- ENDIF()
-ELSE()
-  SET(WOLFSSL_SP_MATH_ALL 1)
-  SET(WOLFCRYPT_SOURCES  ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/sp_int.c)
-ENDIF()
-
-IF(WOLFSSL_X86_64_BUILD)
-  LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/cpuid.c)
-  IF(MSVC)
-    SET(WOLFSSL_AESNI 1)
-    LIST(APPEND WOLFCRYPT_SOURCES
-         ${WOLFCRYPT_SRCDIR}/aes_asm.asm
-         ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.asm)
-    IF(CMAKE_C_COMPILER_ID MATCHES Clang)
-      SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -maes -msse4.2 -mpclmul -mrdrnd -mrdseed")
-    ENDIF()
-  ELSEIF(WOLFSSL_INTELASM)
-    SET(WOLFSSL_AESNI 1)
-    SET(USE_INTEL_SPEEDUP 1)
-    LIST(APPEND WOLFCRYPT_SOURCES
+# Optimizations, assembly
+if(WOLFSSL_INTELASM)
+  set(WOLFSSL_X86_64_BUILD 1)
+  set(WOLFSSL_SP_X86_64 1)
+  set(WOLFSSL_SP_X86_64_ASM 1)
+  set(WOLFSSL_AESNI 1)
+  target_sources(wolfssl PRIVATE
+    ${WOLFCRYPT_SRCDIR}/cpuid.c
+    ${WOLFCRYPT_SRCDIR}/sp_x86_64.c
+  )
+  if(MSVC_INTEL)
+    target_sources(wolfssl PRIVATE
+      ${WOLFCRYPT_SRCDIR}/aes_asm.asm
+      ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.asm
+      ${WOLFCRYPT_SRCDIR}/sp_x86_64_asm.asm
+    )
+    target_compile_options(wolfssl PRIVATE
+      $<$<COMPILE_LANG_AND_ID:C,Clang>:-maes -msse4.2 -mpclmul -mrdrnd -mrdseed>
+      $<$<COMPILE_LANGUAGE:ASM_MASM>:/Zi>
+    )
+  else()
+    set(USE_INTEL_SPEEDUP 1)
+    target_sources(wolfssl PRIVATE
       ${WOLFCRYPT_SRCDIR}/aes_asm.S
       ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.S
       ${WOLFCRYPT_SRCDIR}/chacha_asm.S
       ${WOLFCRYPT_SRCDIR}/poly1305_asm.S
       ${WOLFCRYPT_SRCDIR}/sha512_asm.S
-      ${WOLFCRYPT_SRCDIR}/sha256_asm.S)
-    ADD_DEFINITIONS(-maes -msse4.2 -mpclmul)
-    # WolfSSL 5.5.4 bug - user_settings.h not included into aes_asm.S
-    SET_PROPERTY(SOURCE ${WOLFCRYPT_SRCDIR}/aes_asm.S APPEND PROPERTY COMPILE_OPTIONS "-DWOLFSSL_X86_64_BUILD")
-  ENDIF()
-ENDIF()
+      ${WOLFCRYPT_SRCDIR}/sha256_asm.S
+      ${WOLFCRYPT_SRCDIR}/sp_x86_64_asm.S
+    )
+    target_compile_options(wolfssl PRIVATE -maes -msse4.2 -mpclmul)
+    # Workaround 5.5.4 bug (user_settings.h not included into aes_asm.S)
+    set_property(SOURCE ${WOLFCRYPT_SRCDIR}/aes_asm.S APPEND PROPERTY COMPILE_OPTIONS "-DWOLFSSL_X86_64_BUILD")
+  endif()
+endif()
+
+# Silence some warnings
+if(MSVC)
+  # truncation warnings
+  target_compile_options(wolfssl PRIVATE $<$<COMPILE_LANGUAGE:C>:/wd4244>)
+  if(CMAKE_C_COMPILER_ID MATCHES Clang)
+    target_compile_options(wolfssl PRIVATE $<$<COMPILE_LANGUAGE:C>:-Wno-incompatible-function-pointer-types>)
+  endif()
+endif()
 
 CONFIGURE_FILE(user_settings.h.in user_settings.h)
-INCLUDE_DIRECTORIES(${SSL_INCLUDE_DIRS})
-ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
 
diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in
index baa64fcd..489118b3 100644
--- a/extra/wolfssl/user_settings.h.in
+++ b/extra/wolfssl/user_settings.h.in
@@ -21,6 +21,7 @@
 #define HAVE_AESGCM
 #define HAVE_CHACHA
 #define HAVE_POLY1305
+#define HAVE_THREAD_LS
 #define WOLFSSL_AES_COUNTER
 #define NO_WOLFSSL_STUB
 #define OPENSSL_ALL
@@ -51,20 +52,19 @@
 #define NO_RABBIT
 #define NO_RC4
 
-/*
-  FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
-  WolfSSL will use more stack space with it, with fastmath
-*/
-#cmakedefine FP_MAX_BITS 16384
 #define RSA_MAX_SIZE 8192
+#define WOLFSSL_SP_MATH_ALL
+#define WOLFSSL_HAVE_SP_RSA
+#ifndef WOLFSSL_SP_4096
+#define WOLFSSL_SP_4096
+#endif
+
 #cmakedefine WOLFSSL_AESNI
-#cmakedefine USE_FAST_MATH
-#cmakedefine TFM_TIMING_RESISTANT
 #cmakedefine HAVE_INTEL_RDSEED
 #cmakedefine HAVE_INTEL_RDRAND
 #cmakedefine USE_INTEL_SPEEDUP
-#cmakedefine USE_FAST_MATH
 #cmakedefine WOLFSSL_X86_64_BUILD
-#cmakedefine WOLFSSL_SP_MATH_ALL
+#cmakedefine WOLFSSL_SP_X86_64
+#cmakedefine WOLFSSL_SP_X86_64_ASM
 
 #endif  /* WOLFSSL_USER_SETTINGS_H */
diff --git a/extra/wolfssl/wolfssl/.github/workflows/async.yml b/extra/wolfssl/wolfssl/.github/workflows/async.yml
index 84eb4c58..36f50265 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/async.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/async.yml
@@ -18,7 +18,7 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         name: Checkout wolfSSL
 
       - name: Test wolfSSL async
diff --git a/extra/wolfssl/wolfssl/.github/workflows/curl.yml b/extra/wolfssl/wolfssl/.github/workflows/curl.yml
index fe6350e7..69840eb6 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/curl.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/curl.yml
@@ -18,11 +18,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-curl
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   test_curl:
     name: ${{ matrix.curl_ref }}
@@ -38,11 +38,11 @@ jobs:
     - name: Install test dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install nghttp2
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev
         sudo pip install impacket
 
     - name: Download lib
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: wolf-install-curl
         path: build-dir
diff --git a/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml b/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml
index 9b9b9be2..4990e928 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml
@@ -11,7 +11,7 @@ jobs:
     container:
       image: espressif/idf:latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v4_4:
@@ -20,7 +20,7 @@ jobs:
     container:
       image: espressif/idf:release-v4.4
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v5_0:
@@ -29,6 +29,6 @@ jobs:
     container:
       image: espressif/idf:release-v5.0
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
         run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
diff --git a/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml b/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml
index aa827895..3c348b62 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml
@@ -16,15 +16,15 @@ jobs:
         steps:
             - name: Install required tools
               run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Compile libwolfssl.so
               run: ./autogen.sh && ./configure --enable-all && make
             - name: Upload libwolfssl.so
-              uses: actions/upload-artifact@v3
+              uses: actions/upload-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
                 path: src/.libs/libwolfssl.so
-                retention-days: 1
+                retention-days: 5
     compile_container:
         name: Compile container
         runs-on: ubuntu-latest
@@ -34,16 +34,16 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                release: [ "22.03-SNAPSHOT", "21.02-SNAPSHOT" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
+                release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
         steps:
-            - uses: actions/checkout@v3
-            - uses: docker/setup-buildx-action@v2
-            - uses: actions/download-artifact@v3
+            - uses: actions/checkout@v4
+            - uses: docker/setup-buildx-action@v3
+            - uses: actions/download-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
                 path: Docker/OpenWrt/.
             - name: Build but dont push
-              uses: docker/build-push-action@v3
+              uses: docker/build-push-action@v5
               with:
                   context: Docker/OpenWrt
                   platforms: linux/amd64
diff --git a/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml b/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml
index 54a52b8c..9c7047bc 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml
@@ -21,7 +21,7 @@ jobs:
           install: true
 
       - name: Checkout VTest
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: vtest/VTest
           path: VTest
@@ -32,7 +32,7 @@ jobs:
         run: make FLAGS='-O2 -s -Wall'
 
       - name: Checkout HaProxy
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: haproxy/haproxy
           path: haproxy
diff --git a/extra/wolfssl/wolfssl/.github/workflows/hitch.yml b/extra/wolfssl/wolfssl/.github/workflows/hitch.yml
index a7f745db..13b933fd 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/hitch.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/hitch.yml
@@ -19,11 +19,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-hitch
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   hitch_check:
     strategy:
@@ -41,13 +41,13 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-hitch
           path: build-dir
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -59,7 +59,7 @@ jobs:
             sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
 
       - name: Checkout hitch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: varnish/hitch
           ref: 1.7.3
diff --git a/extra/wolfssl/wolfssl/.github/workflows/hostap.yml b/extra/wolfssl/wolfssl/.github/workflows/hostap.yml
index 84ea1009..187c735b 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/hostap.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/hostap.yml
@@ -40,11 +40,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.build_id }}
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   # Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
   hostap_test:
@@ -113,7 +113,7 @@ jobs:
           echo Our job run ID is $SHA_SUM
 
       - name: Checkout wolfSSL
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: wolfssl
 
@@ -140,7 +140,7 @@ jobs:
           echo "hostap_debug_flags=-d" >> $GITHUB_ENV
 
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: ${{ matrix.config.build_id }}
           path: build-dir
@@ -170,7 +170,7 @@ jobs:
           sudo rmmod mac80211_hwsim
 
       - name: Checkout hostap
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: julek-wolfssl/hostap-mirror 
           path: hostap
@@ -185,7 +185,7 @@ jobs:
 
       - if: ${{ matrix.config.osp_ref }}
         name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -275,7 +275,7 @@ jobs:
 
       - name: Upload failure logs
         if: ${{ failure() && steps.testing.outcome == 'failure' }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: hostap-logs-${{ env.our_job_run_id }}
           path: hostap/tests/hwsim/logs.zip
diff --git a/extra/wolfssl/wolfssl/.github/workflows/krb5.yml b/extra/wolfssl/wolfssl/.github/workflows/krb5.yml
index f03237c8..0022d64d 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/krb5.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/krb5.yml
@@ -11,19 +11,23 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 5
     steps:
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           path: wolfssl
-          configure: --enable-krb CFLAGS='-fsanitize=address'
+          configure: --enable-krb CC='gcc -fsanitize=address'
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-krb5
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   krb5_check:
     strategy:
@@ -38,19 +42,19 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-krb5
           path: build-dir
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
 
       - name: Checkout krb5
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: krb5/krb5
           ref: krb5-${{ matrix.ref }}-final
@@ -61,6 +65,10 @@ jobs:
         run: |
           patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build krb5
         working-directory: ./krb5/src
         run: |
diff --git a/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml b/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml
new file mode 100644
index 00000000..dd9d50e6
--- /dev/null
+++ b/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml
@@ -0,0 +1,58 @@
+name: libssh2 Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          check: false # config is already tested in many other PRB's
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir
+          retention-days: 5
+
+  libssh2_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.11.0 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir
+
+      - name: Build and test libssh2
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: libssh2/libssh2
+          ref: libssh2-${{ matrix.ref }}
+          path: libssh2
+          configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
+          check: true
+
+      - name: Confirm libssh2 built with wolfSSL
+        working-directory: ./libssh2
+        run: ldd src/.libs/libssh2.so | grep wolfssl
diff --git a/extra/wolfssl/wolfssl/.github/workflows/main.yml b/extra/wolfssl/wolfssl/.github/workflows/main.yml
index b1e63a32..4579eaab 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/main.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/main.yml
@@ -43,5 +43,10 @@ jobs:
     memcached:
         uses: ./.github/workflows/memcached.yml
 # TODO: Currently this test fails. Enable it once it becomes passing.        
+#    libssh2:
+#        uses: ./.github/workflows/libssh2.yml
+    openssh:
+        uses: ./.github/workflows/openssh.yml
+# TODO: Currently this test fails. Enable it once it becomes passing.        
 #    haproxy:
 #        uses: ./.github/workflows/haproxy.yml
diff --git a/extra/wolfssl/wolfssl/.github/workflows/memcached.yml b/extra/wolfssl/wolfssl/.github/workflows/memcached.yml
index 9a4c8131..fde37018 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/memcached.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/memcached.yml
@@ -20,11 +20,11 @@ jobs:
         run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-memcached
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   memcached_check:
     strategy:
@@ -38,13 +38,13 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-memcached
           path: build-dir
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -56,7 +56,7 @@ jobs:
             sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
 
       - name: Checkout memcached
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: memcached/memcached
           ref: 1.6.22
diff --git a/extra/wolfssl/wolfssl/.github/workflows/multi-arch.yml b/extra/wolfssl/wolfssl/.github/workflows/multi-arch.yml
index e5b9859a..031ca802 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/multi-arch.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/multi-arch.yml
@@ -35,7 +35,7 @@ jobs:
         run: |
           sudo apt update
           sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Build
         env:
             CC: ${{ matrix.CC }}
diff --git a/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml b/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml
index 48512df2..b63fd0f2 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml
@@ -41,7 +41,7 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Build
         env:
             CC: ${{ matrix.CC }}
diff --git a/extra/wolfssl/wolfssl/.github/workflows/nginx.yml b/extra/wolfssl/wolfssl/.github/workflows/nginx.yml
index 05f2ed7c..9f9f81ec 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/nginx.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/nginx.yml
@@ -25,11 +25,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-nginx
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   nginx_check:
     strategy:
@@ -99,7 +99,7 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-nginx
           path: build-dir
@@ -109,13 +109,13 @@ jobs:
           sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
 
       - name: Checkout wolfssl-nginx
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/wolfssl-nginx
           path: wolfssl-nginx
 
       - name: Checkout nginx
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: nginx/nginx
           path: nginx
@@ -131,7 +131,7 @@ jobs:
         run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
 
       - name: Checkout nginx-tests
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: nginx/nginx-tests
           path: nginx-tests
@@ -174,6 +174,10 @@ jobs:
         run: |
           echo "nginx_c_flags=-O0" >> $GITHUB_ENV
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build nginx with sanitizer
         working-directory: nginx
         run: |
@@ -203,4 +207,4 @@ jobs:
           LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
             TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
             prove ${{ matrix.sanitize-ok }}
- 
\ No newline at end of file
+ 
diff --git a/extra/wolfssl/wolfssl/.github/workflows/openssh.yml b/extra/wolfssl/wolfssl/.github/workflows/openssh.yml
new file mode 100644
index 00000000..02838773
--- /dev/null
+++ b/extra/wolfssl/wolfssl/.github/workflows/openssh.yml
@@ -0,0 +1,68 @@
+name: openssh Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-openssh --enable-dsa --with-max-rsa-bits=8192
+            --enable-intelasm --enable-sp-asm
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir
+          retention-days: 5
+
+  openssh_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - git_ref: 'V_9_6_P1'
+            osp_ver: '9.6'
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test openssh
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: openssh/openssh-portable
+          ref: ${{ matrix.git_ref }}
+          path: openssh
+          patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
+          check: false
+
+      # make tests take >20 minutes. Consider limiting? 
+      - name: Run tests
+        working-directory: ./openssh
+        run: |
+          # Run all the tests except (t-exec) as it takes too long
+          make file-tests interop-tests extra-tests unit
diff --git a/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml b/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml
index 10f206ff..314f9a4e 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml
@@ -19,18 +19,18 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-openvpn
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   openvpn_check:
     strategy:
       fail-fast: false
       matrix:
         # List of refs to test
-        ref: [ master, release/2.6, v2.6.0 ]
+        ref: [ release/2.6, v2.6.0, master ]
     name: ${{ matrix.ref }}
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -38,7 +38,7 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-openvpn
           path: build-dir
@@ -50,10 +50,14 @@ jobs:
                      linux-libc-dev man2html libcmocka-dev python3-docutils \
                      libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - if: ${{ matrix.ref != 'master' }}
         name: Build and test openvpn with fsanitize
         run: |
-          echo 'extra_c_flags=CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
+          echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
 
       - name: Build and test openvpn
         uses: wolfSSL/actions-build-autotools-project@v1
diff --git a/extra/wolfssl/wolfssl/.github/workflows/os-check.yml b/extra/wolfssl/wolfssl/.github/workflows/os-check.yml
index 08134c4a..9846efaa 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/os-check.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/os-check.yml
@@ -67,6 +67,7 @@ jobs:
           'examples/configs/user_settings_min_ecc.h',
           'examples/configs/user_settings_wolfboot_keytools.h',
           'examples/configs/user_settings_wolftpm.h',
+          'examples/configs/user_settings_tls12.h',
         ]
     name: make user_setting.h (testwolfcrypt only)
     runs-on: ${{ matrix.os }}
@@ -94,7 +95,7 @@ jobs:
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - if: ${{ matrix.os == 'macos-latest' }}
       run: brew install automake libtool
     - run: ./autogen.sh
@@ -121,10 +122,10 @@ jobs:
       BUILD_CONFIGURATION: Release
       BUILD_PLATFORM: x64
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Add MSBuild to PATH
-      uses: microsoft/setup-msbuild@v1
+      uses: microsoft/setup-msbuild@v2
 
     - name: Restore NuGet packages
       working-directory: ${{env.GITHUB_WORKSPACE}}
diff --git a/extra/wolfssl/wolfssl/.github/workflows/packaging.yml b/extra/wolfssl/wolfssl/.github/workflows/packaging.yml
index 42e21359..50f2a086 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/packaging.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/packaging.yml
@@ -11,7 +11,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout wolfSSL
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Configure wolfSSL
         run: |
diff --git a/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml b/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml
index ac25126d..a93a0477 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml
@@ -19,11 +19,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-stunnel
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   stunnel_check:
     strategy:
@@ -38,13 +38,13 @@ jobs:
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-stunnel
           path: build-dir
     
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
diff --git a/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml b/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml
index decdba25..c7f1bc8e 100644
--- a/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml
+++ b/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml
@@ -64,10 +64,10 @@ jobs:
 
       - name: Install zephyr SDK
         run: |
-          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
-          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
+          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
           cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
-          ./setup.sh -h -c
+          ./setup.sh -h -c -t x86_64-zephyr-elf
 
       - name: Run wolfssl test
         id: wolfssl-test
@@ -97,7 +97,7 @@ jobs:
 
       - name: Upload failure logs
         if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: zephyr-client-test-logs
           path: logs.zip
diff --git a/extra/wolfssl/wolfssl/.gitignore b/extra/wolfssl/wolfssl/.gitignore
index 5adfbf31..5bd31033 100644
--- a/extra/wolfssl/wolfssl/.gitignore
+++ b/extra/wolfssl/wolfssl/.gitignore
@@ -82,16 +82,19 @@ snifftest
 output
 mcapi/test
 testsuite/testsuite
-tests/unit
 testsuite/testsuite.test
+testsuite/*.der
+testsuite/*.pem
+testsuite/*.raw
+testsuite/*.obj
+testsuite/*.pdb
+testsuite/*.idb
+tests/unit
 tests/unit.test
 tests/bio_write_test.txt
 tests/test-log-dump-to-file.txt
 tests/cert_cache.tmp
 test-write-dhparams.pem
-testsuite/*.der
-testsuite/*.pem
-testsuite/*.raw
 cert.der
 cert.pem
 certecc.der
@@ -286,23 +289,6 @@ mqx/wolfcrypt_benchmark/.settings
 mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
 mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
 
-# User Crypto example build
-wolfcrypt/user-crypto/aclocal.m4
-wolfcrypt/user-crypto/config.guess
-wolfcrypt/user-crypto/autom4te.cache
-wolfcrypt/user-crypto/config.log
-wolfcrypt/user-crypto/config.status
-wolfcrypt/user-crypto/config.sub
-wolfcrypt/user-crypto/depcomp
-wolfcrypt/user-crypto/install-sh
-wolfcrypt/user-crypto/libtool
-wolfcrypt/user-crypto/ltmain.sh
-wolfcrypt/user-crypto/m4
-wolfcrypt/user-crypto/missing
-wolfcrypt/user-crypto/Makefile.in
-wolfcrypt/user-crypto/lib/libusercrypto.*
-*.hzs
-
 # wolfSSL CSharp wrapper
 wrapper/CSharp/x64/
 
@@ -339,6 +325,10 @@ wolfcrypt/src/port/intel/qat_test
 # Arduino Generated Files
 /IDE/ARDUINO/wolfSSL
 scripts/memtest.txt
+/IDE/ARDUINO/Arduino_README_prepend.md.tmp
+/IDE/ARDUINO/library.properties.tmp
+/IDE/ARDUINO/library.properties.tmp.backup
+/IDE/ARDUINO/PREPENDED_README.md
 
 # Doxygen generated files
 doc/doxygen_warnings
@@ -415,7 +405,7 @@ XXX-fips-test
 # Generated user_settings_asm.h.
 user_settings_asm.h
 
-# VisualGD
+# VisualGDB
 **/.visualgdb
 
 # Espressif sdk config default should be saved in sdkconfig.defaults
@@ -423,6 +413,12 @@ user_settings_asm.h
 /IDE/Espressif/**/sdkconfig
 /IDE/Espressif/**/sdkconfig.old
 
+# MPLAB
+/IDE/MPLABX16/wolfssl.X/dist/default/
+/IDE/MPLABX16/wolfssl.X/.generated_files
+/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
+/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
+
 # auto-created CMake backups
 **/CMakeLists.txt.old
 
diff --git a/extra/wolfssl/wolfssl/CMakeLists.txt b/extra/wolfssl/wolfssl/CMakeLists.txt
index 337b0d61..bf6bc752 100644
--- a/extra/wolfssl/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/wolfssl/CMakeLists.txt
@@ -28,7 +28,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.6.6 LANGUAGES C ASM)
+project(wolfssl VERSION 5.7.0 LANGUAGES C ASM)
 
 # Set WOLFSSL_ROOT if not already defined
 if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -42,16 +42,19 @@ else()
 endif()
 
 # shared library versioning
-# increment if interfaces have been added, removed or changed
-set(LIBTOOL_CURRENT 42)
-# increment if source code has changed  set to zero if current is incremented
-set(LIBTOOL_REVISION 0)
-# increment if interfaces have been added set to zero if interfaces have been
-# removed or changed
-set(LIBTOOL_AGE 0)
+# increment if interfaces have been removed or changed
+set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
 
-math(EXPR LIBTOOL_SO_VERSION "${LIBTOOL_CURRENT} - ${LIBTOOL_AGE}")
-set(LIBTOOL_FULL_VERSION ${LIBTOOL_SO_VERSION}.${LIBTOOL_AGE}.${LIBTOOL_REVISION})
+# increment if interfaces have been added
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
+set(WOLFSSL_LIBRARY_VERSION_SECOND 1)
+
+# increment if source code has changed
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
+# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
+set(WOLFSSL_LIBRARY_VERSION_THIRD 0)
+
+set(LIBTOOL_FULL_VERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}.${WOLFSSL_LIBRARY_VERSION_SECOND}.${WOLFSSL_LIBRARY_VERSION_THIRD})
 
 set(WOLFSSL_DEFINITIONS)
 set(WOLFSSL_LINK_LIBS)
@@ -130,9 +133,15 @@ if(HAVE___UINT128_T)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE___UINT128_T")
 endif()
 
-include(TestBigEndian)
-
-test_big_endian(WORDS_BIGENDIAN)
+if(CMAKE_VERSION VERSION_LESS "3.20")
+    # TestBigEndian was deprecated in 3.20
+    include(TestBigEndian)
+    test_big_endian(IS_BIG_ENDIAN)
+    set(CMAKE_C_BYTE_ORDER "LITTLE_ENDIAN")
+    if(IS_BIG_ENDIAN)
+        set(CMAKE_C_BYTE_ORDER "BIG_ENDIAN")
+    endif()
+endif()
 
 # Thread local storage
 include(CheckCSourceCompiles)
@@ -215,6 +224,8 @@ if(WOLFSSL_REPRODUCIBLE_BUILD)
     set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -D <TARGET>")
 endif()
 
+add_option("WOLFSSL_INSTALL" "Create install target for WolfSSL project" "yes" "yes;no")
+
 # Support for forcing 32-bit mode
 # TODO: detect platform from other options
 add_option("WOLFSSL_32BIT"
@@ -574,7 +585,7 @@ if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13))
     override_cache(WOLFSSL_AESGCM "no")
 endif()
 
-if(WOLFSSL_AESGCM AND NOT WORDS_BIGENDIAN)
+if(WOLFSSL_AESGCM AND CMAKE_C_BYTE_ORDER STREQUAL "LITTLE_ENDIAN")
     override_cache(WOLFSSL_AESGCM "4bit")
 endif()
 
@@ -1662,17 +1673,14 @@ if(WOLFSSL_FAST_MATH)
         list(APPEND WOLFSSL_DEFINITIONS "-DUSE_FAST_MATH")
         set(WOLFSSL_SLOWMATH "no")
     endif()
-
-    if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
-        # Have settings.h set FP_MAX_BITS higher if user didn't set directly
-        list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
-    endif()
 endif()
 
 # TODO: - Fast huge math
 
 # Set processor-specific build macros
 if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
+    set(WOLFSSL_X86_64_BUILD ON)
+    add_option("WOLFSSL_X86_64_BUILD_ASM" "Build ASM files" "yes" "yes;no")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
 elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "aarch64|arm64")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AARCH64_BUILD")
@@ -1753,13 +1761,15 @@ else()
     list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_ASYNC_THREADING")
 endif()
 
-# TODO: - cryptodev
-#       - Session export
+# TODO: - Session export
 
 add_option("WOLFSSL_CRYPTOCB"
     "Enable crypto callbacks (default: disabled)"
     "no" "yes;no")
 
+add_option("WOLFSSL_PKCALLBACKS"
+    "Enable public key callbacks (default: disabled)"
+    "no" "yes;no")
 
 add_option("WOLFSSL_OLD_NAMES"
     "Keep backwards compat with old names (default: enabled)"
@@ -1960,6 +1970,11 @@ if(WOLFSSL_CRYPTOCB)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB")
 endif()
 
+# Public Key Callbacks
+if(WOLFSSL_PKCALLBACKS)
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
+endif()
+
 if(WOLFSSL_OCSPSTAPLING)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CERTIFICATE_STATUS_REQUEST" "-DHAVE_TLS_EXTENSIONS")
     override_cache(WOLFSSL_OCSP "yes")
@@ -2075,7 +2090,7 @@ endif()
 # Suppress some warnings about separate compilation, inlining
 add_definitions("-DWOLFSSL_IGNORE_FILE_WARN")
 # Generate user options header
-message("Generating user options header...")
+message(STATUS "Generating user options header...")
 if (${CMAKE_DISABLE_SOURCE_CHANGES})
     set(WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT "${CMAKE_DISABLE_SOURCE_CHANGES}")
 else()
@@ -2198,7 +2213,7 @@ endif()
 
 set_target_properties(wolfssl
     PROPERTIES
-        SOVERSION ${LIBTOOL_SO_VERSION}
+        SOVERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}
         VERSION ${LIBTOOL_FULL_VERSION}
 )
 
@@ -2516,82 +2531,96 @@ list(JOIN HEADER_EXCLUDE "|" EXCLUDED_HEADERS_REGEX)
 string(PREPEND EXCLUDED_HEADERS_REGEX "(")
 string(APPEND  EXCLUDED_HEADERS_REGEX ")")
 
-set(INSTALLED_EXAMPLES
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
-
-# Install the library
-install(TARGETS wolfssl
-        EXPORT wolfssl-targets
-        LIBRARY DESTINATION lib
-        ARCHIVE DESTINATION lib
-        RUNTIME DESTINATION bin
-        )
-# Install the headers
-install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
-        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
-        FILES_MATCHING PATTERN "*.h"
-        REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
-install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
-        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
-        FILES_MATCHING PATTERN "*.h"
-        REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
-
-# Install the examples
-install(FILES ${INSTALLED_EXAMPLES}
-        DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
-# Install README.txt and taoCert.txt
-install(FILES
-        ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
-        ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
-        DESTINATION ${CMAKE_INSTALL_DOCDIR})
-# Install the export set
-install(EXPORT wolfssl-targets
-        DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
-        FILE wolfssl-targets.cmake
-        NAMESPACE wolfssl::)
-
-# TODO: Distro build + rules for what to include in the distro.
-#       See various include.am files.
-
-set(prefix ${CMAKE_INSTALL_PREFIX})
-set(exec_prefix "\${prefix}")
-set(libdir "\${exec_prefix}/lib")
-set(includedir "\${prefix}/include")
-set(VERSION ${PROJECT_VERSION})
-
-configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
-  DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
-
-include(CMakePackageConfigHelpers)
-configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
-  "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
-  INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
-  NO_SET_AND_CHECK_MACRO
-  NO_CHECK_REQUIRED_COMPONENTS_MACRO
-)
+if(WOLFSSL_INSTALL)
+
+    set(INSTALLED_EXAMPLES
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
 
-export(EXPORT wolfssl-targets
-  FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
-  NAMESPACE wolfssl::
-)
 
-write_basic_package_version_file(
-  "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
-  VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
-  COMPATIBILITY AnyNewerVersion
-)
+    # Install the library
+    install(TARGETS wolfssl
+            EXPORT wolfssl-targets
+            LIBRARY DESTINATION lib
+            ARCHIVE DESTINATION lib
+            RUNTIME DESTINATION bin
+            )
+    # Install the headers
+    install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
+            DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
+            FILES_MATCHING PATTERN "*.h"
+            REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
+    install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
+            DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
+            FILES_MATCHING PATTERN "*.h"
+            REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
+
+    # Install the examples
+    install(FILES ${INSTALLED_EXAMPLES}
+            DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
+    # Install README.txt and taoCert.txt
+    install(FILES
+            ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
+            ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
+            DESTINATION ${CMAKE_INSTALL_DOCDIR})
+    # Install the export set
+    install(EXPORT wolfssl-targets
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
+            FILE wolfssl-targets.cmake
+            NAMESPACE wolfssl::)
+
+    # TODO: Distro build + rules for what to include in the distro.
+    #       See various include.am files.
+
+    set(prefix ${CMAKE_INSTALL_PREFIX})
+    set(exec_prefix "\${prefix}")
+    set(libdir "\${exec_prefix}/lib")
+    set(includedir "\${prefix}/include")
+    set(VERSION ${PROJECT_VERSION})
+
+    # Setting libm in Libs.private of wolfssl.pc.
+    # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
+    get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
+    list(FIND _wolfssl_dep_libs m _dep_libm)
+    if ("${_dep_libm}" GREATER -1)
+      set(LIBM -lm)
+    else()
+      set(LIBM)
+    endif()
 
-install(FILES
-  ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
-  ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
-  DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
-)
+    configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
+    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+
+    include(CMakePackageConfigHelpers)
+    configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
+    "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
+    INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
+    NO_SET_AND_CHECK_MACRO
+    NO_CHECK_REQUIRED_COMPONENTS_MACRO
+    )
+
+    export(EXPORT wolfssl-targets
+    FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
+    NAMESPACE wolfssl::
+    )
+
+    write_basic_package_version_file(
+    "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
+    VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
+    COMPATIBILITY AnyNewerVersion
+    )
+
+    install(FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
+    ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
+    )
+endif()
diff --git a/extra/wolfssl/wolfssl/ChangeLog.md b/extra/wolfssl/wolfssl/ChangeLog.md
index 586adaa4..c3b24757 100644
--- a/extra/wolfssl/wolfssl/ChangeLog.md
+++ b/extra/wolfssl/wolfssl/ChangeLog.md
@@ -1,3 +1,97 @@
+# wolfSSL Release 5.7.0 (Mar 20, 2024)
+
+Release 5.7.0 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition.  This option should only be used in backward compatibility scenarios, as it is inherently insecure.
+
+NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.
+
+
+## Vulnerabilities
+* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
+
+
+* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167
+
+
+* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia).
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
+
+
+## New Feature Additions
+
+* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
+
+### POST QUANTUM SUPPORT ADDITIONS
+* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
+* Experimental framework for using wolfSSL’s LMS implementation (PR 7283)
+* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318)
+* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112)
+* CryptoCb support for PQC algorithms (PR 7110)
+
+### OTHER FEATURE ADDITIONS
+* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems.  In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation.
+* CryptoCb hook to one-shot CMAC functions (PR 7059)
+* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184)
+* IoT-Safe SHA-384 and SHA-512 support (PR 7176)
+* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272)
+* Microchip PIC24 support and example project (PR 7151)
+* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296)
+* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)
+* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236)
+
+
+## Enhancements and Optimizations
+
+* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
+* Support for RSA-PSS signatures with CRL use (PR 7119)
+* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
+* Support for crypto cb only build with ECC and NXP CAAM (PR 7269)
+* Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
+* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096)
+* Enhancements to reproducible build (PR 7267)
+* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
+* XC32 compiler version 4.x compatibility (PR 7128)
+* Porting for build on PlayStation 3 and 4 (PR 7072)
+* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)
+* Allow crypto callbacks with SHA-1 HW (PR 7087)
+* Update OpenSSH port to version 9.6p1(PR 7203)
+* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221)
+* Expand heap hint support for static memory build with more x509 functions (PR 7136)
+* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182)
+* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194)
+* Implement wc_rng_new_ex for use with devID’s with crypto callback (PR 7271)
+* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102)
+* Send alert on bad PSK binder error (PR 7235)
+* Enhancements to CMake build files for use with cross compiling (PR 7188)
+
+
+## Fixes
+
+* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051)
+* Fix for Aria sign use (PR 7082)
+* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085)
+* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018)
+* Fixes for STM32 PKA use with ECC (PR 7098)
+* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070)
+* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101)
+* Siphash x64 asm fix for use with older compilers (PR 7299)
+* Fix for SGX build with SP (PR 7308)
+* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190)
+* Fix for wrap around behavior with BIO pairs (PR 7169)
+* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255)
+* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150)
+* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214)
+* Fix for write_dup use with chacha-poly cipher suites (PR 7206)
+* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141)
+* Fix for AES ECB build with Thumb and alignment (PR 7094)
+* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237)
+
 # wolfSSL Release 5.6.6 (Dec 19, 2023)
 
 Release 5.6.6 has been developed according to wolfSSL's development and QA
diff --git a/extra/wolfssl/wolfssl/Docker/Dockerfile b/extra/wolfssl/wolfssl/Docker/Dockerfile
index 388169e6..b45cff4d 100644
--- a/extra/wolfssl/wolfssl/Docker/Dockerfile
+++ b/extra/wolfssl/wolfssl/Docker/Dockerfile
@@ -3,10 +3,13 @@ FROM $DOCKER_BASE_IMAGE
 
 USER root
 
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
 ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
 ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
 ARG DEPS_UDP_PROXY="wget libevent-dev"
-ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump"
+ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev"
 ARG DEPS_TOOLS="ccache"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
                     && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
diff --git a/extra/wolfssl/wolfssl/Docker/Dockerfile.cross-compiler b/extra/wolfssl/wolfssl/Docker/Dockerfile.cross-compiler
index a89a9d5b..a9868d38 100644
--- a/extra/wolfssl/wolfssl/Docker/Dockerfile.cross-compiler
+++ b/extra/wolfssl/wolfssl/Docker/Dockerfile.cross-compiler
@@ -3,7 +3,7 @@ FROM $DOCKER_BASE_IMAGE
 
 USER root
 
-ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu"
+ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu"
 RUN DEBIAN_FRONTEND=noninteractive apt update \
                     && apt install -y ${DEPS_TESTING} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*
diff --git a/extra/wolfssl/wolfssl/Docker/yocto/Dockerfile b/extra/wolfssl/wolfssl/Docker/yocto/Dockerfile
new file mode 100644
index 00000000..5fda38f9
--- /dev/null
+++ b/extra/wolfssl/wolfssl/Docker/yocto/Dockerfile
@@ -0,0 +1,27 @@
+FROM ubuntu
+
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
+RUN locale-gen en_US.UTF-8
+
+# Add in non-root user
+ENV UID_OF_DOCKERUSER 1000
+RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
+RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
+
+USER dockerUser
+
+RUN cd /opt && git clone git://git.yoctoproject.org/poky
+WORKDIR /opt/poky
+
+ARG YOCTO_VERSION=kirkstone
+RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
+
+RUN git clone --single-branch --branch=${YOCTO_VERSION} https://github.com/wolfSSL/meta-wolfssl.git && \
+    /bin/bash -c "source oe-init-build-env" && \
+    echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
+    sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
+
+RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"
diff --git a/extra/wolfssl/wolfssl/Docker/yocto/buildAndPush.sh b/extra/wolfssl/wolfssl/Docker/yocto/buildAndPush.sh
new file mode 100755
index 00000000..d76a603e
--- /dev/null
+++ b/extra/wolfssl/wolfssl/Docker/yocto/buildAndPush.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Assume we're in wolfssl/Docker/yocto
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+for ver in kirkstone dunfell; do
+    echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+    docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
+        docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
+    if [ $? -eq 0 ]; then
+        echo "Pushing containers to DockerHub"
+        docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
+    else
+        echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
+        ((NUM_FAILURES++))
+    fi
+done
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/Arduino_README_prepend.md b/extra/wolfssl/wolfssl/IDE/ARDUINO/Arduino_README_prepend.md
new file mode 100644
index 00000000..594a0678
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/Arduino_README_prepend.md
@@ -0,0 +1,13 @@
+# Arduino wolfSSL Library
+
+This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
+
+The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
+
+See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
+
+## Arduino Releases
+
+The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
+
+See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/README.md b/extra/wolfssl/wolfssl/IDE/ARDUINO/README.md
index 4c4e10da..75c25a20 100644
--- a/extra/wolfssl/wolfssl/IDE/ARDUINO/README.md
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/README.md
@@ -1,30 +1,89 @@
-### wolfSSL with Arduino
+# wolfSSL with Arduino
 
-##### Reformatting wolfSSL as a compatible Arduino Library
-This is a shell script that will re-organize the wolfSSL library to be 
-compatible with Arduino projects that use Arduino IDE 1.5.0 or newer. 
-The Arduino IDE requires a library's source files to be in the library's root 
-directory with a header file in the name of the library. This script moves all 
-src/ files to the `IDE/ARDUINO/wolfSSL/src` directory and creates a stub header
-file called `wolfssl.h` inside that directory.
+See the [example sketches](./sketches/README.md):
 
-Step 1: To configure wolfSSL with Arduino, enter the following from within the
-wolfssl/IDE/ARDUINO directory:
+- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
+- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
 
-        `./wolfssl-arduino.sh`
+When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
 
-Step 2: Copy the directory wolfSSL that was just created to:
-`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
+## Boards
 
-Step 3: Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
+Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
+and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
+
+STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
+from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started)   .
+
+```
+https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
+```
+
+## Using wolfSSL from the Arduino IDE
+
+The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
+
+This option will allow wolfSSL to be installed directly using the native Arduino tools.
+
+## Manually Reformatting wolfSSL as a Compatible Arduino Library
+
+Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be 
+compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
+for projects that use Arduino IDE 1.5.0 or newer.
+
+The Arduino IDE requires a library's source files to be in the library's root directory with a
+header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
+directory and creates a stub header file called `wolfssl.h` inside that directory.
+
+### Step 1:
+
+To configure wolfSSL with Arduino, enter ONE of the following 4 commands
+from within the `wolfssl/IDE/ARDUINO` directory:
+
+1. `./wolfssl-arduino.sh`
+    - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
+    - You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
+
+2. `./wolfssl-arduino.sh INSTALL` (The most common option)
+    - Creates an Arduino Library in the local `wolfSSL` directory
+    - Moves that directory to the Arduino library directory:
+        - `$HOME/Arduino/libraries` for most bash environments
+        - `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+    - The wolfSSL library is now available from the Arduino IDE.
+
+3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/repository`
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`. 
+     
+4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/any/other/directory`
+
+### Step 2:
+
+Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
 If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
-Add any other custom settings, for a good start see the examples in wolfssl root
-"/examples/configs/user_settings_*.h"
+Add any other custom settings. For a good start see the examples in wolfssl root
+"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)"
 
-Step 4: If you experience any issues with custom user_settings.h see the wolfssl
+### Step 3:
+
+If you experience any issues with custom `user_settings.h` see the wolfssl
 porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
 
-Step 5: If you still have any issues contact support@wolfssl.com for more help.
+If you have any issues contact support@wolfssl.com for help.
+
+# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
+
+1. In the Arduino IDE:
+
+The wolfSSL library should automatically be detected when found in the `libraries`
+directory.
+
+  - In `Sketch -> Include Library` choose wolfSSL for new sketches.
+
 
 ##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
 
@@ -33,6 +92,90 @@ Step 5: If you still have any issues contact support@wolfssl.com for more help.
         `IDE/ARDUNIO/wolfSSL` folder.
     - In `Sketch -> Include Library` choose wolfSSL.
 
-2. Open an example Arduino sketch for wolfSSL:
-	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
-	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
+##### wolfSSL Examples
+
+Open an example Arduino sketch for wolfSSL:
+
+  - wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
+
+  - wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
+
+#### Script Examples
+
+Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
+
+Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
+
+```bash
+# Change to the wolfSSL Arduino IDE directory
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+
+# remove current Arduino wolfSSL library
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
+
+# Install wolfSSL as an Arduino library
+./wolfssl-arduino.sh INSTALL
+```
+
+Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
+```
+
+Publish wolfSSL from WSL to default Windows local library.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL
+```
+
+Test the TLS server by running a local command-line client.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./examples/client/client -h 192.168.1.43 -p 11111 -v 3
+```
+
+Build wolfSSL to include wolfSSH support to an alternate development directory.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
+make
+make install
+
+```
+
+Build wolfSSH with wolfSSL not installed to default directory.
+
+```bash
+cd /mnt/c/workspace/wolfssh-$USER
+./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
+make
+./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
+```
+
+Test the current wolfSSL.
+
+```bash
+cd /mnt/c/workspace/wolfssl-arduino
+git status
+./autogen.sh
+./configure --enable-all
+make clean
+make && make test
+```
+
+Build and run `testwolfcrypt`.
+
+```bash
+./autogen.sh
+./configure --enable-all
+make clean && make && ./wolfcrypt/test/testwolfcrypt
+```
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/include.am b/extra/wolfssl/wolfssl/IDE/ARDUINO/include.am
index 19189e82..52491a8b 100644
--- a/extra/wolfssl/wolfssl/IDE/ARDUINO/include.am
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/include.am
@@ -3,6 +3,15 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST+= IDE/ARDUINO/README.md
+EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
+EXTRA_DIST+= IDE/ARDUINO/keywords.txt
+EXTRA_DIST+= IDE/ARDUINO/library.properties.template
+EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
+EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/keywords.txt b/extra/wolfssl/wolfssl/IDE/ARDUINO/keywords.txt
new file mode 100644
index 00000000..27d5dc3d
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/keywords.txt
@@ -0,0 +1,21 @@
+# Syntax Coloring Map For wolfSSL
+# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
+#
+# Be sure to use tabs, not spaces. This might help:
+#  tr ' ' '\t' < keywords1.txt > keywords.txt
+
+#=============================================
+#	Datatypes	(KEYWORD1)
+#=============================================
+
+
+#=============================================
+#	Methods	and	Functions	(KEYWORD2)
+#=============================================
+wolfSSL_SetIORecv	KEYWORD1
+
+#=============================================
+#	Instances	(KEYWORD2)
+#=============================================
+ctx	KEYWORD2
+
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/library.properties.template b/extra/wolfssl/wolfssl/IDE/ARDUINO/library.properties.template
new file mode 100644
index 00000000..9b18e8c2
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/library.properties.template
@@ -0,0 +1,9 @@
+name=wolfssl
+version=${WOLFSSL_VERSION}${WOLFSSL_VERSION_ARUINO_SUFFIX}
+author=wolfSSL Inc.
+maintainer=wolfSSL inc <support@wolfssl.com>
+sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
+paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
+category=Communication
+url=https://www.wolfssl.com/
+architectures=*
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/README.md b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/README.md
new file mode 100644
index 00000000..26a1d1e1
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/README.md
@@ -0,0 +1,12 @@
+# wolfSSL Arduino Examples
+
+There are currently two example Arduino sketches:
+
+* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
+* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
+
+Examples have been most recently confirmed operational on the
+[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/README.md b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/README.md
new file mode 100644
index 00000000..caf83c58
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/README.md
@@ -0,0 +1,22 @@
+# Arduino Basic TLS Listening Client
+
+Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino
+cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
index 61362ae9..21a84deb 100644
--- a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
@@ -20,157 +20,875 @@
  */
 
 /*
- This was original tested with Intel Galileo acting as the Client, with a 
-laptop acting as a server using the server example provided in examples/server.
-Legacy Ardunio v1.86 was used to compile and program the Galileo 
+Tested with:
+
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo
+
+2) Espressif ESP32 WiFi
+
+3) Arduino Due, Nano33 IoT, Nano RP-2040
 */
 
-#define USE_CERT_BUFFERS_2048
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 0
+
+/* Edit this with your other TLS host server address to connect to: */
+#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+#define WOLFSSL_CLIENT_EXAMPLE
+/* #define WOLFSSL_SERVER_EXAMPLE */
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
+#endif
+
+#define BROADCAST_ADDRESS "255.255.255.255"
+
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif
+
 #include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
 #include <wolfssl/ssl.h>
-#include <Ethernet.h>
 #include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
+#endif
+
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x
+
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;
+
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;
+
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;
+
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;
+
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;
+
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;
+
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;
+
+#endif
+
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif
+
+static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
+static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
+
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];
+
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif
+
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */
+
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif
+
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();
+
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
+    }
+    return 0;
+}
+
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();
+
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif
+
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
+
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
+
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
+}
+
+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
+    int sent = 0;
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
+    return sent;
+}
+
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
+    int ret = 0;
+    (void)ssl;
+    (void)ctx;
+
+    while (client.available() > 0 && ret < sz) {
+        reply[ret++] = client.read();
+    }
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;
+
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
+
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
 
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
 
-const char host[] = "192.168.1.148"; /* server to connect to */
-const int port = 11111; /* port on server to connect to */
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
-int reconnect = 10;
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
 
-EthernetClient client;
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
+            }
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
 
-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Client IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    Serial.print(F("   Configured Server Host to connect to: "));
+    Serial.println(host);
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
 
-void setup() {
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
     WOLFSSL_METHOD* method;
-    /* Initialize Return Code */
-    int rc;
-    Serial.begin(9600);
-    /* Delay need to ensure connection to server */
-    delay(4000);
 
-    method = wolfTLSv1_2_client_method();
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_client_method();
     if (method == NULL) {
-        Serial.println("unable to get method");
-    return;
+        Serial.println(F("unable to get wolfssl client method"));
+        fail_wait();
     }
     ctx = wolfSSL_CTX_new(method);
     if (ctx == NULL) {
-        Serial.println("unable to get ctx");
-    return;
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
     }
-    /* initialize wolfSSL using callback functions */
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
-    rc = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,\
-                                        sizeof_ca_cert_der_2048,\
-                                        WOLFSSL_FILETYPE_ASN1);
-    Serial.print("\n\n Return code of load_verify is:");
-    Serial.println(rc);
-    Serial.println("");
-    rc = wolfSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048,\
-                                            sizeof_client_cert_der_2048,\
-                                            WOLFSSL_FILETYPE_ASN1);
-    Serial.print("\n\n Return code of use_certificate_buffer is:");
-    Serial.println(rc);
-    Serial.println("");
-    rc = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,\
-                                            sizeof_client_key_der_2048,\
-                                            WOLFSSL_FILETYPE_ASN1);
-    Serial.print("\n\n Return code of use_PrivateKey_buffer is:");
-    Serial.println(rc);
-    Serial.println("");
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_CLIENT_CERT,
+                                             CTX_CLIENT_CERT_SIZE,
+                                             CTX_CLIENT_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private client key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_CLIENT_KEY,
+                                            CTX_CLIENT_KEY_SIZE,
+                                            CTX_CLIENT_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    ret = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         CTX_CA_CERT,
+                                         CTX_CA_CERT_SIZE,
+                                         CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println(F("Success: load_verify CTX_CA_CERT"));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Client Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
     wolfSSL_SetIOSend(ctx, EthernetSend);
     wolfSSL_SetIORecv(ctx, EthernetReceive);
-    return;
-}
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
-    int sent = 0;
-    sent = client.write((byte*)msg, sz);
-    return sent;
-}
+    Serial.println(F("Completed Arduino setup!"));
+    /* See companion wolfssl_server.ino code; server begins listening here
+     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
+     * Any other server will work. See also:
+     * https://github.com/wolfSSL/wolfssl/tree/master/examples/client
+     */
+    /* See companion wolfssl_server.ino code */
+    return;
+} /* Arduino setup */
 
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
     int ret = 0;
-    while (client.available() > 0 && ret < sz) {
-        reply[ret++] = client.read();
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
     }
+    show_memory();
+
     return ret;
+} /* error_check */
+
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;
+
+    if (ssl == NULL) {
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
+        }
+        else {
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
+    }
+
+    return err;
 }
 
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
 void loop() {
-    int err            = 0;
-    int input          = 0;
-    int total_input    = 0;
-    char msg[32]       = "hello wolfssl!";
-    int msgSz          = (int)strlen(msg);
-    char errBuf[80];
     char reply[80];
+    char msg[32]       = "hello wolfssl!";
     const char* cipherName;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int total_input    = 0;
+    int msgSz          = 0;
+    int input          = 0;
+    int ret            = 0;
+    int err            = 0;
+    msgSz = (int)strlen(msg);
+    Serial.println(F(""));
+    Serial.println(F("Starting Arduino loop() ..."));
+
     if (reconnect) {
         reconnect--;
-        if (client.connect(host, port)) {
-            Serial.print("Connected to ");
-            Serial.println(host);
+        /* WiFi client returns true if connection succeeds, false if not.  */
+        /* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
+        Serial.print(F("Connecting to "));
+        Serial.print(host);
+        Serial.print(F(":"));
+        Serial.println(port);
+        /* can also use: IPAddress server(192,168,1,37); */
+        Serial.println(F("Here we go..."));
+        ret = client.connect(host, port);
+        Serial.println(F("Ok, checking..."));
+        if (ret > 0) {
+            Serial.println(F("Connected!"));
+
+            /* initialize wolfSSL */
+            ret = wolfSSL_Init();
+            error_check(ret, false, F("calling wolfSSL_Init") );
+
+            /* create secure connection object. see setup for ctx certs. */
+            Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
             ssl = wolfSSL_new(ctx);
-            if (ssl == NULL) {
-                Serial.println("Unable to allocate SSL object");
-                return;
-            }
-            err = wolfSSL_connect(ssl);
-            if (err != WOLFSSL_SUCCESS) {
-                err = wolfSSL_get_error(ssl, 0);
-                wolfSSL_ERR_error_string(err, errBuf);
-                Serial.print("TLS Connect Error: ");
-                Serial.println(errBuf);
-            }
-            Serial.print("SSL version is ");
+            error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
+
+            Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
+            do {
+                err = 0; /* reset error */
+                Serial.println(F("wolfSSL_connect ..."));
+                ret = wolfSSL_connect(ssl);
+                Serial.print("wolfSSL_connect return result =");
+                Serial.println(ret);
+                if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
+                    Serial.println(F("Failed connection, checking error."));
+                    err = error_check_ssl(ssl, ret, true,
+                                    F("Create WOLFSSL object from ctx"));
+                    Serial.print("err =");
+                    Serial.println(err);
+                }
+                else {
+                   Serial.print(PROGRESS_DOT);
+                }
+            } while (err == WC_PENDING_E);
+
+            Serial.println();
+            Serial.println(F("Connected!"));
+            Serial.print(F("SSL version is "));
             Serial.println(wolfSSL_get_version(ssl));
+
             cipherName = wolfSSL_get_cipher(ssl);
-            Serial.print("SSL cipher suite is ");
+            Serial.print(F("SSL cipher suite is "));
             Serial.println(cipherName);
-            if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
-                Serial.print("Server response: ");
-                /* wait for data */
-                while (!client.available()) {}
+
+            /* see test.h
+             * TODO: test.h needs a little bit of Arduino work for these:
+            showPeerEx(ssl, lng_index);
+            showPeerPEM(ssl);
+            */
+
+            Serial.print(F("Sending secure message to server: "));
+            Serial.println(msg);
+            ret = wolfSSL_write(ssl, msg, msgSz);
+            if (ret == msgSz) {
+                Serial.print(F("Waiting for Server response..."));
+
+                while (!client.available()) {
+                    /* wait for data */
+                    delay(1); /* 1 ms delay */
+                }
+
+                Serial.print(F("Reading response.."));
                 /* read data */
-                while (wolfSSL_pending(ssl)) {
-                    input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-                    total_input += input;
-                    if (input < 0) {
-                        err = wolfSSL_get_error(ssl, 0);
-                        wolfSSL_ERR_error_string(err, errBuf);
-                        Serial.print("TLS Read Error: ");
-                        Serial.println(errBuf);
-                        break;
-                    } 
-                    else if (input > 0) {
-                        reply[input] = '\0';
-                        Serial.print(reply);
+                do {
+                    ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+                    if (ret < 0) {
+                        error_check_ssl(ssl, ret, false,
+                                        F("during TLS Read"));
                     }
                     else {
-                        Serial.println();
+                        Serial.print(PROGRESS_DOT);
                     }
-                } 
-            }
+                } while (err == WC_PENDING_E);
+                Serial.println();
+
+                Serial.println();
+                Serial.println(reply); /* typically: I hear you fa shizzle! */
+                Serial.println();
+
+            } /* wolfSSL_write message size matched */
             else {
-                err = wolfSSL_get_error(ssl, 0);
-                wolfSSL_ERR_error_string(err, errBuf);
-                Serial.print("TLS Write Error: ");
-                Serial.println(errBuf);
+                error_check_ssl(ssl, ret, false,
+                    F("during TLS Write"));
+            }  /* any wolfSSL_write message size mismatch is an error */
+
+            Serial.print(F("Shutting down.."));
+            do {
+                delay(1);
+                Serial.print(PROGRESS_DOT);
+                retry_shutdown--;
+                ret = wolfSSL_shutdown(ssl);
+            } while (   (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
+                     && (retry_shutdown > 0)
+                    ); /* There may be pending data, so wait until done. */
+            Serial.println();
+
+            if (retry_shutdown <= 0) {
+                /* if wolfSSL_free is called before properly shutting down the
+                 * ssl object, undesired results may occur. */
+                Serial.println(F("Warning! Shutdown did not properly complete."));
             }
-            wolfSSL_shutdown(ssl);
+
             wolfSSL_free(ssl);
             client.stop();
-            Serial.println("Connection complete.");
-            reconnect = 0;
-        }
+            Serial.println(F("Connection complete."));
+            if (REPEAT_CONNECTION) {
+                reconnect = RECONNECT_ATTEMPTS;
+            }
+            else {
+                reconnect = 0;
+            }
+        } /* client.connect(host, port) */
         else {
-            Serial.println("Trying to reconnect...");
+            Serial.println(F("Problem sending message. Trying to reconnect..."));
         }
     }
     delay(1000);
-}
+    if ((reconnect > 0) && (REPEAT_CONNECTION)) {
+        Serial.println(F("Arduino loop repeating..."));
+        Serial.println();
+    }
+    else {
+        printf("wow");
+        Serial.println(F("Done!"));
+        while(1) {
+            /* wait forever */
+        }
+    }
+
+#if defined(MEMORY_STRESS_TEST)
+    if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
+        /* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
+        mem_ctr++;
+        Serial.print(F("Memory stress increment: "));
+        Serial.print(mem_ctr);
+        Serial.print(F(". Allocating addition memory (bytes): "));
+        Serial.println(MEMORY_STRESS_BLOCK_SIZE);
+        memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
+        show_memory();
+    }
+#endif
+} /* Arduino loop repeats */
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/README.md b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/README.md
new file mode 100644
index 00000000..523eb087
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/README.md
@@ -0,0 +1,134 @@
+# Arduino Basic TLS Server
+
+Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+## Connect with an Arduino Sketch
+
+See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino). 
+
+## Connect with Linux Client
+
+See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
+and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
+
+Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`,
+connect with the `client` executable:
+
+```
+./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+```
+
+## wolfSSL Error -308 wolfSSL_connect error state on socket
+
+When using a wired Ethernet connection, and this error is encountered, simply
+press the reset button or power cycle the Arduino before making a connection.
+
+Here's one possible script to test the server from a command-line client:
+
+```bash
+#!/bin/bash
+echo "client log " > client_log.txt
+counter=1
+THIS_ERR=0
+while [ $THIS_ERR -eq 0 ]; do
+    ./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt
+
+    THIS_ERR=$?
+    if [ $? -ne 0 ]; then
+        echo "Failed!"
+        exit 1
+    fi
+    echo "Iteration $counter"
+    echo "Iteration $counter" >> client_log.txt
+    ((counter++))
+done
+```
+
+Output expected from the `client` command:
+
+```
+$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+Alternate cert chain used
+ issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ altname = example.com
+ altname = 127.0.0.1
+ serial number:01
+SSL version is TLSv1.2
+SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256
+SSL curve name is SECP256R1
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
+MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
+BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
+M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
+DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
+hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
+vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
+i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
+JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
+W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
+DMa5hrjJBMNRN9JP
+-----END CERTIFICATE-----
+Session timeout set to 500 seconds
+Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31
+    Session-ID-ctx:
+    Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F
+    TLS session ticket: NONE
+    Start Time: 1705533296
+    Timeout   : 500 (sec)
+    Extended master secret: no
+I hear you fa shizzle!
+```
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this:
+
+```text
+c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr'
+collect2.exe: error: ld returned 1 exit status
+
+exit status 1
+
+Compilation error: exit status 1
+```
+
+Try cleaning the Arduino cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```
+
+Remove all other boards from other serial ports, leaving one the one being programmed.
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
index f331e781..3a894323 100644
--- a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
@@ -19,161 +19,820 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/*
+Tested with:
+
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo
+
+2) Espressif ESP32 WiFi
+
+3) Arduino Due, Nano33 IoT, Nano RP-2040
+*/
+
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 1
+
+/* Edit this with your other TLS host server address to connect to: */
+/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+/* #define WOLFSSL_CLIENT_EXAMPLE */
+#define WOLFSSL_SERVER_EXAMPLE
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
+#endif
+
+#define BROADCAST_ADDRESS "255.255.255.255"
+
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif
 
 #include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
 #include <wolfssl/ssl.h>
-#include <Ethernet.h>
-
-#define USE_CERT_BUFFERS_256
 #include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
-#ifdef NO_WOLFSSL_SERVER
-  #error Please undefine NO_WOLFSSL_SERVER for this example
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
 #endif
 
-const int port = 11111; /* port to listen on */
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;
+    EthernetClient server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#endif
 
-EthernetServer server(port);
-EthernetClient client;
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif
 
-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
 
-void setup() {
-  int err;
-  WOLFSSL_METHOD* method;
+/* we expect our IP address from DHCP */
 
-  Serial.begin(9600);
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];
 
-  method = wolfTLSv1_2_server_method();
-  if (method == NULL) {
-    Serial.println("unable to get method");
-    return;
-  }
-  ctx = wolfSSL_CTX_new(method);
-  if (ctx == NULL) {
-    Serial.println("unable to get ctx");
-    return;
-  }
-
-  /* initialize wolfSSL using callback functions */
-  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-  wolfSSL_SetIOSend(ctx, EthernetSend);
-  wolfSSL_SetIORecv(ctx, EthernetReceive);
-
-  /* setup the private key and certificate */
-  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
-    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting key");
-    return;
-  }
-  err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, 
-    sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting certificate");
-    return;
-  }
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif
 
-  /* Start the server */
-  server.begin();
-  
-  return;
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */
+
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif
+
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();
+
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
+    }
+    return 0;
 }
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
-  int sent = 0;
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();
+
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif
+
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
 
-  sent = client.write((byte*)msg, sz);
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
 
-  return sent;
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
 }
 
+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
+    int sent = 0;
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
+    return sent;
+}
+
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-  int ret = 0;
+    int ret = 0;
+    (void)ssl;
+    (void)ctx;
 
-  while (client.available() > 0 && ret < sz) {
-    reply[ret++] = client.read();
-  }
+    while (client.available() > 0 && ret < sz) {
+        reply[ret++] = client.read();
+    }
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;
+
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
 
-  return ret;
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
 }
 
-void loop() {
-  int err = 0;
-  int input = 0;
-  char errBuf[80];
-  char reply[80];
-  int replySz = 0;
-  const char* cipherName;
-
-  /* Listen for incoming client requests. */
-  client = server.available();
-  if (!client) {
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
+
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
+
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
+
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
+
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
+            }
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
+
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Server IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    /* In server mode, there's no host definition. */
+    /* See companion example: wolfssl_client.ino */
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
+    WOLFSSL_METHOD* method;
+
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_server_method();
+    if (method == NULL) {
+        Serial.println(F("unable to get wolfssl server method"));
+        fail_wait();
+    }
+    ctx = wolfSSL_CTX_new(method);
+    if (ctx == NULL) {
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
+    }
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_SERVER_CERT,
+                                             CTX_SERVER_CERT_SIZE,
+                                             CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private server key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_SERVER_KEY,
+                                            CTX_SERVER_KEY_SIZE,
+                                            CTX_SERVER_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Server Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
+    wolfSSL_SetIOSend(ctx, EthernetSend);
+    wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+#if defined THIS_USER_SETTINGS_VERSION
+    Serial.print(F("This user_settings.h version:"))
+    Serial.println(THIS_USER_SETTINGS_VERSION)
+#endif
+
+    /* Start the server
+     * See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
+     */
+
+    Serial.println(F("Completed Arduino setup()"));
+
+    server.begin();
+    Serial.println("Begin Server... (waiting for remote client to connect)");
+
+    /* See companion wolfssl_client.ino code */
     return;
-  }
+} /* Arduino setup */
+
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
+    int ret = 0;
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    show_memory();
 
-  if (client.connected()) {
+    return ret;
+} /* error_check */
 
-    Serial.println("Client connected");
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;
 
-    ssl = wolfSSL_new(ctx);
     if (ssl == NULL) {
-      Serial.println("Unable to allocate SSL object");
-      return;
-    }
-
-    err = wolfSSL_accept(ssl);
-    if (err != WOLFSSL_SUCCESS) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Accept Error: ");
-      Serial.println(errBuf);
-    }
-
-    Serial.print("SSL version is ");
-    Serial.println(wolfSSL_get_version(ssl));
-    
-    cipherName = wolfSSL_get_cipher(ssl);
-    Serial.print("SSL cipher suite is ");
-    Serial.println(cipherName);
-
-    Serial.print("Server Read: ");
-    /* wait for data */
-    while (!client.available()) {}
-    /* read data */
-    while (wolfSSL_pending(ssl)) {
-      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-      if (input < 0) {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Read Error: ");
-        Serial.println(errBuf);
-        break;
-      } else if (input > 0) {
-        replySz = input;
-        reply[input] = '\0';
-        Serial.print(reply);
-      } else {
-        Serial.println();
-      }
-    }
-
-    /* echo data */
-    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Write Error: ");
-      Serial.println(errBuf);
-    }
-    
-    wolfSSL_shutdown(ssl);
-    wolfSSL_free(ssl);
-  }
-
-  client.stop();
-  Serial.println("Connection complete");
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
+        }
+        else {
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
+    }
+
+    return err;
 }
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
+void loop() {
+    char errBuf[80]    = "(no error";
+    char reply[80]     = "(no reply)";
+    const char msg[]   = "I hear you fa shizzle!";
+    const char* cipherName;
+    int input          = 0;
+    int replySz        = 0;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int ret            = 0;
+    IPAddress broadcast_address(255, 255, 255, 255);
+
+    /* Listen for incoming client requests. */
+    client = server.available();
+    if (client)  {
+       Serial.println("Have Client");
+       while (!client.connected()) {
+           /* wait for the client to actually connect */
+           delay(10);
+       }
+        Serial.print("Client connected from remote IP: ");
+        Serial.println(client.remoteIP());
+
+        ssl = wolfSSL_new(ctx);
+        if (ssl == NULL) {
+            Serial.println("Unable to allocate SSL object");
+            fail_wait();
+        }
+
+        ret = wolfSSL_accept(ssl);
+        if (ret != WOLFSSL_SUCCESS) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Accept Error: ");
+            Serial.println(errBuf);
+        }
+
+        cipherName = wolfSSL_get_cipher(ssl);
+        Serial.print("SSL cipher suite is ");
+        Serial.println(cipherName);
+
+        Serial.print("Server Read: ");
+        while (!client.available()) {
+            /* wait for data */
+        }
+
+        /* read data */
+        while (wolfSSL_pending(ssl)) {
+            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+            if (input < 0) {
+                ret = wolfSSL_get_error(ssl, 0);
+                wolfSSL_ERR_error_string(ret, errBuf);
+                Serial.print("TLS Read Error: ");
+                Serial.println(errBuf);
+                break;
+            }
+            else if (input > 0) {
+                replySz = input;
+                reply[input] = '\0';
+                Serial.print(reply);
+            }
+            else {
+                Serial.println("<end of reply, input == 0>");
+            }
+        }
+
+        /* Write our message into reply buffer to send */
+        memset(reply, 0, sizeof(reply));
+        memcpy(reply, msg, sizeof(msg));
+        replySz = strnlen(reply, sizeof(reply));
+
+        Serial.println("Sending reply...");
+        if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Write Error: ");
+            Serial.println(errBuf);
+        }
+        else {
+            Serial.println("Reply sent!");
+        }
+
+        Serial.println("Shutdown!");
+        do {
+            delay(1);
+            retry_shutdown--;
+            ret = wolfSSL_shutdown(ssl);
+        } while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
+
+        if (retry_shutdown <= 0) {
+            /* if wolfSSL_free is called before properly shutting down the
+             * ssl object, undesired results may occur. */
+            Serial.println("Warning! Shutdown did not properly complete.");
+        }
+
+        wolfSSL_free(ssl);
+        Serial.println("Connection complete.");
+        if (REPEAT_CONNECTION) {
+            Serial.println();
+            Serial.println("Waiting for next connection.");
+        }
+        else {
+            client.stop();
+            Serial.println("Done!");
+            while (1) {
+                /* wait forever if not repeating */
+                delay(100);
+            }
+        }
+    }
+    else {
+        /* Serial.println("Client not connected. Trying again..."); */
+    }
+
+    delay(100);
+} /* Arduino loop repeats */
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/README.md b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/README.md
new file mode 100644
index 00000000..3abfe829
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/README.md
@@ -0,0 +1,3 @@
+# Arduino Basic Hello World
+
+This example simply compiles in wolfSSL and shows the current version number.
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
new file mode 100644
index 00000000..b052b46e
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
@@ -0,0 +1,24 @@
+#include <Arduino.h>
+#include <wolfssl.h>
+#include <wolfssl/version.h>
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* Arduino setup */
+void setup() {
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial) {
+        /* wait for serial port to connect. Needed for native USB port only */
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL setup complete!"));
+}
+
+/* Arduino main application loop. */
+void loop() {
+    Serial.print("wolfSSL Version: ");
+    Serial.println(LIBWOLFSSL_VERSION_STRING);
+    delay(60000);
+}
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.sh b/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.sh
index 107f99b1..d48b4166 100755
--- a/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.sh
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.sh
@@ -2,19 +2,124 @@
 
 # this script will reformat the wolfSSL source code to be compatible with
 # an Arduino project
-# run as bash ./wolfssl-arduino.sh
+# run as bash ./wolfssl-arduino.sh [INSTALL] [path]
+#
+# ./wolfssl-arduino.sh
+# The default is to install to a local wolfSSL directory (`ROOT_DIR`).
+# If successfully built, and the INSTALL option is used, tis directory
+# is then moved to the target.
+#
+# ./wolfssl-arduino.sh INSTALL
+# Creates a local wolfSSL directory and then moves it to the ARDUINO_ROOT
+#
+# ./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER
+# Updates the Arduino-wolfSSL fork for $USER to refresh versions.
+#
+# To ensure a pristine build, the directory must not exist.
+#
+# Reminder there's typically no $USER for GitHub actions, but:
+# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+#
+# The company name is "wolfSSL Inc."; There’s a space, no comma, and a period after "Inc."
+# The Arduino library name is "wolfssl" (all lower case)
+# The Arduino library directory name is "wolfssl" (all lower case)
+# The Arduino library include file is "wolfssl.h" (all lower case)
+# The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
+# See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
+ROOT_DIR="/wolfssl"
+
+# The Arduino Version will initially have a suffix appended during fine tuning stage.
+WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3"
+
+# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
+# Do not set to empty string, as copy will fail with this: CP_CMD=""
+# CP_CMD="cp -v "
+CP_CMD="cp "
+
+# Specify the executable shell checker you want to use:
+MY_SHELLCHECK="shellcheck"
+
+# There are special circumstances to publish to GitHub repository.
+# Typically: https://github.com/wolfSSL/Arduino-wolfSSL
+#
+# Unlike a local Arduino library that requires a clean directory,
+# we'll allow extra files, overwrites, etc.
+#
+# Note in all cases, the local IDE/ARDUINO/wolfssl must be empty.
+THIS_INSTALL_IS_GITHUB="false"
+
+# Check if the executable is available in the PATH
+if command -v "$MY_SHELLCHECK" >/dev/null 2>&1; then
+    # Run your command here
+    shellcheck "$0" || exit 1
+else
+    echo "$MY_SHELLCHECK is not installed. Please install it if changes to this script have been made."
+fi
+
+if ! [ "$CP_CMD" = "cp " ]; then
+    if [ "$CP_CMD" = "cp -v" ]; then
+        echo "Copy verbose mode"
+    else
+        echo "ERROR: Copy mode not supported: $CP_CMD"
+        exit 1
+    fi
+fi
+
+# Check environment
+if [ -n "$WSL_DISTRO_NAME" ]; then
+    # we found a non-blank WSL environment distro name
+    current_path="$(pwd)"
+    pattern="/mnt/?"
+    if echo "$current_path" | grep -Eq "^$pattern"; then
+        # if we are in WSL and shared Windows file system, 'ln' does not work.
+        ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+    else
+        ARDUINO_ROOT="$HOME/Arduino/libraries"
+    fi
+fi
+echo "The Arduino library root is: $ARDUINO_ROOT"
+
+if [ $# -gt 0 ]; then
+    THIS_OPERATION="$1"
+    if [ "$THIS_OPERATION" = "INSTALL" ]; then
+        THIS_INSTALL_DIR=$2
+
+        echo "Install is active."
+
+        if [ "$THIS_INSTALL_DIR" = "" ]; then
+            if [ -d "$ARDUINO_ROOT$ROOT_DIR" ]; then
+                echo "Error: the installation directory already exists: $ARDUINO_ROOT$ROOT_DIR"
+                echo "A new directory needs to be created to ensure there are no stray files"
+                echo "Please delete or move the directory and try again."
+                exit 1
+            fi
+        else
+            echo "Installing to $THIS_INSTALL_DIR"
+            if [ -d "$THIS_INSTALL_DIR/.git" ];then
+                echo "Target is a GitHub repository."
+                THIS_INSTALL_IS_GITHUB="true"
+            else
+                echo "Target is NOT a GitHub repository."
+            fi
+        fi
+    else
+        echo "Error: not a valid operation: $THIS_OPERATION"
+        exit 1
+    fi
+fi
+
 
-ROOT_DIR="/wolfSSL"
 ROOT_SRC_DIR="${ROOT_DIR}/src"
+EXAMPLES_DIR="${ROOT_DIR}/examples"
 WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
 WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
 WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
 WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src"
 WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt"
 OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl"
-WOLFSSL_VERSION="5.6.4"
 
-# TOP indicates the file directory comes from the top level of the wolfssl repo
+
+# TOP indicates the file directory for top level of the wolfssl repository.
 TOP_DIR="../.."
 WOLFSSL_SRC_TOP="${TOP_DIR}/src"
 WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl"
@@ -24,122 +129,196 @@ WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt"
 OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
 
 
-# TODO: Parse version number
 WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
+if [ "$WOLFSSL_VERSION" = "" ]; then
+    echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
+    exit 1
+else
+    echo "Found wolfSSL version $WOLFSSL_VERSION"
+    echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
+fi
+echo ""
 
+THIS_DIR=${PWD##*/}
 
-DIR=${PWD##*/}
-
-if [ "$DIR" = "ARDUINO" ]; then
-	if [ ! -d ".${ROOT_DIR}" ]; then
-	    mkdir .${ROOT_DIR}
+if [ "$THIS_DIR" = "ARDUINO" ]; then
+    # mkdir ./wolfssl
+    if [ -d ".${ROOT_DIR}" ]; then
+        echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
+        exit 1
+    else
+        echo "Step 01: mkdir .${ROOT_DIR}"
+        mkdir ."${ROOT_DIR}"
     fi
+
+    # mkdir ./wolfssl/src
     if [ ! -d ".${ROOT_SRC_DIR}" ]; then
-	    mkdir .${ROOT_SRC_DIR}
+        echo "Step 02: mkdir .${ROOT_SRC_DIR}"
+        mkdir ."${ROOT_SRC_DIR}"
     fi
 
+    # mkdir ./wolfssl/src/wolfssl
     if [ ! -d ".${WOLFSSL_HEADERS}" ]; then
-	    mkdir .${WOLFSSL_HEADERS}
+        echo "Step 03: mkdir .${WOLFSSL_HEADERS}"
+        mkdir ."${WOLFSSL_HEADERS}"
     fi
 
-    cp ${WOLFSSL_HEADERS_TOP}/*.h .${WOLFSSL_HEADERS}
+    #  cp ../../wolfssl/*.h  ./wolfssl/src/wolfssl
+    echo "Step 04: cp    ${WOLFSSL_HEADERS_TOP}/*.h              .${WOLFSSL_HEADERS}"
+    $CP_CMD "${WOLFSSL_HEADERS_TOP}"/*.h ."${WOLFSSL_HEADERS}"
     if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then
-        mkdir .${WOLFCRYPT_HEADERS}
+        #  mkdir ./wolfssl/src/wolfssl/wolfcrypt
+        echo "Step 05: mkdir .${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}/port"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/atmel"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/Espressif"
     fi
-    cp ${WOLFCRYPT_HEADERS_TOP}/*.h .${WOLFCRYPT_HEADERS}
+
+    # cp  ../../wolfssl/wolfcrypt/*.h  ./wolfssl/src/wolfssl/wolfcrypt
+    echo "Step 06: cp    ${WOLFCRYPT_HEADERS_TOP}/*.h    .${WOLFCRYPT_HEADERS}"
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/*.h                ."${WOLFCRYPT_HEADERS}"                 || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/atmel/*.h     ."${WOLFCRYPT_HEADERS}/port/atmel"      || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/Espressif/*.h ."${WOLFCRYPT_HEADERS}/port/Espressif"  || exit 1
 
     # Add in source files to wolfcrypt/src
     if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then
-        mkdir .${WOLFCRYPT_ROOT}
+        # mkdir ./wolfssl/src/wolfcrypt
+        echo "Step 07: mkdir .${WOLFCRYPT_ROOT}"
+        mkdir ."${WOLFCRYPT_ROOT}"
     fi
+
+    # mkdir ./wolfssl/src/wolfcrypt/src
     if [ ! -d ".${WOLFCRYPT_SRC}" ]; then
-        mkdir .${WOLFCRYPT_SRC}
+        echo "Step 08: mkdir .${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"/port
+        mkdir ."${WOLFCRYPT_SRC}"/port/atmel
+        mkdir ."${WOLFCRYPT_SRC}"/port/Espressif
     fi
-    cp ${WOLFCRYPT_SRC_TOP}/*.c .${WOLFCRYPT_SRC}
-    
+
+    # cp  ../../wolfcrypt/src/*.c  ./wolfssl/src/wolfcrypt/src
+    echo "Step 09: cp    ${WOLFCRYPT_SRC_TOP}/*.c        .${WOLFCRYPT_SRC}"
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/*.c                  ."${WOLFCRYPT_SRC}"                || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/atmel/*.c       ."${WOLFCRYPT_SRC}"/port/atmel     || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/Espressif/*.c   ."${WOLFCRYPT_SRC}"/port/Espressif || exit 1
+
     # Add in source files to top level src folders
     if [ ! -d ".${WOLFSSL_SRC}" ]; then
-        mkdir .${WOLFSSL_SRC}
+        # mkdir ./wolfssl/src/src
+        echo "Step 10: mkdir .${WOLFSSL_SRC}"
+        mkdir ."${WOLFSSL_SRC}"
     fi
-    cp ${WOLFSSL_SRC_TOP}/*.c .${WOLFSSL_SRC}
+    $CP_CMD "${WOLFSSL_SRC_TOP}"/*.c ."${WOLFSSL_SRC}"                                        || exit 1
     # put bio and evp as includes
-    cp .${WOLFSSL_SRC}/bio.c .${WOLFSSL_HEADERS}
-    cp .${WOLFCRYPT_SRC}/evp.c .${WOLFSSL_HEADERS}
+    $CP_CMD ."${WOLFSSL_SRC}"/bio.c   ."${WOLFSSL_HEADERS}"                                   || exit 1
+    $CP_CMD ."${WOLFCRYPT_SRC}"/evp.c ."${WOLFSSL_HEADERS}"                                   || exit 1
 
     # make a copy of evp.c and bio.c for ssl.c to include inline
-    cp .${WOLFSSL_HEADERS}/evp.c .${WOLFCRYPT_SRC}/evp.c
-    cp .${WOLFSSL_HEADERS}/bio.c .${WOLFCRYPT_SRC}/bio.c
-    
+    $CP_CMD ."${WOLFSSL_HEADERS}"/evp.c ."${WOLFCRYPT_SRC}"/evp.c                             || exit 1
+    $CP_CMD ."${WOLFSSL_HEADERS}"/bio.c ."${WOLFCRYPT_SRC}"/bio.c                             || exit 1
+
     # copy openssl compatibility headers to their appropriate location
     if [ ! -d ".${OPENSSL_DIR}" ]; then
-        mkdir .${OPENSSL_DIR}
+        mkdir ."${OPENSSL_DIR}"
     fi
-    cp ${OPENSSL_DIR_TOP}/* .${OPENSSL_DIR}
+    $CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}"                                          || exit 1
 
+    # Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
+    $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
 
-    cat > .${ROOT_SRC_DIR}/wolfssl.h <<EOF
-/* Generated wolfSSL header file for Arduino */
-#include <user_settings.h>
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/ssl.h>
-EOF
+    echo "Copy examples...."
+    # Copy examples
+    mkdir -p ".${ROOT_SRC_DIR}"/examples
 
+    echo "Copy wolfssl_client example...."
+    mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
+    $CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_client/README.md          ".${EXAMPLES_DIR}"/wolfssl_client/README.md          || exit 1
 
-# Creates user_settings file if one does not exist
-    if [ ! -f ".${ROOT_SRC_DIR}/user_settings.h" ]; then
-    	cat > .${ROOT_SRC_DIR}/user_settings.h <<EOF
-/* Generated wolfSSL user_settings.h file for Arduino */
-#ifndef ARDUINO_USER_SETTINGS_H
-#define ARDUINO_USER_SETTINGS_H
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_server
+    $CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_server/README.md          ".${EXAMPLES_DIR}"/wolfssl_server/README.md          || exit 1
 
-/* Platform */
-#define WOLFSSL_ARDUINO
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_version
+    $CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_version/README.md           ".${EXAMPLES_DIR}"/wolfssl_version/README.md           || exit 1
+else
+    echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
+    exit 1
+fi
 
-/* Math library (remove this to use normal math)*/
-#define USE_FAST_MATH
-#define TFM_NO_ASM
-#define NO_ASN_TIME
+# At this point, the library is complete, but we need some additional files.
+#
+# optional diagnostics:
+# echo ".${ROOT_DIR}"
+# echo "${TOP_DIR}"
+# echo "cp ${TOP_DIR}/README.md     .${ROOT_DIR}/"
 
-/* When using Intel Galileo Uncomment the line below */
-/* #define INTEL_GALILEO */
+# Replace the `${WOLFSSL_VERSION}` text in Arduino_README_prepend.md,
+# saving it to a .tmp file. Prepend that file to the wolfSSL README.md
+# file as PREPENDED_README.md, then copy that to the publish directory
+# as an Arduino-specific README.md file.
+VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
+ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+PREPEND_FILE="Arduino_README_prepend.md"
+PROPERTIES_FILE_TEMPLATE="library.properties.template"
+sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
+cat "$PREPEND_FILE.tmp" ${TOP_DIR}/README.md > PREPENDED_README.md
 
-/* RNG DEFAULT !!FOR TESTING ONLY!! */
-/* comment out the error below to get started w/ bad entropy source
- * This will need fixed before distribution but is OK to test with */
-#error "needs solved, see: https://www.wolfssl.com/docs/porting-guide/"
-#define WOLFSSL_GENSEED_FORTEST
+# Here we'll insert the wolfSSL version into the `library.properties.tmp` file, along with an Arduino version suffix.
+# The result should be something like version=5.6.6.Arduino.1 (for the 1st incremental version on top of 5.6.6)
+sed            s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/                              "$PROPERTIES_FILE_TEMPLATE" > "library.properties.tmp"
+sed -i.backup  s/"$ARDUINO_VERSION_SUFFIX_PLACEHOLDER"/"$WOLFSSL_VERSION_ARUINO_SUFFIX"/ "library.properties.tmp"
 
-#endif /* ARDUINO_USER_SETTINGS_H */
-EOF
-    fi
+# cat library.properties.tmp
+# echo "${WOLFSSL_VERSION_ARUINO_SUFFIX}"
 
-    cp .${WOLFCRYPT_HEADERS}/settings.h .${WOLFCRYPT_HEADERS}/settings.h.bak
-    cat > .${WOLFCRYPT_HEADERS}/settings.h <<EOF
-/*wolfSSL Generated ARDUINO settings */
-#ifndef WOLFSSL_USER_SETTINGS
-    #define WOLFSSL_USER_SETTINGS
-#endif /* WOLFSSL_USER_SETTINGS */ 
-/*wolfSSL Generated ARDUINO settings: END */	
-
-EOF
-    cat .${WOLFCRYPT_HEADERS}/settings.h.bak >> .${WOLFCRYPT_HEADERS}/settings.h
-
-    #Creating library.properties file based off of: 
-    #https://arduino.github.io/arduino-cli/0.35/library-specification/#libraryproperties-file-format
-
-    cat > .${ROOT_DIR}/library.properties <<EOF
-name=wolfSSL
-version=${WOLFSSL_VERSION}
-author=wolfSSL inc
-maintainer=wolfSSL inc <support@wolfssl.com>
-sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
-paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
-category=Communication
-url=https://www.wolfssl.com/
-architectures=*
-
-EOF
+echo "Step 11: Final root file copy"
+$CP_CMD  PREPENDED_README.md          ."${ROOT_DIR}"/README.md           || exit 1
+$CP_CMD  library.properties.tmp       ."${ROOT_DIR}"/library.properties  || exit 1
+$CP_CMD  "${TOP_DIR}"/"LICENSING"     ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"README"        ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"COPYING"       ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"ChangeLog.md"  ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".editorconfig" ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".gitignore"    ."${ROOT_DIR}"/                    || exit 1
 
-else
-    echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
+$CP_CMD  "keywords.txt"               ."${ROOT_DIR}"/                    || exit 1
+
+
+echo "Step 12: Workspace to publish:"
+echo ""
+head -n 3  PREPENDED_README.md
+echo ""
+ls ./wolfssl -al
+echo ""
+
+# Optionally install to a separate directory.
+# Note we should have exited above if a problem was encountered,
+# as we'll never want to install a bad library.
+if [ "$THIS_OPERATION" = "INSTALL" ]; then
+    if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
+        echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
+        cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+    else
+        echo "Config:"
+        echo "cp ../../examples/configs/user_settings_arduino.h  ".${ROOT_SRC_DIR}"/user_settings.h"
+        # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
+        grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
+
+        # Show the user_settings.h revision string:
+        grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
+        echo ""
+
+        echo "Install:"
+        echo "mv .$ROOT_DIR $ARDUINO_ROOT"
+        mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
+
+        echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
+    fi
 fi
+
+echo "Done!"
diff --git a/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h b/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h
new file mode 100644
index 00000000..46ef50d3
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h
@@ -0,0 +1,39 @@
+/* wolfssl.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #define WOLFSSL_USER_SETTINGS
+#endif
+
+#include <Arduino.h>
+
+/* wolfSSL user_settings.h must be included from settings.h */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+int wolfSSL_Arduino_Serial_Print(const char *const s)
+{
+    /* See wolfssl/wolfcrypt/logging.c */
+    Serial.println(F(s));
+    return 0;
+};
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
index e82e19b6..e129a64e 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@@ -82,8 +82,10 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     else()
         get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
             message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
             message(STATUS "$ENV{WOLFSSL_ROOT}")
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
index e82e19b6..e129a64e 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@@ -82,8 +82,10 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     else()
         get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
             message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
             message(STATUS "$ENV{WOLFSSL_ROOT}")
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
index 855105e7..5a40d9cf 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
@@ -24,21 +24,25 @@
 #include "sdkconfig.h"
 
 /* wolfSSL */
+/* The wolfSSL user_settings.h file is automatically included by the settings.h
+ * file and should never be explicitly included in any other source files.
+ * The settings.h should also be listed above wolfssl library include files. */
 #include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
 #include <wolfssl/version.h>
-#include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h"
+#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+    #error "Problem with wolfSSL user_settings. "           \
+           "Check components/wolfssl/include "              \
+           "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+           "typically in the component CMakeLists.txt"
 #endif
 
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfcrypt/benchmark/benchmark.h>
 
 /* set to 0 for one benchmark,
-** set to 1 for continous benchmark loop */
-#define BENCHMARK_LOOP 1
+** set to 1 for continuous benchmark loop */
+#define BENCHMARK_LOOP 0
 
 /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */
 #ifdef CONFIG_BENCH_ARGV
@@ -129,6 +133,7 @@ void my_atmel_free(int slotId)
 /* the following are needed by benchmark.c with args */
 #ifdef WOLFSSL_BENCH_ARGV
 char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS];
+#define ARG_BUFF_SIZE 16
 
 int construct_argv()
 {
@@ -137,7 +142,7 @@ int construct_argv()
     int len = 0;
     char *_argv; /* buffer for copying the string    */
     char *ch; /* char pointer to trace the string */
-    char buff[16] = { 0 }; /* buffer for a argument copy       */
+    char buff[ARG_BUFF_SIZE] = { 0 }; /* buffer for a argument copy       */
 
     ESP_LOGI(TAG, "construct_argv arg:%s\n", CONFIG_BENCH_ARGV);
     len = strlen(CONFIG_BENCH_ARGV);
@@ -170,7 +175,7 @@ int construct_argv()
         memset(buff, 0, sizeof(buff));
         /* copy each args into buffer */
         i = 0;
-        while ((*ch != ' ') && (*ch != '\0') && (i < 16)) {
+        while ((*ch != ' ') && (*ch != '\0') && (i <= ARG_BUFF_SIZE)) {
             buff[i] = *ch;
             ++i;
             ++ch;
@@ -193,14 +198,15 @@ int construct_argv()
 void app_main(void)
 {
     int stack_start = 0;
-    ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example ------------");
+
+    ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
 
-#ifdef HAVE_VERSION_EXTENDED_INFO
+#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS)
     esp_ShowExtendedSystemInfo();
 #endif
 
@@ -236,7 +242,7 @@ void app_main(void)
         ESP_LOGI(TAG, "Stack used: %d\n",
                       stack_start - uxTaskGetStackHighWaterMark(NULL));
 
-        #ifdef WOLFSSL_HW_METRICS_DISABLED/* Remove _DISABLED upon #6990 Merge */
+        #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
             esp_hw_show_metrics();
         #endif
     } while (BENCHMARK_LOOP);
@@ -249,8 +255,9 @@ void app_main(void)
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 #endif
 
-    ESP_LOGI(TAG, "\n\nDone!\n\n"
-                  "If running from idf.py monitor, press twice: Ctrl+]");
+#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#endif
 
     /* after the test, we'll just wait */
     while (1) {
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
index f3854ff1..45d4b1d2 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
@@ -1,12 +1,134 @@
+# ESP8266 Project Makefile for wolfssl_client
 #
-# This is a project Makefile. It is assumed the directory this Makefile resides in is a
-# project subdirectory.
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+#
+# This is a project Makefile.
+# It is assumed the directory this Makefile resides in is a
+# project subdirectory containing an entire project.
+#
+# Optional private config headers. Define environment variables
+# to include various default header files that are typically
+# not in a git path, and thus excluded from being checked in.
+#
+#     Environment Variable Name      |     Header file name included
+# ---------------------------------- | ---------------------------------------
+#    MY_PRIVATE_CONFIG                  (files detected / selected in header)
+#    USE_MY_PRIVATE_WSL_CONFIG          /mnt/c/workspace/my_private_config.h
+#    USE_MY_PRIVATE_MAC_CONFIG          ~/Documents/my_private_config.h
+#    USE_MY_PRIVATE_LINUX_CONFIG        ~/workspace/my_private_config.h
+#    USE_MY_PRIVATE_WINDOWS_CONFIG      /workspace/my_private_config.h
+#
+#
 PROJECT_NAME := wolfssl_client
 
+MY_PRIVATE_CONFIG ?= n
+USE_MY_PRIVATE_WSL_CONFIG ?= n
+USE_MY_PRIVATE_MAC_CONFIG ?= n
+USE_MY_PRIVATE_LINUX_CONFIG ?= n
+USE_MY_PRIVATE_WINDOWS_CONFIG ?= n
+
+# Calling shell causes unintuitive error in Windows:
+#     OS := $(shell uname -s)
+#
+# But OS, or MY_PRIVATE_CONFIG should already be defined:
+$(info *************  wolfssl_client *************)
+
+ifeq ($(MY_PRIVATE_CONFIG),y)
+    CFLAGS += -DMY_PRIVATE_CONFIG
+    $(info Enabled MY_PRIVATE_CONFIG")
+endif
+
+# Check for Windows environment variable: USE_MY_PRIVATE_WINDOWS_CONFIG
+ifeq ($(USE_MY_PRIVATE_WINDOWS_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := /workspace/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG
+        $(info Using private config file for: Windows)
+    endif
+endif
+
+# Check for WSL environment variable: USE_MY_PRIVATE_WSL_CONFIG
+ifeq ($(USE_MY_PRIVATE_WSL_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG
+        $(info Using private config file for: WSL)
+    endif
+endif
+
+# Check for Linux environment variable: USE_MY_PRIVATE_LINUX_CONFIG
+ifeq ($(USE_MY_PRIVATE_LINUX_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := ~/workspace/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG
+        $(info Using private config file for: Linux)
+    endif
+endif
+
+# Check for Mac environment variable: USE_MY_PRIVATE_MAC_CONFIG
+ifeq ($(USE_MY_PRIVATE_MAC_CONFIG),y)
+    # This hard coded MY_CONFIG_FILE value must match that in the header file.
+    MY_CONFIG_FILE := ~/Documents/my_private_config.h
+    ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+        $(info File does not exist: $(MY_CONFIG_FILE))
+    else
+        CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG
+        $(info Using private config file for: Mac)
+    endif
+endif
+
+ifneq ($(OS),MY_PRIVATE_CONFIG)
+    CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)"
+else
+    ifeq ($(OS),Linux)
+        CFLAGS += -DOS_LINUX
+    endif
+    ifeq ($(OS),Windows_NT)
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS
+    endif
+    ifeq ($(OS),Darwin)
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE
+    endif
+    ifneq (,$(findstring MINGW,$(OS)))
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW
+    endif
+    ifneq (,$(findstring CYGWIN,$(OS)))
+        CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN
+    endif
+endif
+
+# It is essential that the build process sees the WOLFSSL_USER_SETTINGS
 CFLAGS += -DWOLFSSL_USER_SETTINGS
-# if there isn't the directory, please disable the line below.
+
+# if directory not available, please disable the line below.
 EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
 
+# The Standard Espressif IDF include:
 include $(IDF_PATH)/make/project.mk
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
index 21855add..1bfd0cc8 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
@@ -8,12 +8,50 @@ When using the CLI, see the [example parameters](/IDE/Espressif/ESP-IDF/examples
 For general information on [wolfSSL examples for Espressif](../README.md), see the
 [README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
 
-## VisualGDB
+## Quick Start
+
+Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html)
+for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html)
+for the ESP8266.
+
+Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266)
+and set the various parameters for the target device, along with local WiFi settings:
+
+* Target Host: `CONFIG_WOLFSSL_TARGET_HOST` (The IP address of a listening server)
+* Target Port: `CONFIG_WOLFSSL_TARGET_PORT` (Typically `11111`)
+* Example WiFi SSID: `CONFIG_EXAMPLE_WIFI_SSID` (The WiFi that you want to connect to)
+* Example WiFi Password: `CONFIG_EXAMPLE_WIFI_PASSWORD` (The WiFi password)
+
+The latest examples use makefiles that do not require local file copy installation of wolfSSL.
+
+Build and flash the software to see the example in action.
+
+##  Quick Start with VisualGDB
+
+There are optional [VisualGDB](https://visualgdb.com/tutorials/esp8266/) project files in the
+[VisualGDB](./VisualGDB) project subdirectory, and an ESP8266 project file in the project directory,
+called `wolfssl_client_ESP8266.vgdbproj`.
 
 Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
-No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`.
+No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM19`.
+
+## Troubleshooting
+
+Weird results, odd messages, unexpected compiler errors? Manually delete the build directory and
+any locally generated files (`sdkconfig`, `sdkconfig-debug`, etc.) and start over.
+
+The `build` directory is typically located in the root of the project directory:  `[project]/build`.
+
+
+Difficulty flashing:
+
+* Ensure the target device has a robust, stable, clean power supply.
+* Check that quality USB cables are being used.
+* Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable.
+* Review board specifications: some require manual boot mode via on-board buttons.
+* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
 
-## ESP-IDF Commandline
+## ESP-IDF Commandline v5.x
 
 
 1. `idf.py menuconfig` to config the project
@@ -38,9 +76,83 @@ When you want to test the wolfSSL client
 
          e.g. Launch ./examples/server/server -v 4 -b -i -d
 
+
+## VisualGDB for ESP8266
+
+Reminder that we build with `make` and not `cmake` in VisualGDB.
+
+Build files will be created in `[project directory]\build`
+
+## ESP-IDF make Commandline (version 3.5 or earlier for the ESP8266)
+
+```
+export IDF_PATH=~/esp/ESP8266_RTOS_SDK
+
+```
+
+
+## ESP-IDF CMake Commandline (version 3.5 or earlier for the ESP8266)
+
+Build files will be created in `[project directory]\build\debug`
+
+```
+# Set your path to RTOS SDK, shown here for default from WSL with VisualGDB
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+#  or
+WRK_IDF_PATH=~/esp/ESP8266_RTOS_SDK
+
+# Setup the environment
+. $WRK_IDF_PATH/export.sh
+
+# install as needed / prompted
+/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh
+
+# Fetch wolfssl from GitHub if needed:
+cd /workspace
+git clone https://github.com/wolfSSL/wolfssl.git
+
+# change directory to wolfssl client example.
+cd wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+
+# or for example, WSL with C:\workspace as home for git clones:
+# cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+
+# adjust settings as desired
+idf.py menuconfig
+
+
+idf.py build flash -p /dev/ttyS70 -b 115200
+idf.py monitor -p /dev/ttyS70 -b 74880
+```
+
 ## SM Ciphers
 
-#### Working Linux Client to ESP32 Server
+(TODO coming soon)
+See https://github.com/wolfSSL/wolfsm
+
+#### Working Linux Client to ESP32 Server Example:
+
+```
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3
+```
+
+```text
+-c <file>   Certificate file,           default ./certs/client-cert.pem
+-k <file>   Key file,                   default ./certs/client-key.pem
+-A <file>   Certificate Authority file, default ./certs/ca-cert.pem
+```
+
+Example client, with default certs explicitly given:
+
+```bash
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3 -c ./certs/client-cert.pem -k      ./certs/client-key.pem -A     ./certs/ca-cert.pem
+```
+
+Example client, with RSA 1024 certs explicitly given:
+
+```
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3 -c ./certs/1024/client-cert.pem -k ./certs/1024/client-key.pem -A ./certs/1024/ca-cert.pem
+```
 
 Command:
 
@@ -48,7 +160,6 @@ Command:
 cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
 . /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
 idf.py flash -p /dev/ttyS19 -b 115200 monitor
-
 ```
 
 ```
@@ -75,4 +186,3 @@ I hear you fa shizzle!
 ```
 
 See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
-
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
index a2be094c..e8e3a317 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
@@ -18,6 +18,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "include", "include", "{5326
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{A51226B3-88A7-4463-B443-0E321C4A3D53}"
 	ProjectSection(SolutionItems) = preProject
+		..\..\..\..\..\..\wolfssl\wolfcrypt\error-crypt.h = ..\..\..\..\..\..\wolfssl\wolfcrypt\error-crypt.h
+		..\..\..\..\..\..\wolfssl\error-ssl.h = ..\..\..\..\..\..\wolfssl\error-ssl.h
+		..\main\Kconfig.projbuild = ..\main\Kconfig.projbuild
+		..\build\VisualGDB\Debug\esp-idf\esp_system\ld\memory.ld = ..\build\VisualGDB\Debug\esp-idf\esp_system\ld\memory.ld
 		..\..\..\..\..\..\..\my_private_config.h = ..\..\..\..\..\..\..\my_private_config.h
 		..\partitions_singleapp_large.csv = ..\partitions_singleapp_large.csv
 		..\README.md = ..\README.md
@@ -25,6 +29,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		..\build\VisualGDB\Debug\config\sdkconfig.cmake = ..\build\VisualGDB\Debug\config\sdkconfig.cmake
 		..\sdkconfig.defaults = ..\sdkconfig.defaults
 		..\build\VisualGDB\Debug\config\sdkconfig.h = ..\build\VisualGDB\Debug\config\sdkconfig.h
+		..\build\VisualGDB\Debug\esp-idf\esp_system\ld\sections.ld = ..\build\VisualGDB\Debug\esp-idf\esp_system\ld\sections.ld
 	EndProjectSection
 EndProject
 Global
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
index e82e19b6..615142ba 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@@ -82,8 +82,10 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     else()
         get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
             message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
             message(STATUS "$ENV{WOLFSSL_ROOT}")
@@ -156,8 +158,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          # esp_timer
+                                          # driver # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
index 13834b08..8184da11 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
@@ -17,24 +17,228 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
+
 #
 # Component Makefile
 #
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
 
-COMPONENT_ADD_INCLUDEDIRS := . ./include
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here:
+WOLFSSL_ROOT := ../../../../../../..
 
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
+# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
+
+
+##
+## wolfSSL
+##
+COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
+# COMPONENT_OBJS += src/conf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += src/pk.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += src/x509.o
+# COMPONENT_OBJS += src/x509_str.o
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
 
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+##
+## wolfcrypt
+##
+# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
index de5e247c..99b61e15 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,16 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
+
 /* This user_settings.h is for Espressif ESP-IDF */
 #include <sdkconfig.h>
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
 
 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -37,7 +41,7 @@
 #define WOLFSSL_ESPIDF
 
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chipsets should be defined:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
@@ -46,8 +50,13 @@
 #undef WOLFSSL_ESPWROOM32SE
 #undef WOLFSSL_ESP8266
 #undef WOLFSSL_ESP32
+/* See below for chipset detection from sdkconfig.h */
 
-#define WOLFSSL_ESP32
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desparate, try NO_SESSION_CACHE.  */
+#define SMALL_SESSION_CACHE
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -62,6 +71,9 @@
 
 #define BENCH_EMBEDDED
 #define USE_CERT_BUFFERS_2048
+#define WOLFSSL_SMALL_STACK
+#define HAVE_ECC
+#define RSA_LOW_MEM
 
 /* TLS 1.3                                 */
 #define WOLFSSL_TLS13
@@ -79,7 +91,9 @@
 
 #define HAVE_AESGCM
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 
@@ -87,24 +101,17 @@
 #define WOLFSSL_SHA384
 
 /* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+/* #define WOLFSSL_SHA512 */
 
 /* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+/* #define WOLFSSL_SHA3 */
 
-#define HAVE_ED25519 /* ED25519 requires SHA512 */
+/* ED25519 requires SHA512 */
+/* #define HAVE_ED25519 */
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
- #define OPENSSL_EXTRA
 /* when you want to use pkcs7 */
 /* #define HAVE_PKCS7 */
 
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
@@ -125,7 +132,7 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* rsa primitive specific definition */
+/* RSA primitive specific definition */
 #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     /* Define USE_FAST_MATH and SMALL_STACK                        */
     #define ESP32_USE_RSA_PRIMITIVE
@@ -145,8 +152,6 @@
     #endif
 #endif
 
-#define RSA_LOW_MEM
-
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
 /* date/time                               */
@@ -173,10 +178,6 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
-
-#define WOLFSSL_SMALL_STACK
-
-
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
@@ -190,7 +191,6 @@
 #define WOLFSSL_CERT_EXT
 #define WOLFSSL_SYS_CA_CERTS
 
-
 #define WOLFSSL_CERT_TEXT
 
 #define WOLFSSL_ASN_TEMPLATE
@@ -203,7 +203,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 
-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -211,10 +211,11 @@
 --enable-asn-template
 */
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
-
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
 #if defined(CONFIG_IDF_TARGET_ESP32)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -232,6 +233,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -244,6 +246,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -257,6 +260,7 @@
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -282,6 +286,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -299,6 +304,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -315,6 +321,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -323,15 +330,28 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6
+     * See https://www.espressif.com/en/products/socs/esp32-c2 */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
 #else
     /* Anything else encountered, disable HW accleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -392,12 +412,75 @@
 #define ATCA_WOLFSSL
 */
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
@@ -413,15 +496,47 @@
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
index 9d5d26db..30388b31 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,6 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
 #include "client-tls.h"
 
 /* Espressif FreeRTOS */
@@ -28,13 +27,15 @@
     #include <freertos/event_groups.h>
 #endif
 
+/* Espressif */
+#include <esp_log.h>
+
 /* socket includes */
 #include <lwip/netdb.h>
 #include <lwip/sockets.h>
 
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
-#include "user_settings.h"
 #include <wolfssl/ssl.h>
 
 #ifdef WOLFSSL_TRACK_MEMORY
@@ -50,30 +51,6 @@
     #define DEFAULT_MAX_DHKEY_BITS 2048
 #endif
 
-#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
-    #include <wolfssl/certs_test_sm.h>
-    #define CTX_CA_CERT          root_sm2
-    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
-    #define CTX_CLIENT_CERT      client_sm2
-    #define CTX_CLIENT_CERT_SIZE sizeof_client_sm2
-    #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_PEM
-    #define CTX_CLIENT_KEY       client_sm2_priv
-    #define CTX_CLIENT_KEY_SIZE  sizeof_client_sm2_priv
-    #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_PEM
-#else
-    #include <wolfssl/certs_test.h>
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_CLIENT_CERT      client_cert_der_2048
-    #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
-    #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_CLIENT_KEY       client_key_der_2048
-    #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
-    #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
-
 /* Project */
 #include "wifi_connect.h"
 #include "time_helper.h"
@@ -87,7 +64,7 @@
  *  -h 192.168.1.128 -v 4 -l TLS13-SM4-CCM-SM3        -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
  *
  **/
-static const char* const TAG = "tls_client";
+#define TAG "client-tls"
 
 #if defined(DEBUG_WOLFSSL)
 int stack_start = -1;
@@ -264,29 +241,29 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
  *
  * reference code for SM Ciphers:
  *
-        #if defined(HAVE_AESGCM) && !defined(NO_DH)
-            #ifdef WOLFSSL_TLS13
-                defaultCipherList = "TLS13-AES128-GCM-SHA256"
-                #ifndef WOLFSSL_NO_TLS12
-                                    ":DHE-PSK-AES128-GCM-SHA256"
-                #endif
-                ;
-            #else
-                defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+    #if defined(HAVE_AESGCM) && !defined(NO_DH)
+        #ifdef WOLFSSL_TLS13
+            defaultCipherList = "TLS13-AES128-GCM-SHA256"
+            #ifndef WOLFSSL_NO_TLS12
+                                ":DHE-PSK-AES128-GCM-SHA256"
             #endif
-        #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
-                defaultCipherList = "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256"
-                #ifndef WOLFSSL_NO_TLS12
-                                    ":PSK-AES128-GCM-SHA256"
-                #endif
-                ;
-        #elif defined(HAVE_NULL_CIPHER)
-                defaultCipherList = "PSK-NULL-SHA256";
-        #elif !defined(NO_AES_CBC)
-                defaultCipherList = "PSK-AES128-CBC-SHA256";
+            ;
         #else
-                defaultCipherList = "PSK-AES128-GCM-SHA256";
+            defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
         #endif
+    #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
+            defaultCipherList = "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256"
+            #ifndef WOLFSSL_NO_TLS12
+                                ":PSK-AES128-GCM-SHA256"
+            #endif
+            ;
+    #elif defined(HAVE_NULL_CIPHER)
+            defaultCipherList = "PSK-NULL-SHA256";
+    #elif !defined(NO_AES_CBC)
+            defaultCipherList = "PSK-AES128-CBC-SHA256";
+    #else
+            defaultCipherList = "PSK-AES128-GCM-SHA256";
+    #endif
 */
 
     ret = wolfSSL_CTX_set_cipher_list(ctx, WOLFSSL_ESP32_CIPHER_SUITE);
@@ -294,16 +271,16 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
         ESP_LOGI(TAG, "Set cipher list: %s\n", WOLFSSL_ESP32_CIPHER_SUITE);
     }
     else {
-        ESP_LOGE(TAG, "ERROR: failed to set cipher list: %s\n", WOLFSSL_ESP32_CIPHER_SUITE);
+        ESP_LOGE(TAG, "ERROR: failed to set cipher list: %s\n",
+                       WOLFSSL_ESP32_CIPHER_SUITE);
     }
 #endif
 
 #ifdef DEBUG_WOLFSSL
     ShowCiphers(NULL);
-    ESP_LOGI(TAG,
-             "Stack used: %d\n",
-             CONFIG_ESP_MAIN_TASK_STACK_SIZE
-             - uxTaskGetStackHighWaterMark(NULL));
+    ESP_LOGI(TAG, "Stack used: %d\n",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - uxTaskGetStackHighWaterMark(NULL));
 #endif
 
 /* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */
@@ -328,12 +305,13 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
                                          CTX_CLIENT_CERT_SIZE,
                                          CTX_CLIENT_CERT_TYPE);
         if (ret_i != SSL_SUCCESS) {
-            ESP_LOGE(TAG, "ERROR: failed to load chain %d, please check the file.\n", ret_i);
+            ESP_LOGE(TAG, "ERROR: failed to load chain %d, "
+                          "please check the file.", ret_i);
         }
 
-    /* Load client certificates into WOLFSSL_CTX */
-    WOLFSSL_MSG("Loading...cert");
-    ret_i = wolfSSL_CTX_load_verify_buffer(ctx,
+        /* Load client certificates into WOLFSSL_CTX */
+        WOLFSSL_MSG("Loading...cert");
+        ret_i = wolfSSL_CTX_load_verify_buffer(ctx,
                                          CTX_CA_CERT,
                                          CTX_CA_CERT_SIZE,
                                          CTX_CA_CERT_TYPE);
@@ -420,10 +398,17 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 #endif
 
     /* Attach wolfSSL to the socket */
-    wolfSSL_set_fd(ssl, sockfd);
+    ret_i = wolfSSL_set_fd(ssl, sockfd);
+    if (ret_i == WOLFSSL_SUCCESS) {
+        ESP_LOGI(TAG, "wolfSSL_set_fd success");
+    }
+    else {
+        ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i);
+    }
 
     WOLFSSL_MSG("Connect to wolfSSL on the server side");
     /* Connect to wolfSSL on the server side */
+    ret_i = wolfSSL_connect(ssl);
     if (wolfSSL_connect(ssl) == SSL_SUCCESS) {
 #ifdef DEBUG_WOLFSSL
         ShowCiphers(ssl);
@@ -458,7 +443,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
         printf("%s\n", buff);
         }
     else {
-        ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL\n");
+        ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. "
+                      "Error: %d\n", ret_i);
     }
 #ifdef DEBUG_WOLFSSL
     ShowCiphers(ssl);
@@ -487,16 +473,28 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #else
     xTaskHandle _handle;
 #endif
-    /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */
+    /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions  */
+    if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
+        /* Observed approximately 6KB limit for the RTOS task stack size.
+         * Reminder parameter is bytes, not words as with generic FreeeRTOS. */
+        ESP_LOGW(TAG, "Warning: TLS_SMP_CLIENT_TASK_BYTES < 6KB");
+    }
+#ifndef WOLFSSL_SMALL_STACK
+    ESP_LOGW(TAG, "WARNING: WOLFSSL_SMALL_STACK is not defined. Consider "
+                  "defining that to reduce embedded memory usage.");
+#endif
+
+    /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
+     * Espressif uses BYTES for the task stack size here: */
     ret = xTaskCreate(tls_smp_client_task,
                       TLS_SMP_CLIENT_TASK_NAME,
-                      TLS_SMP_CLIENT_TASK_WORDS,
+                      TLS_SMP_CLIENT_TASK_BYTES,
                       NULL,
                       TLS_SMP_CLIENT_TASK_PRIORITY,
                       &_handle);
 
     if (ret != pdPASS) {
-        ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME);
+        ESP_LOGI(TAG, "Create thread %s failed.", TLS_SMP_CLIENT_TASK_NAME);
     }
     return TLS_SMP_CLIENT_TASK_RET;
 }
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
index 61f8990c..c59edbee 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
@@ -1,8 +1,8 @@
 #
 # Main component makefile.
 #
-# This Makefile can be left empty. By default, it will take the sources in the 
-# src/ directory, compile them and link them into lib(subdirectory_name).a 
-# in the build directory. This behaviour is entirely configurable,
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 #
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
index 1188ee36..de534035 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
@@ -1,6 +1,6 @@
-/* server-tls.h
+/* client-tls.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,18 +18,20 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifndef _SERVER_TLS_
-#define _SERVER_TLS_
+#ifndef _CLIENT_TLS_H_
+#define _CLIENT_TLS_H_
+
+/* Local project, auto-generated configuration */
+#include "sdkconfig.h"
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
-#include "sdkconfig.h"
 
 /* See main/Kconfig.projbuild for default configuration settings */
 #ifdef CONFIG_WOLFSSL_TARGET_HOST
     #define TLS_SMP_TARGET_HOST         CONFIG_WOLFSSL_TARGET_HOST
 #else
-    #define TLS_SMP_TARGET_HOST         "192.168.1.38"
+    #define TLS_SMP_TARGET_HOST         "192.168.1.37"
 #endif
 
 #ifdef CONFIG_WOLFSSL_TARGET_PORT
@@ -39,13 +41,20 @@
 #endif
 
 #define TLS_SMP_CLIENT_TASK_NAME        "tls_client_example"
-#define TLS_SMP_CLIENT_TASK_WORDS       22240
+
+/* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
+#if defined(WOLFSSL_ESP8266)
+    #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
+#else
+    #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
+#endif
+
 #define TLS_SMP_CLIENT_TASK_PRIORITY    8
 
 #if defined(SINGLE_THREADED)
     #define WOLFSSL_ESP_TASK int
 #else
-    #include "freertos/FreeRTOS.h"
+    #include <freertos/FreeRTOS.h>
     #define WOLFSSL_ESP_TASK void
 #endif
 
@@ -68,4 +77,5 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args);
 #else
     WOLFSSL_ESP_TASK tls_smp_client_init(void* args);
 #endif
+
 #endif /* _SERVER_TLS_ */
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
index 94c3b5eb..12c452d6 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
@@ -1,6 +1,6 @@
-/* template main.h
+/* wolfssl_client main.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
index a47f9400..3586ac65 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
@@ -1,5 +1,6 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+/* time_helper.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,8 +21,8 @@
 
 /* common Espressif time_helper v5.6.3.001 */
 
-#ifndef _TIME_HELPER_H
-#define _TIME_HELPER_H
+#ifndef _TIME_HELPER_H_
+#define _TIME_HELPER_H_
 
 /* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
  * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
@@ -32,13 +33,13 @@ extern "C" {
 #endif
 
 /* a function to show the current data and time */
-int esp_show_current_datetime();
+int esp_show_current_datetime(void);
 
 /* worst case, if GitHub time not available, used fixed time */
 int set_fixed_default_time(void);
 
 /* set time from string (e.g. GitHub commit time) */
-int set_time_from_string(char* time_buffer);
+int set_time_from_string(const char* time_buffer);
 
 /* set time from NTP servers,
  * also initially calls set_fixed_default_time or set_time_from_string */
@@ -51,4 +52,4 @@ int set_time_wait_for_ntp(void);
 } /* extern "C" */
 #endif
 
-#endif /* #ifndef _TIME_HELPER_H */
+#endif /* #ifndef _TIME_HELPER_H_ */
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
index 644ce00d..b29d5812 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
@@ -21,9 +21,6 @@
 #ifndef _WIFI_CONNECT_H_
 #define _WIFI_CONNECT_H_
 
-#include <esp_idf_version.h>
-#include <esp_log.h>
-
 /* ESP lwip */
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 
@@ -48,19 +45,54 @@
  * file my_private_config.h should be excluded from git updates */
 /* #define  USE_MY_PRIVATE_CONFIG */
 
-#ifdef  USE_MY_PRIVATE_CONFIG
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
     #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
         #include "/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
         #include "/mnt/c/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
         #include "~/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
         #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
     #else
-        #warning "did not detect environment. using ~/my_private_config.h"
-        #include "~/my_private_config.h"
-	#endif
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
+    #endif
 #else
 
     /*
@@ -70,14 +102,22 @@
     ** If you'd rather not, just change the below entries to strings with
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
-    #ifdef CONFIG_ESP_WIFI_SSID
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* tyically from ESP32 with ESP-IDF v4 ot v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
     #else
         #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
     #endif
 
-    #ifdef CONFIG_ESP_WIFI_PASSWORD
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
     #else
         #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
     #endif
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
index add43ada..fa116ed1 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,8 +27,9 @@
 #include <esp_event.h>
 
 /* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here */
 #include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
 #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #ifndef WOLFSSL_ESPIDF
     #warning "Problem with wolfSSL user_settings."
@@ -44,13 +45,17 @@
      * For wired ethernet, see:
      * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
     #include "wifi_connect.h"
+    /*
+     * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
+     * See https://github.com/espressif/esp-modbus/issues/2
+     */
 #endif
 
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-static const char* const TAG = "TLS Client";
+static const char* TAG = "main";
 
 #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
                                   && defined(WOLFSSL_ATECC508A)
@@ -115,7 +120,7 @@ void my_atmel_free(int slotId)
 #endif /* CUSTOM_SLOT_ALLOCATION                                       */
 #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
-/* for FreeRTOS */
+/* Entry for FreeRTOS */
 void app_main(void)
 {
     int stack_start = 0;
@@ -126,26 +131,42 @@ void app_main(void)
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+#ifdef ESP_SDK_MEM_LIB_VERSION
+    sdk_init_meminfo();
+#endif
 #ifdef ESP_TASK_MAIN_STACK
     ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
 #endif
 #ifdef TASK_EXTRA_STACK_SIZE
     ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+
+#ifdef SINGLE_THREADED
+    ESP_LOGI(TAG, "Single threaded");
+#else
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
-                   (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
+             (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
+
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    {
+        /* Returns the high water mark of the stack associated with xTask. That is,
+         * the minimum free stack space there has been (in bytes not words, unlike
+         * vanilla FreeRTOS) since the task started. The smaller the returned
+         * number the closer the task has come to overflowing its stack.
+         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
+         */
+        stack_start = uxTaskGetStackHighWaterMark(NULL);
+        #ifdef ESP_SDK_MEM_LIB_VERSION
+        {
+            sdk_var_whereis("stack_start", &stack_start);
+        }
+        #endif
 
-    /* Returns the high water mark of the stack associated with xTask. That is,
-     * the minimum free stack space there has been (in bytes not words, unlike
-     * vanilla FreeRTOS) since the task started. The smaller the returned
-     * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
-     */
-    stack_start = uxTaskGetStackHighWaterMark(NULL);
-    ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
-#endif
+        ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
+    }
+    #endif /* INCLUDE_uxTaskGetStackHighWaterMark */
+#endif /* SINGLE_THREADED */
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
     esp_ShowExtendedSystemInfo();
@@ -184,11 +205,23 @@ void app_main(void)
 
     /* Initialize NVS */
     ret = nvs_flash_init();
-    if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
-        ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
-        ESP_ERROR_CHECK(nvs_flash_erase());
-        ret = nvs_flash_init();
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+    {
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
     }
+    #else
+    {
+        /* Non-ESP8266 initialization is slightly different */
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
+            ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
+    }
+    #endif /* else not CONFIG_IDF_TARGET_ESP8266 */
     ESP_ERROR_CHECK(ret);
 
     #if defined(CONFIG_IDF_TARGET_ESP32H2)
@@ -203,8 +236,8 @@ void app_main(void)
             ESP_LOGI(TAG, "Trying WiFi again...");
             ret = wifi_init_sta();
         }
-    #endif
-#endif
+    #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */
+#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */
 
     /* Once we are connected to the network, start & wait for NTP time */
     ret = set_time_wait_for_ntp();
@@ -216,14 +249,6 @@ void app_main(void)
         esp_show_current_datetime();
     }
 
-    /* HWM is maximum amount of stack space that has been unused, in bytes
-     * not words (unlike vanilla freeRTOS). */
-    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
-                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                   - (uxTaskGetStackHighWaterMark(NULL))
-            );
-    ESP_LOGI(TAG, "Starting TLS Client task ...\n");
-
 #if defined(SINGLE_THREADED)
     /* just call the task */
     tls_smp_client_task((void*)NULL);
@@ -232,6 +257,19 @@ void app_main(void)
     /* start a thread with the task */
     args[0].loops = 10;
     args[0].port = 11111;
+
+    /* HWM is maximum amount of stack space that has been unused, in bytes
+     * not words (unlike vanilla freeRTOS). */
+    int this_heap;
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - (uxTaskGetStackHighWaterMark(NULL))
+            );
+    ESP_LOGI(TAG, "Starting TLS Client task ...\n");
+
+    ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
+                  &this_heap, this_heap);
     tls_smp_client_init(args);
 /* optional additional client threads
     tls_smp_client_init(args);
@@ -244,24 +282,24 @@ void app_main(void)
 */
 #endif
 
+    /* Done */
+#ifdef SINGLE_THREADED
+    ESP_LOGV(TAG, "\n\nDone!\n\n");
+    while (1);
+#else
     ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
     vTaskDelete(NULL);
     /* done */
     while (1) {
         ESP_LOGV(TAG, "\n\nLoop...\n\n");
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
         ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
         ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
                                         - (uxTaskGetStackHighWaterMark(NULL) ));
-#endif
-
-#if defined(SINGLE_THREADED)
-        ESP_LOGV(TAG, "\n\nDone!\n\n");
-        while (1);
-#else
+    #endif
         vTaskDelay(60000);
-#endif
-    } /* done whle */
+    } /* done while */
+#endif /* else not SINGLE_THREADED */
 
 } /* app_main */
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
index 5149d2e6..5eb06a14 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,14 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* common Espressif time_helper v5.6.3.002 */
-#include "esp_idf_version.h"
+/* See https://tf.nist.gov/tf-cgi/servers.cgi */
+
+/* common Espressif time_helper v5.6.6.001 */
 #include "sdkconfig.h"
 #include "time_helper.h"
 
 #include <esp_log.h>
+#include <esp_idf_version.h>
 
 #if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
     #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR >= 1)
@@ -36,25 +38,24 @@
         #include <esp_sntp.h>
     #endif
 #else
-    /* TODO Consider pre IDF v5? */
+    /* TODO Consider non ESP-IDF environments */
 #endif
 
 /* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
  * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
  */
-const static char* TAG = "time_helper";
 
 /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
 #ifndef TIME_ZONE
-/*
- * PST represents Pacific Standard Time.
- * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
- *   that Pacific Time is UTC-8 during standard time.
- * PDT represents Pacific Daylight Time.
- * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
- *   second (2) Sunday (0) of March (3).
- * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
- */
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
+     *   that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
+     */
     #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
 #endif /* not defined: TIME_ZONE, so we are setting our own */
 
@@ -87,11 +88,13 @@ const static char* TAG = "time_helper";
 
 char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
 
+const static char* TAG = "time_helper";
+
 /* our NTP server list is global info */
 extern char* ntpServerList[NTP_SERVER_COUNT];
 
 /* Show the current date and time */
-int esp_show_current_datetime()
+int esp_show_current_datetime(void)
 {
     time_t now;
     char strftime_buf[64];
@@ -104,7 +107,7 @@ int esp_show_current_datetime()
     localtime_r(&now, &timeinfo);
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
-    return 0;
+    return ESP_OK;
 }
 
 /* the worst-case scenario is a hard-coded date/time */
@@ -113,9 +116,9 @@ int set_fixed_default_time(void)
     /* ideally, we'd like to set time from network,
      * but let's set a default time, just in case */
     struct tm timeinfo = {
-        .tm_year = 2023 - 1900,
-        .tm_mon  = 10,
-        .tm_mday = 02,
+        .tm_year = 2024 - 1900,
+        .tm_mon  = 1,
+        .tm_mday = 05,
         .tm_hour = 13,
         .tm_min  = 01,
         .tm_sec  = 05
@@ -130,7 +133,38 @@ int set_fixed_default_time(void)
     ESP_LOGI(TAG, "Adjusting time from fixed value");
     now = (struct timeval){ .tv_sec = interim_time };
     ret = settimeofday(&now, NULL);
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
+
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
 
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
     return ret;
 }
 
@@ -138,60 +172,66 @@ int set_fixed_default_time(void)
  *
  * returns 0 = success if able to set the time from the provided string
  * error for any other value, typically -1 */
-int set_time_from_string(char* time_buffer)
+int set_time_from_string(const char* time_buffer)
 {
     /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
     const char *format = "%3s %3s %d %d:%d:%d %d %s";
     struct tm this_timeinfo;
     struct timeval now;
     time_t interim_time;
-    char offset[6]; /* expecting trailing single quote, not used */
-    char day_str[4];
-    char month_str[4];
     int day, year, hour, minute, second;
     int quote_offset = 0;
     int ret = 0;
 
-    /* we are expecting the string to be encapsulated in single quotes */
-    if (*time_buffer == 0x27) {
-        quote_offset = 1;
-    }
+    /* perform some basic sanity checkes */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
+        }
 
-    ret = sscanf(time_buffer + quote_offset,
-                format,
-                day_str, month_str,
-                &day, &hour, &minute, &second, &year, &offset);
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
 
-    if (ret == 8) {
-        /* we found a match for all componets */
+        if (ret == 8) {
+            /* we found a match for all componets */
 
-        const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                                 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
 
-        for (int i = 0; i < 12; i++) {
-            if (strcmp(month_str, months[i]) == 0) {
-                this_timeinfo.tm_mon = i;
-                break;
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
             }
-        }
 
-        this_timeinfo.tm_mday = day;
-        this_timeinfo.tm_hour = hour;
-        this_timeinfo.tm_min = minute;
-        this_timeinfo.tm_sec = second;
-        this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
 
-        interim_time = mktime(&this_timeinfo);
-        now = (struct timeval){ .tv_sec = interim_time };
-        ret = settimeofday(&now, NULL);
-        ESP_LOGI(TAG, "Time updated to %s", time_buffer);
-    }
-    else {
-        ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer);
-        ESP_LOGI(TAG, "Trying fixed date that was hard-coded.");
-        set_fixed_default_time();
-        ret = -1;
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
     }
+
     return ret;
 }
 
@@ -224,14 +264,16 @@ int set_time(void)
 
 #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
     /* initialy set a default approximate time from recent git commit */
-    ESP_LOGI(TAG, "Found git hash date, attempting to set system date.");
-    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
     esp_show_current_datetime();
 
     ret = -4;
 #else
     /* otherwise set a fixed time that was hard coded */
     set_fixed_default_time();
+    esp_show_current_datetime();
     ret = -3;
 #endif
 
@@ -262,6 +304,7 @@ int set_time(void)
             }
             ESP_LOGI(TAG, "%s", thisServer);
             sntp_setservername(i, thisServer);
+            ret = ESP_OK;
         }
     #ifdef HAS_ESP_NETIF_SNTP
         ret = esp_netif_sntp_init(&config);
@@ -289,6 +332,9 @@ int set_time(void)
         ESP_LOGW(TAG, "No sntp time servers found.");
         ret = -1;
     }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
     return ret;
 }
 
@@ -303,6 +349,8 @@ int set_time_wait_for_ntp(void)
     ret = esp_netif_sntp_start();
 
     ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined");
 #endif /* HAS_ESP_NETIF_SNTP */
     esp_show_current_datetime();
 
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
index b9f9ab73..19ced330 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,17 +18,20 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
- #include "wifi_connect.h"
+#include "wifi_connect.h"
 
+/* FreeRTOS */
 #include <freertos/FreeRTOS.h>
 #include <freertos/task.h>
 #include <freertos/event_groups.h>
-#include <esp_wifi.h>
+
+/* Espressif */
 #include <esp_log.h>
+#include <esp_idf_version.h>
+#include <esp_wifi.h>
 
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
-#include "user_settings.h"
 #include <wolfssl/version.h>
 #include <wolfssl/wolfcrypt/types.h>
 #ifndef WOLFSSL_ESPIDF
@@ -36,7 +39,12 @@
     #warning "Check components/wolfssl/include"
 #endif
 
-#if ESP_IDF_VERSION_MAJOR >= 5
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5
+    /* example path set in cmake file */
 #elif ESP_IDF_VERSION_MAJOR >= 4
     #include "protocol_examples_common.h"
 #else
@@ -44,7 +52,9 @@
     static EventGroupHandle_t wifi_event_group;
 #endif
 
-#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
     #if ESP_IDF_VERSION_MAJOR >= 4
         /* likely using examples, see wifi_connect.h */
     #else
@@ -64,7 +74,114 @@
 /* breadcrumb prefix for logging */
 const static char *TAG = "wifi_connect";
 
-#if ESP_IDF_VERSION_MAJOR < 4
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+
+int wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes including WEP/WPA.
+        * However these modes are deprecated and not advisable to be used. Incase your Access point
+        * doesn't support WPA2, these mode can be enabled by commenting below line */
+
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum
+     * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
 /* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
@@ -270,7 +387,8 @@ int wifi_init_sta(void)
 
 int wifi_show_ip(void)
 {
-    /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */
-    return 0;
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
 }
 #endif
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
index f8bce25f..ff9a5d4c 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
@@ -1,26 +1,15 @@
-CONFIG_FREERTOS_HZ=1000
-CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
-
-#
-# Default main stack size
-#
-# This is typically way bigger than needed for stack size. See user_settings.h
-#
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# sdkconfig.defaults for ESP8266 + ESP32
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
 
-#
-# Compiler options
-#
-CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
-CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
-CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
-CONFIG_COMPILER_HIDE_PATHS_MACROS=y
-CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
-CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
 
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+CONFIG_FREERTOS_HZ=1000
 #
 # Partition Table
 #
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
new file mode 100644
index 00000000..f0501227
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM70</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>false</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>
\ No newline at end of file
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
index e82e19b6..e129a64e 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@@ -82,8 +82,10 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     else()
         get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
             message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
             message(STATUS "$ENV{WOLFSSL_ROOT}")
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
index e82e19b6..e129a64e 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@@ -82,8 +82,10 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     else()
         get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
             message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
             message(STATUS "$ENV{WOLFSSL_ROOT}")
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
index 1c21bd93..2fd41d3f 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
@@ -36,6 +36,10 @@
 #include <wolfcrypt/test/test.h>
 #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 
+/* set to 0 for one benchmark,
+** set to 1 for continuous benchmark loop */
+#define TEST_LOOP 0
+
 /*
 ** the wolfssl component can be installed in either:
 **
@@ -190,7 +194,10 @@ void app_main(void)
 #if defined(NO_ESP32_CRYPT)
     ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED.");
 #else
-    #if defined(CONFIG_IDF_TARGET_ESP32C3)
+    #if defined(CONFIG_IDF_TARGET_ESP32C2)
+        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C2.");
+
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3)
         ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C3.");
 
     #elif defined(CONFIG_IDF_TARGET_ESP32S2)
@@ -239,8 +246,11 @@ void app_main(void)
 
         loops++;
     }
-    while (ret == 0);
-    ESP_LOGI(TAG, "loops = %d", loops);
+    while (TEST_LOOP && (ret == 0));
+
+#if defined TEST_LOOP && (TEST_LOOP == 1)
+    ESP_LOGI(TAG, "Test loops completed: %d", loops);
+#endif
 
     /* note wolfCrypt_Cleanup() should always be called when finished.
     ** This is called at the end of wolf_test_task();
@@ -266,8 +276,12 @@ void app_main(void)
                                         - (uxTaskGetStackHighWaterMark(NULL)));
 #endif
 
+#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#else
     ESP_LOGI(TAG, "\n\nDone!\n\n"
                   "If running from idf.py monitor, press twice: Ctrl+]");
+#endif
 
     /* done */
     while (1) {
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/README.md b/extra/wolfssl/wolfssl/IDE/Espressif/README.md
index dea3b36a..5bb1622f 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/README.md
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/README.md
@@ -154,7 +154,48 @@ CMake Error at run_serial_tool.cmake:56 (message):
 
 Solution:
 
-Press and hold`EN` button, press and release `IO0` button, then release `EN` button.
+Press and hold `EN` button, press and release `IO0` button, then release `EN` button.
+
+### Unknown CMake command "esptool_py_flash_project_args".
+
+This unintuitive error was observed when including an unneeded `set(COMPONENTS` in the project-level CMakeLists.txt
+and attempting to build with an older toolchain, such as the RTOS SDK 3.4 for the ESP8266.
+
+### PermissionError: [Errno 13] Permission denied could not open port {}
+
+This error, other than the obvious permissions, also occurs when the port is in use by another application:
+
+```text
+Traceback (most recent call last):
+  File "/home/gojimmypi/.espressif/python_env/rtos3.4_py3.10_env/lib/python3.10/site-packages/serial/serialposix.py", line 322, in open
+    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
+PermissionError: [Errno 13] Permission denied: '/dev/ttyS55'
+
+During handling of the above exception, another exception occurred:
+
+Traceback (most recent call last):
+    [... snip ...]
+raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
+serial.serialutil.SerialException: [Errno 13] could not open port /dev/ttyS55: [Errno 13] Permission denied: '/dev/ttyS55'
+```
+### Panic Task watchdog got triggered.
+
+Long-running code may trip the watchdog timer.
+
+```
+Task watchdog got triggered.
+
+Guru Meditation Error: Core  0 panic'ed (unknown). Exception was unhandled.
+```
+
+The watchdog needs to be [fed](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-reference/system/wdts.html?highlight=watchdog#_CPPv418esp_task_wdt_resetv) on a regular basis
+with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`.
+
+Try turning off the WDT in menuconfig, or for Makefiles:
+
+```
+EXTRA_CFLAGS += -DNO_WATCHDOG
+```
 
 #### Other Solutions
 
diff --git a/extra/wolfssl/wolfssl/IDE/Espressif/include.am b/extra/wolfssl/wolfssl/IDE/Espressif/include.am
index 66203415..5011e51f 100644
--- a/extra/wolfssl/wolfssl/IDE/Espressif/include.am
+++ b/extra/wolfssl/wolfssl/IDE/Espressif/include.am
@@ -95,6 +95,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_hel
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md
 
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
 
diff --git a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/user_settings.h b/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/user_settings.h
index 289a4d71..c6274a29 100644
--- a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/user_settings.h
+++ b/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/user_settings.h
@@ -1,4 +1,3 @@
-
 #define NO_MAIN_DRIVER
 #define BENCH_EMBEDDED
 #define NO_WRITEV
@@ -17,10 +16,59 @@
 
 #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
 
-#define TFM_TIMING_RESISTANT
+/* A few examples of different math options below.
+ *
+ * See examples/configs/user_settings_template.h for a more
+ * detailed template. */
+#if 1
+    /* Use only single precision (SP) math and algorithms.
+     * SP math is written to accelerate specific/common key
+     * sizes and curves. This adds code from sp_c32.c, or one of the specific
+     * assembly implementations like sp_cortexm.c. This code is faster than the
+     * multi-precision support because it's optimized for the key/curve.
+     * The SP math can be used together with any multi-precision math library
+     * if WOLFSSL_SP_MATH is removed. If only standard keys/curves are being
+     * used the multi-precision math is not required.
+     */
+    #define WOLFSSL_SP_MATH
+    /* Enable SP ECC support */
+    #define WOLFSSL_HAVE_SP_ECC
+    /* Enable SP RSA support */
+    #define WOLFSSL_HAVE_SP_RSA
+    /* Enable SP DH support */
+    #define WOLFSSL_HAVE_SP_DH
+    /* Reduce stack use specifically in SP implementation.  */
+    #define WOLFSSL_SP_SMALL_STACK
+    /* use smaller version of code */
+    #define WOLFSSL_SP_SMALL
+    /* Assembly optimized version - sp_cortexm.c */
+    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+#elif 1
+    /* Use SP math for all key sizes and curves. This will use
+     * the multi-precision (MP) math implementation in sp_int.c */
+    #define WOLFSSL_SP_MATH_ALL
+    /* Disable use of dynamic stack items */
+    #define WOLFSSL_SP_NO_DYN_STACK
+    /* use smaller version of code */
+    #define WOLFSSL_SP_SMALL
+#elif 1
+    /* Fast Math (tfm.c) (stack based and timing resistant) */
+    #define USE_FAST_MATH
+    /* Enable Fast Math Timing Resistance */
+    #define TFM_TIMING_RESISTANT
+#else
+    /* Normal (integer.c) (heap based, not timing resistant) - not recommended*/
+    #define USE_INTEGER_HEAP_MATH
+#endif
+
+/* Enable ECC Timing Resistance */
 #define ECC_TIMING_RESISTANT
+/* Enables blinding mode, to prevent timing attacks */
 #define WC_RSA_BLINDING
 
+/* reduce stack use. For variables over 100 bytes allocate from heap */
+#define WOLFSSL_SMALL_STACK
+/* disable mutex locking */
 #define SINGLE_THREADED  /* or define RTOS  option */
 /* #define WOLFSSL_CMSIS_RTOS */
 #define NO_FILESYSTEM
diff --git a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink b/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink
deleted file mode 100644
index 3a2fb474..00000000
--- a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink
+++ /dev/null
@@ -1,39 +0,0 @@
-[BREAKPOINTS]
-ForceImpTypeAny = 0
-ShowInfoWin = 1
-EnableFlashBP = 2
-BPDuringExecution = 0
-[CFI]
-CFISize = 0x00
-CFIAddr = 0x00
-[CPU]
-MonModeVTableAddr = 0xFFFFFFFF
-MonModeDebug = 0
-MaxNumAPs = 0
-LowPowerHandlingMode = 0
-OverrideMemMap = 0
-AllowSimulation = 1
-ScriptFile=""
-[FLASH]
-CacheExcludeSize = 0x00
-CacheExcludeAddr = 0x00
-MinNumBytesFlashDL = 0
-SkipProgOnCRCMatch = 1
-VerifyDownload = 1
-AllowCaching = 1
-EnableFlashDL = 2
-Override = 1
-Device="ATSAMV71Q21"
-[GENERAL]
-WorkRAMSize = 0x00
-WorkRAMAddr = 0x00
-RAMUsageLimit = 0x00
-[SWO]
-SWOLogFile=""
-[MEM]
-RdOverrideOrMask = 0x00
-RdOverrideAndMask = 0xFFFFFFFF
-RdOverrideAddr = 0xFFFFFFFF
-WrOverrideOrMask = 0x00
-WrOverrideAndMask = 0xFFFFFFFF
-WrOverrideAddr = 0xFFFFFFFF
diff --git a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt b/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt
deleted file mode 100644
index 86013a04..00000000
--- a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt
+++ /dev/null
@@ -1,2382 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <group>
-    <name>Application</name>
-    <file>
-      <name>$PROJ_DIR$\Application\runBenchmarks.c</name>
-    </file>
-  </group>
-  <group>
-    <name>benchmark</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\benchmark\benchmark.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Device_Support</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Setup</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c</name>
-    </file>
-  </group>
-</project>
-
-
diff --git a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt b/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt
deleted file mode 100644
index e0722daa..00000000
--- a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt
+++ /dev/null
@@ -1,2400 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <group>
-    <name>wolfcrypt_sources</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\aes.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\asn.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha20_poly1305.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\coding.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\des3.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dh.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dsa.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\ecc.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hash.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\kdf.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hmac.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md4.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md5.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\memory.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\misc.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\poly1305.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\pwdbased.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\random.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\rsa.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha256.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha512.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\tfm.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_encrypt.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_port.c</name>
-    </file>
-  </group>
-</project>
-
-
diff --git a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink b/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink
deleted file mode 100644
index 3a2fb474..00000000
--- a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink
+++ /dev/null
@@ -1,39 +0,0 @@
-[BREAKPOINTS]
-ForceImpTypeAny = 0
-ShowInfoWin = 1
-EnableFlashBP = 2
-BPDuringExecution = 0
-[CFI]
-CFISize = 0x00
-CFIAddr = 0x00
-[CPU]
-MonModeVTableAddr = 0xFFFFFFFF
-MonModeDebug = 0
-MaxNumAPs = 0
-LowPowerHandlingMode = 0
-OverrideMemMap = 0
-AllowSimulation = 1
-ScriptFile=""
-[FLASH]
-CacheExcludeSize = 0x00
-CacheExcludeAddr = 0x00
-MinNumBytesFlashDL = 0
-SkipProgOnCRCMatch = 1
-VerifyDownload = 1
-AllowCaching = 1
-EnableFlashDL = 2
-Override = 1
-Device="ATSAMV71Q21"
-[GENERAL]
-WorkRAMSize = 0x00
-WorkRAMAddr = 0x00
-RAMUsageLimit = 0x00
-[SWO]
-SWOLogFile=""
-[MEM]
-RdOverrideOrMask = 0x00
-RdOverrideAndMask = 0xFFFFFFFF
-RdOverrideAddr = 0xFFFFFFFF
-WrOverrideOrMask = 0x00
-WrOverrideAndMask = 0xFFFFFFFF
-WrOverrideAddr = 0xFFFFFFFF
diff --git a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt b/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt
deleted file mode 100644
index 2847ab53..00000000
--- a/extra/wolfssl/wolfssl/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt
+++ /dev/null
@@ -1,2382 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <group>
-    <name>Application</name>
-    <file>
-      <name>$PROJ_DIR$\Application\runWolfcryptTests.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Device_Support</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Setup</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c</name>
-    </file>
-  </group>
-  <group>
-    <name>wolfcrypt_test</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\test\test.c</name>
-    </file>
-  </group>
-</project>
-
-
diff --git a/extra/wolfssl/wolfssl/IDE/LINUX-SGX/sgx_t_static.mk b/extra/wolfssl/wolfssl/IDE/LINUX-SGX/sgx_t_static.mk
index 5f26391b..ebb718cf 100644
--- a/extra/wolfssl/wolfssl/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/extra/wolfssl/wolfssl/IDE/LINUX-SGX/sgx_t_static.mk
@@ -88,6 +88,7 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.c\
 					$(WOLFSSL_ROOT)/src/ssl.c\
 					$(WOLFSSL_ROOT)/src/tls.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/README.md b/extra/wolfssl/wolfssl/IDE/MPLABX16/README.md
new file mode 100644
index 00000000..a35b6dec
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/README.md
@@ -0,0 +1,62 @@
+# wolfSSL MPLAB X Project Files for XC16
+
+This directory contains project files for the Microchip MPLAB X IDE. These
+projects have been set up to use the Microchip PIC24 Starter Kit
+and the Microchip XC16 compiler.
+
+In order to generate the necessary auto-generated MPLAB X files, make sure
+to import the wolfssl.X project into your MPLAB X workspace before trying to
+build the wolfCrypt test. This will correctly set up the respective project's
+Makefiles.
+
+## Included Project Files
+
+### wolfSSL library (wolfssl.X)
+
+This project builds a static wolfSSL library. The settings for this project are in `user_settings.h`:
+```
+<wolfssl_root>/IDE/MPLABX16/user_settings.h
+```
+
+After this project has been built, the compiled library will be located at:
+```
+<wolfssl_root>/IDE/MPLABX16/wolfssl.X/dist/default/production/wolfssl.X.a
+```
+
+### wolfCrypt Test App (wolfcrypt_test.X)
+
+This project tests the wolfCrypt cryptography modules. It is generally a good
+idea to run this first on an embedded system after compiling wolfSSL in order
+to verify all underlying crypto is working correctly. This project depends on
+files generated by Microchip's MCC tool to view the UART output. Follow the
+steps below to generate that code.
+
+## Generating MCC UART code
+
+1. Open the MPLAB Code Configurator application.
+
+2. Set the Project path to the wolfSSL/IDE/MPLABX16 and enter your PIC device
+into the interface.
+
+3. Select MCC Clasic as the content type and click `Finish`.
+
+4. Under the Device Resources section, find the UART entry and add the UART1
+peripheral.
+
+5. Note the UART settings and check the `Enable UART Interrupts` and
+`Redirect Printf to UART` boxes.
+
+6. Click the `Generate` button.
+
+
+**Note** : If using an older version of `xc16`, you may have to add the
+following to `user_settings.h`.
+```
+#define WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MAX
+```
+
+## Support
+
+Please send questions or comments to support@wolfssl.com
+
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/include.am b/extra/wolfssl/wolfssl/IDE/MPLABX16/include.am
new file mode 100644
index 00000000..d7f855b1
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST +=                            \
+    IDE/MPLABX16/README.md       \
+    IDE/MPLABX16/main.c     \
+                IDE/MPLABX16/user_settings.h
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c b/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c
new file mode 100644
index 00000000..fadad81d
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c
@@ -0,0 +1,39 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <stdio.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/test/test.h>
+
+#include <stdlib.h>
+
+#include "xc.h"
+#include "mcc_generated_files/mcc.h"
+
+int main(void) {
+    SYSTEM_Initialize();
+
+    wolfcrypt_test(NULL);
+
+    return 0;
+}
+
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/user_settings.h b/extra/wolfssl/wolfssl/IDE/MPLABX16/user_settings.h
new file mode 100644
index 00000000..d4754db8
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/user_settings.h
@@ -0,0 +1,414 @@
+/* Example custom user settings for wolfSSL */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef  WOLFSSL_SMALL_STACK
+#define WOLFSSL_SMALL_STACK
+
+#define MICROCHIP_PIC24
+
+/* Define for older versions of xc16 */
+#if 0
+    #define WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MAX
+#endif
+
+#ifdef MICROCHIP_PIC24
+    #define SIZEOF_LONG_LONG 8
+    #define SIZEOF_LONG 4
+    #define SINGLE_THREADED
+    #define WOLFSSL_USER_IO
+    #define NO_WRITEV
+    #define NO_DEV_RANDOM
+    #define NO_FILESYSTEM
+    #define BENCH_EMBEDDED
+    #define WC_16BIT_CPU
+    #define WORD64_AVAILABLE
+    #define WOLFSSL_GENSEED_FORTEST
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#if 1
+    #undef  USE_FAST_MATH
+    #define USE_FAST_MATH
+
+    #undef  FP_MAX_BITS
+    #define FP_MAX_BITS     2048
+#else
+    #define WOLFSSL_SP_MATH 
+    #define WOLFSSL_SP_SMALL
+    #define WOLFSSL_SP_MATH_ALL
+    #define SP_INT_BITS 256
+#endif
+
+
+#ifdef USE_FAST_MATH
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations */
+    //#define TFM_MIPS
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* ECC */
+#if 1
+    #undef  HAVE_ECC
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    #define ECC_USER_CURVES
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    //#define HAVE_ECC192
+    //#define HAVE_ECC224
+    //#define HAVE_ECC384
+    /* Fixed point cache (speeds repeated operations against same private key) */
+#if 1
+    #undef  FP_ECC
+    #define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+
+    #ifdef USE_FAST_MATH
+        /* use reduced size math buffers for ecc points */
+        #undef  ALT_ECC_SIZE
+        #define ALT_ECC_SIZE
+
+        /* Enable TFM optimizations for ECC */
+        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC192
+        #endif
+        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC224
+        #endif
+        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC256
+        #endif
+        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC384
+        #endif
+        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC521
+        #endif
+    #endif
+#endif
+#endif
+
+/* RSA */
+#undef NO_RSA
+#if 0
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+#define RSA_LOW_MEM
+
+    #undef WC_RSA_PSS
+    #define WC_RSA_PSS
+
+    /* timing resistance */
+    #undef  WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
+#else
+    #define NO_RSA
+#endif
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_DECRYPT
+    #define HAVE_AES_DECRYPT
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    #undef  GCM_SMALL
+    #define GCM_SMALL
+
+ /* #undef  HAVE_AESCCM
+    #define HAVE_AESCCM */
+
+ /* #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT */
+    
+    #undef  NO_AES_CBC
+    #define NO_AES_CBC
+#else
+    #define NO_AES
+#endif
+
+/* DES3 */
+#undef NO_DES3
+#if 0
+    #undef  WOLFSSL_DES_ECB
+    #define WOLFSSL_DES_ECB
+#else
+    #define NO_DES3
+#endif
+
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 0
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 0
+    /* 1k smaller, but 25% slower */
+    #define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 0
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 0
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    #define USE_SLOW_SHA2
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+//#undef  USE_CERT_BUFFERS_2048
+//#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_1024
+#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Time */
+/* ------------------------------------------------------------------------- */
+#if 0
+    /* Override Current Time */
+    /* Allows custom "custom_time()" function to be used for benchmark */
+    #define WOLFSSL_USER_CURRTIME
+    #define USER_TICKS
+    extern unsigned long custom_time(unsigned long* timer);
+    #define XTIME custom_time
+#else
+    //#warning Time/RTC disabled
+    #undef  NO_ASN_TIME
+    #define NO_ASN_TIME
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef  DEBUG_WOLFSSL
+
+#if 0
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_DEBUG_TLS
+    /* Use this to measure / print heap usage */
+        #undef  USE_WOLFSSL_MEMORY
+        #define USE_WOLFSSL_MEMORY
+        #undef  WOLFSSL_TRACK_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+#else
+    #undef  NO_WOLFSSL_MEMORY
+    #define NO_WOLFSSL_MEMORY
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Misc */
+/* ------------------------------------------------------------------------- */
+#define WOLFSSL_ASN_TEMPLATE
+#define NO_ERROR_STRINGS
+#define NO_LARGE_HASH_TEST
+#define NO_PKCS12
+#define NO_PKCS8
+#define WOLFSSL_NO_PEM
+
+    
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef  KEEP_PEER_CERT
+#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+#define HAVE_COMP_KEY
+
+#undef  WOLFSSL_TLS13
+#define WOLFSSL_TLS13
+
+#undef  HAVE_HKDF
+#define HAVE_HKDF
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#ifdef HAVE_ECC
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+#endif
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+#define NO_DEV_RANDOM
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_DH
+#define NO_DH
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  WOLFSSL_NO_TLS12
+#define WOLFSSL_NO_TLS12
+
+#undef  NO_PSK
+//#define NO_PSK
+#define WOLFSSL_STATIC_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  NO_MD5    
+#define NO_MD5
+
+#undef  NO_DES3
+#define NO_DES3
+
+#undef  NO_CODING
+//#define NO_CODING
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/Makefile b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/Makefile
new file mode 100644
index 00000000..fca8e2cc
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/Makefile
@@ -0,0 +1,113 @@
+#
+#  There exist several targets which are by default empty and which can be 
+#  used for execution of your targets. These targets are usually executed 
+#  before and after some main targets. They are: 
+#
+#     .build-pre:              called before 'build' target
+#     .build-post:             called after 'build' target
+#     .clean-pre:              called before 'clean' target
+#     .clean-post:             called after 'clean' target
+#     .clobber-pre:            called before 'clobber' target
+#     .clobber-post:           called after 'clobber' target
+#     .all-pre:                called before 'all' target
+#     .all-post:               called after 'all' target
+#     .help-pre:               called before 'help' target
+#     .help-post:              called after 'help' target
+#
+#  Targets beginning with '.' are not intended to be called on their own.
+#
+#  Main targets can be executed directly, and they are:
+#  
+#     build                    build a specific configuration
+#     clean                    remove built files from a configuration
+#     clobber                  remove all built files
+#     all                      build all configurations
+#     help                     print help mesage
+#  
+#  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
+#  .help-impl are implemented in nbproject/makefile-impl.mk.
+#
+#  Available make variables:
+#
+#     CND_BASEDIR                base directory for relative paths
+#     CND_DISTDIR                default top distribution directory (build artifacts)
+#     CND_BUILDDIR               default top build directory (object files, ...)
+#     CONF                       name of current configuration
+#     CND_ARTIFACT_DIR_${CONF}   directory of build artifact (current configuration)
+#     CND_ARTIFACT_NAME_${CONF}  name of build artifact (current configuration)
+#     CND_ARTIFACT_PATH_${CONF}  path to build artifact (current configuration)
+#     CND_PACKAGE_DIR_${CONF}    directory of package (current configuration)
+#     CND_PACKAGE_NAME_${CONF}   name of package (current configuration)
+#     CND_PACKAGE_PATH_${CONF}   path to package (current configuration)
+#
+# NOCDDL
+
+
+# Environment 
+MKDIR=mkdir
+CP=cp
+CCADMIN=CCadmin
+RANLIB=ranlib
+
+
+# build
+build: .build-post
+
+.build-pre:
+# Add your pre 'build' code here...
+
+.build-post: .build-impl
+# Add your post 'build' code here...
+
+
+# clean
+clean: .clean-post
+
+.clean-pre:
+# Add your pre 'clean' code here...
+# WARNING: the IDE does not call this target since it takes a long time to
+# simply run make. Instead, the IDE removes the configuration directories
+# under build and dist directly without calling make.
+# This target is left here so people can do a clean when running a clean
+# outside the IDE.
+
+.clean-post: .clean-impl
+# Add your post 'clean' code here...
+
+
+# clobber
+clobber: .clobber-post
+
+.clobber-pre:
+# Add your pre 'clobber' code here...
+
+.clobber-post: .clobber-impl
+# Add your post 'clobber' code here...
+
+
+# all
+all: .all-post
+
+.all-pre:
+# Add your pre 'all' code here...
+
+.all-post: .all-impl
+# Add your post 'all' code here...
+
+
+# help
+help: .help-post
+
+.help-pre:
+# Add your pre 'help' code here...
+
+.help-post: .help-impl
+# Add your post 'help' code here...
+
+
+
+# include project implementation makefile
+include nbproject/Makefile-impl.mk
+
+# include project make variables
+include nbproject/Makefile-variables.mk
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml
new file mode 100755
index 00000000..fe95c871
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml
@@ -0,0 +1,285 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="65">
+  <logicalFolder name="root" displayName="root" projectFiles="true">
+    <logicalFolder name="HeaderFiles"
+                   displayName="Header Files"
+                   projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
+    </logicalFolder>
+    <logicalFolder name="LinkerScript"
+                   displayName="Linker Files"
+                   projectFiles="true">
+    </logicalFolder>
+    <logicalFolder name="SourceFiles"
+                   displayName="Source Files"
+                   projectFiles="true">
+      <logicalFolder name="f1" displayName="mcc_generated_files" projectFiles="true">
+        <itemPath>../mcc_generated_files/clock.c</itemPath>
+        <itemPath>../mcc_generated_files/interrupt_manager.c</itemPath>
+        <itemPath>../mcc_generated_files/mcc.c</itemPath>
+        <itemPath>../mcc_generated_files/pin_manager.c</itemPath>
+        <itemPath>../mcc_generated_files/system.c</itemPath>
+        <itemPath>../mcc_generated_files/traps.c</itemPath>
+        <itemPath>../mcc_generated_files/uart1.c</itemPath>
+      </logicalFolder>
+      <itemPath>../../../wolfcrypt/test/test.c</itemPath>
+      <itemPath>../main.c</itemPath>
+    </logicalFolder>
+    <logicalFolder name="ExternalFiles"
+                   displayName="Important Files"
+                   projectFiles="false">
+      <itemPath>Makefile</itemPath>
+    </logicalFolder>
+  </logicalFolder>
+  <sourceRootList>
+    <Elem>..</Elem>
+    <Elem>../../wolfcrypt/test</Elem>
+    <Elem>../../../wolfcrypt/test</Elem>
+  </sourceRootList>
+  <projectmakefile>Makefile</projectmakefile>
+  <confs>
+    <conf name="default" type="2">
+      <toolsSet>
+        <developmentServer>localhost</developmentServer>
+        <targetDevice>PIC24FJ1024GB610</targetDevice>
+        <targetHeader></targetHeader>
+        <targetPluginBoard></targetPluginBoard>
+        <platformTool>PKOBSKDEPlatformTool</platformTool>
+        <languageToolchain>XC16</languageToolchain>
+        <languageToolchainVersion>2.10</languageToolchainVersion>
+        <platform>4</platform>
+      </toolsSet>
+      <packs>
+        <pack name="PIC24F-GA-GB_DFP" vendor="Microchip" version="1.4.141"/>
+      </packs>
+      <ScriptingSettings>
+      </ScriptingSettings>
+      <compileType>
+        <linkerTool>
+          <linkerLibItems>
+            <linkerLibProjectItem>
+              <makeArtifact PL="../wolfssl.X"
+                            CT="3"
+                            CN="default"
+                            AC="true"
+                            BL="true"
+                            WD="../wolfssl.X"
+                            BC="${MAKE}  -f Makefile CONF=default"
+                            DBC="${MAKE}  -f Makefile CONF=default TYPE_IMAGE=DEBUG_RUN"
+                            CC="rm -rf &quot;build/default&quot; &quot;dist/default&quot;"
+                            OP="dist/default/production/wolfssl.X.a"
+                            DOP="dist/default/debug/wolfssl.X.a"
+                            FL="dist/default/production/wolfssl.X.a"
+                            PD="dist/default/production/wolfssl.X."
+                            DD="dist/default/debug/wolfssl.X.">
+              </makeArtifact>
+            </linkerLibProjectItem>
+          </linkerLibItems>
+        </linkerTool>
+        <archiverTool>
+        </archiverTool>
+        <loading>
+          <useAlternateLoadableFile>false</useAlternateLoadableFile>
+          <parseOnProdLoad>true</parseOnProdLoad>
+          <alternateLoadableFile></alternateLoadableFile>
+        </loading>
+        <subordinates>
+        </subordinates>
+      </compileType>
+      <makeCustomizationType>
+        <makeCustomizationPreStepEnabled>false</makeCustomizationPreStepEnabled>
+        <makeUseCleanTarget>false</makeUseCleanTarget>
+        <makeCustomizationPreStep></makeCustomizationPreStep>
+        <makeCustomizationPostStepEnabled>false</makeCustomizationPostStepEnabled>
+        <makeCustomizationPostStep></makeCustomizationPostStep>
+        <makeCustomizationPutChecksumInUserID>false</makeCustomizationPutChecksumInUserID>
+        <makeCustomizationEnableLongLines>false</makeCustomizationEnableLongLines>
+        <makeCustomizationNormalizeHexFile>false</makeCustomizationNormalizeHexFile>
+      </makeCustomizationType>
+      <C30>
+        <property key="code-model" value="large-code"/>
+        <property key="const-model" value="default"/>
+        <property key="data-model" value="default"/>
+        <property key="disable-instruction-scheduling" value="false"/>
+        <property key="enable-all-warnings" value="true"/>
+        <property key="enable-ansi-std" value="false"/>
+        <property key="enable-ansi-warnings" value="false"/>
+        <property key="enable-fatal-warnings" value="false"/>
+        <property key="enable-large-arrays" value="false"/>
+        <property key="enable-omit-frame-pointer" value="false"/>
+        <property key="enable-procedural-abstraction" value="false"/>
+        <property key="enable-short-double" value="false"/>
+        <property key="enable-symbols" value="true"/>
+        <property key="enable-unroll-loops" value="false"/>
+        <property key="expand-pragma-config" value="false"/>
+        <property key="extra-include-directories" value="../;../../.."/>
+        <property key="isolate-each-function" value="false"/>
+        <property key="keep-inline" value="false"/>
+        <property key="oXC16gcc-align-arr" value="false"/>
+        <property key="oXC16gcc-cnsts-mauxflash" value="false"/>
+        <property key="oXC16gcc-data-sects" value="false"/>
+        <property key="oXC16gcc-errata" value=""/>
+        <property key="oXC16gcc-fillupper" value=""/>
+        <property key="oXC16gcc-large-aggregate" value="false"/>
+        <property key="oXC16gcc-mauxflash" value="false"/>
+        <property key="oXC16gcc-mpa-lvl" value=""/>
+        <property key="oXC16gcc-name-text-sec" value=""/>
+        <property key="oXC16gcc-near-chars" value="false"/>
+        <property key="oXC16gcc-no-isr-warn" value="false"/>
+        <property key="oXC16gcc-sfr-warn" value="false"/>
+        <property key="oXC16gcc-smar-io-lvl" value="1"/>
+        <property key="oXC16gcc-smart-io-fmt" value=""/>
+        <property key="optimization-level" value="2"/>
+        <property key="post-instruction-scheduling" value="default"/>
+        <property key="pre-instruction-scheduling" value="default"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS"/>
+        <property key="scalar-model" value="default"/>
+        <property key="use-cci" value="false"/>
+        <property key="use-iar" value="false"/>
+      </C30>
+      <C30-AR>
+        <property key="additional-options-chop-files" value="false"/>
+      </C30-AR>
+      <C30-AS>
+        <property key="assembler-symbols" value=""/>
+        <property key="expand-macros" value="false"/>
+        <property key="extra-include-directories-for-assembler" value=""/>
+        <property key="extra-include-directories-for-preprocessor" value=""/>
+        <property key="false-conditionals" value="false"/>
+        <property key="keep-locals" value="false"/>
+        <property key="list-assembly" value="false"/>
+        <property key="list-section-info" value="false"/>
+        <property key="list-source" value="false"/>
+        <property key="list-symbols" value="false"/>
+        <property key="oXC16asm-extra-opts" value=""/>
+        <property key="oXC16asm-list-to-file" value="false"/>
+        <property key="omit-debug-dirs" value="false"/>
+        <property key="omit-forms" value="false"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="relax" value="false"/>
+        <property key="warning-level" value="emit-warnings"/>
+      </C30-AS>
+      <C30-CO>
+        <property key="coverage-enable" value=""/>
+        <property key="stack-guidance" value="false"/>
+      </C30-CO>
+      <C30-LD>
+        <property key="additional-options-use-response-files" value="false"/>
+        <property key="boot-eeprom" value="no_eeprom"/>
+        <property key="boot-flash" value="no_flash"/>
+        <property key="boot-ram" value="no_ram"/>
+        <property key="boot-write-protect" value="no_write_protect"/>
+        <property key="enable-check-sections" value="true"/>
+        <property key="enable-data-init" value="true"/>
+        <property key="enable-default-isr" value="true"/>
+        <property key="enable-handles" value="true"/>
+        <property key="enable-pack-data" value="true"/>
+        <property key="extra-lib-directories" value=""/>
+        <property key="fill-flash-options-addr" value=""/>
+        <property key="fill-flash-options-const" value=""/>
+        <property key="fill-flash-options-how" value="0"/>
+        <property key="fill-flash-options-inc-const" value="1"/>
+        <property key="fill-flash-options-increment" value=""/>
+        <property key="fill-flash-options-seq" value=""/>
+        <property key="fill-flash-options-what" value="0"/>
+        <property key="general-code-protect" value="no_code_protect"/>
+        <property key="general-write-protect" value="no_write_protect"/>
+        <property key="generate-cross-reference-file" value="false"/>
+        <property key="heap-size" value=""/>
+        <property key="input-libraries" value=""/>
+        <property key="linker-stack" value="true"/>
+        <property key="linker-symbols" value=""/>
+        <property key="map-file" value="${DISTDIR}/${PROJECTNAME}.${IMAGE_TYPE}.map"/>
+        <property key="no-ivt" value="false"/>
+        <property key="oXC16ld-extra-opts" value=""/>
+        <property key="oXC16ld-fill-upper" value="0"/>
+        <property key="oXC16ld-force-link" value="false"/>
+        <property key="oXC16ld-no-smart-io" value="false"/>
+        <property key="oXC16ld-nostdlib" value="false"/>
+        <property key="oXC16ld-stackguard" value="16"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="remove-unused-sections" value="true"/>
+        <property key="report-memory-usage" value="true"/>
+        <property key="secure-eeprom" value="no_eeprom"/>
+        <property key="secure-flash" value="no_flash"/>
+        <property key="secure-ram" value="no_ram"/>
+        <property key="secure-write-protect" value="no_write_protect"/>
+        <property key="stack-size" value="16"/>
+        <property key="symbol-stripping" value=""/>
+        <property key="trace-symbols" value=""/>
+        <property key="warn-section-align" value="false"/>
+      </C30-LD>
+      <C30Global>
+        <property key="common-include-directories" value=""/>
+        <property key="dual-boot-partition" value="0"/>
+        <property key="fast-math" value="false"/>
+        <property key="generic-16-bit" value="false"/>
+        <property key="legacy-libc" value="true"/>
+        <property key="mpreserve-all" value="false"/>
+        <property key="oXC16glb-macros" value=""/>
+        <property key="omit-pack-options" value="1"/>
+        <property key="output-file-format" value="elf"/>
+        <property key="preserve-all" value="false"/>
+        <property key="preserve-file" value=""/>
+        <property key="relaxed-math" value="false"/>
+        <property key="save-temps" value="false"/>
+      </C30Global>
+      <PKOBSKDEPlatformTool>
+        <property key="AutoSelectMemRanges" value="auto"/>
+        <property key="SecureSegment.SegmentProgramming" value="FullChipProgramming"/>
+        <property key="ToolFirmwareFilePath"
+                  value="Press to browse for a specific firmware version"/>
+        <property key="ToolFirmwareOption.UseLatestFirmware" value="true"/>
+        <property key="memories.configurationmemory" value="true"/>
+        <property key="memories.dataflash" value="true"/>
+        <property key="memories.eeprom" value="true"/>
+        <property key="memories.id" value="true"/>
+        <property key="memories.programmemory" value="true"/>
+        <property key="memories.programmemory.ranges" value="1d000000-1d07ffff"/>
+        <property key="memories.userotp" value="true"/>
+        <property key="programoptions.donoteraseauxmem" value="false"/>
+        <property key="programoptions.eraseb4program" value="true"/>
+        <property key="programoptions.preservedataflash" value="false"/>
+        <property key="programoptions.preservedataflash.ranges" value=""/>
+        <property key="programoptions.preserveeeprom" value="false"/>
+        <property key="programoptions.preserveeeprom.ranges"
+                  value="${memories.eedata.default}"/>
+        <property key="programoptions.preserveprogram.ranges" value=""/>
+        <property key="programoptions.preserveprogramrange" value="false"/>
+        <property key="programoptions.usehighvoltageonmclr" value="false"/>
+        <property key="programoptions.uselvpprogramming" value="false"/>
+      </PKOBSKDEPlatformTool>
+      <Tool>
+        <property key="AutoSelectMemRanges" value="auto"/>
+        <property key="SecureSegment.SegmentProgramming" value="FullChipProgramming"/>
+        <property key="ToolFirmwareFilePath"
+                  value="Press to browse for a specific firmware version"/>
+        <property key="ToolFirmwareOption.UseLatestFirmware" value="true"/>
+        <property key="memories.configurationmemory" value="true"/>
+        <property key="memories.dataflash" value="true"/>
+        <property key="memories.eeprom" value="true"/>
+        <property key="memories.id" value="true"/>
+        <property key="memories.programmemory" value="true"/>
+        <property key="memories.programmemory.end" value="0x1d07ffff"/>
+        <property key="memories.programmemory.ranges" value="1d000000-1d07ffff"/>
+        <property key="memories.programmemory.start" value="0x1d000000"/>
+        <property key="memories.userotp" value="true"/>
+        <property key="poweroptions.powerenable" value="false"/>
+        <property key="programoptions.donoteraseauxmem" value="false"/>
+        <property key="programoptions.eraseb4program" value="true"/>
+        <property key="programoptions.preservedataflash" value="false"/>
+        <property key="programoptions.preservedataflash.ranges" value=""/>
+        <property key="programoptions.preserveeeprom" value="false"/>
+        <property key="programoptions.preserveeeprom.ranges"
+                  value="${memories.eedata.default}"/>
+        <property key="programoptions.preserveprogram.ranges" value=""/>
+        <property key="programoptions.preserveprogramrange" value="false"/>
+        <property key="programoptions.preserveprogramrange.end" value="0x1d0001ff"/>
+        <property key="programoptions.preserveprogramrange.start" value="0x1d000000"/>
+        <property key="programoptions.usehighvoltageonmclr" value="false"/>
+        <property key="programoptions.uselvpprogramming" value="false"/>
+        <property key="voltagevalue" value="3.25"/>
+      </Tool>
+    </conf>
+  </confs>
+</configurationDescriptor>
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
new file mode 100644
index 00000000..ab8cb715
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
@@ -0,0 +1,8 @@
+j vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST +=                                                          \
+                IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml \
+                IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml
+
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/configurations.xml b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/configurations.xml
new file mode 100644
index 00000000..ba95e245
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/configurations.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="65">
+  <projectmakefile>Makefile</projectmakefile>
+  <defaultConf>0</defaultConf>
+  <confs>
+    <conf name="default" type="2">
+      <platformToolSN></platformToolSN>
+      <languageToolchainDir>/Applications/microchip/xc16/v2.10/bin</languageToolchainDir>
+      <mdbdebugger version="1">
+        <placeholder1>place holder 1</placeholder1>
+        <placeholder2>place holder 2</placeholder2>
+      </mdbdebugger>
+      <runprofile version="6">
+        <args></args>
+        <rundir></rundir>
+        <buildfirst>true</buildfirst>
+        <console-type>0</console-type>
+        <terminal-type>0</terminal-type>
+        <remove-instrumentation>0</remove-instrumentation>
+        <environment>
+        </environment>
+      </runprofile>
+    </conf>
+  </confs>
+</configurationDescriptor>
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/private.xml b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/private.xml
new file mode 100644
index 00000000..6807a2ba
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/private.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-private xmlns="http://www.netbeans.org/ns/project-private/1">
+    <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/2" lastBookmarkId="0"/>
+    <open-files xmlns="http://www.netbeans.org/ns/projectui-open-files/2">
+        <group/>
+    </open-files>
+</project-private>
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml
new file mode 100755
index 00000000..358f3c77
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://www.netbeans.org/ns/project/1">
+    <type>com.microchip.mplab.nbide.embedded.makeproject</type>
+    <configuration>
+        <data xmlns="http://www.netbeans.org/ns/make-project/1">
+            <name>wolfcrypt_test</name>
+            <creation-uuid>b34c4937-7042-4352-88b1-7717bcdf8aeb</creation-uuid>
+            <make-project-type>0</make-project-type>
+            <c-extensions>c</c-extensions>
+            <cpp-extensions/>
+            <header-extensions>h</header-extensions>
+            <sourceEncoding>ISO-8859-1</sourceEncoding>
+            <asminc-extensions/>
+            <make-dep-projects>
+                <make-dep-project>../wolfssl.X</make-dep-project>
+            </make-dep-projects>
+            <sourceRootList>
+                <sourceRootElem>..</sourceRootElem>
+                <sourceRootElem>../../wolfcrypt/test</sourceRootElem>
+                <sourceRootElem>../../../wolfcrypt/test</sourceRootElem>
+            </sourceRootList>
+            <confList>
+                <confElem>
+                    <name>default</name>
+                    <type>2</type>
+                </confElem>
+            </confList>
+            <formatting>
+                <project-formatting-style>false</project-formatting-style>
+            </formatting>
+        </data>
+    </configuration>
+</project>
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/Makefile b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/Makefile
new file mode 100644
index 00000000..fca8e2cc
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/Makefile
@@ -0,0 +1,113 @@
+#
+#  There exist several targets which are by default empty and which can be 
+#  used for execution of your targets. These targets are usually executed 
+#  before and after some main targets. They are: 
+#
+#     .build-pre:              called before 'build' target
+#     .build-post:             called after 'build' target
+#     .clean-pre:              called before 'clean' target
+#     .clean-post:             called after 'clean' target
+#     .clobber-pre:            called before 'clobber' target
+#     .clobber-post:           called after 'clobber' target
+#     .all-pre:                called before 'all' target
+#     .all-post:               called after 'all' target
+#     .help-pre:               called before 'help' target
+#     .help-post:              called after 'help' target
+#
+#  Targets beginning with '.' are not intended to be called on their own.
+#
+#  Main targets can be executed directly, and they are:
+#  
+#     build                    build a specific configuration
+#     clean                    remove built files from a configuration
+#     clobber                  remove all built files
+#     all                      build all configurations
+#     help                     print help mesage
+#  
+#  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
+#  .help-impl are implemented in nbproject/makefile-impl.mk.
+#
+#  Available make variables:
+#
+#     CND_BASEDIR                base directory for relative paths
+#     CND_DISTDIR                default top distribution directory (build artifacts)
+#     CND_BUILDDIR               default top build directory (object files, ...)
+#     CONF                       name of current configuration
+#     CND_ARTIFACT_DIR_${CONF}   directory of build artifact (current configuration)
+#     CND_ARTIFACT_NAME_${CONF}  name of build artifact (current configuration)
+#     CND_ARTIFACT_PATH_${CONF}  path to build artifact (current configuration)
+#     CND_PACKAGE_DIR_${CONF}    directory of package (current configuration)
+#     CND_PACKAGE_NAME_${CONF}   name of package (current configuration)
+#     CND_PACKAGE_PATH_${CONF}   path to package (current configuration)
+#
+# NOCDDL
+
+
+# Environment 
+MKDIR=mkdir
+CP=cp
+CCADMIN=CCadmin
+RANLIB=ranlib
+
+
+# build
+build: .build-post
+
+.build-pre:
+# Add your pre 'build' code here...
+
+.build-post: .build-impl
+# Add your post 'build' code here...
+
+
+# clean
+clean: .clean-post
+
+.clean-pre:
+# Add your pre 'clean' code here...
+# WARNING: the IDE does not call this target since it takes a long time to
+# simply run make. Instead, the IDE removes the configuration directories
+# under build and dist directly without calling make.
+# This target is left here so people can do a clean when running a clean
+# outside the IDE.
+
+.clean-post: .clean-impl
+# Add your post 'clean' code here...
+
+
+# clobber
+clobber: .clobber-post
+
+.clobber-pre:
+# Add your pre 'clobber' code here...
+
+.clobber-post: .clobber-impl
+# Add your post 'clobber' code here...
+
+
+# all
+all: .all-post
+
+.all-pre:
+# Add your pre 'all' code here...
+
+.all-post: .all-impl
+# Add your post 'all' code here...
+
+
+# help
+help: .help-post
+
+.help-pre:
+# Add your pre 'help' code here...
+
+.help-post: .help-impl
+# Add your post 'help' code here...
+
+
+
+# include project implementation makefile
+include nbproject/Makefile-impl.mk
+
+# include project make variables
+include nbproject/Makefile-variables.mk
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml
new file mode 100644
index 00000000..bd423ae2
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml
@@ -0,0 +1,290 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="65">
+  <logicalFolder name="root" displayName="root" projectFiles="true">
+    <logicalFolder name="HeaderFiles"
+                   displayName="Header Files"
+                   projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
+    </logicalFolder>
+    <logicalFolder name="LinkerScript"
+                   displayName="Linker Files"
+                   projectFiles="true">
+    </logicalFolder>
+    <logicalFolder name="SourceFiles"
+                   displayName="Source Files"
+                   projectFiles="true">
+      <logicalFolder name="f2" displayName="wolfcrypt" projectFiles="true">
+        <itemPath>../../../wolfcrypt/src/aes.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/arc4.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/asm.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/asn.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/blake2b.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/blake2s.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/camellia.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/chacha.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/chacha20_poly1305.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/cmac.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/coding.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/compress.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/cpuid.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/cryptocb.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/curve25519.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/curve448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/des3.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/dh.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/dilithium.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/dsa.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ecc.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ecc_fp.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/eccsi.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ed25519.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ed448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/error.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/evp.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ext_kyber.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/falcon.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/fe_448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/fe_low_mem.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/fe_operations.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ge_448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ge_low_mem.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ge_operations.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/hash.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/hmac.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/hpke.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/integer.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/kdf.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/logging.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/md2.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/md4.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/md5.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/memory.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/misc.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/pkcs12.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/pkcs7.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/poly1305.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/pwdbased.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/random.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/rc2.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ripemd.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/rsa.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sakke.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha256.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha3.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha512.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/signature.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/siphash.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_arm32.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_arm64.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_armthumb.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_c32.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_c64.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_int.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sphincs.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/srp.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/tfm.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wc_encrypt.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wc_pkcs11.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wc_port.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wolfevent.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wolfmath.c</itemPath>
+      </logicalFolder>
+      <logicalFolder name="f1" displayName="wolfssl" projectFiles="true">
+        <itemPath>../../../src/crl.c</itemPath>
+        <itemPath>../../../src/internal.c</itemPath>
+        <itemPath>../../../src/keys.c</itemPath>
+        <itemPath>../../../src/ssl.c</itemPath>
+        <itemPath>../../../src/tls.c</itemPath>
+        <itemPath>../../../src/tls13.c</itemPath>
+        <itemPath>../../../src/wolfio.c</itemPath>
+      </logicalFolder>
+    </logicalFolder>
+    <logicalFolder name="ExternalFiles"
+                   displayName="Important Files"
+                   projectFiles="false">
+      <itemPath>Makefile</itemPath>
+    </logicalFolder>
+  </logicalFolder>
+  <sourceRootList>
+    <Elem>..</Elem>
+    <Elem>../../src</Elem>
+    <Elem>../../wolfcrypt/src</Elem>
+    <Elem>../../wolfcrypt/test</Elem>
+    <Elem>../../../src</Elem>
+    <Elem>../../../wolfcrypt/src</Elem>
+  </sourceRootList>
+  <projectmakefile>Makefile</projectmakefile>
+  <confs>
+    <conf name="default" type="3">
+      <toolsSet>
+        <developmentServer>localhost</developmentServer>
+        <targetDevice>PIC24FJ1024GB610</targetDevice>
+        <targetHeader></targetHeader>
+        <targetPluginBoard></targetPluginBoard>
+        <platformTool>noID</platformTool>
+        <languageToolchain>XC16</languageToolchain>
+        <languageToolchainVersion>2.10</languageToolchainVersion>
+        <platform>4</platform>
+      </toolsSet>
+      <packs>
+        <pack name="PIC24F-GA-GB_DFP" vendor="Microchip" version="1.4.141"/>
+      </packs>
+      <ScriptingSettings>
+      </ScriptingSettings>
+      <compileType>
+        <linkerTool>
+          <linkerLibItems>
+          </linkerLibItems>
+        </linkerTool>
+        <archiverTool>
+        </archiverTool>
+        <loading>
+          <useAlternateLoadableFile>false</useAlternateLoadableFile>
+          <parseOnProdLoad>false</parseOnProdLoad>
+          <alternateLoadableFile></alternateLoadableFile>
+        </loading>
+        <subordinates>
+        </subordinates>
+      </compileType>
+      <makeCustomizationType>
+        <makeCustomizationPreStepEnabled>false</makeCustomizationPreStepEnabled>
+        <makeUseCleanTarget>false</makeUseCleanTarget>
+        <makeCustomizationPreStep></makeCustomizationPreStep>
+        <makeCustomizationPostStepEnabled>false</makeCustomizationPostStepEnabled>
+        <makeCustomizationPostStep></makeCustomizationPostStep>
+        <makeCustomizationPutChecksumInUserID>false</makeCustomizationPutChecksumInUserID>
+        <makeCustomizationEnableLongLines>false</makeCustomizationEnableLongLines>
+        <makeCustomizationNormalizeHexFile>false</makeCustomizationNormalizeHexFile>
+      </makeCustomizationType>
+      <C30>
+        <property key="code-model" value="large-code"/>
+        <property key="const-model" value="default"/>
+        <property key="data-model" value="default"/>
+        <property key="disable-instruction-scheduling" value="false"/>
+        <property key="enable-all-warnings" value="true"/>
+        <property key="enable-ansi-std" value="false"/>
+        <property key="enable-ansi-warnings" value="false"/>
+        <property key="enable-fatal-warnings" value="false"/>
+        <property key="enable-large-arrays" value="false"/>
+        <property key="enable-omit-frame-pointer" value="false"/>
+        <property key="enable-procedural-abstraction" value="false"/>
+        <property key="enable-short-double" value="false"/>
+        <property key="enable-symbols" value="true"/>
+        <property key="enable-unroll-loops" value="false"/>
+        <property key="expand-pragma-config" value="false"/>
+        <property key="extra-include-directories" value="../../;../"/>
+        <property key="isolate-each-function" value="false"/>
+        <property key="keep-inline" value="false"/>
+        <property key="oXC16gcc-align-arr" value="false"/>
+        <property key="oXC16gcc-cnsts-mauxflash" value="false"/>
+        <property key="oXC16gcc-data-sects" value="false"/>
+        <property key="oXC16gcc-errata" value=""/>
+        <property key="oXC16gcc-fillupper" value=""/>
+        <property key="oXC16gcc-large-aggregate" value="false"/>
+        <property key="oXC16gcc-mauxflash" value="false"/>
+        <property key="oXC16gcc-mpa-lvl" value=""/>
+        <property key="oXC16gcc-name-text-sec" value=""/>
+        <property key="oXC16gcc-near-chars" value="false"/>
+        <property key="oXC16gcc-no-isr-warn" value="false"/>
+        <property key="oXC16gcc-sfr-warn" value="false"/>
+        <property key="oXC16gcc-smar-io-lvl" value="1"/>
+        <property key="oXC16gcc-smart-io-fmt" value=""/>
+        <property key="optimization-level" value="2"/>
+        <property key="post-instruction-scheduling" value="default"/>
+        <property key="pre-instruction-scheduling" value="default"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS"/>
+        <property key="scalar-model" value="default"/>
+        <property key="use-cci" value="false"/>
+        <property key="use-iar" value="false"/>
+      </C30>
+      <C30-AR>
+        <property key="additional-options-chop-files" value="false"/>
+      </C30-AR>
+      <C30-AS>
+        <property key="assembler-symbols" value=""/>
+        <property key="expand-macros" value="false"/>
+        <property key="extra-include-directories-for-assembler" value=""/>
+        <property key="extra-include-directories-for-preprocessor" value=""/>
+        <property key="false-conditionals" value="false"/>
+        <property key="keep-locals" value="false"/>
+        <property key="list-assembly" value="false"/>
+        <property key="list-section-info" value="false"/>
+        <property key="list-source" value="false"/>
+        <property key="list-symbols" value="false"/>
+        <property key="oXC16asm-extra-opts" value=""/>
+        <property key="oXC16asm-list-to-file" value="false"/>
+        <property key="omit-debug-dirs" value="false"/>
+        <property key="omit-forms" value="false"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="relax" value="false"/>
+        <property key="warning-level" value="emit-warnings"/>
+      </C30-AS>
+      <C30-CO>
+        <property key="coverage-enable" value=""/>
+        <property key="stack-guidance" value="true"/>
+      </C30-CO>
+      <C30-LD>
+        <property key="additional-options-use-response-files" value="false"/>
+        <property key="boot-eeprom" value="no_eeprom"/>
+        <property key="boot-flash" value="no_flash"/>
+        <property key="boot-ram" value="no_ram"/>
+        <property key="boot-write-protect" value="no_write_protect"/>
+        <property key="enable-check-sections" value="false"/>
+        <property key="enable-data-init" value="true"/>
+        <property key="enable-default-isr" value="true"/>
+        <property key="enable-handles" value="true"/>
+        <property key="enable-pack-data" value="true"/>
+        <property key="extra-lib-directories" value=""/>
+        <property key="fill-flash-options-addr" value=""/>
+        <property key="fill-flash-options-const" value=""/>
+        <property key="fill-flash-options-how" value="0"/>
+        <property key="fill-flash-options-inc-const" value="1"/>
+        <property key="fill-flash-options-increment" value=""/>
+        <property key="fill-flash-options-seq" value=""/>
+        <property key="fill-flash-options-what" value="0"/>
+        <property key="general-code-protect" value="no_code_protect"/>
+        <property key="general-write-protect" value="no_write_protect"/>
+        <property key="generate-cross-reference-file" value="false"/>
+        <property key="heap-size" value=""/>
+        <property key="input-libraries" value=""/>
+        <property key="linker-stack" value="true"/>
+        <property key="linker-symbols" value=""/>
+        <property key="map-file" value="${DISTDIR}/${PROJECTNAME}.${IMAGE_TYPE}.map"/>
+        <property key="no-ivt" value="false"/>
+        <property key="oXC16ld-extra-opts" value=""/>
+        <property key="oXC16ld-fill-upper" value="0"/>
+        <property key="oXC16ld-force-link" value="false"/>
+        <property key="oXC16ld-no-smart-io" value="false"/>
+        <property key="oXC16ld-nostdlib" value="false"/>
+        <property key="oXC16ld-stackguard" value="16"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="remove-unused-sections" value="false"/>
+        <property key="report-memory-usage" value="true"/>
+        <property key="secure-eeprom" value="no_eeprom"/>
+        <property key="secure-flash" value="no_flash"/>
+        <property key="secure-ram" value="no_ram"/>
+        <property key="secure-write-protect" value="no_write_protect"/>
+        <property key="stack-size" value="16"/>
+        <property key="symbol-stripping" value=""/>
+        <property key="trace-symbols" value=""/>
+        <property key="warn-section-align" value="false"/>
+      </C30-LD>
+      <C30Global>
+        <property key="common-include-directories" value="../../.."/>
+        <property key="dual-boot-partition" value="0"/>
+        <property key="fast-math" value="false"/>
+        <property key="generic-16-bit" value="false"/>
+        <property key="legacy-libc" value="true"/>
+        <property key="mpreserve-all" value="false"/>
+        <property key="oXC16glb-macros" value=""/>
+        <property key="omit-pack-options" value="1"/>
+        <property key="output-file-format" value="elf"/>
+        <property key="preserve-all" value="false"/>
+        <property key="preserve-file" value=""/>
+        <property key="relaxed-math" value="false"/>
+        <property key="save-temps" value="false"/>
+      </C30Global>
+    </conf>
+  </confs>
+</configurationDescriptor>
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/include.am b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/include.am
new file mode 100644
index 00000000..14d44b06
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/include.am
@@ -0,0 +1,7 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST +=                                         \
+                IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml \
+                IDE/MPLABX16/wolfssl.X/nbproject/project.xml
diff --git a/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/project.xml b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/project.xml
new file mode 100644
index 00000000..1fb81b58
--- /dev/null
+++ b/extra/wolfssl/wolfssl/IDE/MPLABX16/wolfssl.X/nbproject/project.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://www.netbeans.org/ns/project/1">
+    <type>com.microchip.mplab.nbide.embedded.makeproject</type>
+    <configuration>
+        <data xmlns="http://www.netbeans.org/ns/make-project/1">
+            <name>wolfssl</name>
+            <creation-uuid>93bbfc3a-a0fa-4d48-bbc8-6cd47a2bd05b</creation-uuid>
+            <make-project-type>0</make-project-type>
+            <c-extensions>c</c-extensions>
+            <cpp-extensions/>
+            <header-extensions>h</header-extensions>
+            <sourceEncoding>ISO-8859-1</sourceEncoding>
+            <asminc-extensions/>
+            <make-dep-projects/>
+            <sourceRootList>
+                <sourceRootElem>..</sourceRootElem>
+                <sourceRootElem>../../src</sourceRootElem>
+                <sourceRootElem>../../wolfcrypt/src</sourceRootElem>
+                <sourceRootElem>../../wolfcrypt/test</sourceRootElem>
+                <sourceRootElem>../../../src</sourceRootElem>
+                <sourceRootElem>../../../wolfcrypt/src</sourceRootElem>
+            </sourceRootList>
+            <confList>
+                <confElem>
+                    <name>default</name>
+                    <type>3</type>
+                </confElem>
+            </confList>
+            <formatting>
+                <project-formatting-style>false</project-formatting-style>
+            </formatting>
+        </data>
+    </configuration>
+</project>
diff --git a/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h b/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h
index 005676f4..fc54a709 100644
--- a/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h
+++ b/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h
@@ -26,6 +26,7 @@
 #include <wolfssl/ssl.h>
 #include <ifaddrs.h>
 #include <applibs/log.h>
+#include <netdb.h>
 
 #define _GNU_SOURCE /* defines NI_NUMERICHOST */
 #ifndef NI_MAXHOST
diff --git a/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
index 4263164e..48541531 100644
--- a/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
+++ b/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
@@ -115,4 +115,5 @@
 #endif
 
 #define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock
-
+/* use original asn parsing */
+#define WOLFSSL_ASN_ORIGINAL
diff --git a/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/.cproject b/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/.cproject
index 61375953..e7bb1ceb 100644
--- a/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/.cproject
+++ b/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/.cproject
@@ -94,7 +94,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/inc/api}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/inc/instances}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/rm_freertos_port}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/amazon-freertos/freertos_kernel/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/arm/CMSIS_5/CMSIS/Core/Include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra_gen}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra_cfg/fsp_cfg/bsp}&quot;"/>
@@ -103,7 +103,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/inc/api}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/inc/instances}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/private/inc}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/rm_freertos_plus_tcp}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1484044149" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
diff --git a/extra/wolfssl/wolfssl/IDE/STM32Cube/STM32_Benchmarks.md b/extra/wolfssl/wolfssl/IDE/STM32Cube/STM32_Benchmarks.md
index 129cbdd4..674ddaba 100644
--- a/extra/wolfssl/wolfssl/IDE/STM32Cube/STM32_Benchmarks.md
+++ b/extra/wolfssl/wolfssl/IDE/STM32Cube/STM32_Benchmarks.md
@@ -59,6 +59,81 @@ Benchmark complete
 Benchmark Test: Return code 0
 ```
 
+### STM32H753ZI (-O2, Thumb2 ARM ASM, SP-ASM Cortex M small)
+
+Enable CPU I-Cache and D-Cache by calling:
+
+```c
+SCB_EnableICache();
+SCB_EnableDCache();
+```
+
+Build options for ARM ASM:
+
+```c
+#define WOLFSSL_ARMASM
+#define WOLFSSL_ARMASM_INLINE
+#define WOLFSSL_ARMASM_NO_HW_CRYPTO
+#define WOLFSSL_ARMASM_NO_NEON
+#define WOLFSSL_ARM_ARCH 7
+```
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.6.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          6 MiB took 1.000 seconds,    6.079 MiB/s
+AES-128-CBC-enc             17 MiB took 1.000 seconds,   17.261 MiB/s
+AES-128-CBC-dec             17 MiB took 1.000 seconds,   16.748 MiB/s
+AES-192-CBC-enc             15 MiB took 1.000 seconds,   14.575 MiB/s
+AES-192-CBC-dec             14 MiB took 1.000 seconds,   14.209 MiB/s
+AES-256-CBC-enc             13 MiB took 1.000 seconds,   12.622 MiB/s
+AES-256-CBC-dec             12 MiB took 1.000 seconds,   12.378 MiB/s
+AES-128-GCM-enc              8 MiB took 1.000 seconds,    8.374 MiB/s
+AES-128-GCM-dec              8 MiB took 1.000 seconds,    8.374 MiB/s
+AES-192-GCM-enc              8 MiB took 1.000 seconds,    7.690 MiB/s
+AES-192-GCM-dec              8 MiB took 1.000 seconds,    7.690 MiB/s
+AES-256-GCM-enc              7 MiB took 1.000 seconds,    7.129 MiB/s
+AES-256-GCM-dec              7 MiB took 1.000 seconds,    7.104 MiB/s
+AES-128-GCM-enc-no_AAD       8 MiB took 1.000 seconds,    8.472 MiB/s
+AES-128-GCM-dec-no_AAD       8 MiB took 1.000 seconds,    8.472 MiB/s
+AES-192-GCM-enc-no_AAD       8 MiB took 1.000 seconds,    7.764 MiB/s
+AES-192-GCM-dec-no_AAD       8 MiB took 1.000 seconds,    7.715 MiB/s
+AES-256-GCM-enc-no_AAD       7 MiB took 1.000 seconds,    7.153 MiB/s
+AES-256-GCM-dec-no_AAD       7 MiB took 1.000 seconds,    7.153 MiB/s
+GMAC Table 4-bit            17 MiB took 1.000 seconds,   16.617 MiB/s
+CHACHA                      29 MiB took 1.000 seconds,   28.662 MiB/s
+CHA-POLY                    19 MiB took 1.000 seconds,   18.848 MiB/s
+POLY1305                    90 MiB took 1.000 seconds,   89.771 MiB/s
+SHA-224                     18 MiB took 1.000 seconds,   18.042 MiB/s
+SHA-256                     18 MiB took 1.000 seconds,   18.042 MiB/s
+SHA-384                      8 MiB took 1.000 seconds,    7.544 MiB/s
+SHA-512                      8 MiB took 1.000 seconds,    7.568 MiB/s
+SHA-512/224                  8 MiB took 1.000 seconds,    7.544 MiB/s
+SHA-512/256                  8 MiB took 1.000 seconds,    7.520 MiB/s
+HMAC-SHA224                 18 MiB took 1.000 seconds,   17.896 MiB/s
+HMAC-SHA256                 18 MiB took 1.000 seconds,   17.896 MiB/s
+HMAC-SHA384                  7 MiB took 1.000 seconds,    7.373 MiB/s
+HMAC-SHA512                  7 MiB took 1.000 seconds,    7.397 MiB/s
+RSA     2048   public       508 ops took 1.000 sec, avg 1.969 ms, 508.000 ops/sec
+RSA     2048  private        14 ops took 1.020 sec, avg 72.857 ms, 13.725 ops/sec
+DH      2048  key gen        30 ops took 1.012 sec, avg 33.733 ms, 29.644 ops/sec
+DH      2048    agree        30 ops took 1.012 sec, avg 33.733 ms, 29.644 ops/sec
+ECC   [      SECP256R1]   256  key gen       982 ops took 1.000 sec, avg 1.018 ms, 982.000 ops/sec
+ECDHE [      SECP256R1]   256    agree       456 ops took 1.000 sec, avg 2.193 ms, 456.000 ops/sec
+ECDSA [      SECP256R1]   256     sign       520 ops took 1.000 sec, avg 1.923 ms, 520.000 ops/sec
+ECDSA [      SECP256R1]   256   verify       288 ops took 1.004 sec, avg 3.486 ms, 286.853 ops/sec
+CURVE  25519  key gen      1112 ops took 1.000 sec, avg 0.899 ms, 1112.000 ops/sec
+CURVE  25519    agree      1144 ops took 1.000 sec, avg 0.874 ms, 1144.000 ops/sec
+ED     25519  key gen      2358 ops took 1.000 sec, avg 0.424 ms, 2358.000 ops/sec
+ED     25519     sign      1716 ops took 1.000 sec, avg 0.583 ms, 1716.000 ops/sec
+ED     25519   verify       862 ops took 1.000 sec, avg 1.160 ms, 862.000 ops/sec
+Benchmark complete
+Benchmark Test: Return code 0
+```
+
+
 ### STM32H753ZI (No HW Crypto, -Os, FastMath)
 
 ```
diff --git a/extra/wolfssl/wolfssl/IDE/STM32Cube/default_conf.ftl b/extra/wolfssl/wolfssl/IDE/STM32Cube/default_conf.ftl
index 015a2851..b976c55d 100644
--- a/extra/wolfssl/wolfssl/IDE/STM32Cube/default_conf.ftl
+++ b/extra/wolfssl/wolfssl/IDE/STM32Cube/default_conf.ftl
@@ -213,19 +213,28 @@ extern ${variable.value} ${variable.name};
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
-/* 1=Fast (stack)
- * 2=Normal (heap)
- * 3=Single Precision C (only common curves/key sizes)
- * 4=Single Precision ASM Cortex-M3+
- * 5=Single Precision ASM Cortex-M0 (Generic Thumb)
- * 6=Single Precision C all small
- * 7=Single Precision C all big
+/* 1=Fast (stack)                      (tfm.c)
+ * 2=Normal (heap)                     (integer.c)
+ * 3-5=Single Precision: only common curves/key sizes:
+ *                   (ECC 256/384/521 and RSA/DH 2048/3072/4096)
+ *   3=Single Precision C              (sp_c32.c)
+ *   4=Single Precision ASM Cortex-M3+ (sp_cortexm.c)
+ *   5=Single Precision ASM Cortex-M0  (sp_armthumb.c)
+ * 6=Wolf multi-precision C small      (sp_int.c)
+ * 7=Wolf multi-precision C big        (sp_int.c)
  */
+
 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 1
     /* fast (stack) math - tfm.c */
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
 
+    #if !defined(NO_RSA) || !defined(NO_DH)
+        /* Maximum math bits (Max DH/RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+
     /* Optimizations (TFM_ARM, TFM_ASM or none) */
     //#define TFM_NO_ASM
     //#define TFM_ASM
@@ -240,19 +249,26 @@ extern ${variable.value} ${variable.name};
     #endif
     #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
         #define WOLFSSL_HAVE_SP_RSA
+        //#define WOLFSSL_SP_NO_2048
+        //#define WOLFSSL_SP_NO_3072
+        //#define WOLFSSL_SP_4096
     #endif
     #if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
         #define WOLFSSL_HAVE_SP_DH
     #endif
     #if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
         #define WOLFSSL_HAVE_SP_ECC
+        //#define WOLFSSL_SP_NO_256
+        //#define WOLFSSL_SP_384
+        //#define WOLFSSL_SP_521
     #endif
     #if WOLF_CONF_MATH == 6 || WOLF_CONF_MATH == 7
         #define WOLFSSL_SP_MATH_ALL /* use sp_int.c multi precision math */
+        //#define WOLFSSL_SP_ARM_THUMB /* enable ARM Thumb ASM speedups */
     #else
         #define WOLFSSL_SP_MATH    /* disable non-standard curves / key sizes */
     #endif
-    #define SP_WORD_SIZE 32
+    #define SP_WORD_SIZE 32 /* force 32-bit mode */
 
     /* Enable to put all math on stack (no heap) */
     //#define WOLFSSL_SP_NO_MALLOC
@@ -279,6 +295,8 @@ extern ${variable.value} ${variable.name};
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_ENCRYPT_THEN_MAC
 #define HAVE_EXTENDED_MASTER
+#define WOLFSSL_ASN_TEMPLATE
+#define HAVE_SNI
 
 #if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
     #define WOLFSSL_TLS13
@@ -331,12 +349,6 @@ extern ${variable.value} ${variable.name};
 /* RSA */
 #undef NO_RSA
 #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
-    #ifdef USE_FAST_MATH
-        /* Maximum math bits (Max RSA key bits * 2) */
-        #undef  FP_MAX_BITS
-        #define FP_MAX_BITS     4096
-    #endif
-
     /* half as much memory but twice as slow */
     #undef  RSA_LOW_MEM
     //#define RSA_LOW_MEM
@@ -390,8 +402,8 @@ extern ${variable.value} ${variable.name};
     //#define HAVE_COMP_KEY
 
     #ifdef USE_FAST_MATH
-        #ifdef NO_RSA
-            /* Custom fastmath size if not using RSA */
+        #if defined(NO_RSA) && defined(NO_DH)
+            /* Custom fastmath size if not using RSA/DH */
             /* MAX = ROUND32(ECC BITS) * 2 */
             #define FP_MAX_BITS     (256 * 2)
         #else
@@ -432,6 +444,7 @@ extern ${variable.value} ${variable.name};
 #endif
 
 /* Other possible AES modes */
+//#define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -600,6 +613,8 @@ extern ${variable.value} ${variable.name};
 #define NO_RC4
 #define NO_MD4
 #define NO_DES3
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
 
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
diff --git a/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc b/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc
index 4da10de8..956269fb 100644
--- a/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc
+++ b/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,6,6,0
- PRODUCTVERSION 5,6,6,0
+ FILEVERSION 5,7,0,0
+ PRODUCTVERSION 5,7,0,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.6.6.0"
+            VALUE "FileVersion", "5.7.0.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2023"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.6.6.0"
+            VALUE "ProductVersion", "5.7.0.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/extra/wolfssl/wolfssl/IDE/include.am b/extra/wolfssl/wolfssl/IDE/include.am
index 4f84b43f..0656e8ba 100644
--- a/extra/wolfssl/wolfssl/IDE/include.am
+++ b/extra/wolfssl/wolfssl/IDE/include.am
@@ -57,6 +57,9 @@ include IDE/STARCORE/include.am
 include IDE/MDK5-ARM/include.am
 include IDE/SimplicityStudio/include.am
 include IDE/apple-universal/include.am
+include IDE/MPLABX16/include.am
+include IDE/MPLABX16/wolfssl.X/nbproject/include.am
+include IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
 
 EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
 EXTRA_DIST+= IDE/OPENSTM32/README.md
diff --git a/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c b/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c
index eff9f384..96d92168 100644
--- a/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c
+++ b/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c
@@ -146,9 +146,12 @@ static int client_loop(void)
     #if (IOTSAFE_ID_SIZE == 1)
     byte cert_file_id, privkey_id, keypair_id, peer_pubkey_id, peer_cert_id, serv_cert_id;
     byte ca_cert_id;
-    #else
+    #elif (IOTSAFE_ID_SIZE == 2)
     word16 cert_file_id, privkey_id, keypair_id, peer_pubkey_id, peer_cert_id, serv_cert_id;
     word16 ca_cert_id;
+    #else
+    word32 cert_file_id, privkey_id, keypair_id, peer_pubkey_id, peer_cert_id, serv_cert_id;
+    word32 ca_cert_id;
     #endif
     cert_file_id = CRT_CLIENT_FILE_ID;
     privkey_id = PRIVKEY_ID;
diff --git a/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h b/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h
index f483b2cf..3852464e 100644
--- a/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h
+++ b/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h
@@ -34,7 +34,21 @@
  *   - Default: one-byte ID sim, with hardcoded server certificate
  */
 
-#ifdef TWO_BYTES_ID_DEMO
+#if defined(FOUR_BYTES_ID_DEMO)
+    #define IOTSAFE_ID_SIZE 2
+    #define CRT_CLIENT_FILE_ID  0xABCD3430     /* pre-provisioned */
+    #define CRT_SERVER_FILE_ID  0xABCD3330
+    #define PRIVKEY_ID          0xABCD3230     /* pre-provisioned */
+    #define ECDH_KEYPAIR_ID     0xABCD3330
+    #define PEER_PUBKEY_ID      0xABCD3730
+    #define PEER_CERT_ID        0xABCD3430
+
+    /* In this version of the demo, the server certificate is
+     * stored in a buffer, while the CA is read from a file slot in IoT-SAFE
+     */
+    #define SOFT_SERVER_CERT
+
+#elif defined(TWO_BYTES_ID_DEMO)
     #define IOTSAFE_ID_SIZE 2
     #define CRT_CLIENT_FILE_ID  0x3430     /* pre-provisioned */
     #define CRT_SERVER_FILE_ID  0x3330
diff --git a/extra/wolfssl/wolfssl/IPP/.gitkeep b/extra/wolfssl/wolfssl/IPP/.gitkeep
deleted file mode 100644
index e69de29b..00000000
diff --git a/extra/wolfssl/wolfssl/Makefile.am b/extra/wolfssl/wolfssl/Makefile.am
index 07a2496e..19e766d5 100644
--- a/extra/wolfssl/wolfssl/Makefile.am
+++ b/extra/wolfssl/wolfssl/Makefile.am
@@ -138,8 +138,6 @@ dist_example_DATA=
 
 ACLOCAL_AMFLAGS= -I m4
 
-EXTRA_DIST+= lib/dummy
-
 EXTRA_DIST+= wolfssl.vcproj
 EXTRA_DIST+= wolfssl.vcxproj
 EXTRA_DIST+= wolfssl64.sln
@@ -152,7 +150,6 @@ EXTRA_DIST+= README
 EXTRA_DIST+= ChangeLog.md
 EXTRA_DIST+= LICENSING
 EXTRA_DIST+= INSTALL
-EXTRA_DIST+= IPP
 EXTRA_DIST+= LPCExpresso.cproject
 EXTRA_DIST+= LPCExpresso.project
 EXTRA_DIST+= resource.h wolfssl.rc
@@ -168,7 +165,6 @@ include Docker/include.am
 
 include src/include.am
 include support/include.am
-include wolfcrypt/user-crypto/include.am
 include wolfcrypt/benchmark/include.am
 include wolfcrypt/src/include.am
 include wolfcrypt/test/include.am
diff --git a/extra/wolfssl/wolfssl/README b/extra/wolfssl/wolfssl/README
index c344bf80..72d5cb36 100644
--- a/extra/wolfssl/wolfssl/README
+++ b/extra/wolfssl/wolfssl/README
@@ -70,93 +70,99 @@ should be used for the enum name.
 
 *** end Notes ***
 
-# wolfSSL Release 5.6.6 (Dec 19, 2023)
+# wolfSSL Release 5.7.0 (Mar 20, 2024)
 
-Release 5.6.6 has been developed according to wolfSSL's development and QA
+Release 5.7.0 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition.  This option should only be used in backward compatibility scenarios, as it is inherently insecure.
+
+NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.
 
-REMINDER: When working with AES Block Cipher algorithms, wc_AesInit() should
-always be called first to initialize the `Aes` structure, before calling other
-Aes API functions. Recently we found several places in our documentation,
-comments, and codebase where this pattern was not observed. We have since
-fixed this omission in several PRs for this release.
 
 ## Vulnerabilities
+* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
 
-* [Medium] CVE-2023-6935: After review of the previous RSA timing fix in wolfSSL 5.6.4, additional changes were found to be required. A complete resistant change is delivered in this release. This fix is for the Marvin attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a very large number of trial connections. This issue is around RSA decryption and affects the optional static RSA cipher suites on the server side, which are considered weak, not recommended to be used and are off by default in wolfSSL (even with --enable-all). Static RSA cipher suites were also removed from the TLS 1.3 protocol and are only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It is recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. Thanks to Hubert Kario for the report. The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6955.
 
-* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional WOLFSSL_CALLBACKS has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of WOLFSSL_CALLBACKS on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
+* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167
 
-* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “--enable-aes-bitsliced” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
 
-* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
+* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia).
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
+
 
 ## New Feature Additions
 
-* Build option for disabling CRL date checks (WOLFSSL_NO_CRL_DATE_CHECK) (PR 6927)
-* Support for STM32WL55 and improvements to PKA ECC support (PR 6937)
-* Add option to skip cookie exchange on DTLS 1.3 session resumption (PR 6929)
-* Add implementation of SRTP KDF and SRTCP KDF (--enable-srtp-kdf) (PR 6888)
-* Add wolfSSL_EXTENDED_KEY_USAGE_free() (PR 6916)
-* Add AES bitsliced implementation that is cache attack safe (--enable-aes-bitsliced) (PR 6854)
-* Add memcached support and automated testing (PR 6430, 7022)
-* Add Hardware Encryption Acceleration for ESP32-C3, ESP32-C6, and ESP32-S2 (PR 6990)
-* Add (D)TLS 1.3 support for 0.5-RTT data (PR 7010)
+* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
+
+### POST QUANTUM SUPPORT ADDITIONS
+* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
+* Experimental framework for using wolfSSL’s LMS implementation (PR 7283)
+* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318)
+* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112)
+* CryptoCb support for PQC algorithms (PR 7110)
+
+### OTHER FEATURE ADDITIONS
+* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems.  In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation.
+* CryptoCb hook to one-shot CMAC functions (PR 7059)
+* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184)
+* IoT-Safe SHA-384 and SHA-512 support (PR 7176)
+* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272)
+* Microchip PIC24 support and example project (PR 7151)
+* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296)
+* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)
+* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236)
+
 
 ## Enhancements and Optimizations
 
-* Better built in testing of “--sys-ca-certs” configure option (PR 6910)
-* Updated CMakeLists.txt for Espressif wolfSSL component usage (PR 6877)
-* Disable TLS 1.1 by default (unless SSL 3.0 or TLS 1.0 is enabled) (PR 6946)
-* Add “--enable-quic” to “--enable-all” configure option (PR 6957)
-* Add support to SP C implementation for RSA exponent up to 64-bits (PR 6959)
-* Add result of “HAVE___UINT128_T” to options.h for CMake builds (PR 6965)
-* Add optimized assembly for AES-GCM on ARM64 using hardware crypto instructions (PR 6967)
-* Add built-in cipher suite tests for DTLS 1.3 PQC (PR 6952)
-* Add wolfCrypt test and unit test to ctest (PR 6977)
-* Move OpenSSL compatibility crypto APIs into ssl_crypto.c file (PR 6935)
-* Validate time generated from XGMTIME() (PR 6958)
-* Allow wolfCrypt benchmark to run with microsecond accuracy (PR 6868)
-* Add GitHub Actions testing with nginx 1.24.0 (PR 6982)
-* Allow encoding of CA:FALSE BasicConstraint during cert generation (PR 6953)
-* Add CMake option to enable DTLS-SRTP (PR 6991)
-* Add CMake options for enabling QUIC and cURL (PR 7049)
-* Improve RSA blinding to make code more constant time (PR 6955)
-* Refactor AES-NI implementation macros to allow dynamic fallback to C (PR 6981)
-* Default to native Windows threading API on MinGW (PR 7015)
-* Return better error codes from OCSP response check (PR 7028)
-* Updated Espressif ESP32 TLS client and server examples (PR 6844)
-* Add/clean up support for ESP-IDF v5.1 for a variety of ESP32 chips (PR 7035, 7037)
-* Add API to choose dynamic certs based on client ciphers/sigalgs (PR 6963)
-* Improve Arduino IDE 1.5 project file to match recursive style (PR 7007)
-* Simplify and improve apple-universal build script (PR 7025)
+* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
+* Support for RSA-PSS signatures with CRL use (PR 7119)
+* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
+* Support for crypto cb only build with ECC and NXP CAAM (PR 7269)
+* Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
+* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096)
+* Enhancements to reproducible build (PR 7267)
+* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
+* XC32 compiler version 4.x compatibility (PR 7128)
+* Porting for build on PlayStation 3 and 4 (PR 7072)
+* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)
+* Allow crypto callbacks with SHA-1 HW (PR 7087)
+* Update OpenSSH port to version 9.6p1(PR 7203)
+* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221)
+* Expand heap hint support for static memory build with more x509 functions (PR 7136)
+* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182)
+* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194)
+* Implement wc_rng_new_ex for use with devID’s with crypto callback (PR 7271)
+* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102)
+* Send alert on bad PSK binder error (PR 7235)
+* Enhancements to CMake build files for use with cross compiling (PR 7188)
+
 
 ## Fixes
 
-* Fix for async edge case with Intel QuickAssist/Cavium Nitrox (PR 6931)
-* Fix for building PKCS#7 with RSA disabled (PR 6902)
-* Fix for advancing output pointer in wolfSSL_i2d_X509() (PR 6891)
-* Fix for EVP_EncodeBlock() appending a newline (PR 6900)
-* Fix for wolfSSL_RSA_verify_PKCS1_PSS() with RSA_PSS_SALTLEN_AUTO (PR 6938)
-* Fixes for CODESonar reports around isalpha() and isalnum() calls (PR 6810)
-* Fix for SP ARM64 integer math to avoid compiler optimization issues (PR 6942)
-* Fix for SP Thumb2 inline assembly to add IAR build support (PR 6943, 6971)
-* Fix for SP Thumb2 to make functions not inlined (PR 6993)
-* Fix for SP Cortex-M assembly large build with IAR (PR 6954)
-* Fix for SP ARM64 assembly montgomery reduction by 4 (PR 6947)
-* Fix for SP ARM64 P-256 for not inlining functions for iOS compatibility (PR 6979)
-* Fix for WOLFSSL_CALLBACKS and potential memory error (PR 6949)
-* Fixes for wolfSSL’s Zephyr OS port (PR 6930)
-* Fix for build errors when building for NXP mmCAU (FREESCALE_MMCAU) (PR 6970)
-* Fix for TLS 1.3 SendBuffered() return code in non-blocking mode (PR 7001)
-* Fix for TLS Hmac_UpdateFinal() when padding byte is invalid (PR 6998)
-* Fix for ARMv8 AES-GCM streaming to check size of IV before storing (PR 6996)
-* Add missing calls to wc_AesInit() before wc_AesSetKey() (PR 7011)
-* Fix build errors with DTLS 1.3 enabled but TLS 1.2 disabled (PR 6976)
-* Fixes for building wolfSSL in Visual Studio (PR 7040)
+* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051)
+* Fix for Aria sign use (PR 7082)
+* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085)
+* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018)
+* Fixes for STM32 PKA use with ECC (PR 7098)
+* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070)
+* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101)
+* Siphash x64 asm fix for use with older compilers (PR 7299)
+* Fix for SGX build with SP (PR 7308)
+* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190)
+* Fix for wrap around behavior with BIO pairs (PR 7169)
+* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255)
+* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150)
+* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214)
+* Fix for write_dup use with chacha-poly cipher suites (PR 7206)
+* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141)
+* Fix for AES ECB build with Thumb and alignment (PR 7094)
+* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237)
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/
diff --git a/extra/wolfssl/wolfssl/README.md b/extra/wolfssl/wolfssl/README.md
index 381a05fb..89acd736 100644
--- a/extra/wolfssl/wolfssl/README.md
+++ b/extra/wolfssl/wolfssl/README.md
@@ -75,93 +75,98 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
 `WC_SHA512` should be used for the enum name.
 
 
-# wolfSSL Release 5.6.6 (Dec 19, 2023)
+# wolfSSL Release 5.7.0 (Mar 20, 2024)
 
-Release 5.6.6 has been developed according to wolfSSL's development and QA
+Release 5.7.0 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
 
-REMINDER: When working with AES Block Cipher algorithms, `wc_AesInit()` should
-always be called first to initialize the `Aes` structure, before calling other
-Aes API functions. Recently we found several places in our documentation,
-comments, and codebase where this pattern was not observed. We have since
-fixed this omission in several PRs for this release.
+NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition.  This option should only be used in backward compatibility scenarios, as it is inherently insecure.
+
+NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.
 
 ## Vulnerabilities
+* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
+
 
-* [Medium] CVE-2023-6935: After review of the previous RSA timing fix in wolfSSL 5.6.4, additional changes were found to be required. A complete resistant change is delivered in this release. This fix is for the Marvin attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a very large number of trial connections. This issue is around RSA decryption and affects the optional static RSA cipher suites on the server side, which are considered weak, not recommended to be used and are off by default in wolfSSL (even with `--enable-all`). Static RSA cipher suites were also removed from the TLS 1.3 protocol and are only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It is recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. Thanks to Hubert Kario for the report. The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6955.
+* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167
 
-* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
 
-* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
+* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia).
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
 
-* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
 
 ## New Feature Additions
 
-* Build option for disabling CRL date checks (`WOLFSSL_NO_CRL_DATE_CHECK`) (PR 6927)
-* Support for STM32WL55 and improvements to PKA ECC support (PR 6937)
-* Add option to skip cookie exchange on DTLS 1.3 session resumption (PR 6929)
-* Add implementation of SRTP KDF and SRTCP KDF (`--enable-srtp-kdf`) (PR 6888)
-* Add `wolfSSL_EXTENDED_KEY_USAGE_free()` (PR 6916)
-* Add AES bitsliced implementation that is cache attack safe (`--enable-aes-bitsliced`) (PR 6854)
-* Add memcached support and automated testing (PR 6430, 7022)
-* Add Hardware Encryption Acceleration for ESP32-C3, ESP32-C6, and ESP32-S2 (PR 6990)
-* Add (D)TLS 1.3 support for 0.5-RTT data (PR 7010)
+* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
+
+### POST QUANTUM SUPPORT ADDITIONS
+* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
+* Experimental framework for using wolfSSL’s LMS implementation (PR 7283)
+* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318)
+* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112)
+* CryptoCb support for PQC algorithms (PR 7110)
+
+### OTHER FEATURE ADDITIONS
+* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems.  In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation.
+* CryptoCb hook to one-shot CMAC functions (PR 7059)
+* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184)
+* IoT-Safe SHA-384 and SHA-512 support (PR 7176)
+* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272)
+* Microchip PIC24 support and example project (PR 7151)
+* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296)
+* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)
+* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236)
+
 
 ## Enhancements and Optimizations
 
-* Better built in testing of “`--sys-ca-certs`” configure option (PR 6910)
-* Updated CMakeLists.txt for Espressif wolfSSL component usage (PR 6877)
-* Disable TLS 1.1 by default (unless SSL 3.0 or TLS 1.0 is enabled) (PR 6946)
-* Add “`--enable-quic`” to “`--enable-all`” configure option (PR 6957)
-* Add support to SP C implementation for RSA exponent up to 64-bits (PR 6959)
-* Add result of “`HAVE___UINT128_T`” to options.h for CMake builds (PR 6965)
-* Add optimized assembly for AES-GCM on ARM64 using hardware crypto instructions (PR 6967)
-* Add built-in cipher suite tests for DTLS 1.3 PQC (PR 6952)
-* Add wolfCrypt test and unit test to ctest (PR 6977)
-* Move OpenSSL compatibility crypto APIs into `ssl_crypto.c` file (PR 6935)
-* Validate time generated from XGMTIME() (PR 6958)
-* Allow wolfCrypt benchmark to run with microsecond accuracy (PR 6868)
-* Add GitHub Actions testing with nginx 1.24.0 (PR 6982)
-* Allow encoding of CA:FALSE BasicConstraint during cert generation (PR 6953)
-* Add CMake option to enable DTLS-SRTP (PR 6991)
-* Add CMake options for enabling QUIC and cURL (PR 7049)
-* Improve RSA blinding to make code more constant time (PR 6955)
-* Refactor AES-NI implementation macros to allow dynamic fallback to C (PR 6981)
-* Default to native Windows threading API on MinGW (PR 7015)
-* Return better error codes from OCSP response check (PR 7028)
-* Updated Espressif ESP32 TLS client and server examples (PR 6844)
-* Add/clean up support for ESP-IDF v5.1 for a variety of ESP32 chips (PR 7035, 7037)
-* Add API to choose dynamic certs based on client ciphers/sigalgs (PR 6963)
-* Improve Arduino IDE 1.5 project file to match recursive style (PR 7007)
-* Simplify and improve apple-universal build script (PR 7025)
+* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
+* Support for RSA-PSS signatures with CRL use (PR 7119)
+* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
+* Support for crypto cb only build with ECC and NXP CAAM (PR 7269)
+* Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
+* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096)
+* Enhancements to reproducible build (PR 7267)
+* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
+* XC32 compiler version 4.x compatibility (PR 7128)
+* Porting for build on PlayStation 3 and 4 (PR 7072)
+* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)
+* Allow crypto callbacks with SHA-1 HW (PR 7087)
+* Update OpenSSH port to version 9.6p1(PR 7203)
+* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221)
+* Expand heap hint support for static memory build with more x509 functions (PR 7136)
+* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182)
+* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194)
+* Implement wc_rng_new_ex for use with devID’s with crypto callback (PR 7271)
+* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102)
+* Send alert on bad PSK binder error (PR 7235)
+* Enhancements to CMake build files for use with cross compiling (PR 7188)
+
 
 ## Fixes
 
-* Fix for async edge case with Intel QuickAssist/Cavium Nitrox (PR 6931)
-* Fix for building PKCS#7 with RSA disabled (PR 6902)
-* Fix for advancing output pointer in `wolfSSL_i2d_X509()` (PR 6891)
-* Fix for `EVP_EncodeBlock()` appending a newline (PR 6900)
-* Fix for `wolfSSL_RSA_verify_PKCS1_PSS()` with `RSA_PSS_SALTLEN_AUTO` (PR 6938)
-* Fixes for CODESonar reports around `isalpha()` and `isalnum()` calls (PR 6810)
-* Fix for SP ARM64 integer math to avoid compiler optimization issues (PR 6942)
-* Fix for SP Thumb2 inline assembly to add IAR build support (PR 6943, 6971)
-* Fix for SP Thumb2 to make functions not inlined (PR 6993)
-* Fix for SP Cortex-M assembly large build with IAR (PR 6954)
-* Fix for SP ARM64 assembly montgomery reduction by 4 (PR 6947)
-* Fix for SP ARM64 P-256 for not inlining functions for iOS compatibility (PR 6979)
-* Fix for `WOLFSSL_CALLBACKS` and potential memory error (PR 6949)
-* Fixes for wolfSSL’s Zephyr OS port (PR 6930)
-* Fix for build errors when building for NXP mmCAU (`FREESCALE_MMCAU`) (PR 6970)
-* Fix for TLS 1.3 `SendBuffered()` return code in non-blocking mode (PR 7001)
-* Fix for TLS `Hmac_UpdateFinal()` when padding byte is invalid (PR 6998)
-* Fix for ARMv8 AES-GCM streaming to check size of IV before storing (PR 6996)
-* Add missing calls to `wc_AesInit()` before `wc_AesSetKey()` (PR 7011)
-* Fix build errors with DTLS 1.3 enabled but TLS 1.2 disabled (PR 6976)
-* Fixes for building wolfSSL in Visual Studio (PR 7040)
+* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051)
+* Fix for Aria sign use (PR 7082)
+* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085)
+* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018)
+* Fixes for STM32 PKA use with ECC (PR 7098)
+* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070)
+* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101)
+* Siphash x64 asm fix for use with older compilers (PR 7299)
+* Fix for SGX build with SP (PR 7308)
+* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190)
+* Fix for wrap around behavior with BIO pairs (PR 7169)
+* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255)
+* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150)
+* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214)
+* Fix for write_dup use with chacha-poly cipher suites (PR 7206)
+* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141)
+* Fix for AES ECB build with Thumb and alignment (PR 7094)
+* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237)
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/
@@ -190,3 +195,51 @@ More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html
 [wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)
 
 [Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)
+
+# Directory structure
+
+```
+<wolfssl_root>
+├── certs   [Certificates used in tests and examples]
+├── cmake   [Cmake build utilities]
+├── debian  [Debian packaging files]
+├── doc     [Documentation for wolfSSL (Doxygen)]
+├── Docker  [Prebuilt Docker environments]
+├── examples    [wolfSSL examples]
+│   ├── asn1    [ASN.1 printing example]
+│   ├── async   [Asynchronous Cryptography example]
+│   ├── benchmark   [TLS benchmark example]
+│   ├── client  [Client example]
+│   ├── configs [Example build configurations]
+│   ├── echoclient  [Echoclient example]
+│   ├── echoserver  [Echoserver example]
+│   ├── pem [Example for convert between PEM and DER]
+│   ├── sctp    [Servers and clients that demonstrate wolfSSL's DTLS-SCTP support]
+│   └── server  [Server example]
+├── IDE     [Contains example projects for various development environments]
+├── linuxkm [Linux Kernel Module implementation]
+├── m4      [Autotools utilities]
+├── mcapi   [wolfSSL MPLAB X Project Files]
+├── mplabx  [wolfSSL MPLAB X Project Files]
+├── mqx     [wolfSSL Freescale CodeWarrior Project Files]
+├── rpm     [RPM packaging metadata]
+├── RTOS
+│   └── nuttx   [Port of wolfSSL for NuttX]
+├── scripts [Testing scripts]
+├── src     [wolfSSL source code]
+├── sslSniffer  [wolfSSL sniffer can be used to passively sniff SSL traffic]
+├── support [Contains the pkg-config file]
+├── tests   [Unit and configuration testing]
+├── testsuite   [Test application that orchestrates tests]
+├── tirtos  [Port of wolfSSL for TI RTOS]
+├── wolfcrypt   [The wolfCrypt component]
+│   ├── benchmark   [Cryptography benchmarking application]
+│   ├── src         [wolfCrypt source code]
+│   │   └── port    [Supported hardware acceleration ports]
+│   └── test        [Cryptography testing application]
+├── wolfssl [Header files]
+│   ├── openssl [Compatibility layer headers]
+│   └── wolfcrypt   [Header files]
+├── wrapper [wolfSSL language wrappers]
+└── zephyr  [Port of wolfSSL for Zephyr RTOS]
+```
diff --git a/extra/wolfssl/wolfssl/autogen.sh b/extra/wolfssl/wolfssl/autogen.sh
index d9ae0881..854aef45 100755
--- a/extra/wolfssl/wolfssl/autogen.sh
+++ b/extra/wolfssl/wolfssl/autogen.sh
@@ -16,34 +16,6 @@ if [ -n "$WSL_DISTRO_NAME" ]; then
     fi
 fi
 
-# Git hooks should come before autoreconf.
-if [ -d .git ]; then
-    if [ ! -d .git/hooks ]; then
-        mkdir .git/hooks || exit $?
-    fi
-
-    if [ -n "$no_links" ]; then
-        echo "Linux ln does not work on shared Windows file system in WSL."
-        if [ ! -e .git/hooks/pre-commit ]; then
-            echo "The pre-commit.sh file will not be copied to .git/hooks/pre-commit"
-            # shell scripts do not work on Windows; TODO create equivalent batch file
-            # cp ./pre-commit.sh .git/hooks/pre-commit || exit $?
-        fi
-        if [ ! -e .git/hooks/pre-push ]; then
-            echo "The pre-push.sh file will not be copied to .git/hooks/pre-commit"
-            # shell scripts do not work on Windows; TODO create equivalent batch file
-            # cp ./pre-push.sh .git/hooks/pre-push || exit $?
-        fi
-    else
-        if [ ! -e .git/hooks/pre-commit ]; then
-            ln -s ../../pre-commit.sh .git/hooks/pre-commit || exit $?
-        fi
-        if [ ! -e .git/hooks/pre-push ]; then
-            ln -s ../../pre-push.sh .git/hooks/pre-push || exit $?
-        fi
-    fi
-fi
-
 # if and as needed, create empty dummy versions of various files, mostly
 # associated with fips/self-test and asynccrypt:
 
diff --git a/extra/wolfssl/wolfssl/certs/crl/caEcc384Crl.pem b/extra/wolfssl/wolfssl/certs/crl/caEcc384Crl.pem
index ab0833e0..cf3f9a1b 100644
--- a/extra/wolfssl/wolfssl/certs/crl/caEcc384Crl.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/caEcc384Crl.pem
@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBcjCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBcTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1qgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
-ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2kAMGYCMQDiAhgtXMrlvYjxh1+q
-uqluR12ThFI1k8wTdFiGF0yToo3zpoxbaN5w33vBYVUZzCYCMQD76v5cIfO8RUBc
-f5tVsV7n7fGhwMPREOw0f0nmtl+qwNWSDDegMLtTdZyYF9ERdV0=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFqgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
+ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2gAMGUCMQCjqo2bmsEzvBpsVBfA
+7CXvvAoldG0sFKW75EvAUOFZYWC92/GDULxTxzOGqg81B5ICMEeFr+vl+RMQZfju
+ZY3eOC5PKW4z1LwneOUyoKu2joHBENLhsD+tSixSHumx+kmh2g==
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/caEccCrl.pem b/extra/wolfssl/wolfssl/certs/crl/caEccCrl.pem
index 4729407b..8574c307 100644
--- a/extra/wolfssl/wolfssl/certs/crl/caEccCrl.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/caEccCrl.pem
@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBUTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBUDCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1qgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
-86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0gAMEUCICFj5IcBuGatpURtIwMU
-hSKkP11GeUUb5crLMcBKI2u9AiEArWyOTYXvODOGebzJONGEy7UQ9d+HUba3ROqc
-aGu35HE=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFqgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
+86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0cAMEQCIFuy1ACI/xzHowxHb4+6
+Ey9EPuLVgbvwLmVVSnDiwEkAAiB8BrOHHUMxK0ZFMZoAdRBgE/p32q9FdJJfAO0n
+VnFcxg==
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/cliCrl.pem b/extra/wolfssl/wolfssl/certs/crl/cliCrl.pem
index 00c48537..e20203ef 100644
--- a/extra/wolfssl/wolfssl/certs/crl/cliCrl.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/cliCrl.pem
@@ -2,41 +2,41 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 8
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         74:17:9b:40:81:d2:a0:f3:26:68:44:5b:f8:a2:6c:3f:7e:71:
-         75:a2:7f:c6:e6:71:cb:f9:08:57:42:cd:3e:3f:ab:cd:0c:85:
-         36:45:58:8b:59:28:81:d9:b0:6b:10:4a:d0:7d:59:ad:cf:53:
-         05:cb:13:c7:c1:ec:65:64:6b:4d:e6:87:0b:ae:06:60:ab:8a:
-         3c:ae:c1:7d:ed:8f:ee:09:02:7a:3a:f2:21:bf:89:ef:cd:14:
-         b1:03:64:2d:b2:b6:45:15:da:2d:ee:2d:c0:15:3b:a8:01:a8:
-         4f:30:61:ae:99:b9:16:07:b5:8b:71:8f:38:ac:69:82:39:90:
-         92:ff:d6:41:33:3b:92:5b:f2:dd:56:5a:8f:82:d1:1f:76:ee:
-         ca:01:a2:ac:c0:22:41:dd:6e:e1:ce:06:b0:6f:bc:e2:da:91:
-         11:c1:a0:41:16:7d:ba:7e:a1:53:13:14:4b:54:3b:b9:44:cf:
-         4f:1c:ef:ce:a8:bd:e8:ab:ba:de:97:f7:b7:7d:4f:ab:7a:e7:
-         73:65:97:a1:d9:a3:f3:92:f1:95:06:6d:52:7b:6e:fd:26:56:
-         55:83:c7:71:f7:a4:8f:9a:2c:52:04:dd:9f:85:ab:9c:88:e1:
-         30:c6:4a:88:7d:20:1b:c6:47:8b:82:cc:9d:0f:51:69:b1:90:
-         b2:8a:9c:74
+         52:11:97:57:04:d7:e2:14:1f:c4:7f:a2:d8:cf:4c:b7:5b:0c:
+         d3:ac:ca:29:10:74:09:2f:3d:fb:4d:75:3e:32:21:5a:0f:41:
+         5f:cc:e7:98:f8:ea:8e:e2:c9:57:60:b6:a3:b0:70:10:18:b9:
+         86:a3:65:1e:3a:88:13:df:44:18:15:51:00:f6:33:d6:ab:90:
+         18:93:df:ac:7d:15:5c:6a:63:55:d1:4d:41:37:03:89:86:65:
+         fa:fb:d7:b1:73:db:c3:43:08:ff:89:94:89:b1:b4:ad:96:78:
+         52:92:50:8c:0a:5d:ca:29:8b:e0:bc:ca:88:c0:7a:52:48:d3:
+         cf:09:03:08:5f:a1:b9:16:b0:55:5e:11:60:7f:73:9a:98:05:
+         54:97:bf:eb:0e:04:61:4f:b4:40:23:61:9a:07:69:78:fc:16:
+         de:f4:54:04:cf:f0:2b:07:8d:51:9e:6b:b5:77:c4:13:2c:a3:
+         40:99:ed:fa:f4:00:4a:45:36:da:52:9d:dc:88:66:3e:03:f0:
+         20:ce:54:a4:56:58:a8:9e:30:78:e8:42:2d:a8:0f:9b:c4:a9:
+         ab:13:c2:4e:ec:be:2e:99:16:56:2f:22:86:96:27:1d:30:80:
+         7d:a5:f8:45:ef:93:b4:63:13:96:4f:6a:df:a0:11:3b:52:be:
+         93:03:7a:81
 -----BEGIN X509 CRL-----
 MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEy
-MTMyMjE5MzNaFw0yNjA5MDgyMjE5MzNaMBQwEgIBAhcNMjMxMjEzMjIxOTMzWqAO
-MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAHQXm0CB0qDzJmhEW/ii
-bD9+cXWif8bmccv5CFdCzT4/q80MhTZFWItZKIHZsGsQStB9Wa3PUwXLE8fB7GVk
-a03mhwuuBmCrijyuwX3tj+4JAno68iG/ie/NFLEDZC2ytkUV2i3uLcAVO6gBqE8w
-Ya6ZuRYHtYtxjzisaYI5kJL/1kEzO5Jb8t1WWo+C0R927soBoqzAIkHdbuHOBrBv
-vOLakRHBoEEWfbp+oVMTFEtUO7lEz08c786oveirut6X97d9T6t653Nll6HZo/OS
-8ZUGbVJ7bv0mVlWDx3H3pI+aLFIE3Z+Fq5yI4TDGSoh9IBvGR4uCzJ0PUWmxkLKK
-nHQ=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
+MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQwEgIBAhcNMjQwMTA5MDAzNDMwWqAO
+MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAFIRl1cE1+IUH8R/otjP
+TLdbDNOsyikQdAkvPftNdT4yIVoPQV/M55j46o7iyVdgtqOwcBAYuYajZR46iBPf
+RBgVUQD2M9arkBiT36x9FVxqY1XRTUE3A4mGZfr717Fz28NDCP+JlImxtK2WeFKS
+UIwKXcopi+C8yojAelJI088JAwhfobkWsFVeEWB/c5qYBVSXv+sOBGFPtEAjYZoH
+aXj8Ft70VATP8CsHjVGea7V3xBMso0CZ7fr0AEpFNtpSndyIZj4D8CDOVKRWWKie
+MHjoQi2oD5vEqasTwk7svi6ZFlYvIoaWJx0wgH2l+EXvk7RjE5ZPat+gETtSvpMD
+eoE=
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/crl.der b/extra/wolfssl/wolfssl/certs/crl/crl.der
index c6ec65c4..7ce490cd 100644
Binary files a/extra/wolfssl/wolfssl/certs/crl/crl.der and b/extra/wolfssl/wolfssl/certs/crl/crl.der differ
diff --git a/extra/wolfssl/wolfssl/certs/crl/crl.pem b/extra/wolfssl/wolfssl/certs/crl/crl.pem
index a4a09f0a..58312874 100644
--- a/extra/wolfssl/wolfssl/certs/crl/crl.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/crl.pem
@@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         48:36:98:18:42:9c:0c:81:51:19:75:4b:26:9a:e0:07:18:89:
-         a2:a1:bd:b6:4e:91:f2:44:93:1a:50:a1:8f:72:1f:c4:ae:99:
-         81:c5:00:3a:94:03:de:00:24:98:d4:2c:17:e5:ba:f2:29:3a:
-         43:c8:23:ba:73:6a:5c:99:5d:ba:80:dd:bd:4f:cd:53:a6:cf:
-         33:11:31:30:27:e2:d2:31:06:65:b8:3e:cf:fe:00:21:ff:0d:
-         18:4f:fc:fd:d5:80:75:72:7c:2e:44:c1:a1:26:a6:8a:88:c8:
-         c0:66:1a:d4:99:36:ca:8f:67:42:8f:7c:f2:1a:e7:1b:d0:90:
-         05:22:0d:29:d3:35:57:23:8c:bb:d2:53:c1:a8:00:3c:d4:b3:
-         97:23:8a:4f:1d:8b:c9:73:6a:96:40:b0:a4:b1:c7:de:06:4d:
-         a3:5d:6a:d2:f5:5c:1e:f0:21:0f:d1:fd:21:89:e2:9e:3d:c1:
-         b2:f0:0f:5e:79:1e:47:48:92:bf:eb:96:28:ad:0b:89:5e:3b:
-         ed:97:29:bb:8d:24:c2:e6:26:e5:33:ef:88:17:c1:1a:97:fa:
-         51:44:a2:cc:b2:64:e5:5c:94:54:ed:3b:7d:8f:34:4a:4b:d3:
-         ca:62:f9:20:00:86:26:ea:1b:a9:b4:df:8f:f4:4d:d8:3e:95:
-         aa:3b:43:1c
+         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
+         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
+         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
+         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
+         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
+         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
+         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
+         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
+         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
+         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
+         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
+         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
+         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
+         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
+         ab:74:82:8b
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgECFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEASDaYGEKcDIFRGXVLJprgBxiJoqG9tk6R
-8kSTGlChj3IfxK6ZgcUAOpQD3gAkmNQsF+W68ik6Q8gjunNqXJlduoDdvU/NU6bP
-MxExMCfi0jEGZbg+z/4AIf8NGE/8/dWAdXJ8LkTBoSamiojIwGYa1Jk2yo9nQo98
-8hrnG9CQBSINKdM1VyOMu9JTwagAPNSzlyOKTx2LyXNqlkCwpLHH3gZNo11q0vVc
-HvAhD9H9IYninj3BsvAPXnkeR0iSv+uWKK0LiV477Zcpu40kwuYm5TPviBfBGpf6
-UUSizLJk5VyUVO07fY80SkvTymL5IACGJuobqbTfj/RN2D6VqjtDHA==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
+jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
+uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
+C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
+dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
+lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/crl.revoked b/extra/wolfssl/wolfssl/certs/crl/crl.revoked
index 73252614..9dfc67fd 100644
--- a/extra/wolfssl/wolfssl/certs/crl/crl.revoked
+++ b/extra/wolfssl/wolfssl/certs/crl/crl.revoked
@@ -2,43 +2,43 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 3
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         72:6e:a4:64:36:6b:e8:e0:c5:1d:98:ef:ab:7e:7a:14:f2:8d:
-         99:d0:57:4b:76:ac:f4:89:60:cd:89:23:9d:01:34:f3:83:e5:
-         82:21:b3:48:c4:42:25:7f:ea:9f:74:5f:e8:b8:d6:71:bb:a2:
-         39:d8:ef:46:a8:13:ba:7d:44:ab:d6:13:65:18:de:b5:03:85:
-         a7:c6:4f:0a:a0:6a:78:ba:7b:f7:ce:6e:ba:1c:ef:6f:b1:04:
-         a8:ac:c6:de:3b:76:77:3e:3d:8b:ae:8b:2b:7e:c9:4f:77:31:
-         7f:1f:f5:04:2c:e9:cf:a1:56:c2:59:e9:be:49:9f:e8:67:a3:
-         42:66:05:21:02:64:82:b2:74:a7:4b:89:89:7d:43:1a:41:fd:
-         53:8c:d6:4f:27:04:2a:48:6b:9e:62:fa:4a:42:83:22:53:3f:
-         53:07:4f:bc:cd:8d:8d:cc:15:c6:ff:3c:af:7d:db:ab:dd:fa:
-         8f:65:86:86:2a:89:5e:3f:d5:4b:39:80:78:3f:6e:38:3b:6d:
-         a5:5e:2c:9e:1d:2f:9c:62:12:b1:34:f2:95:64:37:dc:4b:20:
-         dc:27:f3:de:81:67:b2:04:b0:14:b9:47:e3:65:e3:2f:35:27:
-         c2:fc:22:db:24:bd:04:58:88:17:e3:42:3c:a5:ef:53:39:15:
-         54:52:ac:a1
+         35:50:96:da:71:71:90:d5:b7:37:5a:a6:b9:09:07:2f:af:c9:
+         e0:02:32:6a:43:6e:20:ec:20:a4:ac:d0:39:a9:19:35:d0:d2:
+         6f:bb:d1:cd:46:10:a7:cb:8a:be:0a:02:a2:91:f5:29:74:ee:
+         34:83:a3:8c:a0:ca:39:af:94:4a:23:d7:56:57:6b:cc:c6:eb:
+         b0:ce:9f:0a:e1:b0:a8:12:6b:6a:8b:21:73:22:6f:49:41:cd:
+         fd:85:44:d1:fa:52:6b:2f:b2:2b:02:e7:43:0e:f1:92:bc:15:
+         8f:22:28:49:25:69:93:d8:50:10:2f:93:e2:f5:b0:31:5c:eb:
+         1a:35:e2:40:83:25:87:55:4d:c0:85:06:37:9e:23:44:80:a1:
+         f9:e2:eb:9c:90:28:7a:71:d8:55:a2:8b:70:32:31:33:26:70:
+         fe:1d:11:d5:4b:c1:04:47:19:59:44:8f:0b:0a:ec:d6:62:40:
+         8a:6f:67:2e:6a:50:38:54:35:c9:f8:d5:ec:e8:ae:93:88:3d:
+         a0:40:81:2c:e0:fe:f7:c8:68:24:8e:41:04:88:af:94:82:97:
+         75:e5:69:4c:22:1d:f9:67:53:a3:4c:a3:db:bf:55:08:e7:3a:
+         07:67:a2:28:25:63:af:f8:0e:c7:d3:c1:77:ef:20:20:20:63:
+         9e:5c:22:81
 -----BEGIN X509 CRL-----
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEyMTMyMjE5MzNa
-Fw0yNjA5MDgyMjE5MzNaMCgwEgIBARcNMjMxMjEzMjIxOTMzWjASAgECFw0yMzEy
-MTMyMjE5MzNaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAcm6k
-ZDZr6ODFHZjvq356FPKNmdBXS3as9IlgzYkjnQE084PlgiGzSMRCJX/qn3Rf6LjW
-cbuiOdjvRqgTun1Eq9YTZRjetQOFp8ZPCqBqeLp7985uuhzvb7EEqKzG3jt2dz49
-i66LK37JT3cxfx/1BCzpz6FWwlnpvkmf6GejQmYFIQJkgrJ0p0uJiX1DGkH9U4zW
-TycEKkhrnmL6SkKDIlM/UwdPvM2NjcwVxv88r33bq936j2WGhiqJXj/VSzmAeD9u
-ODttpV4snh0vnGISsTTylWQ33Esg3Cfz3oFnsgSwFLlH42XjLzUnwvwi2yS9BFiI
-F+NCPKXvUzkVVFKsoQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAxMDkwMDM0MzBa
+Fw0yNjEwMDUwMDM0MzBaMCgwEgIBARcNMjQwMTA5MDAzNDMwWjASAgECFw0yNDAx
+MDkwMDM0MzBaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEANVCW
+2nFxkNW3N1qmuQkHL6/J4AIyakNuIOwgpKzQOakZNdDSb7vRzUYQp8uKvgoCopH1
+KXTuNIOjjKDKOa+USiPXVldrzMbrsM6fCuGwqBJraoshcyJvSUHN/YVE0fpSay+y
+KwLnQw7xkrwVjyIoSSVpk9hQEC+T4vWwMVzrGjXiQIMlh1VNwIUGN54jRICh+eLr
+nJAoenHYVaKLcDIxMyZw/h0R1UvBBEcZWUSPCwrs1mJAim9nLmpQOFQ1yfjV7Oiu
+k4g9oECBLOD+98hoJI5BBIivlIKXdeVpTCId+WdTo0yj279VCOc6B2eiKCVjr/gO
+x9PBd+8gICBjnlwigQ==
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/crl2.der b/extra/wolfssl/wolfssl/certs/crl/crl2.der
index c6ec65c4..7ce490cd 100644
Binary files a/extra/wolfssl/wolfssl/certs/crl/crl2.der and b/extra/wolfssl/wolfssl/certs/crl/crl2.der differ
diff --git a/extra/wolfssl/wolfssl/certs/crl/crl2.pem b/extra/wolfssl/wolfssl/certs/crl/crl2.pem
index eb71f194..f722481b 100644
--- a/extra/wolfssl/wolfssl/certs/crl/crl2.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/crl2.pem
@@ -2,79 +2,79 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         48:36:98:18:42:9c:0c:81:51:19:75:4b:26:9a:e0:07:18:89:
-         a2:a1:bd:b6:4e:91:f2:44:93:1a:50:a1:8f:72:1f:c4:ae:99:
-         81:c5:00:3a:94:03:de:00:24:98:d4:2c:17:e5:ba:f2:29:3a:
-         43:c8:23:ba:73:6a:5c:99:5d:ba:80:dd:bd:4f:cd:53:a6:cf:
-         33:11:31:30:27:e2:d2:31:06:65:b8:3e:cf:fe:00:21:ff:0d:
-         18:4f:fc:fd:d5:80:75:72:7c:2e:44:c1:a1:26:a6:8a:88:c8:
-         c0:66:1a:d4:99:36:ca:8f:67:42:8f:7c:f2:1a:e7:1b:d0:90:
-         05:22:0d:29:d3:35:57:23:8c:bb:d2:53:c1:a8:00:3c:d4:b3:
-         97:23:8a:4f:1d:8b:c9:73:6a:96:40:b0:a4:b1:c7:de:06:4d:
-         a3:5d:6a:d2:f5:5c:1e:f0:21:0f:d1:fd:21:89:e2:9e:3d:c1:
-         b2:f0:0f:5e:79:1e:47:48:92:bf:eb:96:28:ad:0b:89:5e:3b:
-         ed:97:29:bb:8d:24:c2:e6:26:e5:33:ef:88:17:c1:1a:97:fa:
-         51:44:a2:cc:b2:64:e5:5c:94:54:ed:3b:7d:8f:34:4a:4b:d3:
-         ca:62:f9:20:00:86:26:ea:1b:a9:b4:df:8f:f4:4d:d8:3e:95:
-         aa:3b:43:1c
+         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
+         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
+         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
+         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
+         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
+         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
+         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
+         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
+         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
+         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
+         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
+         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
+         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
+         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
+         ab:74:82:8b
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgECFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEASDaYGEKcDIFRGXVLJprgBxiJoqG9tk6R
-8kSTGlChj3IfxK6ZgcUAOpQD3gAkmNQsF+W68ik6Q8gjunNqXJlduoDdvU/NU6bP
-MxExMCfi0jEGZbg+z/4AIf8NGE/8/dWAdXJ8LkTBoSamiojIwGYa1Jk2yo9nQo98
-8hrnG9CQBSINKdM1VyOMu9JTwagAPNSzlyOKTx2LyXNqlkCwpLHH3gZNo11q0vVc
-HvAhD9H9IYninj3BsvAPXnkeR0iSv+uWKK0LiV477Zcpu40kwuYm5TPviBfBGpf6
-UUSizLJk5VyUVO07fY80SkvTymL5IACGJuobqbTfj/RN2D6VqjtDHA==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
+jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
+uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
+C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
+dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
+lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
 -----END X509 CRL-----
 Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         38:bd:b1:ed:0c:8b:5d:f2:e3:de:48:7b:03:16:a7:09:4c:98:
-         03:9d:a7:50:1d:56:57:a6:6f:e1:7d:4c:32:31:f3:55:28:4a:
-         d3:b5:55:a7:7d:f8:43:46:cf:7c:64:66:2e:0e:bc:e6:43:41:
-         c1:b8:b4:a0:db:68:92:3b:d4:a1:ef:47:44:fe:f6:e4:33:45:
-         18:62:cb:e5:04:44:44:07:83:e4:62:c4:d0:52:63:94:b0:1a:
-         43:bf:01:91:de:05:66:ae:6d:88:78:94:d9:c6:5e:a9:28:52:
-         93:2b:24:00:3f:d3:f7:6c:ca:27:b6:9b:8e:8f:61:a3:ac:3b:
-         e5:62:54:09:6f:c5:52:fb:87:9a:36:e0:51:14:5d:52:f9:42:
-         48:f1:18:20:bf:b3:98:c2:d4:a2:55:9e:7e:42:9b:01:59:fc:
-         64:3c:bb:05:46:09:ab:16:8a:f8:08:b7:f7:3d:01:8e:1b:60:
-         ba:e0:8f:e8:fe:6b:38:bc:23:af:52:31:bc:f3:a0:60:71:c4:
-         9a:29:49:46:5b:c2:f8:ff:c9:f6:8a:1a:c6:5c:9f:e5:bb:c0:
-         bf:6e:7b:26:8b:5a:6a:91:80:82:40:2e:48:96:b7:6a:8f:74:
-         75:6d:54:d7:4d:2a:81:7f:01:02:bd:6e:cf:37:50:de:bb:52:
-         b6:40:eb:ad
+         48:97:27:ce:47:2d:c9:e5:a9:7d:ac:6a:36:29:92:0d:bf:b7:
+         17:04:cb:7b:1c:a1:ce:e8:45:6d:c8:b9:a2:81:16:74:9d:b1:
+         b5:06:5f:46:64:06:74:e4:6a:79:13:27:a2:ed:f4:7e:73:0b:
+         c4:6e:99:9a:35:a7:8b:02:69:92:6d:80:da:dd:5c:fd:05:e0:
+         0e:4b:ee:5b:55:5c:a7:d0:c2:83:f3:41:62:86:f1:b3:f2:67:
+         48:6b:b2:3e:3f:b2:1d:aa:63:54:3a:43:62:9a:9e:87:ef:49:
+         36:dc:29:36:74:8b:7d:d7:04:b8:38:6d:55:5a:56:db:a1:72:
+         cf:bd:9f:cc:b4:59:f4:65:06:fb:a4:80:48:98:1c:1f:c9:b8:
+         c6:b2:3e:47:c5:2f:f3:f4:ca:45:97:4c:20:08:72:90:5f:c3:
+         e9:b8:4d:04:4b:1c:43:7d:b0:e3:34:59:9c:5f:db:ad:c3:87:
+         11:3f:eb:8c:75:5f:2f:b8:84:12:c1:73:f1:ec:f8:2e:36:b9:
+         5d:3e:a9:9d:70:dd:24:84:77:de:29:b8:73:39:70:6b:44:91:
+         cb:bf:b5:fc:b8:6f:93:75:8c:58:f4:aa:79:8f:70:24:5d:75:
+         19:e7:9a:08:6a:8e:cd:8d:cc:17:d2:6f:76:d5:40:99:1c:e8:
+         53:99:4e:f0
 -----BEGIN X509 CRL-----
 MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEy
-MTMyMjE5MzNaFw0yNjA5MDgyMjE5MzNaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQsFAAOCAQEAOL2x7QyLXfLj3kh7AxanCUyYA52nUB1WV6Zv4X1MMjHzVShK
-07VVp334Q0bPfGRmLg685kNBwbi0oNtokjvUoe9HRP725DNFGGLL5QRERAeD5GLE
-0FJjlLAaQ78Bkd4FZq5tiHiU2cZeqShSkyskAD/T92zKJ7abjo9ho6w75WJUCW/F
-UvuHmjbgURRdUvlCSPEYIL+zmMLUolWefkKbAVn8ZDy7BUYJqxaK+Ai39z0Bjhtg
-uuCP6P5rOLwjr1IxvPOgYHHEmilJRlvC+P/J9ooaxlyf5bvAv257JotaapGAgkAu
-SJa3ao90dW1U100qgX8BAr1uzzdQ3rtStkDrrQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
+MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEASJcnzkctyeWpfaxqNimSDb+3FwTLexyhzuhFbci5ooEWdJ2x
+tQZfRmQGdORqeRMnou30fnMLxG6ZmjWniwJpkm2A2t1c/QXgDkvuW1Vcp9DCg/NB
+Yobxs/JnSGuyPj+yHapjVDpDYpqeh+9JNtwpNnSLfdcEuDhtVVpW26Fyz72fzLRZ
+9GUG+6SASJgcH8m4xrI+R8Uv8/TKRZdMIAhykF/D6bhNBEscQ32w4zRZnF/brcOH
+ET/rjHVfL7iEEsFz8ez4Lja5XT6pnXDdJIR33im4czlwa0SRy7+1/Lhvk3WMWPSq
+eY9wJF11GeeaCGqOzY3MF9JvdtVAmRzoU5lO8A==
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/crl_rsapss.pem b/extra/wolfssl/wolfssl/certs/crl/crl_rsapss.pem
new file mode 100644
index 00000000..fab27b61
--- /dev/null
+++ b/extra/wolfssl/wolfssl/certs/crl/crl_rsapss.pem
@@ -0,0 +1,53 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: rsassaPss         
+         Hash Algorithm: sha256
+         Mask Algorithm: mgf1 with sha256
+          Salt Length: 0x20
+         Trailer Field: 0xBC (default)
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                13
+Revoked Certificates:
+    Serial Number: 01
+        Revocation Date: Jan  9 00:34:30 2024 GMT
+    Signature Algorithm: rsassaPss         
+         Hash Algorithm: sha256
+         Mask Algorithm: mgf1 with sha256
+          Salt Length: 0x20
+         Trailer Field: 0xBC (default)
+
+         68:74:81:f0:7e:55:bb:ea:38:4e:ae:d5:b2:b6:c2:6a:53:fa:
+         2a:23:07:d0:b8:76:66:74:cb:ba:e7:b2:66:ac:19:1d:b5:ba:
+         ab:e7:de:f2:84:10:e5:df:57:ea:19:f4:2c:af:d8:61:b3:09:
+         31:e4:b3:94:08:65:52:03:b4:5c:7b:d0:44:37:59:df:d3:13:
+         09:f7:da:34:a1:d0:8d:e8:c7:73:05:60:15:a2:ef:a1:94:31:
+         0b:a7:ee:3d:25:12:19:6a:e5:29:30:3c:97:82:ed:a5:db:f3:
+         54:7f:2a:73:c2:be:0d:25:30:9b:d4:c0:77:99:db:55:dd:d2:
+         f7:88:d0:8b:74:66:00:65:14:d6:c6:4c:a8:de:cf:54:19:bf:
+         3a:d9:6a:80:4a:85:87:f6:ec:3d:3d:01:67:54:ea:82:7f:d5:
+         c3:37:3b:c3:d0:82:ce:01:30:bf:30:a0:c2:04:70:ab:5b:02:
+         05:2f:ca:f1:e2:49:d3:50:04:e4:f2:77:08:16:5a:45:95:6c:
+         c9:80:72:a7:e6:b6:97:d4:22:5d:b7:f9:3a:5e:d0:be:6a:53:
+         44:35:fc:e9:45:3b:56:4a:1d:06:38:8e:5b:1b:fe:a2:0b:5b:
+         c2:5d:5e:99:84:7e:ba:c4:5c:b5:43:1d:a2:9b:b3:05:bd:33:
+         38:8e:2c:e8
+-----BEGIN X509 CRL-----
+MIICgzCCATsCAQEwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASAwgbIxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NM
+X1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJ
+k/IsZAEBDAd3b2xmU1NMFw0yNDAxMDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQw
+EgIBARcNMjQwMTA5MDAzNDMwWqAOMAwwCgYDVR0UBAMCAQ0wPQYJKoZIhvcNAQEK
+MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
+ASADggEBAGh0gfB+VbvqOE6u1bK2wmpT+iojB9C4dmZ0y7rnsmasGR21uqvn3vKE
+EOXfV+oZ9Cyv2GGzCTHks5QIZVIDtFx70EQ3Wd/TEwn32jSh0I3ox3MFYBWi76GU
+MQun7j0lEhlq5SkwPJeC7aXb81R/KnPCvg0lMJvUwHeZ21Xd0veI0It0ZgBlFNbG
+TKjez1QZvzrZaoBKhYf27D09AWdU6oJ/1cM3O8PQgs4BML8woMIEcKtbAgUvyvHi
+SdNQBOTydwgWWkWVbMmAcqfmtpfUIl23+Tpe0L5qU0Q1/OlFO1ZKHQY4jlsb/qIL
+W8JdXpmEfrrEXLVDHaKbswW9MziOLOg=
+-----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/eccCliCRL.pem b/extra/wolfssl/wolfssl/certs/crl/eccCliCRL.pem
index 86fa84a0..f7a8c177 100644
--- a/extra/wolfssl/wolfssl/certs/crl/eccCliCRL.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/eccCliCRL.pem
@@ -2,25 +2,25 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 9
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:dc:a7:bf:34:1b:68:b6:54:0c:38:8d:46:41:
-         84:bf:fa:f0:96:00:89:a6:81:4a:0f:15:12:ef:15:98:f7:51:
-         95:02:20:08:57:33:0d:c1:a5:c6:83:63:49:96:8c:71:41:7b:
-         40:92:67:80:d6:23:62:2a:c2:f2:43:5a:92:9b:9b:d6:83
+         30:45:02:20:3b:07:f1:6c:fb:19:62:f2:56:2a:5c:21:a3:7d:
+         bf:06:33:3e:b4:53:01:f3:f5:0e:e6:ca:f5:b9:26:7e:4d:ca:
+         02:21:00:dd:04:d6:b1:18:01:b7:d6:ca:d9:7b:29:53:cf:9e:
+         ad:38:ef:fa:70:2c:41:74:ba:ce:e6:77:1f:22:86:f0:e3
 -----BEGIN X509 CRL-----
 MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
 Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
 BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIx
-OTMzWjAUMBICAQIXDTIzMTIxMzIyMTkzM1qgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
-SM49BAMCA0gAMEUCIQDcp780G2i2VAw4jUZBhL/68JYAiaaBSg8VEu8VmPdRlQIg
-CFczDcGlxoNjSZaMcUF7QJJngNYjYirC8kNakpub1oM=
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1MDAz
+NDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
+SM49BAMCA0gAMEUCIDsH8Wz7GWLyVipcIaN9vwYzPrRTAfP1DubK9bkmfk3KAiEA
+3QTWsRgBt9bK2XspU8+erTjv+nAsQXS6zuZ3HyKG8OM=
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/eccSrvCRL.pem b/extra/wolfssl/wolfssl/certs/crl/eccSrvCRL.pem
index 8cd5091c..2b6bc71c 100644
--- a/extra/wolfssl/wolfssl/certs/crl/eccSrvCRL.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/eccSrvCRL.pem
@@ -2,25 +2,25 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Jan  9 00:34:30 2024 GMT
+        Next Update: Oct  5 00:34:30 2026 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 10
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Jan  9 00:34:30 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:a9:26:ab:1a:4a:be:5c:92:da:9d:17:0a:b5:
-         f6:40:ea:84:93:ce:57:b8:af:68:75:e8:e9:de:a7:27:e7:79:
-         48:02:20:11:d4:03:97:19:2a:28:04:70:28:bb:5e:6a:b7:f6:
-         32:90:f1:92:ff:48:7c:cf:e7:94:0f:ce:63:de:f8:fc:6c
+         30:45:02:20:4e:83:3e:21:ee:69:a6:f2:7e:87:45:10:5c:60:
+         ad:24:49:1e:0f:9e:1f:81:03:00:43:a9:e6:1b:63:27:3f:6b:
+         02:21:00:b2:7f:bd:3d:af:c4:f5:ff:82:3f:b7:6a:56:25:7c:
+         07:85:54:d9:19:44:42:60:b4:8a:e3:55:f4:a4:96:c7:d1
 -----BEGIN X509 CRL-----
 MIIBPzCB5gIBATAKBggqhkjOPQQDAjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4
-MjIxOTMzWjAUMBICAQIXDTIzMTIxMzIyMTkzM1qgDjAMMAoGA1UdFAQDAgEKMAoG
-CCqGSM49BAMCA0gAMEUCIQCpJqsaSr5cktqdFwq19kDqhJPOV7ivaHXo6d6nJ+d5
-SAIgEdQDlxkqKARwKLtearf2MpDxkv9IfM/nlA/OY974/Gw=
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1
+MDAzNDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEKMAoG
+CCqGSM49BAMCA0gAMEUCIE6DPiHuaabyfodFEFxgrSRJHg+eH4EDAEOp5htjJz9r
+AiEAsn+9Pa/E9f+CP7dqViV8B4VU2RlEQmC0iuNV9KSWx9E=
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/extra-crls/ca-int-cert-revoked.pem b/extra/wolfssl/wolfssl/certs/crl/extra-crls/ca-int-cert-revoked.pem
index 16b02cd9..598502ae 100644
--- a/extra/wolfssl/wolfssl/certs/crl/extra-crls/ca-int-cert-revoked.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/extra-crls/ca-int-cert-revoked.pem
@@ -2,12 +2,12 @@
 MIICBTCB7gIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFTATAgIQABcNMjMxMjEzMjIxOTMzWqAOMAwwCgYDVR0U
-BAMCAQUwDQYJKoZIhvcNAQELBQADggEBACmOUprDH201Mv2gW5wiighBTzH10Lwv
-tKJtoehgsTPgsWPk7BaDTsgzLqrk5g7Nlhe1by5UNGgRbHNBzK+TQgeOtdEE0npr
-PITh7Kmtk8rAKygYjDHPtamJLc0oJcpRkVIB7PiyKs8LUlVr+Cv3m6F5I9K5pxc8
-9FXVlrVfAuN8KDC68SPlmpCsWh8v11lXRyy7sMg/ScLvBxTYiehe54kS/IUnjx1E
-eKbgRGKf0alznvdQizMhkX4XJ1gbxdeAzbxO0vsCdgevj4uSyizYKzuMkilqzure
-KGgSLade8ZwS952XPRLHGmPEeVfaDs5qdXBC6Ov9Tg+IVfmY9FO2Tp4=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFTATAgIQABcNMjQwMTA5MDAzNDMwWqAOMAwwCgYDVR0U
+BAMCAQUwDQYJKoZIhvcNAQELBQADggEBAHeXXNQirv4s301n52RKjlA2GgYMtqKU
+pNmZhFVY91LH4JUb93+iHfeBACD7ELUF0lHY6WEk26cL9JU3+2PKE/CqhmLtmtLE
+hksE55zfOep+WzeQrngJTEJrsS5ptkCI38NX7uzOn1PC5bX70LdzC4v8wZpZuxCf
+VVgORds34s8Hdwq5Scx2qdgip3XTPoxJYIG+iBRp1zg9DM/RIOgCtSISkB9AU2wJ
+obFgLNAuhJue6swyo4rj++V6g38ojrZoknwmgZ3qIo4AwZt5o1UhVBkJbXYpbyi6
+bDlDuvJ2SNoaAcGsNjT8Opy61ti729wI/hOqUDn0WqsinFhljpRqW04=
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/extra-crls/general-server-crl.pem b/extra/wolfssl/wolfssl/certs/crl/extra-crls/general-server-crl.pem
index d547b88f..eab9266e 100644
--- a/extra/wolfssl/wolfssl/certs/crl/extra-crls/general-server-crl.pem
+++ b/extra/wolfssl/wolfssl/certs/crl/extra-crls/general-server-crl.pem
@@ -2,12 +2,12 @@
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgEBFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAkoJhgjUEmUasZKFCVTZ0yLC+AoCpm10E
-den4O2yCm6N6NNlOuCbJr34iHSFHeS4Dal0phM6fl6wQTiC5zdVlG4Tnq+RlBVNk
-/15jGnjTH20bEc+2KS855GvTe9LhP/HgwS1usLhfR8YwVMSFL2NbFO+HEMD9ULx5
-UkGg9I9ehAcp42uR8RpWkeoLoWzbiw+YaBNZPdzYIylW4RqeLX3D+QhDGEnk3pR/
-Zvl3NcmLKMghXy9hMFEqu0A/G0lC5U2Oo+7jWcjO2Kn8QzCfbXrieIJ/0R4i2tUj
-wtmZ4mKVqaD66x/mSXYPpX52p5RTD7R3k+04w9FzLk73LuM69WQr5w==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
+DTI2MTAwNTAwMzQzMFowFDASAgEBFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
+AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAWFcHDGDzEVttKWzvWv88rkJhBQihzcbm
+I5qlXrccNXrC+7fqHcXp2crCE0o75tnrXkcAL7YWeKcO1SkfIuyd84N73JrEECmf
+MaJEVgQrGmuqyLk8p3cq+Rqomyc1KxpxIzUkX7BL6ZCMZGWvvybcA51F+zX+9cMa
+jAFR7Ta9byN+TyrDDxecqhGgs/hjfTdXg2NABZjLjFZ3Eo4JO7aio6DgCygIncZX
+46xDMqYnl0fOl6+GNBmRdt16O3LXNRFJyvFx/sXBmAVa3/Sfq7UoF+zyT/k0zInu
+qfwBkM/hdrpfH2ZyzyDHC4/NXOv/tLZWfbakXAUWZpRx04Wyi8WKyw==
 -----END X509 CRL-----
diff --git a/extra/wolfssl/wolfssl/certs/crl/gencrls.sh b/extra/wolfssl/wolfssl/certs/crl/gencrls.sh
index e509d962..98deb7e4 100755
--- a/extra/wolfssl/wolfssl/certs/crl/gencrls.sh
+++ b/extra/wolfssl/wolfssl/certs/crl/gencrls.sh
@@ -202,4 +202,21 @@ echo "Step 26"
 openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
 openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
 
+# clear state for RSA-PSS revoke
+cp blank.index.txt demoCA/index.txt
+
+echo "Step 27 RSA-PSS revoke"
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../rsapss/server-rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
+check_result $?
+
+echo "Step 28 RSA-PSS"
+openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl_rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
+check_result $?
+
+# metadata
+echo "Step 29"
+openssl crl -in crl_rsapss.pem -text > tmp
+check_result $?
+mv tmp crl_rsapss.pem
+
 exit 0
diff --git a/extra/wolfssl/wolfssl/certs/crl/include.am b/extra/wolfssl/wolfssl/certs/crl/include.am
index 91f09bd0..d3194933 100644
--- a/extra/wolfssl/wolfssl/certs/crl/include.am
+++ b/extra/wolfssl/wolfssl/certs/crl/include.am
@@ -15,7 +15,8 @@ EXTRA_DIST += \
 		certs/crl/caEcc384Crl.pem \
 		certs/crl/wolfssl.cnf \
 		certs/crl/crl.der \
-		certs/crl/crl2.der
+		certs/crl/crl2.der \
+        certs/crl/crl_rsapss.pem
 
 EXTRA_DIST += \
 		certs/crl/crl.revoked \
diff --git a/extra/wolfssl/wolfssl/certs/include.am b/extra/wolfssl/wolfssl/certs/include.am
index 637b6b2d..de8d2edf 100644
--- a/extra/wolfssl/wolfssl/certs/include.am
+++ b/extra/wolfssl/wolfssl/certs/include.am
@@ -51,6 +51,7 @@ EXTRA_DIST += \
              certs/server-revoked-key.pem \
              certs/wolfssl-website-ca.pem \
              certs/test-degenerate.p7b \
+             certs/test-stream-sign.p7b \
              certs/test-ber-exp02-05-2022.p7b \
              certs/test-servercert.p12 \
              certs/test-servercert-rc2.p12 \
diff --git a/extra/wolfssl/wolfssl/certs/renewcerts.sh b/extra/wolfssl/wolfssl/certs/renewcerts.sh
index a25385d5..d2482f51 100755
--- a/extra/wolfssl/wolfssl/certs/renewcerts.sh
+++ b/extra/wolfssl/wolfssl/certs/renewcerts.sh
@@ -838,6 +838,7 @@ run_renewcerts(){
     cd ./crl || { echo "Failed to switch to dir ./crl"; exit 1; }
     echo "changed directory: cd/crl"
     echo ""
+    # has dependency on rsapss generation (rsapss should be ran first)
     ./gencrls.sh
     check_result $? "gencrls.sh"
     echo "ran ./gencrls.sh"
@@ -853,6 +854,10 @@ run_renewcerts(){
     echo ""
     openssl crl2pkcs7 -nocrl -certfile ./client-cert.pem -out test-degenerate.p7b -outform DER
     check_result $? ""
+
+    openssl smime -sign -in ./ca-cert.pem -out test-stream-sign.p7b -signer ./ca-cert.pem -nodetach -nocerts -binary -outform DER -stream -inkey ./ca-key.pem
+    check_result $? ""
+
     echo "End of section"
     echo "---------------------------------------------------------------------"
 
diff --git a/extra/wolfssl/wolfssl/certs/test-stream-sign.p7b b/extra/wolfssl/wolfssl/certs/test-stream-sign.p7b
new file mode 100644
index 00000000..05f6643c
Binary files /dev/null and b/extra/wolfssl/wolfssl/certs/test-stream-sign.p7b differ
diff --git a/extra/wolfssl/wolfssl/cmake/config.in b/extra/wolfssl/wolfssl/cmake/config.in
index 4082325b..d1b61aa1 100644
--- a/extra/wolfssl/wolfssl/cmake/config.in
+++ b/extra/wolfssl/wolfssl/cmake/config.in
@@ -1,6 +1,12 @@
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #cmakedefine HAVE_ARPA_INET_H @HAVE_ARPA_INET_H@
 
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#cmakedefine HAVE_SYS_IOCTL_H @HAVE_SYS_IOCTL_H@
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#cmakedefine HAVE_NETDB_H @HAVE_NETDB_H@
+
 /* Define to 1 if you have the <sys/socket.h> header file. */
 #cmakedefine HAVE_SYS_SOCKET_H @HAVE_SYS_SOCKET_H@
 
diff --git a/extra/wolfssl/wolfssl/cmake/functions.cmake b/extra/wolfssl/wolfssl/cmake/functions.cmake
index 6b5b9a7f..bf31acf3 100644
--- a/extra/wolfssl/wolfssl/cmake/functions.cmake
+++ b/extra/wolfssl/wolfssl/cmake/functions.cmake
@@ -198,6 +198,7 @@ function(generate_build_flags)
         set(BUILD_SPHINCS "yes" PARENT_SCOPE)
         set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
         set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
+        set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS)
         message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA")
@@ -217,8 +218,6 @@ function(generate_build_flags)
         set(BUILD_CRL_MONITOR "yes" PARENT_SCOPE)
     endif()
     set(BUILD_QUIC ${WOLFSSL_QUIC} PARENT_SCOPE)
-    set(BUILD_USER_RSA ${WOLFSSL_USER_RSA} PARENT_SCOPE)
-    set(BUILD_USER_CRYPTO ${WOLFSSL_USER_CRYPTO} PARENT_SCOPE)
     set(BUILD_WNR ${WOLFSSL_WNR} PARENT_SCOPE)
     if(WOLFSSL_SRP OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SRP "yes" PARENT_SCOPE)
@@ -281,13 +280,12 @@ function(generate_build_flags)
     if(WOLFSSL_SP_ARM_CORTEX_ASM OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SP_ARM_CORTEX "yes" PARENT_SCOPE)
     endif()
-    if(WOLFSSL_SP_X86_64_ASM OR WOLFSSL_USER_SETTINGS)
+    if(WOLFSSL_X86_64_BUILD AND (WOLFSSL_SP_X86_64_ASM OR WOLFSSL_USER_SETTINGS))
         set(BUILD_SP_X86_64 "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_SP_MATH OR WOLFSSL_SP_MATH_ALL OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SP_INT "yes" PARENT_SCOPE)
     endif()
-    set(BUILD_FAST_RSA ${WOLFSSL_FAST_RSA} PARENT_SCOPE)
     set(BUILD_MCAPI ${WOLFSSL_MCAPI} PARENT_SCOPE)
     set(BUILD_ASYNCCRYPT ${WOLFSSL_ASYNCCRYPT} PARENT_SCOPE)
     set(BUILD_WOLFEVENT ${WOLFSSL_ASYNCCRYPT} PARENT_SCOPE)
@@ -493,14 +491,10 @@ function(generate_lib_src_list LIB_SOURCES)
               list(APPEND LIB_SOURCES wolfcrypt/src/async.c)
          endif()
 
-         if(NOT BUILD_USER_RSA AND BUILD_RSA)
-              if(BUILD_FAST_RSA)
-                   list(APPEND LIB_SOURCES wolfcrypt/user-crypto/src/rsa.c)
-              else()
-                   if(NOT BUILD_FIPS_V2)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
-                   endif()
-              endif()
+         if(BUILD_RSA)
+               if(NOT BUILD_FIPS_V2)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
+               endif()
          endif()
 
          if(BUILD_SP)
@@ -511,9 +505,10 @@ function(generate_lib_src_list LIB_SOURCES)
               endif()
 
               if(BUILD_SP_X86_64)
-                   list(APPEND LIB_SOURCES
-                        wolfcrypt/src/sp_x86_64.c
-                        wolfcrypt/src/sp_x86_64_asm.S)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64.c)
+                    if(WOLFSSL_X86_64_BUILD_ASM)
+                         list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64_asm.S)
+                    endif()
               endif()
 
               if(NOT BUILD_FIPS_V2 AND BUILD_SP_ARM32)
@@ -587,6 +582,11 @@ function(generate_lib_src_list LIB_SOURCES)
          wolfcrypt/src/wc_port.c
          wolfcrypt/src/error.c)
 
+    if(BUILD_OQS_HELPER)
+        list(APPEND LIB_SOURCES
+            wolfcrypt/src/port/liboqs/liboqs.c)
+    endif()
+
     if(BUILD_ARIA)
         list(APPEND LIB_SOURCES
             wolfcrypt/src/port/aria/aria-crypt.c
diff --git a/extra/wolfssl/wolfssl/configure.ac b/extra/wolfssl/wolfssl/configure.ac
index 0e2d0706..df2f74e1 100644
--- a/extra/wolfssl/wolfssl/configure.ac
+++ b/extra/wolfssl/wolfssl/configure.ac
@@ -7,7 +7,7 @@
 #
 AC_COPYRIGHT([Copyright (C) 2006-2023 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.6.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.7.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
 # The following sets CFLAGS to empty if unset on command line.  We do not
@@ -45,22 +45,20 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS])
 
 # shared library versioning
 # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
-# these numbers don't always line up nicely with the library version.
+
+# increment if interfaces have been removed or changed
 WOLFSSL_LIBRARY_VERSION_FIRST=42
-WOLFSSL_LIBRARY_VERSION_SECOND=0
+
+# increment if interfaces have been added
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
+WOLFSSL_LIBRARY_VERSION_SECOND=1
+
+# increment if source code has changed
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
+# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
 WOLFSSL_LIBRARY_VERSION_THIRD=0
-WOLFSSL_LIBRARY_VERSION=42:0:0
-#                        | | |
-#                 +------+ | +---+
-#                 |        |     |
-#                current:revision:age
-#                 |        |     |
-#                 |        |     +- increment if interfaces have been added
-#                 |        |        set to zero if interfaces have been removed
-#                 |        |        or changed
-#                 |        +- increment if source code has changed
-#                 |           set to zero if current is incremented
-#                 +- increment if interfaces have been added, removed or changed
+
+WOLFSSL_LIBRARY_VERSION=${WOLFSSL_LIBRARY_VERSION_FIRST}:${WOLFSSL_LIBRARY_VERSION_SECOND}:${WOLFSSL_LIBRARY_VERSION_THIRD}
 AC_SUBST([WOLFSSL_LIBRARY_VERSION_FIRST])
 AC_SUBST([WOLFSSL_LIBRARY_VERSION_SECOND])
 AC_SUBST([WOLFSSL_LIBRARY_VERSION_THIRD])
@@ -102,6 +100,18 @@ else
     REPRODUCIBLE_BUILD_DEFAULT=no
 fi
 
+# Allow experimental settings
+AC_ARG_ENABLE([experimental],
+    [AS_HELP_STRING([--enable-experimental],[Allow experimental settings in the configuration (default: disabled)])],
+    [ ENABLED_EXPERIMENTAL=$enableval ],
+    [ ENABLED_EXPERIMENTAL=no ]
+    )
+if test "$ENABLED_EXPERIMENTAL" = "yes"
+then
+    AS_IF([ test "$ENABLED_DISTRO" = "yes" && test "$ENABLED_EXPERIMENTAL" = "yes" ],[ AC_MSG_ERROR([--enable-distro and --enable-experimental are mutually exclusive.]) ])
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
+    AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
+fi
 
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])
 AC_CHECK_LIB([network],[socket])
@@ -451,9 +461,35 @@ then
         RANLIB=ranlib
     fi
     xxx_ranlib_flags=$(${RANLIB} --help 2>&1)
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD"
+
     AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr" lt_ar_flags="Dcr"])
     AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="${RANLIB} -D"])
+
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD -g0"
+
+    # opportunistically use -ffile-prefix-map (added in GCC8 and LLVM10)
+
+    if "$CC" -ffile-prefix-map=/tmp=. -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
+        #include <stdlib.h>
+        int main(int argc, char **argv) {
+            (void)argc; (void)argv; return 0;
+        }
+        EOF
+    then
+        AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/="
+    fi
+
+    # opportunistically use linker option --build-id=none
+
+    if "$CC" -Wl,--build-id=none -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
+        #include <stdlib.h>
+        int main(int argc, char **argv) {
+            (void)argc; (void)argv; return 0;
+        }
+        EOF
+    then
+        AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=none"
+    fi
 fi
 
 
@@ -720,6 +756,7 @@ then
     # this set is also enabled by enable-all-crypto:
     test "$enable_atomicuser" = "" && enable_atomicuser=yes
     test "$enable_aesgcm" = "" && enable_aesgcm=yes
+    test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
     test "$enable_aesccm" = "" && enable_aesccm=yes
     test "$enable_aesctr" = "" && enable_aesctr=yes
     test "$enable_aeseax" = "" && enable_aeseax=yes
@@ -745,7 +782,6 @@ then
     test "$enable_psk" = "" && enable_psk=yes
     test "$enable_cmac" = "" && enable_cmac=yes
     test "$enable_siphash" = "" && enable_siphash=yes
-    test "$enable_xts" = "" && enable_xts=yes
     test "$enable_ocsp" = "" && enable_ocsp=yes
     test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
     test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
@@ -787,6 +823,7 @@ then
     test "$enable_session_ticket" = "" && enable_session_ticket=yes
     test "$enable_earlydata" = "" && enable_earlydata=yes
     test "$enable_ech" = "" && enable_ech=yes
+    test "$enable_srtp" = "" && enable_srtp=yes
 
     if test "$ENABLED_32BIT" != "yes"
     then
@@ -796,7 +833,6 @@ then
 
     if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
     then
-        test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
         test "$enable_compkey" = "" && enable_compkey=yes
         test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && enable_quic=yes
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
@@ -861,7 +897,8 @@ then
         fi
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "dev"; then
+    if test "$ENABLED_FIPS" = "no" || test "$FIPS_VERSION" = "dev"; then
+        test "$enable_aesxts" = "" && enable_aesxts=yes
         test "$enable_aessiv" = "" && enable_aessiv=yes
     fi
 
@@ -908,6 +945,7 @@ if test "$ENABLED_ALL_CRYPT" = "yes"
 then
     test "$enable_atomicuser" = "" && enable_atomicuser=yes
     test "$enable_aesgcm" = "" && enable_aesgcm=yes
+    test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
     test "$enable_aesccm" = "" && enable_aesccm=yes
     test "$enable_aesctr" = "" && enable_aesctr=yes
     test "$enable_aeseax" = "" && enable_aeseax=yes
@@ -933,7 +971,6 @@ then
     test "$enable_psk" = "" && enable_psk=yes
     test "$enable_cmac" = "" && enable_cmac=yes
     test "$enable_siphash" = "" && enable_siphash=yes
-    test "$enable_xts" = "" && enable_xts=yes
     test "$enable_ocsp" = "" && enable_ocsp=yes
     test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
     test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
@@ -959,6 +996,7 @@ then
     test "$enable_cryptocb" = "" && enable_cryptocb=yes
     test "$enable_anon" = "" && enable_anon=yes
     test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
+    test "$enable_srtp_kdf" = "" && enable_srtp_kdf=yes
 
     if test "$ENABLED_32BIT" != "yes"
     then
@@ -968,7 +1006,6 @@ then
 
     if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
     then
-        test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
         test "$enable_compkey" = "" && enable_compkey=yes
     fi
 
@@ -1001,7 +1038,8 @@ then
         fi
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "dev"; then
+    if test "$ENABLED_FIPS" = "no" || test "$FIPS_VERSION" = "dev"; then
+        test "$enable_aesxts" = "" && enable_aesxts=yes
         test "$enable_aessiv" = "" && enable_aessiv=yes
     fi
 
@@ -1029,8 +1067,9 @@ fi
 ENABLED_LIBOQS="no"
 tryliboqsdir=""
 AC_ARG_WITH([liboqs],
-    [AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) EXPERIMENTAL!])],
+    [AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) (requires --enable-experimental)])],
     [
+        AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([LIBOQS requires --enable-experimental.]) ])
         AC_MSG_CHECKING([for liboqs])
         LIBS="$LIBS -loqs"
 
@@ -1077,7 +1116,7 @@ AC_ARG_WITH([liboqs],
 #  - SHA3, Shake128 and Shake256, or
 #  - SHA256, SHA512, AES-CTR
 AC_ARG_ENABLE([kyber],
-    [AS_HELP_STRING([--enable-kyber],[Enable KYBER (default: disabled)])],
+    [AS_HELP_STRING([--enable-kyber],[Enable KYBER (requires --enable-experimental) (default: disabled)])],
     [ ENABLED_KYBER=$enableval ],
     [ ENABLED_KYBER=no ]
     )
@@ -1093,10 +1132,6 @@ do
     ;;
   no)
     ;;
-  wolfssl)
-    ENABLED_WC_KYBER=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
-    ;;
   small)
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_SMALL"
     ;;
@@ -1117,7 +1152,14 @@ done
 
 if test "$ENABLED_KYBER" != "no"
 then
+    AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([KYBER requires --enable-experimental.]) ])
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_KYBER"
+    # Use liboqs if specified.
+    if test "$ENABLED_LIBOQS" = "no"; then
+        ENABLED_WC_KYBER=yes
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
+        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_KYBER"
+    fi
 
     if test "$ENABLED_KYBER512" = ""; then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
@@ -1134,12 +1176,6 @@ then
         test "$enable_sha3" = "" && enable_sha3=yes
         test "$enable_shake128" = "" && enable_shake128=yes
         test "$enable_shake256" = "" && enable_shake256=yes
-    else
-        # Default is to use liboqs. Make sure its enabled.
-        if test "$ENABLED_LIBOQS" = "no"; then
-            AC_MSG_ERROR([The default implementation for kyber is liboqs.
-            Please use --with-liboqs.])
-        fi
     fi
 fi
 
@@ -1167,6 +1203,10 @@ do
     ENABLED_WC_XMSS=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS"
     ;;
+  small)
+    ENABLED_WC_XMSS=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS_SMALL"
+    ;;
   *)
     AC_MSG_ERROR([Invalid choice for XMSS []: $ENABLED_XMSS.])
     break;;
@@ -1192,8 +1232,9 @@ fi
 ENABLED_LIBXMSS="no"
 trylibxmssdir=""
 AC_ARG_WITH([libxmss],
-    [AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. EXPERIMENTAL!])],
+    [AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. (requires --enable-experimental)!])],
     [
+        AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([libxmss requires --enable-experimental.]) ])
         AC_MSG_CHECKING([for libxmss])
 
         trylibxmssdir=$withval
@@ -1257,6 +1298,10 @@ do
     LMS_VERIFY_ONLY=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY"
     ;;
+  small)
+    ENABLED_WC_LMS=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL"
+    ;;
   wolfssl)
     ENABLED_WC_LMS=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
@@ -1286,8 +1331,9 @@ fi
 ENABLED_LIBLMS="no"
 tryliblmsdir=""
 AC_ARG_WITH([liblms],
-    [AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) EXPERIMENTAL!])],
+    [AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) (requires --enable-experimental)!])],
     [
+        AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([liblms requires --enable-experimental.]) ])
         AC_MSG_CHECKING([for liblms])
 
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <hss.h>]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ])
@@ -4832,18 +4878,17 @@ AS_IF([test "x$ENABLED_CMAC" = "xyes"],
 
 
 # AES-XTS
-AC_ARG_ENABLE([xts],
-    [AS_HELP_STRING([--enable-xts],[Enable XTS (default: disabled)])],
-    [ ENABLED_XTS=$enableval ],
-    [ ENABLED_XTS=no ]
+AC_ARG_ENABLE([aesxts],
+    [AS_HELP_STRING([--enable-aesxts],[Enable AES XTS (default: disabled)])],
+    [ ENABLED_AESXTS=$enableval ],
+    [ ENABLED_AESXTS=no ]
     )
 
-AS_IF([test "x$ENABLED_XTS" = "xyes"],
-      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
-AS_IF([test "x$ENABLED_XTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
-      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
-AS_IF([test "x$ENABLED_XTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
-      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+# legacy old option name, for compatibility:
+AC_ARG_ENABLE([xts],
+    [AS_HELP_STRING([--enable-xts],[Please use --enable-aesxts])],
+    [ ENABLED_AESXTS=$enableval ]
+    )
 
 # Web Server Build
 AC_ARG_ENABLE([webserver],
@@ -4943,6 +4988,9 @@ AS_CASE([$FIPS_VERSION],
         AS_IF([test "$ENABLED_AESCCM" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")],
             [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
 
+        AS_IF([test "$ENABLED_AESXTS" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts" != "yes")],
+            [ENABLED_AESXTS="no"])
+
         AS_IF([test "$ENABLED_RSAPSS" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")],
             [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
 
@@ -4984,7 +5032,8 @@ AS_CASE([$FIPS_VERSION],
         AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
                (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
                (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
-               (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")],
+               (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes") ||
+               (test "$ENABLED_AESXTS" = "yes" && test "$HAVE_AESXTS_PORT" != "yes")],
             [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
     ],
 
@@ -5090,6 +5139,14 @@ AS_CASE([$SELFTEST_VERSION],
     ])
 
 
+AS_IF([test "x$ENABLED_AESXTS" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
+AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
+      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
+      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+
+
 # Set SHA-3 flags
 if test "$ENABLED_SHA3" != "no" && test "$ENABLED_32BIT" = "no"
 then
@@ -5420,65 +5477,6 @@ then
     esac
 fi
 
-
-# USER CRYPTO
-ENABLED_USER_CRYPTO="no"
-ENABLED_USER_RSA="no"
-AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
-trycryptodir=""
-AC_ARG_WITH([user-crypto],
-    [AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
-    [
-        CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
-        LIBS="$LIBS -lusercrypto"
-
-        if test "x$withval" != "xno" ; then
-            trycryptodir=$withval
-        fi
-        if test "x$withval" = "xyes" ; then
-            trycryptodir="/usr/local"
-        fi
-
-        LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
-        CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
-
-        #Look for RSA Init function in usercrypto lib
-        AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
-
-       if test "x$user_rsa_linked" = "xyes" ; then
-            AC_MSG_NOTICE([User user_rsa.h being used])
-            AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
-            ENABLED_USER_RSA=yes
-            ENABLED_USER_CRYPTO=yes
-       fi
-
-
-        #Display check and find result of link attempts
-        AC_MSG_CHECKING([for USER_CRYPTO])
-        if test "x$ENABLED_USER_CRYPTO" = "xno" ; then
-            AC_MSG_RESULT([no])
-            AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
-                    Specify its path using --with-user-crypto=/dir/])
-        else
-            AC_MSG_RESULT([yes])
-            # Check if .la is available if not then rely on exported path
-            if test -e $trycryptodir/lib/libusercrypto.la
-            then
-                LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"
-            else
-                LIB_ADD="-lusercrypto $LIB_ADD"
-            fi
-            AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
-            AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
-        fi
-    ]
-)
-
-if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
-then
-    AC_MSG_ERROR([cannot enable user crypto and fips, user crypto possibility of using code in fips boundary.])
-fi
-
 # Whitewood netRandom client library
 ENABLED_WNR="no"
 trywnrdir=""
@@ -7795,171 +7793,6 @@ fi
 # End - Single Precision option handling                                       #
 ################################################################################
 
-# Fast RSA using Intel IPP
-ippdir="${srcdir}/IPP"
-ipplib="lib" # if autoconf guesses 32bit system changes lib directory
-fastRSA_found=no
-abs_path=`pwd`
-
-# set up variables used
-IPPLIBS=
-IPPHEADERS=
-IPPLINK=
-
-AC_ARG_ENABLE([fast-rsa],
-    [AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
-    [ ENABLED_FAST_RSA=$enableval ],
-    [ ENABLED_FAST_RSA=no ],
-    )
-
-# Fast RSA does not support RSA-PSS
-if test "$ENABLED_RSAPSS" = "yes"; then
-    ENABLED_FAST_RSA=no
-fi
-
-if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
-
-    if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
-        ipplib="lib_32" # 32 bit OS detected
-    fi
-
-#   Use static IPP Libraries
-if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
-    case $host_os in
-    *darwin*)
-        ipplib="$ipplib/mac_static"
-        AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
-                Dynamic IPP libraries supported on Mac])
-        break;;
-
-    *linux*)
-        ipplib="$ipplib/linux_static"
-        break;;
-    *)
-        ENABLED_FAST_RSA=no
-    esac
-
-    if test -e $srcdir/IPP/$ipplib/libippcore.a && test -e $srcdir/IPP/$ipplib/libippcp.a
-    then
-        :
-    else
-        ENABLED_FAST_RSA=no
-    fi
-    AC_CHECK_HEADERS([IPP/include/ipp.h IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
-    LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
-    if test "$ENABLED_FAST_RSA" = "no"; then
-        AC_MSG_ERROR([Could not find fast rsa libraries])
-    fi
-else
-
-#   Check for and use bundled IPP libraries
-if test "$ENABLED_FAST_RSA" = "yes"; then
-    AC_MSG_NOTICE([Using local IPP crypto library])
-
-    AC_CHECK_HEADER([$abs_path/IPP/include/ippcp.h],
-    [
-        # build and default locations on linux and mac
-        STORE_LDFLAGS=${LDFLAGS}
-        STORE_CPPFLAGS=${CPPFLAGS}
-
-        # using LDFLAGS instead of AM_ temporarily to test link to library
-        LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
-        CPPFLAGS="-I$ippdir/include"
-        AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
-        name="$ippdir/$ipplib/libippcp"
-        case $host_os in
-        *darwin*)
-            # check file existence and conditionally set variables
-            if test -e $abs_path/IPP/$ipplib/libippcp.dylib
-            then
-                IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
-                IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
-            else
-                fastRSA_found=no
-            fi
-            break;;
-
-        *linux*)
-            # check file existence and conditionally set variables
-            if test -e $abs_path/IPP/$ipplib/libippcp.so.9.0
-            then
-                if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
-                    IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
-                    IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
-                else
-                    IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
-                    IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
-                fi
-            else
-                fastRSA_found=no
-            fi
-            break;;
-        *)
-            fastRSA_found=no
-        esac
-
-        if test "$fastRSA_found" = "yes"; then
-            # was successful so add tested LDFLAGS to AM_ flags
-            AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
-            AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
-            IPPHEADERS="${srcdir}/IPP/include/*.h"
-        fi
-
-        # restore LDFLAGS to user set
-        LDFLAGS=${STORE_LDFLAGS}
-        CPPFLAGS=${STORE_CPPFLAGS}
-    ], [fastRSA_found=no])
-fi
-
-# Don't cache the result so it can be checked
-AS_UNSET([ac_cv_header_ippcp_h])
-AS_UNSET([ac_cv_header_ipp_h])
-AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
-
-#   Check link and see if user has pre-existing IPP Libraries if not using local
-if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
-    AC_MSG_NOTICE([Checking if IPP crypto library installed])
-    AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
-        [
-            fastRSA_found=yes
-            AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
-        ], [ fastRSA_found=no])
-    ], [fastRSA_found=no])
-
-    # Error out on not finding libraries
-    if test "$fastRSA_found" = "no"; then
-        AC_MSG_ERROR([Could not find fast rsa libraries])
-    fi
-fi
-fi # end of if for shared library
-else # if user rsa is set than do not use fast rsa option
-    if test "$ENABLED_FAST_RSA" = "yes"; then
-        AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
-    fi
-fi # end of if for user rsa crypto or fips
-
-#   End result of checking for IPP Libraries
-AC_MSG_CHECKING([for fast RSA])
-if test "$ENABLED_FAST_RSA" = "yes"; then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
-    # add in user crypto header that uses Intel IPP
-    AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
-    if test "$enable_shared" = "yes"; then
-        LIBS="$LIBS -lippcore -lippcp"
-        LIB_ADD="-lippcp -lippcore $LIB_ADD"
-    else
-        LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
-    fi
-    AC_MSG_RESULT([yes])
-else
-    AC_MSG_RESULT([no])
-fi
-
-AC_SUBST([IPPLIBS])
-AC_SUBST([IPPHEADERS])
-AC_SUBST([IPPLINK])
-
-
 # static memory use
 AC_ARG_ENABLE([staticmemory],
     [AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
@@ -8113,6 +7946,19 @@ else
 fi
 
 
+# Support for autosar shim
+AC_ARG_ENABLE([autosar],
+    [AS_HELP_STRING([--enable-autosar],[Enable AutoSAR support (default: disabled)])],
+    [ ENABLED_AUTOSAR=$enableval ],
+    [ ENABLED_AUTOSAR=no ]
+    )
+
+if test "$ENABLED_AUTOSAR" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AUTOSAR"
+fi
+
+
 # Session Export
 AC_ARG_ENABLE([sessionexport],
     [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
@@ -8248,6 +8094,42 @@ if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
    fi
 fi
 
+AC_ARG_ENABLE([linuxkm-lkcapi-register],
+    [AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.  Possible values are "none", "all", "cbc(aes)", "cfb(aes)", "gcm(aes)", and "xts(aes)", or a comma-separate combination. (default: none)])],
+    [ENABLED_LINUXKM_LKCAPI_REGISTER=$enableval],
+    [ENABLED_LINUXKM_LKCAPI_REGISTER=none]
+    )
+if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "none"
+then
+    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER"
+
+    if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_FIPS" = "no"; then
+        ENABLED_AESGCM_STREAM=yes
+    fi
+
+    if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" = "yes"
+    then
+        ENABLED_LINUXKM_LKCAPI_REGISTER=all
+    fi
+
+    for lkcapi_alg in $(echo "$ENABLED_LINUXKM_LKCAPI_REGISTER" | tr ',' ' ')
+    do
+        case "$lkcapi_alg" in
+        all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL"           ;;
+        'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;;
+        'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;;
+        'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
+                    test "$ENABLED_AESGCM_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesgcm-stream is required for LKCAPI.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;;
+        'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;;
+        *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".])      ;;
+        esac
+    done
+fi
+
 # Library Suffix
 LIBSUFFIX=""
 AC_ARG_WITH([libsuffix],
@@ -8321,6 +8203,14 @@ AC_ARG_ENABLE([sys-ca-certs],
     [ ENABLED_SYS_CA_CERTS=yes ]
     )
 
+AC_ARG_ENABLE([dual-alg-certs],
+    [AS_HELP_STRING([--enable-dual-alg-certs],[Enable support for dual key/signature certificates in TLS 1.3 as defined in X9.146 (requires --enable-experimental) (default: disabled)])],
+    [ ENABLED_DUAL_ALG_CERTS=$enableval ],
+    [ ENABLED_DUAL_ALG_CERTS=no ]
+    )
+
+AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ])
+
 # check if should run the trusted peer certs test
 # (for now checking both C_FLAGS and C_EXTRA_FLAGS)
 AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
@@ -8686,6 +8576,9 @@ AS_IF([test "x$ENABLED_ASN" = "xno"],
 AS_IF([test "x$ENABLED_SYS_CA_CERTS" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SYS_CA_CERTS"])
 
+AS_IF([test "x$ENABLED_DUAL_ALG_CERTS" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DUAL_ALG_CERTS"])
+
 AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES"])
 
@@ -9123,9 +9016,6 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     if test "$ENABLED_FASTMATH" = "yes"; then
         AC_MSG_ERROR([--enable-fastmath is incompatible with --enable-linuxkm (exceeds stack limit).])
     fi
-    if test "$ENABLED_FAST_RSA" = "yes"; then
-        AC_MSG_ERROR([--enable-fastrsa is incompatible with --enable-linuxkm.])
-    fi
     if test "$ENABLED_LIBZ_RSA" = "yes"; then
         AC_MSG_ERROR([--with-libz is incompatible with --enable-linuxkm.])
     fi
@@ -9172,7 +9062,7 @@ AM_CONDITIONAL([BUILD_SNIFFER],  [ test "x$ENABLED_SNIFFER"   = "xyes" || test "
 AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes"])
 AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_XTS],[test "x$ENABLED_XTS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_AESXTS],[test "x$ENABLED_AESXTS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"])
@@ -9243,8 +9133,6 @@ AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST
 AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
-AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] )
-AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
@@ -9290,7 +9178,6 @@ AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" || test "x$ENAB
 AM_COND_IF([BUILD_SP], [INCLUDE_SP_INT="yes"])
 AM_COND_IF([BUILD_SP_INT], [INCLUDE_SP_INT="yes"])
 AC_SUBST([INCLUDE_SP_INT])
-AM_CONDITIONAL([BUILD_FAST_RSA],[test "x$ENABLED_FAST_RSA" = "xyes"])
 AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
 AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
 AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
@@ -9323,6 +9210,8 @@ AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_U
 AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
 AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
+AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
+AM_CONDITIONAL([BUILD_AUTOSAR],[test "x$ENABLED_AUTOSAR" = "xyes"])
 
 if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
    (test "$ax_enable_debug" = "yes" ||
@@ -9351,6 +9240,7 @@ AC_SUBST([AM_LDFLAGS])
 AC_SUBST([AM_CCASFLAGS])
 AC_SUBST([LIB_ADD])
 AC_SUBST([LIB_STATIC_ADD])
+AC_SUBST([LIBM])
 
 # FINAL
 AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
@@ -9559,7 +9449,6 @@ echo "   * FPU enable as flags:        $ASFLAGS_FPU_ENABLE_SIMD_DISABLE" && \
 echo "   * SIMD+FPU disable as flags:  $ASFLAGS_FPUSIMD_DISABLE" && \
 echo "   * SIMD+FPU enable as flags:   $ASFLAGS_FPUSIMD_ENABLE" && \
 echo "   * Linux kernel module PIE:    $ENABLED_LINUXKM_PIE"
-echo "   * Linux kernel module bench:  $ENABLED_LINUXKM_BENCHMARKS"
 
 echo "   * Debug enabled:              $ax_enable_debug"
 echo "   * Coverage enabled:           $ax_enable_coverage"
@@ -9568,6 +9457,12 @@ echo "   * make -j:                    $enable_jobserver"
 echo "   * VCS checkout:               $ac_cv_vcs_checkout"
 echo
 echo "   Features "
+if test "$ENABLED_EXPERIMENTAL" = "yes"
+then
+    echo "   * Experimental settings:      Allowed"
+else
+    echo "   * Experimental settings:      Forbidden"
+fi
 if test "$ENABLED_FIPS" = "yes"; then
 echo "   * FIPS:                       $FIPS_VERSION"
 else
@@ -9613,6 +9508,7 @@ echo "   * AES-CCM:                    $ENABLED_AESCCM"
 echo "   * AES-CTR:                    $ENABLED_AESCTR"
 echo "   * AES-CFB:                    $ENABLED_AESCFB"
 echo "   * AES-OFB:                    $ENABLED_AESOFB"
+echo "   * AES-XTS:                    $ENABLED_AESXTS"
 echo "   * AES-SIV:                    $ENABLED_AESSIV"
 echo "   * AES-EAX:                    $ENABLED_AESEAX"
 echo "   * AES Bitspliced:             $ENABLED_AESBS"
@@ -9774,14 +9670,17 @@ echo "   * wolfSCEP:                   $ENABLED_WOLFSCEP"
 echo "   * Secure Remote Password:     $ENABLED_SRP"
 echo "   * Small Stack:                $ENABLED_SMALL_STACK"
 echo "   * Linux Kernel Module:        $ENABLED_LINUXKM"
+
+test "$ENABLED_LINUXKM" = "yes" && \
+echo "   * Linux kernel module bench:  $ENABLED_LINUXKM_BENCHMARKS" && \
+echo "   * Linux kernel alg register:  $ENABLED_LINUXKM_LKCAPI_REGISTER"
+
 echo "   * valgrind unit tests:        $ENABLED_VALGRIND"
 echo "   * LIBZ:                       $ENABLED_LIBZ"
 echo "   * Examples:                   $ENABLED_EXAMPLES"
 echo "   * Crypt tests:                $ENABLED_CRYPT_TESTS"
 echo "   * Stack sizes in tests:       $ENABLED_STACKSIZE"
 echo "   * Heap stats in tests:        $ENABLED_TRACKMEMORY"
-echo "   * User Crypto:                $ENABLED_USER_CRYPTO"
-echo "   * Fast RSA:                   $ENABLED_FAST_RSA"
 echo "   * Asynchronous Crypto:        $ENABLED_ASYNCCRYPT"
 echo "   * Asynchronous Crypto (sim):  $ENABLED_ASYNCCRYPT_SW"
 echo "   * Cavium Nitrox:              $ENABLED_CAVIUM"
@@ -9810,12 +9709,16 @@ echo "   * NXP SE050:                  $ENABLED_SE050"
 echo "   * Maxim Integrated MAXQ10XX:  $ENABLED_MAXQ10XX"
 echo "   * PSA:                        $ENABLED_PSA"
 echo "   * System CA certs:            $ENABLED_SYS_CA_CERTS"
+echo "   * Dual alg cert support:      $ENABLED_DUAL_ALG_CERTS"
 echo "   * ERR Queues per Thread:      $ENABLED_ERRORQUEUEPERTHREAD"
 echo "   * rwlock:                     $ENABLED_RWLOCK"
 echo "   * keylog export:              $ENABLED_KEYLOG_EXPORT"
+echo "   * AutoSAR :                   $ENABLED_AUTOSAR"
 echo ""
 echo "---"
 
+echo "./configure flags: $(./config.status --config)"
+
 fi # $silent != yes
 
 ################################################################################
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h
index 95612f6c..6dc1dc9d 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h
@@ -23,6 +23,8 @@
      \sa wc_InitCmac_ex
      \sa wc_CmacUpdate
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_InitCmac(Cmac* cmac,
                  const byte* key、word32 keySz、
@@ -55,6 +57,8 @@ int wc_InitCmac(Cmac* cmac,
      \sa wc_InitCmac_ex
      \sa wc_CmacUpdate
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_InitCmac_ex(Cmac* cmac,
                  const byte* key, word32 keySz,
@@ -75,17 +79,40 @@ int wc_InitCmac_ex(Cmac* cmac,
 
      \sa wc_InitCmac
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_CmacUpdate(Cmac* cmac,
                    const byte* in, word32 inSz);
 
+/*!
+    \ingroup CMAC
+    \brief 暗号ベースのメッセージ認証コードの最終結果を生成します。ただし、使用したコンテキストのクリーンアップは行いません。
+    \return 成功したら0を返します
+    \param cmac Cmac構造体へのポインタ
+    \param out 結果を格納するバッファへのポインタ
+    \param outSz 結果出力先バッファのサイズ
+
+    _Example_
+    \code
+    ret = wc_CmacFinalNoFree(cmac, out, &outSz);
+    (void)wc_CmacFree(cmac);
+    \endcode
+
+    \sa wc_InitCmac
+    \sa wc_CmacFinal
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFree
+*/
+int wc_CmacFinalNoFree(Cmac* cmac,
+                 byte* out, word32* outSz);
 /*!
      \ingroup CMAC
-     \brief 暗号ベースのメッセージ認証コードを使用して最終結果を生成します
+     \brief 暗号ベースのメッセージ認証コードを使用して最終結果を生成します。加えて、内部でwc_CmacFreeを呼び出してコンテキスとをクリーンアップします。
      \return 成功したら0を返します
      \param cmac Cmac構造体へのポインタ
-     \param out 結果の出力先バッファへのポインタ
-     \param outSz 結果の出力先バッファサイズ (in/out)
+     \param out 結果を格納するバッファへのポインタ
+     \param outSz 結果出力先バッファのサイズ
 
      _例_
      \code
@@ -94,10 +121,31 @@ int wc_CmacUpdate(Cmac* cmac,
 
      \sa wc_InitCmac
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_CmacFinal(Cmac* cmac,
                   byte* out, word32* outSz);
 
+/*!
+    \ingroup CMAC
+    \brief CMAC処理中にCmac構造体内に確保されたオブジェクトを開放します。
+    \return 成功したら0を返します
+    \param cmac Cmac構造体へのポインタ
+
+    _Example_
+    \code
+    ret = wc_CmacFinalNoFree(cmac, out, &outSz);
+    (void)wc_CmacFree(cmac);
+    \endcode
+
+    \sa wc_InitCmac
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFinal
+    \sa wc_CmacFree
+*/
+int wc_CmacFree(Cmac* cmac);
+
 /*!
      \ingroup CMAC
      \brief CMACを生成するためのシングルショット関数
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h
index 0571feda..e3009c31 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h
@@ -6,6 +6,7 @@
     \defgroup Camellia Algorithms - Camellia
     \defgroup ChaCha Algorithms - ChaCha
     \defgroup ChaCha20Poly1305 Algorithms - ChaCha20_Poly1305
+  　\defgroup CMAC Algorithm - CMAC
     \defgroup Crypto Callbacks - CryptoCb
     \defgroup Curve25519 Algorithms - Curve25519
     \defgroup Curve448 Algorithms - Curve448
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h
index 39065f81..56b9025e 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h
@@ -34,6 +34,7 @@
         <li>\ref Camellia</li>
         <li>\ref ChaCha</li>
         <li>\ref ChaCha20Poly1305</li>
+        <li>\ref CMAC</li>
         <li>\ref Crypto Callbacks</li>
         <li>\ref Curve25519</li>
         <li>\ref Curve448</li>
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h
index 99d4e236..2ac0149b 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h
@@ -13,7 +13,6 @@
     	// error initializing RSA key
     }
     \endcode
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
@@ -47,7 +46,6 @@ int  wc_InitRsaKey(RsaKey* key, void* heap);
     }
     \endcode
     \sa wc_InitRsaKey
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h
index 997bc58c..764c4d5f 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h
@@ -668,13 +668,13 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
 
     \param aes   AES keys for encrypt/decrypt process
     \param heap  heap hint to use for memory. Can be NULL
-    \param devId id to use with async crypto. Can be 0
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
     XtsAes aes;
 
-    if(wc_AesXtsInit(&aes, NULL, 0) != 0)
+    if(wc_AesXtsInit(&aes, NULL, INVALID_DEVID) != 0)
     {
         // Handle error
     }
@@ -749,13 +749,13 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key,
                  i.e. 32 for a 16 byte key.
     \param dir   direction, either AES_ENCRYPTION or AES_DECRYPTION
     \param heap  heap hint to use for memory. Can be NULL
-    \param devId id to use with async crypto. Can be 0
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
     XtsAes aes;
 
-    if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0)
+    if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, INVALID_DEVID) != 0)
     {
         // Handle error
     }
@@ -974,7 +974,7 @@ int wc_AesXtsFree(XtsAes* aes);
 
     \param aes aes structure in to initialize
     \param heap heap hint to use for malloc / free if needed
-    \param devId ID to use with async hardware
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
@@ -1455,7 +1455,7 @@ WOLFSSL_API int  wc_AesEaxEncryptUpdate(AesEax* eax, byte* out,
     This argument should be NULL if not used
     \param authInSz size in bytes of the input authentication data
 
-    
+
     _Example_
     \code
     AesEax eax;
@@ -1571,8 +1571,8 @@ WOLFSSL_API int  wc_AesEaxAuthDataUpdate(AesEax* eax,
 
 /*!
     \ingroup AES
-    \brief This function finalizes the encrypt AEAD operation, producing an auth 
-    tag over the current authentication stream. \c eax must have been previously 
+    \brief This function finalizes the encrypt AEAD operation, producing an auth
+    tag over the current authentication stream. \c eax must have been previously
     initialized with a call to \ref wc_AesEaxInit. When done using the \c AesEax
     context structure, make sure to free it using \ref wc_AesEaxFree.
 
@@ -1632,10 +1632,10 @@ WOLFSSL_API int wc_AesEaxEncryptFinal(AesEax* eax,
 
 /*!
     \ingroup AES
-    \brief This function finalizes the decrypt AEAD operation, finalizing the 
+    \brief This function finalizes the decrypt AEAD operation, finalizing the
     auth tag computation and checking it for validity against the user supplied
-    tag. \c eax must have been previously initialized with a call to 
-    \ref wc_AesEaxInit. When done using the \c AesEax context structure, make 
+    tag. \c eax must have been previously initialized with a call to
+    \ref wc_AesEaxInit. When done using the \c AesEax context structure, make
     sure to free it using \ref wc_AesEaxFree.
 
     \return 0 if data is authenticated successfully
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h
index 96d5bc8c..7f3ebffd 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h
@@ -40,7 +40,7 @@ int wc_InitCmac(Cmac* cmac,
     \param type Always WC_CMAC_AES = 1
     \param unused not used, exists for potential future use around compatibility
     \param heap pointer to the heap hint used for dynamic allocation. Typically used with our static memory option. Can be NULL.
-    \param devId ID to use with async hardware. Set to INVALID_DEVID if not using async hardware.
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
@@ -126,7 +126,8 @@ int wc_CmacFinalNoFree(Cmac* cmac,
     \sa wc_CmacFinalNoFree
     \sa wc_CmacFree
 */
-int wc_CmacFinalNoFree(Cmac* cmac);
+int wc_CmacFinal(Cmac* cmac,
+                 byte* out, word32* outSz);
 
 /*!
     \ingroup CMAC
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h
index 24e888ef..49de5aa0 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h
@@ -572,8 +572,8 @@ int wc_ecc_init(ecc_key* key);
     \return MEMORY_E Returned if there is an error allocating memory
 
     \param key pointer to the ecc_key object to initialize
-    \param devId ID to use with async hardware
     \param heap pointer to a heap identifier
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
@@ -1968,7 +1968,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 /*!
     \ingroup ECC
 
-    \brief Enable ECC support for non-blocking operations. Supported for 
+    \brief Enable ECC support for non-blocking operations. Supported for
         Single Precision (SP) math with the following build options:
             WOLFSSL_SP_NONBLOCK
             WOLFSSL_SP_SMALL
@@ -1978,7 +1978,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
     \return 0 Returned upon successfully setting the callback context the input message
 
     \param key pointer to the ecc_key object
-    \param ctx pointer to ecc_nb_ctx_t structure with stack data cache for SP 
+    \param ctx pointer to ecc_nb_ctx_t structure with stack data cache for SP
 
     _Example_
     \code
@@ -1998,7 +1998,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                     &key
                 );
 
-                // TODO: Real-time work can be called here 
+                // TODO: Real-time work can be called here
             } while (ret == FP_WOULDBLOCK);
         }
         wc_ecc_free(&key);
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hmac.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hmac.h
index ca6dcd32..a7c41682 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hmac.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hmac.h
@@ -129,6 +129,9 @@ int wolfSSL_GetHmacMaxSize(void);
     optional info into a derived key, which it stores in out. The hash type
     defaults to MD5 if 0 or NULL is given.
 
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
     \return 0 Returned upon successfully generating a key with the given inputs
     \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
     \return MEMORY_E Returned if there is an error allocating memory
@@ -170,3 +173,439 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
                     const byte* salt, word32 saltSz,
                     const byte* info, word32 infoSz,
                     byte* out, word32 outSz);
+
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with an optional salt
+    into a derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param salt pointer to a buffer containing an optional salt. Use NULL
+    instead if not using a salt
+    \param saltSz length of the salt. Use 0 if not using a salt
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param out pointer to the buffer in which to store the derived key
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Extract(WC_SHA512, salt, sizeof(salt), key, sizeof(key),
+        derivedKey);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_HKDF_Expand_ex
+*/
+int wc_HKDF_Extract(
+    int type,
+    const byte* salt, word32 saltSz,
+    const byte* inKey, word32 inKeySz,
+    byte* out);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with an optional salt
+    into a derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given. This is the _ex version adding
+    heap hint and device identifier.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param salt pointer to a buffer containing an optional salt. Use NULL
+    instead if not using a salt
+    \param saltSz length of the salt. Use 0 if not using a salt
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param out pointer to the buffer in which to store the derived key
+    \param heap  heap hint to use for memory. Can be NULL
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Extract_ex(WC_SHA512, salt, sizeof(salt), key, sizeof(key),
+        derivedKey, NULL, INVALID_DEVID);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Expand
+    \sa wc_HKDF_Expand_ex
+*/
+int wc_HKDF_Extract_ex(
+    int type,
+    const byte* salt, word32 saltSz,
+    const byte* inKey, word32 inKeySz,
+    byte* out,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with optional info into a
+    derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param info pointer to a buffer containing optional additional info.
+    Use NULL if not appending extra info
+    \param infoSz length of additional info. Use 0 if not using additional info
+    \param out pointer to the buffer in which to store the derived key
+    \param outSz space available in the output buffer to store the
+    generated key
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Expand(WC_SHA512, key, sizeof(key), NULL, 0,
+        derivedKey, sizeof(derivedKey));
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand_ex
+*/
+int wc_HKDF_Expand(
+    int type,
+    const byte* inKey, word32 inKeySz,
+    const byte* info, word32 infoSz,
+    byte* out, word32 outSz);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to a HMAC Key Derivation Function
+    (HKDF). It utilizes HMAC to convert inKey, with optional info into a
+    derived key, which it stores in out. The hash type
+    defaults to MD5 if 0 or NULL is given. This is the _ex version adding
+    heap hint and device identifier.
+
+    The HMAC configure option is --enable-hmac (on by default) or if building
+    sources directly HAVE_HKDF
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
+    WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
+    WC_SHA3_512
+    \param inKey pointer to the buffer containing the key to use for KDF
+    \param inKeySz length of the input key
+    \param info pointer to a buffer containing optional additional info.
+    Use NULL if not appending extra info
+    \param infoSz length of additional info. Use 0 if not using additional info
+    \param out pointer to the buffer in which to store the derived key
+    \param outSz space available in the output buffer to store the
+    generated key
+    \param heap  heap hint to use for memory. Can be NULL
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    _Example_
+    \code
+    byte key[] = { // initialize with key };
+    byte salt[] = { // initialize with salt };
+    byte derivedKey[MAX_DIGEST_SIZE];
+
+    int ret = wc_HKDF_Expand_ex(WC_SHA512, key, sizeof(key), NULL, 0,
+        derivedKey, sizeof(derivedKey), NULL, INVALID_DEVID);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+*/
+int wc_HKDF_Expand_ex(
+    int type,
+    const byte* inKey, word32 inKeySz,
+    const byte* info, word32 infoSz,
+    byte* out, word32 outSz,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to RFC 5869
+    HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for TLS v1.3
+    key derivation
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param prk     Generated pseudorandom key
+    \param salt    salt.
+    \param saltLen length of the salt
+    \param ikm     pointer to putput for keying material
+    \param ikmLen  length of the input keying material buffer
+    \param digest  hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+
+    _Example_
+    \code
+    byte secret[] = { // initialize with random key };
+    byte salt[] = { // initialize with optional salt };
+    byte masterSecret[MAX_DIGEST_SIZE];
+
+    int ret = wc_Tls13_HKDF_Extract(secret, salt, sizeof(salt), 0,
+        masterSecret, sizeof(masterSecret), WC_SHA512);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Extract_ex
+*/
+int wc_Tls13_HKDF_Extract(
+    byte* prk,
+    const byte* salt, word32 saltLen,
+    byte* ikm, word32 ikmLen, int digest);
+
+/*!
+    \ingroup HMAC
+
+    \brief This function provides access to RFC 5869
+    HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for TLS v1.3
+    key derivation. This is the _ex version adding heap hint and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param prk     Generated pseudorandom key
+    \param salt    Salt.
+    \param saltLen Length of the salt
+    \param ikm     Pointer to output for keying material
+    \param ikmLen  Length of the input keying material buffer
+    \param digest  Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+    \param heap    Heap hint to use for memory. Can be NULL
+    \param devId   ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    _Example_
+    \code
+    byte secret[] = { // initialize with random key };
+    byte salt[] = { // initialize with optional salt };
+    byte masterSecret[MAX_DIGEST_SIZE];
+
+    int ret = wc_Tls13_HKDF_Extract_ex(secret, salt, sizeof(salt), 0,
+        masterSecret, sizeof(masterSecret), WC_SHA512, NULL, INVALID_DEVID);
+    if ( ret != 0 ) {
+	    // error generating derived key
+    }
+    \endcode
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Extract
+*/
+int wc_Tls13_HKDF_Extract_ex(
+    byte* prk,
+    const byte* salt, word32 saltLen,
+    byte* ikm, word32 ikmLen, int digest,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief Expand data using HMAC, salt and label and info. TLS v1.3 defines
+    this function for key derivation. This is the _ex version adding heap hint
+    and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param okm         Generated pseudorandom key - output key material.
+    \param okmLen      Length of generated pseudorandom key - output key material.
+    \param prk         Salt - pseudo-random key.
+    \param prkLen      Length of the salt - pseudo-random key.
+    \param protocol    TLS protocol label.
+    \param protocolLen Length of the TLS protocol label.
+    \param info        Information to expand.
+    \param infoLen     Length of the information.
+    \param digest      Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+    \param heap        Heap hint to use for memory. Can be NULL
+    \param devId       ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Expand_Label
+    \sa wc_Tls13_HKDF_Expand_Label_Alloc
+*/
+int wc_Tls13_HKDF_Expand_Label_ex(
+    byte* okm, word32 okmLen,
+    const byte* prk, word32 prkLen,
+    const byte* protocol, word32 protocolLen,
+    const byte* label, word32 labelLen,
+    const byte* info, word32 infoLen,
+    int digest,
+    void* heap, int devId);
+
+/*!
+    \ingroup HMAC
+
+    \brief Expand data using HMAC, salt and label and info. TLS v1.3 defines
+    this function for key derivation. This is the _ex version adding heap hint
+    and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param okm         Generated pseudorandom key - output key material.
+    \param okmLen      Length of generated pseudorandom key - output key material.
+    \param prk         Salt - pseudo-random key.
+    \param prkLen      Length of the salt - pseudo-random key.
+    \param protocol    TLS protocol label.
+    \param protocolLen Length of the TLS protocol label.
+    \param info        Information to expand.
+    \param infoLen     Length of the information.
+    \param digest      Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Expand_Label_ex
+    \sa wc_Tls13_HKDF_Expand_Label_Alloc
+*/
+int wc_Tls13_HKDF_Expand_Label(
+    byte* okm, word32 okmLen,
+    const byte* prk, word32 prkLen,
+    const byte* protocol, word32 protocolLen,
+    const byte* label, word32 labelLen,
+    const byte* info, word32 infoLen,
+    int digest);
+
+/*!
+    \ingroup HMAC
+
+    \brief This functions is very similar to wc_Tls13_HKDF_Expand_Label(), but it
+    allocates memory if the stack space usually used isn't enough. Expand data
+    using HMAC, salt and label and info. TLS v1.3 defines this function for
+    key derivation. This is the _ex version adding heap hint and device identifier.
+
+    \return 0 Returned upon successfully generating a key with the given inputs
+    \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
+    \return MEMORY_E Returned if there is an error allocating memory
+    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    and the key length specified is shorter than the minimum acceptable FIPS
+    standard
+
+    \param okm         Generated pseudorandom key - output key material.
+    \param okmLen      Length of generated pseudorandom key - output key material.
+    \param prk         Salt - pseudo-random key.
+    \param prkLen      Length of the salt - pseudo-random key.
+    \param protocol    TLS protocol label.
+    \param protocolLen Length of the TLS protocol label.
+    \param info        Information to expand.
+    \param infoLen     Length of the information.
+    \param digest      Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
+    \param heap        Heap hint to use for memory. Can be NULL
+
+    \sa wc_HKDF
+    \sa wc_HKDF_Extract
+    \sa wc_HKDF_Extract_ex
+    \sa wc_HKDF_Expand
+    \sa wc_Tls13_HKDF_Expand_Label
+    \sa wc_Tls13_HKDF_Expand_Label_ex
+*/
+int wc_Tls13_HKDF_Expand_Label_Alloc(
+    byte* okm, word32 okmLen,
+    const byte* prk, word32 prkLen,
+    const byte* protocol, word32 protocolLen,
+    const byte* label, word32 labelLen,
+    const byte* info, word32 infoLen,
+    int digest, void* heap);
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h
index d04d8f31..46bd2e5d 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h
@@ -346,7 +346,7 @@ int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size)
 
 /*!
     \ingroup IoTSafe
-    \brief Sign a pre-computed 256-bit HASH, using a private key previously stored, or pre-provisioned,
+    \brief Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned,
     in the IoT-Safe applet.
 
     \param in pointer to the buffer containing the message hash to sign
@@ -367,7 +367,7 @@ int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen,
 
 /*!
     \ingroup IoTSafe
-    \brief Sign a pre-computed 256-bit HASH, using a private key previously stored, or pre-provisioned,
+    \brief Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned,
            in the IoT-Safe applet. Equivalent to \ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash",
            except that it can be invoked with a key ID of two or more bytes.
 
@@ -390,7 +390,7 @@ int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outle
 
 /*!
     \ingroup IoTSafe
-    \brief Verify an ECC signature against a pre-computed 256-bit HASH, using a public key previously stored, or pre-provisioned,
+    \brief Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned,
     in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid.
     Note: Do not use the return value to test for valid. Only use res.
 
@@ -412,7 +412,7 @@ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hash
 
 /*!
     \ingroup IoTSafe
-    \brief Verify an ECC signature against a pre-computed 256-bit HASH, using a public key previously stored, or pre-provisioned,
+    \brief Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned,
     in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid.
     Note: Do not use the return value to test for valid. Only use res.
     Equivalent to \ref wc_iotsafe_ecc_verify_hash "wc_iotsafe_ecc_verify_hash",
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h
index 6e8c7526..9f099c1e 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h
@@ -27,7 +27,6 @@
     }
     \endcode
 
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
@@ -56,7 +55,7 @@ int  wc_InitRsaKey(RsaKey* key, void* heap);
     \param heap pointer to a heap identifier, for use with memory overrides,
     allowing custom handling of memory allocation. This heap will be the
     default used when allocating memory for use with this RSA object
-    \param devId ID to use with hardware device
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
@@ -77,7 +76,6 @@ int  wc_InitRsaKey(RsaKey* key, void* heap);
     \endcode
 
     \sa wc_InitRsaKey
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
@@ -133,6 +131,51 @@ int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
 */
 int  wc_FreeRsaKey(RsaKey* key);
 
+/*!
+    \ingroup RSA
+
+    \brief Function that does the RSA operation directly with no padding. The input
+        size must match key size. Typically this is
+        used when padding is already done on the RSA input.
+
+    \return size On successfully encryption the size of the encrypted buffer
+    is returned
+    \return RSA_BUFFER_E RSA buffer error, output too small or input too large
+
+    \param in buffer to do operation on
+    \param inLen length of input buffer
+    \param out buffer to hold results
+    \param outSz gets set to size of result buffer. Should be passed in as length
+        of out buffer. If the pointer "out" is null then outSz gets set to the
+        expected buffer size needed and LENGTH_ONLY_E gets returned.
+    \param key initialized RSA key to use for encrypt/decrypt
+    \param type if using private or public key (RSA_PUBLIC_ENCRYPT,
+        RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT)
+    \param rng initialized WC_RNG struct
+
+    _Example_
+    \code
+    int ret;
+    WC_RNG rng;
+    RsaKey key;
+    byte  in[256];
+    byte out[256];
+    word32 outSz = (word32)sizeof(out);
+    …
+
+    ret = wc_RsaDirect(in, (word32)sizeof(in), out, &outSz, &key,
+        RSA_PRIVATE_ENCRYPT, &rng);
+    if (ret < 0) {
+	    //handle error
+    }
+    \endcode
+
+    \sa wc_RsaPublicEncrypt
+    \sa wc_RsaPrivateDecrypt
+*/
+int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
+        RsaKey* key, int type, WC_RNG* rng);
+
 /*!
     \ingroup RSA
 
@@ -1377,7 +1420,7 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
     \ingroup RSA
 
     \brief Convert RSA Public key to DER format. Writes to output, and
-    returns count of bytes written. If with_header is 0 then only the 
+    returns count of bytes written. If with_header is 0 then only the
     ( seq + n + e) is returned in ASN.1 DER format and will exclude the header.
 
     \return >0 Success, number of bytes written.
diff --git a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h
index 5965f11d..7569daf4 100644
--- a/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h
+++ b/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h
@@ -1063,12 +1063,12 @@ int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
     argument specifies the format type of the file - SSL_FILETYPE_ASN1or
     SSL_FILETYPE_PEM.  Please see the examples for proper usage.
 
-    If using an external key store and do not have the private key you can 
-    instead provide the public key and register the crypro callback to handle 
-    the signing. For this you can build with either build with crypto callbacks 
+    If using an external key store and do not have the private key you can
+    instead provide the public key and register the crypro callback to handle
+    the signing. For this you can build with either build with crypto callbacks
     or PK callbacks. To enable crypto callbacks use --enable-cryptocb
-    or WOLF_CRYPTO_CB and register a crypto callback using 
-    wc_CryptoCb_RegisterDevice and set the associated devId using 
+    or WOLF_CRYPTO_CB and register a crypto callback using
+    wc_CryptoCb_RegisterDevice and set the associated devId using
     wolfSSL_CTX_SetDevId.
 
     \return SSL_SUCCESS upon success.
@@ -1554,12 +1554,12 @@ int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format);
     The format argument specifies the format type of the file -
     SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
 
-    If using an external key store and do not have the private key you can 
-    instead provide the public key and register the crypro callback to handle 
-    the signing. For this you can build with either build with crypto callbacks 
+    If using an external key store and do not have the private key you can
+    instead provide the public key and register the crypro callback to handle
+    the signing. For this you can build with either build with crypto callbacks
     or PK callbacks. To enable crypto callbacks use --enable-cryptocb or
-    WOLF_CRYPTO_CB and register a crypto callback using 
-    wc_CryptoCb_RegisterDevice and set the associated devId using 
+    WOLF_CRYPTO_CB and register a crypto callback using
+    wc_CryptoCb_RegisterDevice and set the associated devId using
     wolfSSL_SetDevId.
 
     \return SSL_SUCCESS upon success.
@@ -2086,15 +2086,18 @@ int  wolfSSL_get_using_nonblock(WOLFSSL*);
     \brief This function writes sz bytes from the buffer, data, to the SSL
     connection, ssl. If necessary, wolfSSL_write() will negotiate an SSL/TLS
     session if the handshake has not already been performed yet by
-    wolfSSL_connect() or wolfSSL_accept(). wolfSSL_write() works with both
-    blocking and non-blocking I/O.  When the underlying I/O is non-blocking,
-    wolfSSL_write() will return when the underlying I/O could not satisfy the
-    needs of wolfSSL_write() to continue.  In this case, a call to
-    wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or
-    SSL_ERROR_WANT_WRITE.  The calling process must then repeat the call to
-    wolfSSL_write() when the underlying I/O is ready. If the underlying I/O
-    is blocking, wolfSSL_write() will only return once the buffer data of
-    size sz has been completely written or an error occurred.
+    wolfSSL_connect() or wolfSSL_accept(). When using (D)TLSv1.3 and early data
+    feature is compiled in, this function progresses the handshake only up to
+    the point when it is possible to send data. Next invokations of
+    wolfSSL_Connect()/wolfSSL_Accept()/wolfSSL_read() will complete the
+    handshake. wolfSSL_write() works with both blocking and non-blocking I/O.
+    When the underlying I/O is non-blocking, wolfSSL_write() will return when
+    the underlying I/O could not satisfy the needs of wolfSSL_write() to
+    continue.  In this case, a call to wolfSSL_get_error() will yield either
+    SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.  The calling process must then
+    repeat the call to wolfSSL_write() when the underlying I/O is ready. If the
+    underlying I/O is blocking, wolfSSL_write() will only return once the buffer
+    data of size sz has been completely written or an error occurred.
 
     \return >0 the number of bytes written upon success.
     \return 0 will be returned upon failure.  Call wolfSSL_get_error() for
@@ -3041,7 +3044,7 @@ int  wolfSSL_library_init(void);
     \return BAD_FUNC_ARG if ssl is NULL.
 
     \param ssl pointer to a SSL object, created with wolfSSL_new().
-    \param devId ID to use with async hardware
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
@@ -3064,7 +3067,7 @@ int wolfSSL_SetDevId(WOLFSSL* ssl, int devId);
     \return BAD_FUNC_ARG if ssl is NULL.
 
     \param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
-    \param devId ID to use with async hardware
+    \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
 
     _Example_
     \code
@@ -6246,7 +6249,7 @@ int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to);
     \brief This function sets the timeout value for SSL sessions, in seconds,
     for the specified SSL context.
 
-    \return the previous timeout value, if WOLFSSL_ERROR_CODE_OPENSSL is 
+    \return the previous timeout value, if WOLFSSL_ERROR_CODE_OPENSSL is
     \return defined on success. If not defined, SSL_SUCCESS will be returned.
     \return BAD_FUNC_ARG will be returned when the input context (ctx) is null.
 
@@ -7596,18 +7599,49 @@ int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
     WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
     WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
     …
-    if(!wolfSSL_CTX_UnloadCAs(ctx)){
+    if(wolfSSL_CTX_UnloadCAs(ctx) != SSL_SUCCESS){
     	// The function did not unload CAs
     }
     \endcode
 
     \sa wolfSSL_CertManagerUnloadCAs
     \sa LockMutex
-    \sa FreeSignerTable
     \sa UnlockMutex
 */
 int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
 
+
+/*!
+    \ingroup Setup
+
+    \brief This function unloads intermediate certificates added to the CA
+    signer list and frees them.
+
+    \return SSL_SUCCESS returned on successful execution of the function.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
+    are otherwise unpermitted argument values passed in a subroutine.
+    \return BAD_STATE_E returned if the WOLFSSL_CTX has a reference count > 1.
+    \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
+    did not return 0.
+
+    \param ctx a pointer to a WOLFSSL_CTX structure, created using
+    wolfSSL_CTX_new().
+
+    _Example_
+    \code
+    WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
+    WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
+    …
+    if(wolfSSL_CTX_UnloadIntermediateCerts(ctx) != NULL){
+        // The function did not unload CAs
+    }
+    \endcode
+
+    \sa wolfSSL_CTX_UnloadCAs
+    \sa wolfSSL_CertManagerUnloadIntermediateCerts
+*/
+int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx);
+
 /*!
     \ingroup Setup
 
@@ -7755,7 +7789,7 @@ int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
     The buffer is provided by the in argument of size sz. format specifies
     the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
     More than one CA certificate may be loaded per buffer as long as the
-    format is in PEM.  The _ex version was added in PR 2413 and supports 
+    format is in PEM.  The _ex version was added in PR 2413 and supports
     additional arguments for userChain and flags.
 
     \return SSL_SUCCESS upon success
@@ -9548,18 +9582,45 @@ int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
     #include <wolfssl/ssl.h>
 
     WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
-    WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
+    WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
     ...
-    if(wolfSSL_CertManagerUnloadCAs(ctx->cm) != SSL_SUCCESS){
-    	Failure case.
+    if(wolfSSL_CertManagerUnloadCAs(cm) != SSL_SUCCESS){
+        Failure case.
     }
     \endcode
 
-    \sa FreeSignerTable
     \sa UnlockMutex
 */
 int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
 
+/*!
+    \ingroup CertManager
+    \brief This function unloads intermediate certificates add to the CA
+    signer list.
+
+    \return SSL_SUCCESS returned on successful execution of the function.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
+    \return BAD_MUTEX_E returned if there was a mutex error.
+
+    \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
+    created using wolfSSL_CertManagerNew().
+
+    _Example_
+    \code
+    #include <wolfssl/ssl.h>
+
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
+    WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
+    ...
+    if(wolfSSL_CertManagerUnloadIntermediateCerts(cm) != SSL_SUCCESS){
+    	Failure case.
+    }
+    \endcode
+
+    \sa UnlockMutex
+*/
+int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm);
+
 /*!
     \ingroup CertManager
     \brief The function will free the Trusted Peer linked list and unlocks
@@ -13938,9 +13999,11 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
 
     \brief This function reads any early data from a client on resumption.
     Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13()
-    to accept a client and read any early data in the handshake.
-    If there is no early data than the handshake will be processed as normal.
-    This function is only used with servers.
+    to accept a client and read any early data in the handshake. The function
+    should be invoked until wolfSSL_is_init_finished() returns true. Early data
+    may be sent by the client in multiple messsages. If there is no early data
+    then the handshake will be processed as normal. This function is only used
+    with servers.
 
     \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
     \param [out] data a buffer to hold the early data read from client.
@@ -13951,7 +14014,7 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
     not using TLSv1.3.
     \return SIDE_ERROR if called with a client.
     \return WOLFSSL_FATAL_ERROR if accepting a connection fails.
-    \return WOLFSSL_SUCCESS if successful.
+    \return Number of early data bytes read (may be zero).
 
     _Example_
     \code
@@ -13963,19 +14026,16 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
     char buffer[80];
     ...
 
-    ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
-    if (ret != SSL_SUCCESS) {
-        err = wolfSSL_get_error(ssl, ret);
-        printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
-    }
-    if (outSz > 0) {
-        // early data available
-    }
-    ret = wolfSSL_accept_TLSv13(ssl);
-    if (ret != SSL_SUCCESS) {
-        err = wolfSSL_get_error(ssl, ret);
-        printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
-    }
+    do {
+        ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
+        if (ret < 0) {
+            err = wolfSSL_get_error(ssl, ret);
+            printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
+        }
+        if (outSz > 0) {
+            // early data available
+        }
+    } while (!wolfSSL_is_init_finished(ssl));
     \endcode
 
     \sa wolfSSL_write_early_data
@@ -14421,7 +14481,7 @@ int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsign
  \param keySz key size pointer
  \sa wolfSSL_CTX_set_ephemeral_key
  */
-int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, 
+int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
     const unsigned char** key, unsigned int* keySz);
 
 /*!
@@ -14434,7 +14494,7 @@ int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo,
  \param keySz key size pointer
  \sa wolfSSL_set_ephemeral_key
  */
-int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, 
+int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
     const unsigned char** key, unsigned int* keySz);
 
 /*!
@@ -14504,18 +14564,18 @@ unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s);
 int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*);
 
 /*!
- \ingroup Setup 
- \brief  In case this function is called in a client side, set certificate types 
+ \ingroup Setup
+ \brief  In case this function is called in a client side, set certificate types
  that can be sent to its peer. In case called in a server side,
  set certificate types that can be acceptable from its peer. Put cert types in the
  buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509. 
+ for the buffer or pass zero for len. By default, certificate type is only X509.
  In case both side intend to send or accept "Raw public key" cert,
  WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
 
  \return WOLFSSL_SUCCESS if cert types set successfully
  \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
-  cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or 
+  cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
   a duplicate value is found in buf.
 
  \param ctx  WOLFSSL_CTX object pointer
@@ -14540,18 +14600,18 @@ int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*);
 int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
- \brief  In case this function is called in a server side, set certificate types 
+ \ingroup Setup
+ \brief  In case this function is called in a server side, set certificate types
  that can be sent to its peer. In case called in a client side,
  set certificate types that can be acceptable from its peer. Put cert types in the
  buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509. 
+ for the buffer or pass zero for len. By default, certificate type is only X509.
  In case both side intend to send or accept "Raw public key" cert,
  WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
 
  \return WOLFSSL_SUCCESS if cert types set successfully
  \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
-  cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or 
+  cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
   a duplicate value is found in buf.
 
  \param ctx  WOLFSSL_CTX object pointer
@@ -14576,18 +14636,18 @@ int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
- \brief  In case this function is called in a client side, set certificate types 
+ \ingroup Setup
+ \brief  In case this function is called in a client side, set certificate types
  that can be sent to its peer. In case called in a server side,
  set certificate types that can be acceptable from its peer. Put cert types in the
  buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509. 
+ for the buffer or pass zero for len. By default, certificate type is only X509.
  In case both side intend to send or accept "Raw public key" cert,
  WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
 
  \return WOLFSSL_SUCCESS if cert types set successfully
  \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
-  cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or 
+  cert type, buf size exceed MAX_CLIENT_CERT_TYPE_CNT was specified or
   a duplicate value is found in buf.
 
  \param ssl  WOLFSSL object pointer
@@ -14612,18 +14672,18 @@ int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup Setup 
- \brief  In case this function is called in a server side, set certificate types 
+ \ingroup Setup
+ \brief  In case this function is called in a server side, set certificate types
  that can be sent to its peer. In case called in a client side,
  set certificate types that can be acceptable from its peer. Put cert types in the
  buffer with prioritised order. To reset the settings to default, pass NULL
- for the buffer or pass zero for len. By default, certificate type is only X509. 
+ for the buffer or pass zero for len. By default, certificate type is only X509.
  In case both side intend to send or accept "Raw public key" cert,
  WOLFSSL_CERT_TYPE_RPK should be included in the buffer to set.
 
  \return WOLFSSL_SUCCESS if cert types set successfully
  \return BAD_FUNC_ARG if NULL was passed for ctx, illegal value was specified as
-  cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or 
+  cert type, buf size exceed MAX_SERVER_CERT_TYPE_CNT was specified or
   a duplicate value is found in buf.
 
  \param ctx  WOLFSSL_CTX object pointer
@@ -14648,17 +14708,17 @@ int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup SSL 
- \brief  This function returns the result of the client certificate type 
+ \ingroup SSL
+ \brief  This function returns the result of the client certificate type
  negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
-  a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is 
+  a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
   returned as the certificate type.
 
  \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
  \return BAD_FUNC_ARG if NULL was passed for ctx or tp
  \param ssl  WOLFSSL object pointer
- \param tp  A buffer where a certificate type is to be returned. One of three 
- certificate types will be returned: WOLFSSL_CERT_TYPE_RPK, 
+ \param tp  A buffer where a certificate type is to be returned. One of three
+ certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
  WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
 
     _Example_
@@ -14679,17 +14739,17 @@ int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp);
 
 /*!
- \ingroup SSL 
- \brief  This function returns the result of the server certificate type 
+ \ingroup SSL
+ \brief  This function returns the result of the server certificate type
  negotiation done in ClientHello and ServerHello. WOLFSSL_SUCCESS is returned as
-  a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is 
+  a return value if no negotiation occurs and WOLFSSL_CERT_TYPE_UNKNOWN is
   returned as the certificate type.
 
  \return WOLFSSL_SUCCESS if a negotiated certificate type could be got
  \return BAD_FUNC_ARG if NULL was passed for ctx or tp
  \param ssl  WOLFSSL object pointer
- \param tp  A buffer where a certificate type is to be returned. One of three 
- certificate types will be returned: WOLFSSL_CERT_TYPE_RPK, 
+ \param tp  A buffer where a certificate type is to be returned. One of three
+ certificate types will be returned: WOLFSSL_CERT_TYPE_RPK,
  WOLFSSL_CERT_TYPE_X509 or WOLFSSL_CERT_TYPE_UNKNOWN.
     _Example_
  \code
diff --git a/extra/wolfssl/wolfssl/examples/asn1/asn1.c b/extra/wolfssl/wolfssl/examples/asn1/asn1.c
index 28e90957..57d38d11 100644
--- a/extra/wolfssl/wolfssl/examples/asn1/asn1.c
+++ b/extra/wolfssl/wolfssl/examples/asn1/asn1.c
@@ -180,8 +180,8 @@ static int FindPem(unsigned char* data, word32 offset, word32 len,
     word32* start, word32* end)
 {
     int ret = 0;
-    word32 i;
-    word32 j;
+    word32 i = 0;
+    word32 j = 0;
 
     /* Find header. */
     for (i = offset; i < len; i++) {
diff --git a/extra/wolfssl/wolfssl/examples/client/client.c b/extra/wolfssl/wolfssl/examples/client/client.c
index 0141be1f..020e0f55 100644
--- a/extra/wolfssl/wolfssl/examples/client/client.c
+++ b/extra/wolfssl/wolfssl/examples/client/client.c
@@ -3558,6 +3558,24 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         err_sys("unable to get SSL object");
     }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Set our preference for verfication to be for both the native and
+     * alternative chains. Ultimately, its the server's choice.
+     */
+    {
+        byte cks_order[3] = {
+            WOLFSSL_CKS_SIGSPEC_BOTH,
+            WOLFSSL_CKS_SIGSPEC_ALTERNATIVE,
+            WOLFSSL_CKS_SIGSPEC_NATIVE,
+        };
+
+        if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) {
+            wolfSSL_CTX_free(ctx); ctx = NULL;
+            err_sys("unable to set the CKS order.");
+        }
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 #ifndef NO_PSK
     if (usePsk) {
     #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(TEST_PSK_USE_SESSION)
diff --git a/extra/wolfssl/wolfssl/examples/configs/include.am b/extra/wolfssl/wolfssl/examples/configs/include.am
index 781fbcbc..61154167 100644
--- a/extra/wolfssl/wolfssl/examples/configs/include.am
+++ b/extra/wolfssl/wolfssl/examples/configs/include.am
@@ -3,11 +3,13 @@
 
 EXTRA_DIST += examples/configs/README.md
 EXTRA_DIST += examples/configs/user_settings_all.h
+EXTRA_DIST += examples/configs/user_settings_arduino.h
 EXTRA_DIST += examples/configs/user_settings_min_ecc.h
 EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h
 EXTRA_DIST += examples/configs/user_settings_template.h
 EXTRA_DIST += examples/configs/user_settings_fipsv2.h
 EXTRA_DIST += examples/configs/user_settings_fipsv5.h
 EXTRA_DIST += examples/configs/user_settings_stm32.h
+EXTRA_DIST += examples/configs/user_settings_tls12.h
 EXTRA_DIST += examples/configs/user_settings_wolftpm.h
 EXTRA_DIST += examples/configs/user_settings_EBSnet.h
diff --git a/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h b/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h
new file mode 100644
index 00000000..cf64c75d
--- /dev/null
+++ b/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h
@@ -0,0 +1,486 @@
+/* examples/configs/user_settings_arduino.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This is a sample Arduino user_settings.h for wolfSSL
+  >> Edit with caution. This is the file copied to wolfSSL Arduino library.
+  >> at publish time. (lines with ">>" are removed)
+*/
+
+/* Define a macro to display user settings version in example code: */
+#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.6.7"
+
+/* Due to limited build control, we'll ignore file warnings. */
+/* See https://github.com/arduino/arduino-cli/issues/631     */
+#undef  WOLFSSL_IGNORE_FILE_WARN
+#define WOLFSSL_IGNORE_FILE_WARN
+
+#define NO_FILESYSTEM
+#define USE_CERT_BUFFERS_2048
+
+/* Make sure this is not an ESP-IDF file */
+#undef  WOLFSSL_ESPIDF
+
+#define HAVE_ECC
+#define WOLFSSL_SMALL_STACK
+/* #define WOLFSSL_SMALL_STACK_EXTRA    */
+/* #define WOLFSSL_SMALL_STACK_CIPHERS  */
+/* #define NO_DH                        */
+#define MICRO_SESSION_CACHE
+
+/* RSA must be enabled for examples, but can be disabled like this: */
+/* #define NO_RSA */
+#define RSA_LOW_MEM
+
+#define NO_OLD_TLS
+/* TLS 1.3                                 */
+/* #define WOLFSSL_TLS13 */
+#if defined(WOLFSSL_TLS13)
+    #define HAVE_TLS_EXTENSIONS
+    #define WC_RSA_PSS
+    #define HAVE_HKDF
+    #define HAVE_AEAD
+#endif
+
+/*  #define HAVE_SUPPORTED_CURVES  */
+
+/* Cannot use WOLFSSL_NO_MALLOC with small stack */
+/* #define WOLFSSL_NO_MALLOC */
+
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+
+/* To further reduce size, client or server functionality can be disabled.
+ * Here, we check if the example code gave us a hint.
+ *
+ * The calling application can define either one of these macros before
+ * including the Arduino wolfssl.h library file:
+ *
+ *    WOLFSSL_CLIENT_EXAMPLE
+ *    WOLFSSL_SERVER_EXAMPLE
+ */
+#if defined(WOLFSSL_CLIENT_EXAMPLE)
+    #define NO_WOLFSSL_SERVER
+#elif defined(WOLFSSL_SERVER_EXAMPLE)
+    #define NO_WOLFSSL_CLIENT
+#else
+    /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE
+     * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */
+    #define NO_WOLFSSL_SERVER_CLIENT_MISSING
+    #warning "Define WOLFSSL_CLIENT_EXAMPLE or WOLFSSL_SERVER_EXAMPLE to" \
+             " optimize memory for small embedded devices."
+    /* Both can be disabled in wolfssl test & benchmark */
+#endif
+
+
+#define NO_DH
+#define NO_DSA
+#define USE_FAST_MATH
+#define WOLFSSL_SMALL_STACK
+#define SINGLE_THREADED
+#define WOLFSSL_LOW_MEMORY
+#define HAVE_AESGCM
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+
+/* Optional OPENSSL compatibility */
+/* #define OPENSSL_EXTRA */
+/* #define OPENSSL_ALL */
+
+/* when you want to use pkcs7 */
+/* #define HAVE_PKCS7 */
+
+/* when you want to use AES counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* RSA primitive specific definition */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Define USE_FAST_MATH and SMALL_STACK                        */
+    #define ESP32_USE_RSA_PRIMITIVE
+
+    #if defined(CONFIG_IDF_TARGET_ESP32)
+
+        /* NOTE HW unreliable for small values! */
+        /* threshold for performance adjustment for HW primitive use   */
+        /* X bits of G^X mod P greater than                            */
+        #undef  ESP_RSA_EXPT_XBITS
+        #define ESP_RSA_EXPT_XBITS 32
+
+        /* X and Y of X * Y mod P greater than                         */
+        #undef  ESP_RSA_MULM_BITS
+        #define ESP_RSA_MULM_BITS  16
+
+    #endif
+#endif
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
+#define ESP_RSA_TIMEOUT_CNT    0x249F00
+
+#define HASH_SIZE_LIMIT /* for test.c */
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef USE_FAST_MATH          */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+/* Default is HW enabled unless turned off.
+** Uncomment these lines to force SW instead of HW acceleration */
+
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    /*  TODO: Revisit ESP8266 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+#else
+    /* Anything else encountered, disable HW acceleration */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+#define DEBUG_WOLFSSL
+/* Debug options:
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+*/
+
+#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+#define WOLFSSL_HW_METRICS
+#define ALT_ECC_SIZE
+/* #define HASH_SIZE_LIMIT */ /* for test.c */
+
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+#define WOLFSSL_PUBLIC_MP /* used by benchmark */
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/* The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+/* Conditional macros used in wolfSSL TLS client and server examples */
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #if defined(USE_CERT_BUFFERS_2048)
+        #ifdef USE_CERT_BUFFERS_1024
+            #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
+        #endif
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #ifdef USE_CERT_BUFFERS_2048
+            #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
+        #endif
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif
diff --git a/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h b/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h
new file mode 100644
index 00000000..c8ec7fce
--- /dev/null
+++ b/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h
@@ -0,0 +1,158 @@
+/* user_settings_tls12.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example for TLS v1.2 client only, ECC only, AES GCM only, SHA2-256 only */
+/* Derived using:
+ * ./configure --disable-rsa --disable-dh --disable-tls13 --disable-chacha \
+ *     --disable-poly1305 --disable-sha224 --disable-sha --disable-md5
+ * From generated wolfssl/options.h
+ * Build and Test using:
+ * ./configure --enable-usersettings --disable-examples
+ * make
+ * ./wolfcrypt/test/testwolfcrypt
+ */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+/* Use the SetIO callbacks, not the internal wolfio.c socket code */
+#define WOLFSSL_USER_IO
+#define WOLFSSL_IGNORE_FILE_WARN /* ignore file includes not required */
+//#define WOLFSSL_SMALL_STACK /* option to reduce stack size, offload to heap */
+#define NO_FILESYSTEM
+#define NO_WRITEV
+#define NO_SIG_WRAPPER
+
+/* ------------------------------------------------------------------------- */
+/* Math */
+/* ------------------------------------------------------------------------- */
+/* Math Options */
+#if 1 /* Single-precision (SP) wolf math - ECC only */
+    #define WOLFSSL_HAVE_SP_ECC   /* use sp_c32.c for math */
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_SP_MATH       /* only SP math - eliminates fast math code */
+    /* optional Cortex-M3+ speedup with inline assembly */
+    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+#elif 1
+    /* Multi-precision wolf math */
+    #define WOLFSSL_SP_MATH_ALL   /* use sp_int.c generic math */
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+#else
+    /* Fast Math - tfm.c */
+    #define USE_FAST_MATH
+    #define TFM_TIMING_RESISTANT
+    #define WOLFSSL_NO_ASM
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* TLS */
+/* ------------------------------------------------------------------------- */
+/* Enable TLS v1.2 (on by default) */
+#undef  WOLFSSL_NO_TLS12
+/* Disable TLS server code */
+#define NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_CLIENT
+/* Disable TLS v1.3 code */
+#undef  WOLFSSL_TLS13
+/* Disable older TLS version prior to 1.2 */
+#define NO_OLD_TLS
+
+/* Enable default TLS extensions */
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_EXTENDED_MASTER
+#define HAVE_ENCRYPT_THEN_MAC
+#define HAVE_SERVER_RENEGOTIATION_INFO
+//#define HAVE_SNI /* optional Server Name Indicator (SNI) */
+
+/* ASN */
+#define WOLFSSL_ASN_TEMPLATE /* use newer ASN template asn.c code (default) */
+
+/* Disable Features */
+#define NO_SESSION_CACHE /* disable session resumption */
+#define NO_PSK /* pre-shared-key support */
+
+/* ------------------------------------------------------------------------- */
+/* Algorithms */
+/* ------------------------------------------------------------------------- */
+/* RNG */
+#define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */
+
+/* Enable ECC */
+#define HAVE_ECC
+#define ECC_USER_CURVES      /* Enable only ECC curves specific */
+#undef  NO_ECC256            /* Enable SECP256R1 only (on by default) */
+#define ECC_TIMING_RESISTANT /* Enable Timing Resistance */
+/* Optional ECC calculation speed improvement if not using SP implementation */
+//#define ECC_SHAMIR
+
+/* Enable SHA2-256 only (on by default) */
+#undef NO_SHA256
+//#define USE_SLOW_SHA256 /* Reduces code size by not partially unrolling */
+
+/* Enable AES GCM only */
+#define HAVE_AESGCM
+#define GCM_SMALL /* use small GHASH table */
+#define NO_AES_CBC /* Disable AES CBC */
+
+/* Optional Features */
+//#define WOLFSSL_BASE64_ENCODE /* Enable Base64 encoding */
+
+
+/* Disable Algorithms */
+#define NO_RSA
+#define NO_DH
+#define NO_SHA
+#define NO_DSA
+#define NO_RC4
+#define NO_MD4
+#define NO_MD5
+#define NO_DES3
+#define NO_PWDBASED
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 0
+    #define DEBUG_WOLFSSL
+#else
+    #if 1
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/extra/wolfssl/wolfssl/examples/pem/pem.c b/extra/wolfssl/wolfssl/examples/pem/pem.c
index 61d7e1ae..e69b1199 100644
--- a/extra/wolfssl/wolfssl/examples/pem/pem.c
+++ b/extra/wolfssl/wolfssl/examples/pem/pem.c
@@ -294,8 +294,8 @@ static int FindPem(char* data, word32 offset, word32 len, word32* start,
     word32* end, int* type)
 {
     int ret = 0;
-    word32 i;
-    word32 type_off;
+    word32 i = 0;
+    word32 type_off = 0;
     char str[PEM_TYPE_MAX_LEN];
 
     /* Find header. */
diff --git a/extra/wolfssl/wolfssl/examples/server/server.c b/extra/wolfssl/wolfssl/examples/server/server.c
index c88f3759..50b6d0a8 100644
--- a/extra/wolfssl/wolfssl/examples/server/server.c
+++ b/extra/wolfssl/wolfssl/examples/server/server.c
@@ -969,11 +969,15 @@ static const char* server_usage_msg[][65] = {
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
         "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 64 */
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        "--altPrivKey <file> Generate alternative signature with this key.\n",
+                                                                        /* 65 */
 #endif
         "\n"
            "For simpler wolfSSL TLS server examples, visit\n"
            "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
-                                                                        /* 65 */
+                                                                        /* 66 */
         NULL,
     },
 #ifndef NO_MULTIBYTE_PRINT
@@ -1159,11 +1163,16 @@ static const char* server_usage_msg[][65] = {
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
         "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 64 */
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        "--altPrivKey <file> Generate alternative signature with this key.\n",
+                                                                        /* 65 */
 #endif
         "\n"
         "より簡単なwolfSSL TSL クライアントの例については"
                                           "下記にアクセスしてください\n"
-        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 65 */
+        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
+                                                                        /* 66 */
         NULL,
     },
 #endif
@@ -1320,7 +1329,10 @@ static void Usage(void)
 #ifdef HAVE_SUPPORTED_CURVES
     printf("%s", msg[++msgId]);     /* --onlyPskDheKe */
 #endif
-    printf("%s", msg[++msgId]); /* Examples repo link */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    printf("%s", msg[++msgId]);     /* --altPrivKey */
+#endif
+    printf("%s", msg[++msgId]);     /* Examples repo link */
 }
 
 #ifdef WOLFSSL_SRTP
@@ -1436,6 +1448,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         {"crl-dir", 1, 265},
 #endif
         {"quieter", 0, 266},
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        { "altPrivKey", 1, 267},
+#endif
         { 0, 0, 0 }
     };
 #endif
@@ -1600,6 +1615,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     int useX448 = 0;
     int usePqc = 0;
     char* pqcAlg = NULL;
+    char* altPrivKey = NULL;
     int exitWithRet = 0;
     int loadCertKeyIntoSSLObj = 0;
 
@@ -1674,6 +1690,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     (void)nonBlocking;
     (void)pqcAlg;
     (void)usePqc;
+    (void)altPrivKey;
 
 #ifdef WOLFSSL_TIRTOS
     fdOpenSession(Task_self());
@@ -2320,6 +2337,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             quieter = 1;
             break;
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        case 267:
+            altPrivKey = myoptarg;
+            break;
+#endif
+
         case -1:
             default:
                 Usage();
@@ -2697,6 +2720,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                                          != WOLFSSL_SUCCESS)
             err_sys_ex(catastrophic, "can't load server private key file, "
                        "check file and run from wolfSSL home dir");
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+        if ((altPrivKey != NULL) &&
+            wolfSSL_CTX_use_AltPrivateKey_file(ctx, altPrivKey,
+                                               WOLFSSL_FILETYPE_PEM)
+                                               != WOLFSSL_SUCCESS)
+            err_sys_ex(catastrophic, "can't load alt private key file, "
+                       "check file and run from wolfSSL home dir");
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
     #else
         /* loads private key file using buffer API */
         load_buffer(ctx, ourKey, WOLFSSL_KEY);
diff --git a/extra/wolfssl/wolfssl/fips-check.sh b/extra/wolfssl/wolfssl/fips-check.sh
index b31b16dd..8d116c19 100755
--- a/extra/wolfssl/wolfssl/fips-check.sh
+++ b/extra/wolfssl/wolfssl/fips-check.sh
@@ -16,6 +16,7 @@ GIT="${GIT:-git -c advice.detachedHead=false}"
 TEST_DIR="${TEST_DIR:-XXX-fips-test}"
 FLAVOR="${FLAVOR:-linux}"
 KEEP="${KEEP:-no}"
+MAKECHECK=${MAKECHECK:-yes}
 FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
 
 Usage() {
@@ -39,7 +40,9 @@ usageText
 }
 
 while [ "$1" ]; do
-  if [ "$1" = 'keep' ]; then KEEP='yes'; else FLAVOR="$1"; fi
+  if [ "$1" = 'keep' ]; then KEEP='yes';
+  elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
+  else FLAVOR="$1"; fi
   shift
 done
 
@@ -140,7 +143,7 @@ marvell-linux-selftest)
 linuxv5)
   FIPS_OPTION='v5'
   FIPS_FILES=(
-    'wolfcrypt/src/fips.c:WCv5.0-RC12'
+    'wolfcrypt/src/fips.c:WCv5.2.0.1-RC01'
     'wolfcrypt/src/fips_test.c:WCv5.0-RC12'
     'wolfcrypt/src/wolfcrypt_first.c:WCv5.0-RC12'
     'wolfcrypt/src/wolfcrypt_last.c:WCv5.0-RC12'
@@ -262,8 +265,7 @@ esac
 function checkout_files() {
     local name
     local tag
-    for file_entry in "$@"
-    do
+    for file_entry in "$@"; do
         name=${file_entry%%:*}
         tag=${file_entry#*:}
         if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
@@ -283,14 +285,12 @@ function copy_fips_files() {
     local bname
     local dname
     local tag
-    for file_entry in "$@"
-    do
+    for file_entry in "$@"; do
         name=${file_entry%%:*}
         tag=${file_entry#*:}
         bname=$(basename "$name")
         dname=$(dirname "$name")
-        if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
-        then
+        if ! $GIT rev-parse -q --verify "my$tag" >/dev/null; then
             $GIT branch --no-track "my$tag" "$tag" || exit $?
         fi
         $GIT checkout "my$tag" -- "$bname" || exit $?
@@ -305,8 +305,7 @@ fi
 
 pushd "$TEST_DIR" || exit 2
 
-if ! $GIT clone "$FIPS_REPO" fips
-then
+if ! $GIT clone "$FIPS_REPO" fips; then
     echo "fips-check: Couldn't check out FIPS repository."
     exit 1
 fi
@@ -322,8 +321,7 @@ popd || exit 2
 # Since OE additions can still be processed for cert3389 we will call 140-2
 # ready "fipsv2-OE-ready" indicating it is ready to use for an OE addition but
 # would not be good for a new certification effort with the latest files.
-if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]
-then
+if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then
     cp wolfcrypt/src/fips.c wolfcrypt/src/fips.c.bak
     sed "s/v4.0.0-alpha/fipsv2-OE-ready/" wolfcrypt/src/fips.c.bak >wolfcrypt/src/fips.c
 fi
@@ -343,14 +341,12 @@ cavp-selftest-v2)
     ;;
 esac
 
-if ! $MAKE
-then
+if ! $MAKE; then
     echo 'fips-check: Make failed. Debris left for analysis.'
     exit 3
 fi
 
-if [ -s wolfcrypt/src/fips_test.c ]
-then
+if [ -s wolfcrypt/src/fips_test.c ]; then
     NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
     if [ -n "$NEWHASH" ]; then
         cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
@@ -359,15 +355,15 @@ then
     fi
 fi
 
-if ! $MAKE check
-then
-    echo 'fips-check: Test failed. Debris left for analysis.'
-    exit 3
+if [ "$MAKECHECK" = "yes" ]; then
+    if ! $MAKE check; then
+        echo 'fips-check: Test failed. Debris left for analysis.'
+        exit 3
+    fi
 fi
 
 # Clean up
 popd || exit 2
-if [ "$KEEP" = 'no' ];
-then
+if [ "$KEEP" = 'no' ]; then
     rm -rf "$TEST_DIR"
 fi
diff --git a/extra/wolfssl/wolfssl/lib/dummy b/extra/wolfssl/wolfssl/lib/dummy
deleted file mode 100644
index 13c3b18c..00000000
--- a/extra/wolfssl/wolfssl/lib/dummy
+++ /dev/null
@@ -1,2 +0,0 @@
-// this is a dummy file
-
diff --git a/extra/wolfssl/wolfssl/linuxkm/Kbuild b/extra/wolfssl/wolfssl/linuxkm/Kbuild
index 093a7a11..29e8092a 100644
--- a/extra/wolfssl/wolfssl/linuxkm/Kbuild
+++ b/extra/wolfssl/wolfssl/linuxkm/Kbuild
@@ -32,6 +32,10 @@ WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -is
 
 ifeq "$(KERNEL_ARCH)" "x86"
     WOLFSSL_CFLAGS += -mpreferred-stack-boundary=4
+else ifeq "$(KERNEL_ARCH)" "aarch64"
+    WOLFSSL_CFLAGS += -mno-outline-atomics
+else ifeq "$(KERNEL_ARCH)" "arm64"
+    WOLFSSL_CFLAGS += -mno-outline-atomics
 endif
 
 obj-m := libwolfssl.o
@@ -47,9 +51,14 @@ $(obj)/linuxkm/module_exports.o: $(WOLFSSL_OBJ_TARGETS)
 # this mechanism only works in kernel 5.x+ (fallback to hardcoded value)
 hostprogs := linuxkm/get_thread_size
 always-y := $(hostprogs)
+
+HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -fno-omit-frame-pointer
+
 # "-mindirect-branch=keep -mfunction-return=keep" to avoid "undefined reference
 #  to `__x86_return_thunk'" on CONFIG_RETHUNK kernels (5.19.0-rc7)
-HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -fno-omit-frame-pointer -mindirect-branch=keep -mfunction-return=keep
+ifeq "$(KERNEL_ARCH)" "x86"
+  HOST_EXTRACFLAGS += -mindirect-branch=keep -mfunction-return=keep
+endif
 
 # this rule is needed to get build to succeed in 4.x (get_thread_size still doesn't get built)
 $(obj)/linuxkm/get_thread_size: $(src)/linuxkm/get_thread_size.c
@@ -90,10 +99,8 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS)
 endif
 
-ifeq "$(ENABLED_LINUXKM_BENCHMARKS)" "yes"
-    $(obj)/linuxkm/module_hooks.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS)
-    $(obj)/linuxkm/module_hooks.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE)
-endif
+$(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION
+$(obj)/wolfcrypt/benchmark/benchmark.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE)
 
 asflags-y := $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPUSIMD_DISABLE)
 
@@ -149,10 +156,10 @@ ifneq "$(quiet)" "silent_"
 endif
 	@cd "$(obj)" || exit $$?; \
 	for file in $(WOLFCRYPT_PIE_FILES); do \
-	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt "$$file" || exit $$?; \
+	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?; \
 	done
 ifneq "$(quiet)" "silent_"
-	@echo '  wolfCrypt .{text,data} sections containerized to .{text,data}.wolfcrypt'
+	@echo '  wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
 endif
 
 $(src)/linuxkm/module_exports.c: rename-pie-text-and-data-sections
diff --git a/extra/wolfssl/wolfssl/linuxkm/Makefile b/extra/wolfssl/wolfssl/linuxkm/Makefile
index 667015fb..4830458c 100644
--- a/extra/wolfssl/wolfssl/linuxkm/Makefile
+++ b/extra/wolfssl/wolfssl/linuxkm/Makefile
@@ -47,6 +47,10 @@ else
     WOLFSSL_CFLAGS+=-DNO_CRYPT_TEST
 endif
 
+ifeq "$(ENABLED_LINUXKM_BENCHMARKS)" "yes"
+    WOLFSSL_OBJ_FILES+=wolfcrypt/benchmark/benchmark.o
+endif
+
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     WOLFCRYPT_PIE_FILES := linuxkm/pie_first.o $(filter wolfcrypt/src/%,$(WOLFSSL_OBJ_FILES)) linuxkm/pie_redirect_table.o linuxkm/pie_last.o
     WOLFSSL_OBJ_FILES := $(WOLFCRYPT_PIE_FILES) $(filter-out $(WOLFCRYPT_PIE_FILES),$(WOLFSSL_OBJ_FILES))
diff --git a/extra/wolfssl/wolfssl/linuxkm/include.am b/extra/wolfssl/wolfssl/linuxkm/include.am
index cec11ad2..b89aab40 100644
--- a/extra/wolfssl/wolfssl/linuxkm/include.am
+++ b/extra/wolfssl/wolfssl/linuxkm/include.am
@@ -12,4 +12,5 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
 	      linuxkm/pie_redirect_table.c \
 	      linuxkm/pie_last.c \
 	      linuxkm/linuxkm_memory.c \
-	      linuxkm/linuxkm_wc_port.h
+	      linuxkm/linuxkm_wc_port.h \
+	      linuxkm/lkcapi_glue.c
diff --git a/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c b/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c
index 31a7b935..81a7dfab 100644
--- a/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c
+++ b/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c
@@ -80,6 +80,25 @@ struct wc_thread_fpu_count_ent {
     unsigned int fpu_state;
 };
 struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_states = NULL;
+
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#pragma GCC diagnostic ignored "-Wnested-externs"
+/* avoid dependence on "alternatives_patched" and "xfd_validate_state()". */
+#undef CONFIG_X86_DEBUG_FPU
+#include "../kernel/fpu/internal.h"
+#include "../kernel/fpu/xstate.h"
+#pragma GCC diagnostic pop
+
+static union wc_linuxkm_fpu_savebuf {
+    byte buf[1024]; /* must be 64-byte-aligned */
+    struct fpstate fpstate;
+} *wc_linuxkm_fpu_savebufs = NULL;
+
+#endif /* WOLFSSL_COMMERCIAL_LICENSE */
+
 #define WC_FPU_COUNT_MASK 0x7fffffffU
 #define WC_FPU_SAVED_MASK 0x80000000U
 
@@ -111,7 +130,37 @@ WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void)
         return MEMORY_E;
     }
 
-    memset(wc_linuxkm_fpu_states, 0, wc_linuxkm_fpu_states_n_tracked * sizeof(wc_linuxkm_fpu_states[0]));
+    memset(wc_linuxkm_fpu_states, 0, wc_linuxkm_fpu_states_n_tracked
+           * sizeof(wc_linuxkm_fpu_states[0]));
+
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+    wc_linuxkm_fpu_savebufs = (union wc_linuxkm_fpu_savebuf *)malloc(
+        wc_linuxkm_fpu_states_n_tracked * sizeof(*wc_linuxkm_fpu_savebufs));
+    if (! wc_linuxkm_fpu_savebufs) {
+        pr_err("allocation of %lu bytes for "
+               "wc_linuxkm_fpu_savebufs failed.\n",
+               WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked)
+               * sizeof(*wc_linuxkm_fpu_savebufs));
+        free(wc_linuxkm_fpu_states);
+        wc_linuxkm_fpu_states = NULL;
+        return MEMORY_E;
+    }
+    if ((uintptr_t)wc_linuxkm_fpu_savebufs
+        & (WC_LINUXKM_ROUND_UP_P_OF_2(sizeof(*wc_linuxkm_fpu_savebufs)) - 1))
+    {
+        pr_err("allocation of %lu bytes for "
+               "wc_linuxkm_fpu_savebufs allocated with wrong alignment 0x%lx.\n",
+               WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked)
+               * sizeof(*wc_linuxkm_fpu_savebufs),
+               (uintptr_t)wc_linuxkm_fpu_savebufs);
+        free(wc_linuxkm_fpu_savebufs);
+        wc_linuxkm_fpu_savebufs = NULL;
+        free(wc_linuxkm_fpu_states);
+        wc_linuxkm_fpu_states = NULL;
+        return MEMORY_E;
+    }
+
+#endif
 
     return 0;
 }
@@ -141,11 +190,17 @@ void free_wolfcrypt_linuxkm_fpu_states(void) {
         }
     }
 
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+    free(wc_linuxkm_fpu_savebufs);
+    wc_linuxkm_fpu_savebufs = NULL;
+#endif
     free(wc_linuxkm_fpu_states);
     wc_linuxkm_fpu_states = NULL;
 }
 
-/* lock-(mostly)-free thread-local storage facility for tracking recursive fpu pushing/popping */
+/* lock-(mostly)-free thread-local storage facility for tracking recursive fpu
+ * pushing/popping
+ */
 static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(int create_p) {
     struct wc_thread_fpu_count_ent *i, *i_endptr, *i_empty;
     pid_t my_pid = task_pid_nr(current), i_pid;
@@ -194,7 +249,16 @@ static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(int create_p)
     }
 }
 
-static void wc_linuxkm_fpu_state_free(struct wc_thread_fpu_count_ent *ent) {
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+static struct fpstate *wc_linuxkm_fpstate_buf_from_fpu_state(
+    struct wc_thread_fpu_count_ent *state)
+{
+    size_t i = (size_t)(state - wc_linuxkm_fpu_states) / sizeof(*state);
+    return &wc_linuxkm_fpu_savebufs[i].fpstate;
+}
+#endif
+
+static void wc_linuxkm_fpu_state_release(struct wc_thread_fpu_count_ent *ent) {
     if (ent->fpu_state != 0) {
         static int warned_nonzero_fpu_state = 0;
         if (! warned_nonzero_fpu_state) {
@@ -211,7 +275,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
 {
     struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(1);
     if (pstate == NULL)
-        return ENOMEM;
+        return MEMORY_E;
 
     /* allow for nested calls */
     if (pstate->fpu_state != 0U) {
@@ -228,25 +292,39 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
     }
 
     if (irq_fpu_usable()) {
-#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-        /* inhibit migration, which gums up the algorithm in kernel_fpu_{begin,end}(). */
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+        struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate);
+        fpregs_lock();
+        fpstate->xfeatures = ~0UL;
+        os_xsave(fpstate);
+#else /* !WOLFSSL_COMMERCIAL_LICENSE */
+#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+    (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
+        /* inhibit migration, which gums up the algorithm in
+         * kernel_fpu_{begin,end}().
+         */
         migrate_disable();
 #endif
         kernel_fpu_begin();
-        pstate->fpu_state = 1U; /* set msb 0 to trigger kernel_fpu_end() at cleanup. */
+#endif /* !WOLFSSL_COMMERCIAL_LICENSE */
+        /* set msb 0 to trigger kernel_fpu_end() at cleanup. */
+        pstate->fpu_state = 1U;
     } else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0)) {
         static int warned_fpu_forbidden = 0;
         if (! warned_fpu_forbidden)
             pr_err("save_vector_registers_x86 called from IRQ handler.\n");
-        wc_linuxkm_fpu_state_free(pstate);
-        return EPERM;
+        wc_linuxkm_fpu_state_release(pstate);
+        return BAD_STATE_E;
     } else {
-#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
+#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+    (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \
+    !defined(WOLFSSL_COMMERCIAL_LICENSE)
         migrate_disable();
 #endif
         /* assume already safely in_kernel_fpu. */
+        /* set msb 1 to inhibit kernel_fpu_end() at cleanup. */
         pstate->fpu_state =
-            WC_FPU_SAVED_MASK + 1U; /* set msb 1 to inhibit kernel_fpu_end() at cleanup. */
+            WC_FPU_SAVED_MASK + 1U;
     }
 
     return 0;
@@ -265,15 +343,23 @@ void restore_vector_registers_x86(void)
         return;
     }
 
-    if (pstate->fpu_state == 0U)
+    if (pstate->fpu_state == 0U) {
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+        struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate);
+        os_xrstor(fpstate, fpstate->xfeatures);
+        fpregs_unlock();
+#else
         kernel_fpu_end();
-    else
+#endif
+    } else
         pstate->fpu_state = 0U;
-#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
+#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+    (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \
+    !defined(WOLFSSL_COMMERCIAL_LICENSE)
     migrate_enable();
 #endif
 
-    wc_linuxkm_fpu_state_free(pstate);
+    wc_linuxkm_fpu_state_release(pstate);
 
     return;
 }
@@ -294,3 +380,11 @@ void my__show_free_areas(
     return;
 }
 #endif
+
+#if defined(__PIE__) && defined(CONFIG_FORTIFY_SOURCE)
+/* needed because FORTIFY_SOURCE inline implementations call fortify_panic(). */
+void __my_fortify_panic(const char *name) {
+    pr_emerg("__my_fortify_panic in %s\n", name);
+    BUG();
+}
+#endif
diff --git a/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h b/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h
index 3e738d00..3553eb8b 100644
--- a/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h
+++ b/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h
@@ -65,8 +65,8 @@
           (int)_xatoi_res;                              \
         })
 
-    /* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack objects,
-     *   but gives adequate alignment with "32".
+    /* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack
+     * objects, but gives adequate alignment with "32".
      */
     #if defined(CONFIG_X86) && !defined(ALIGN16)
         #define ALIGN16 __attribute__ ( (aligned (32)))
@@ -119,8 +119,133 @@
     #include <linux/kconfig.h>
     #include <linux/kernel.h>
     #include <linux/ctype.h>
+
+    #if defined(CONFIG_FORTIFY_SOURCE) || defined(DEBUG_LINUXKM_FORTIFY_OVERLAY)
+        #ifdef __PIE__
+            /* the inline definitions in fortify-string.h use non-inline
+             * fortify_panic().
+             */
+            extern void __my_fortify_panic(const char *name) __noreturn __cold;
+            #define fortify_panic __my_fortify_panic
+        #endif
+
+        /* the _FORTIFY_SOURCE macros and implementations for several string
+         * functions are incompatible with libwolfssl, so just reimplement with
+         * inlines and remap with macros.
+         */
+
+        #define __ARCH_STRLEN_NO_REDIRECT
+        #define __ARCH_MEMCPY_NO_REDIRECT
+        #define __ARCH_MEMSET_NO_REDIRECT
+        #define __ARCH_MEMMOVE_NO_REDIRECT
+
+        /* the inline definitions in fortify-string.h use non-inline
+         * strlen().
+         */
+        static inline size_t strlen(const char *s) {
+            const char *s_start = s;
+            while (*s)
+                ++s;
+            return (size_t)((uintptr_t)s - (uintptr_t)s_start);
+        }
+
+        #include <linux/string.h>
+
+        #undef strlen
+        #define strlen(s) \
+            ((__builtin_constant_p(s) && __builtin_constant_p(*(s))) ? \
+             (sizeof(s) - 1) : strlen(s))
+
+        static inline void *my_memcpy(void *dest, const void *src, size_t n) {
+            if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
+                   & (uintptr_t)(sizeof(uintptr_t) - 1)))
+            {
+                uintptr_t *src_longs = (uintptr_t *)src,
+                    *dest_longs = (uintptr_t *)dest,
+                    *endp = (uintptr_t *)((u8 *)src + n);
+                while (src_longs < endp)
+                    *dest_longs++ = *src_longs++;
+            } else {
+                u8 *src_bytes = (u8 *)src,
+                    *dest_bytes = (u8 *)dest,
+                    *endp = src_bytes + n;
+                while (src_bytes < endp)
+                    *dest_bytes++ = *src_bytes++;
+            }
+            return dest;
+        }
+        #undef memcpy
+        #define memcpy my_memcpy
+
+        static inline void *my_memset(void *dest, int c, size_t n) {
+            if (! (((uintptr_t)dest | (uintptr_t)n)
+                   & (uintptr_t)(sizeof(uintptr_t) - 1)))
+            {
+                uintptr_t c_long = __builtin_choose_expr(
+                    sizeof(uintptr_t) == 8,
+                    (uintptr_t)(u8)c * 0x0101010101010101UL,
+                    (uintptr_t)(u8)c * 0x01010101U
+                    );
+                uintptr_t *dest_longs = (uintptr_t *)dest,
+                    *endp = (uintptr_t *)((u8 *)dest_longs + n);
+                while (dest_longs < endp)
+                    *dest_longs++ = c_long;
+            } else {
+                u8 *dest_bytes = (u8 *)dest, *endp = dest_bytes + n;
+                while (dest_bytes < endp)
+                    *dest_bytes++ = (u8)c;
+            }
+            return dest;
+        }
+        #undef memset
+        #define memset my_memset
+
+        static inline void *my_memmove(void *dest, const void *src, size_t n) {
+            if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
+                   & (uintptr_t)(sizeof(uintptr_t) - 1)))
+            {
+                uintptr_t *src_longs = (uintptr_t *)src,
+                    *dest_longs = (uintptr_t *)dest;
+                n >>= __builtin_choose_expr(
+                    sizeof(uintptr_t) == 8,
+                    3U,
+                    2U);
+                if (src_longs < dest_longs) {
+                    uintptr_t *startp = src_longs;
+                    src_longs += n - 1;
+                    dest_longs += n - 1;
+                    while (src_longs >= startp)
+                        *dest_longs-- = *src_longs--;
+                } else if (src_longs > dest_longs) {
+                    uintptr_t *endp = src_longs + n;
+                    while (src_longs < endp)
+                        *dest_longs++ = *src_longs++;
+                }
+            } else {
+                u8 *src_bytes = (u8 *)src, *dest_bytes = (u8 *)dest;
+                if (src_bytes < dest_bytes) {
+                    u8 *startp = src_bytes;
+                    src_bytes += n - 1;
+                    dest_bytes += n - 1;
+                    while (src_bytes >= startp)
+                        *dest_bytes-- = *src_bytes--;
+                } else if (src_bytes > dest_bytes) {
+                    u8 *endp = src_bytes + n;
+                    while (src_bytes < endp)
+                        *dest_bytes++ = *src_bytes++;
+                }
+            }
+            return dest;
+        }
+        #undef memmove
+        #define memmove my_memmove
+
+    #endif /* CONFIG_FORTIFY_SOURCE */
+
     #include <linux/init.h>
     #include <linux/module.h>
+    #include <linux/delay.h>
+
     #ifdef __PIE__
         /* without this, mm.h brings in static, but not inline, pmd_to_page(),
          * with direct references to global vmem variables.
@@ -146,7 +271,33 @@
     #include <linux/net.h>
     #include <linux/slab.h>
 
-    #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM)
+    #ifdef LINUXKM_LKCAPI_REGISTER
+        #include <linux/crypto.h>
+        #include <linux/scatterlist.h>
+        #include <crypto/scatterwalk.h>
+        #include <crypto/internal/aead.h>
+        #include <crypto/internal/skcipher.h>
+
+        /* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
+         * loaded simultaneously, and the Linux in-tree implementations have two
+         * AES key structs in each context, one for each direction.  in
+         * linuxkm/lkcapi_glue.c (used for CBC, CFB, and GCM), we do the same
+         * thing with "struct km_AesCtx".  however, wolfCrypt struct AesXts
+         * already has two AES expanded keys, the main and tweak, and the tweak
+         * is always used in the encrypt direction regardless of the main
+         * direction.  to avoid allocating and computing a duplicate second
+         * tweak encrypt key, we set
+         * WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS, which adds a second
+         * Aes slot to wolfCrypt's struct AesXts, and activates support for
+         * AES_ENCRYPTION_AND_DECRYPTION on AES-XTS.
+         */
+        #ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            #define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        #endif
+    #endif
+
+    #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
+        defined(WOLFSSL_SP_X86_64_ASM)
         #ifndef CONFIG_X86
             #error X86 SIMD extensions requested, but CONFIG_X86 is not set.
         #endif
@@ -172,20 +323,40 @@
         #endif
     #endif
 
-    /* benchmarks.c uses floating point math, so needs a working SAVE_VECTOR_REGISTERS(). */
-    #if defined(WOLFSSL_LINUXKM_BENCHMARKS) && !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
+    /* benchmarks.c uses floating point math, so needs a working
+     * SAVE_VECTOR_REGISTERS().
+     */
+    #if defined(WOLFSSL_LINUXKM_BENCHMARKS) && \
+        !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
         #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
     #endif
 
-    #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+    #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \
+        defined(CONFIG_X86)
         #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
             #include <asm/i387.h>
         #else
             #include <asm/simd.h>
         #endif
         #ifndef SAVE_VECTOR_REGISTERS
-            #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_x86(); if (_svr_ret != 0) { fail_clause } }
-            #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
+            #define SAVE_VECTOR_REGISTERS(fail_clause) {    \
+                int _svr_ret = save_vector_registers_x86(); \
+                if (_svr_ret != 0) {                        \
+                    fail_clause                             \
+                }                                           \
+            }
+        #endif
+        #ifndef SAVE_VECTOR_REGISTERS2
+            #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+                #define SAVE_VECTOR_REGISTERS2() ({                    \
+                    int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
+                    (_fuzzer_ret == 0) ?                               \
+                     save_vector_registers_x86() :                     \
+                     _fuzzer_ret;                                      \
+                })
+            #else
+                #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
+            #endif
         #endif
         #ifndef RESTORE_VECTOR_REGISTERS
             #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
@@ -194,6 +365,8 @@
         #include <asm/fpsimd.h>
         #ifndef SAVE_VECTOR_REGISTERS
             #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } }
+        #endif
+        #ifndef SAVE_VECTOR_REGISTERS2
             #define SAVE_VECTOR_REGISTERS2() save_vector_registers_arm()
         #endif
         #ifndef RESTORE_VECTOR_REGISTERS
@@ -291,6 +464,11 @@
         #else
             typeof(printk) *printk;
         #endif
+
+#ifdef CONFIG_FORTIFY_SOURCE
+        typeof(__warn_printk) *__warn_printk;
+#endif
+
         typeof(snprintf) *snprintf;
 
         const unsigned char *_ctype;
@@ -333,7 +511,7 @@
             #endif
             typeof(nr_cpu_ids) *nr_cpu_ids;
 
-            #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
+            #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && !defined(WOLFSSL_COMMERCIAL_LICENSE)
                 /* note the current and needed version of these were added in af449901b8 (2020-Sep-17) */
                 typeof(migrate_disable) *migrate_disable;
                 typeof(migrate_enable) *migrate_enable;
@@ -341,15 +519,20 @@
 
             #ifdef CONFIG_X86
                 typeof(irq_fpu_usable) *irq_fpu_usable;
-                /* kernel_fpu_begin() replaced by kernel_fpu_begin_mask() in commit e4512289,
-                 * released in kernel 5.11, backported to 5.4.93
-                 */
-                #ifdef kernel_fpu_begin
-                    typeof(kernel_fpu_begin_mask) *kernel_fpu_begin_mask;
-                #else
-                    typeof(kernel_fpu_begin) *kernel_fpu_begin;
-                #endif
-                typeof(kernel_fpu_end) *kernel_fpu_end;
+                #ifdef WOLFSSL_COMMERCIAL_LICENSE
+                    typeof(fpregs_lock) *fpregs_lock;
+                    typeof(fpregs_lock) *fpregs_unlock;
+                #else /* !WOLFSSL_COMMERCIAL_LICENSE */
+                    /* kernel_fpu_begin() replaced by kernel_fpu_begin_mask() in commit e4512289,
+                     * released in kernel 5.11, backported to 5.4.93
+                     */
+                    #ifdef kernel_fpu_begin
+                        typeof(kernel_fpu_begin_mask) *kernel_fpu_begin_mask;
+                    #else
+                        typeof(kernel_fpu_begin) *kernel_fpu_begin;
+                    #endif
+                    typeof(kernel_fpu_end) *kernel_fpu_end;
+                #endif /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */
             #else /* !CONFIG_X86 */
                 #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
             #endif /* arch */
@@ -429,6 +612,11 @@
     #else
         #define printk (wolfssl_linuxkm_get_pie_redirect_table()->printk)
     #endif
+
+    #ifdef CONFIG_FORTIFY_SOURCE
+        #define __warn_printk (wolfssl_linuxkm_get_pie_redirect_table()->__warn_printk)
+    #endif
+
     #define snprintf (wolfssl_linuxkm_get_pie_redirect_table()->snprintf)
 
     #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype)
@@ -472,19 +660,24 @@
         #endif
         #define nr_cpu_ids (*(wolfssl_linuxkm_get_pie_redirect_table()->nr_cpu_ids))
 
-        #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
+        #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && !defined(WOLFSSL_COMMERCIAL_LICENSE)
             #define migrate_disable (*(wolfssl_linuxkm_get_pie_redirect_table()->migrate_disable))
             #define migrate_enable (*(wolfssl_linuxkm_get_pie_redirect_table()->migrate_enable))
         #endif
 
         #ifdef CONFIG_X86
             #define irq_fpu_usable (wolfssl_linuxkm_get_pie_redirect_table()->irq_fpu_usable)
-            #ifdef kernel_fpu_begin
-                #define kernel_fpu_begin_mask (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin_mask)
-            #else
-                #define kernel_fpu_begin (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin)
-            #endif
-            #define kernel_fpu_end (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_end)
+            #ifdef WOLFSSL_COMMERCIAL_LICENSE
+                #define fpregs_lock() (wolfssl_linuxkm_get_pie_redirect_table()->fpregs_lock())
+                #define fpregs_unlock() (wolfssl_linuxkm_get_pie_redirect_table()->fpregs_unlock())
+            #else /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */
+                #ifdef kernel_fpu_begin
+                    #define kernel_fpu_begin_mask (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin_mask)
+                #else
+                    #define kernel_fpu_begin (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin)
+                #endif
+                #define kernel_fpu_end (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_end)
+            #endif /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */
         #else /* !CONFIG_X86 */
             #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
         #endif /* archs */
@@ -607,6 +800,7 @@
      */
     #include <linux/mutex.h>
     typedef struct mutex wolfSSL_Mutex;
+    #define WOLFSSL_MUTEX_INITIALIZER(lockname) __MUTEX_INITIALIZER(lockname)
 
     /* prevent gcc's mm_malloc.h from being included, since it unconditionally
      * includes stdlib.h, which is kernel-incompatible.
@@ -616,11 +810,13 @@
     /* fun fact: since linux commit 59bb47985c, kmalloc with power-of-2 size is
      * aligned to the size.
      */
-    #define WC_LINUXKM_ROUND_UP_P_OF_2(x) (                                         \
-    {                                                                               \
-        size_t _alloc_sz = (x);                                                     \
-        _alloc_sz = 1UL << ((sizeof(_alloc_sz) * 8UL) - __builtin_clzl(_alloc_sz)); \
-        _alloc_sz;                                                                  \
+    #define WC_LINUXKM_ROUND_UP_P_OF_2(x) (                                \
+    {                                                                      \
+        size_t _alloc_sz = (x);                                            \
+        if (_alloc_sz < 8192)                                              \
+          _alloc_sz = 1UL <<                                               \
+              ((sizeof(_alloc_sz) * 8UL) - __builtin_clzl(_alloc_sz - 1)); \
+        _alloc_sz;                                                         \
     })
     #ifdef HAVE_KVMALLOC
         #define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), GFP_KERNEL, NUMA_NO_NODE)
@@ -633,14 +829,28 @@
         #define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), GFP_KERNEL)
     #endif
 
-#ifdef WOLFSSL_TRACK_MEMORY
+    #ifndef static_assert
+        #define static_assert(expr, ...) __static_assert(expr, ##__VA_ARGS__, #expr)
+        #define __static_assert(expr, msg, ...) _Static_assert(expr, msg)
+    #endif
+
     #include <wolfssl/wolfcrypt/memory.h>
+
+#ifdef WOLFSSL_TRACK_MEMORY
     #define XMALLOC(s, h, t)     ({(void)(h); (void)(t); wolfSSL_Malloc(s);})
-    #define XFREE(p, h, t)       ({void* _xp; (void)(h); _xp = (p); if(_xp) wolfSSL_Free(_xp);})
+    #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+        #define XFREE(p, h, t)       ({(void)(h); (void)(t); wolfSSL_Free(p);})
+    #else
+        #define XFREE(p, h, t)       ({void* _xp; (void)(h); _xp = (p); if(_xp) wolfSSL_Free(_xp);})
+    #endif
     #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); wolfSSL_Realloc(p, n);})
 #else
     #define XMALLOC(s, h, t)     ({(void)(h); (void)(t); malloc(s);})
-    #define XFREE(p, h, t)       ({void* _xp; (void)(h); _xp = (p); if(_xp) free(_xp);})
+    #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+        #define XFREE(p, h, t)       ({(void)(h); (void)(t); free(p);})
+    #else
+        #define XFREE(p, h, t)       ({void* _xp; (void)(h); (void)(t); _xp = (p); if(_xp) free(_xp);})
+    #endif
     #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); realloc(p, n);})
 #endif
 
@@ -650,7 +860,7 @@
      * them to be evaluable by the preprocessor, for use in sp_int.h.
      */
     #if BITS_PER_LONG == 64
-        _Static_assert(sizeof(ULONG_MAX) == 8,
+        static_assert(sizeof(ULONG_MAX) == 8,
                        "BITS_PER_LONG is 64, but ULONG_MAX is not.");
 
         #undef UCHAR_MAX
@@ -672,7 +882,7 @@
 
     #elif BITS_PER_LONG == 32
 
-        _Static_assert(sizeof(ULONG_MAX) == 4,
+        static_assert(sizeof(ULONG_MAX) == 4,
                        "BITS_PER_LONG is 32, but ULONG_MAX is not.");
 
         #undef UCHAR_MAX
diff --git a/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c b/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c
new file mode 100644
index 00000000..7fe91afe
--- /dev/null
+++ b/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c
@@ -0,0 +1,2739 @@
+/* lkcapi_glue.c -- glue logic to register wolfCrypt implementations with
+ * the Linux Kernel Cryptosystem
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef LINUXKM_LKCAPI_REGISTER
+    #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
+#endif
+
+#ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY
+/* Larger number means higher priority.  The highest in-tree priority is 4001,
+ * in the Cavium driver.
+ */
+#define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 10000
+#endif
+
+#ifndef NO_AES
+
+/* note the FIPS code will be returned on failure even in non-FIPS builds. */
+#define LINUXKM_LKCAPI_AES_KAT_MISMATCH_E AES_KAT_FIPS_E
+#define LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E AESGCM_KAT_FIPS_E
+
+#define WOLFKM_AESCBC_NAME   "cbc(aes)"
+#define WOLFKM_AESCFB_NAME   "cfb(aes)"
+#define WOLFKM_AESGCM_NAME   "gcm(aes)"
+#define WOLFKM_AESXTS_NAME   "xts(aes)"
+
+#ifdef WOLFSSL_AESNI
+    #define WOLFKM_DRIVER_ISA_EXT "-aesni"
+#else
+    #define WOLFKM_DRIVER_ISA_EXT ""
+#endif
+
+#ifdef HAVE_FIPS
+    #ifndef HAVE_FIPS_VERSION
+        #define WOLFKM_DRIVER_FIPS "-fips-140"
+    #elif HAVE_FIPS_VERSION >= 5
+        #define WOLFKM_DRIVER_FIPS "-fips-140-3"
+    #elif HAVE_FIPS_VERSION == 2
+        #define WOLFKM_DRIVER_FIPS "-fips-140-2"
+    #else
+        #define WOLFKM_DRIVER_FIPS "-fips-140"
+    #endif
+#else
+    #define WOLFKM_DRIVER_FIPS ""
+#endif
+
+#define WOLFKM_DRIVER_SUFFIX \
+    WOLFKM_DRIVER_ISA_EXT WOLFKM_DRIVER_FIPS "-wolfcrypt"
+
+#define WOLFKM_AESCBC_DRIVER ("cbc-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESCFB_DRIVER ("cfb-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESGCM_DRIVER ("gcm-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESXTS_DRIVER ("xts-aes" WOLFKM_DRIVER_SUFFIX)
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+static int  linuxkm_test_aescbc(void);
+#endif
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+static int  linuxkm_test_aescfb(void);
+#endif
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+static int  linuxkm_test_aesgcm(void);
+#endif
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+static int  linuxkm_test_aesxts(void);
+#endif
+
+/* km_AesX(): wrappers to wolfcrypt wc_AesX functions and
+ * structures.  */
+
+#include <wolfssl/wolfcrypt/aes.h>
+
+struct km_AesCtx {
+    Aes          *aes_encrypt; /* allocated in km_AesInitCommon() to assure
+                                * alignment, needed for AESNI.
+                                */
+    Aes          *aes_decrypt; /* same. */
+};
+
+#if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESGCM)
+
+static void km_AesExitCommon(struct km_AesCtx * ctx);
+
+static int km_AesInitCommon(
+    struct km_AesCtx * ctx,
+    const char * name,
+    int need_decryption)
+{
+    int err;
+
+    ctx->aes_encrypt = (Aes *)malloc(sizeof(*ctx->aes_encrypt));
+
+    if (! ctx->aes_encrypt) {
+        pr_err("%s: allocation of %zu bytes for encryption key failed.\n",
+               name, sizeof(*ctx->aes_encrypt));
+        return MEMORY_E;
+    }
+
+    err = wc_AesInit(ctx->aes_encrypt, NULL, INVALID_DEVID);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesInit failed: %d\n", name, err);
+        free(ctx->aes_encrypt);
+        ctx->aes_encrypt = NULL;
+        return -EINVAL;
+    }
+
+    if (! need_decryption) {
+        ctx->aes_decrypt = NULL;
+        return 0;
+    }
+
+    ctx->aes_decrypt = (Aes *)malloc(sizeof(*ctx->aes_decrypt));
+
+    if (! ctx->aes_decrypt) {
+        pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
+               name, sizeof(*ctx->aes_decrypt));
+        km_AesExitCommon(ctx);
+        return MEMORY_E;
+    }
+
+    err = wc_AesInit(ctx->aes_decrypt, NULL, INVALID_DEVID);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesInit failed: %d\n", name, err);
+        free(ctx->aes_decrypt);
+        ctx->aes_decrypt = NULL;
+        km_AesExitCommon(ctx);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
+static void km_AesExitCommon(struct km_AesCtx * ctx)
+{
+    if (ctx->aes_encrypt) {
+        wc_AesFree(ctx->aes_encrypt);
+        free(ctx->aes_encrypt);
+        ctx->aes_encrypt = NULL;
+    }
+    if (ctx->aes_decrypt) {
+        wc_AesFree(ctx->aes_decrypt);
+        free(ctx->aes_decrypt);
+        ctx->aes_decrypt = NULL;
+    }
+}
+
+#if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCFB)
+
+static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
+                              unsigned int key_len, const char * name)
+{
+    int err;
+
+    err = wc_AesSetKey(ctx->aes_encrypt, in_key, key_len, NULL, AES_ENCRYPTION);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err);
+        return -ENOKEY;
+    }
+
+    if (ctx->aes_decrypt) {
+        err = wc_AesSetKey(ctx->aes_decrypt, in_key, key_len, NULL,
+                           AES_DECRYPTION);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesSetKey for decryption key failed: %d\n",
+                   name, err);
+            return -ENOKEY;
+        }
+    }
+
+    return 0;
+}
+
+static void km_AesExit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    km_AesExitCommon(ctx);
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_ALL ||
+        * LINUXKM_LKCAPI_REGISTER_AESCBC ||
+        * LINUXKM_LKCAPI_REGISTER_AESCFB
+        */
+
+#endif /* LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC ||
+        * LINUXKM_LKCAPI_REGISTER_AESCFB || LINUXKM_LKCAPI_REGISTER_AESGCM
+        */
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+static int km_AesCbcInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESCBC_DRIVER, 1);
+}
+
+static int km_AesCbcSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESCBC_DRIVER);
+}
+
+static int km_AesCbcEncrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesSetIV failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = wc_AesCbcEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCbcEncrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static int km_AesCbcDecrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesSetIV(ctx->aes_decrypt, walk.iv);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesSetKey failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = wc_AesCbcDecrypt(ctx->aes_decrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCbcDecrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static struct skcipher_alg cbcAesAlg = {
+    .base.cra_name        = WOLFKM_AESCBC_NAME,
+    .base.cra_driver_name = WOLFKM_AESCBC_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = AES_BLOCK_SIZE,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesCbcInit,
+    .exit                 = km_AesExit,
+    .min_keysize          = AES_128_KEY_SIZE,
+    .max_keysize          = AES_256_KEY_SIZE,
+    .ivsize               = AES_BLOCK_SIZE,
+    .setkey               = km_AesCbcSetKey,
+    .encrypt              = km_AesCbcEncrypt,
+    .decrypt              = km_AesCbcDecrypt,
+};
+static int cbcAesAlg_loaded = 0;
+
+#endif /* HAVE_AES_CBC &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
+        */
+
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+static int km_AesCfbInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESCFB_DRIVER, 0);
+}
+
+static int km_AesCfbSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESCFB_DRIVER);
+}
+
+static int km_AesCfbEncrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesSetKey failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = wc_AesCfbEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCfbEncrypt failed %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static int km_AesCfbDecrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesSetKey failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = wc_AesCfbDecrypt(ctx->aes_encrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCfbDecrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static struct skcipher_alg cfbAesAlg = {
+    .base.cra_name        = WOLFKM_AESCFB_NAME,
+    .base.cra_driver_name = WOLFKM_AESCFB_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = AES_BLOCK_SIZE,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesCfbInit,
+    .exit                 = km_AesExit,
+    .min_keysize          = AES_128_KEY_SIZE,
+    .max_keysize          = AES_256_KEY_SIZE,
+    .ivsize               = AES_BLOCK_SIZE,
+    .setkey               = km_AesCfbSetKey,
+    .encrypt              = km_AesCfbEncrypt,
+    .decrypt              = km_AesCfbDecrypt,
+};
+static int cfbAesAlg_loaded = 0;
+
+#endif /* WOLFSSL_AES_CFB &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
+        */
+
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+#ifndef WOLFSSL_AESGCM_STREAM
+    #error LKCAPI registration of AES-GCM requires WOLFSSL_AESGCM_STREAM (--enable-aesgcm-stream).
+#endif
+
+static int km_AesGcmInit(struct crypto_aead * tfm)
+{
+    struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESGCM_DRIVER, 0);
+}
+
+static void km_AesGcmExit(struct crypto_aead * tfm)
+{
+    struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
+    km_AesExitCommon(ctx);
+}
+
+static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
+                           unsigned int key_len)
+{
+    int err;
+    struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
+
+    err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmSetKey failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -ENOKEY;
+    }
+
+    return 0;
+}
+
+static int km_AesGcmSetAuthsize(struct crypto_aead *tfm, unsigned int authsize)
+{
+    (void)tfm;
+    if (authsize > AES_BLOCK_SIZE ||
+        authsize < WOLFSSL_MIN_AUTH_TAG_SZ) {
+        pr_err("%s: invalid authsize: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), authsize);
+        return -EINVAL;
+    }
+    return 0;
+}
+
+/*
+ * aead ciphers recieve data in scatterlists in following order:
+ *   encrypt
+ *     req->src: aad||plaintext
+ *     req->dst: aad||ciphertext||tag
+ *   decrypt
+ *     req->src: aad||ciphertext||tag
+ *     req->dst: aad||plaintext, return 0 or -EBADMSG
+ */
+
+static int km_AesGcmEncrypt(struct aead_request *req)
+{
+    struct crypto_aead * tfm = NULL;
+    struct km_AesCtx *   ctx = NULL;
+    struct skcipher_walk walk;
+    struct scatter_walk  assocSgWalk;
+    unsigned int         nbytes = 0;
+    u8                   authTag[AES_BLOCK_SIZE];
+    int                  err = 0;
+    unsigned int         assocLeft = 0;
+    unsigned int         cryptLeft = 0;
+    u8 *                 assoc = NULL;
+
+    tfm = crypto_aead_reqtfm(req);
+    ctx = crypto_aead_ctx(tfm);
+    assocLeft = req->assoclen;
+    cryptLeft = req->cryptlen;
+
+    scatterwalk_start(&assocSgWalk, req->src);
+
+    err = skcipher_walk_aead_encrypt(&walk, req, false);
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_aead_encrypt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -1;
+    }
+
+    err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
+                        AES_BLOCK_SIZE);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmInit failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    assoc = scatterwalk_map(&assocSgWalk);
+    if (unlikely(IS_ERR(assoc))) {
+        pr_err("%s: scatterwalk_map failed: %ld\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+               PTR_ERR(assoc));
+        return err;
+    }
+
+    err = wc_AesGcmEncryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
+                                 assoc, assocLeft);
+    assocLeft -= assocLeft;
+    scatterwalk_unmap(assoc);
+    assoc = NULL;
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        int n = nbytes;
+
+        if (likely(cryptLeft && nbytes)) {
+            n = cryptLeft < nbytes ? cryptLeft : nbytes;
+
+            err = wc_AesGcmEncryptUpdate(
+                ctx->aes_encrypt,
+                walk.dst.virt.addr,
+                walk.src.virt.addr,
+                cryptLeft,
+                NULL, 0);
+            nbytes -= n;
+            cryptLeft -= n;
+        }
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    err = wc_AesGcmEncryptFinal(ctx->aes_encrypt, authTag, tfm->authsize);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmEncryptFinal failed with return code %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    /* Now copy the auth tag into request scatterlist. */
+    scatterwalk_map_and_copy(authTag, req->dst,
+                             req->assoclen + req->cryptlen,
+                             tfm->authsize, 1);
+
+    return err;
+}
+
+static int km_AesGcmDecrypt(struct aead_request *req)
+{
+    struct crypto_aead * tfm = NULL;
+    struct km_AesCtx *   ctx = NULL;
+    struct skcipher_walk walk;
+    struct scatter_walk  assocSgWalk;
+    unsigned int         nbytes = 0;
+    u8                   origAuthTag[AES_BLOCK_SIZE];
+    int                  err = 0;
+    unsigned int         assocLeft = 0;
+    unsigned int         cryptLeft = 0;
+    u8 *                 assoc = NULL;
+
+    tfm = crypto_aead_reqtfm(req);
+    ctx = crypto_aead_ctx(tfm);
+    assocLeft = req->assoclen;
+    cryptLeft = req->cryptlen - tfm->authsize;
+
+    /* Copy out original auth tag from req->src. */
+    scatterwalk_map_and_copy(origAuthTag, req->src,
+                             req->assoclen + req->cryptlen - tfm->authsize,
+                             tfm->authsize, 0);
+
+    scatterwalk_start(&assocSgWalk, req->src);
+
+    err = skcipher_walk_aead_decrypt(&walk, req, false);
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_aead_decrypt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return err;
+    }
+
+    err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
+                        AES_BLOCK_SIZE);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmInit failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    assoc = scatterwalk_map(&assocSgWalk);
+    if (unlikely(IS_ERR(assoc))) {
+        pr_err("%s: scatterwalk_map failed: %ld\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+               PTR_ERR(assoc));
+        return err;
+    }
+
+    err = wc_AesGcmDecryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
+                                 assoc, assocLeft);
+    assocLeft -= assocLeft;
+    scatterwalk_unmap(assoc);
+    assoc = NULL;
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        int n = nbytes;
+
+        if (likely(cryptLeft && nbytes)) {
+            n = cryptLeft < nbytes ? cryptLeft : nbytes;
+
+            err = wc_AesGcmDecryptUpdate(
+                ctx->aes_encrypt,
+                walk.dst.virt.addr,
+                walk.src.virt.addr,
+                cryptLeft,
+                NULL, 0);
+            nbytes -= n;
+            cryptLeft -= n;
+        }
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    err = wc_AesGcmDecryptFinal(ctx->aes_encrypt, origAuthTag, tfm->authsize);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmDecryptFinal failed with return code %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+
+        if (err == AES_GCM_AUTH_E) {
+            return -EBADMSG;
+        }
+        else {
+            return -EINVAL;
+        }
+    }
+
+    return err;
+}
+
+static struct aead_alg gcmAesAead = {
+    .base.cra_name        = WOLFKM_AESGCM_NAME,
+    .base.cra_driver_name = WOLFKM_AESGCM_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = 1,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesGcmInit,
+    .exit                 = km_AesGcmExit,
+    .setkey               = km_AesGcmSetKey,
+    .setauthsize          = km_AesGcmSetAuthsize,
+    .encrypt              = km_AesGcmEncrypt,
+    .decrypt              = km_AesGcmDecrypt,
+    .ivsize               = AES_BLOCK_SIZE,
+    .maxauthsize          = AES_BLOCK_SIZE,
+    .chunksize            = AES_BLOCK_SIZE,
+};
+static int gcmAesAead_loaded = 0;
+
+#endif /* HAVE_AESGCM &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
+        */
+
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+struct km_AesXtsCtx {
+    XtsAes *aesXts; /* allocated in km_AesXtsInitCommon() to assure alignment
+                     * for AESNI.
+                     */
+};
+
+static int km_AesXtsInitCommon(struct km_AesXtsCtx * ctx, const char * name)
+{
+    int err;
+
+    ctx->aesXts = (XtsAes *)malloc(sizeof(*ctx->aesXts));
+
+    if (! ctx->aesXts)
+        return -MEMORY_E;
+
+    err = wc_AesXtsInit(ctx->aesXts, NULL, INVALID_DEVID);
+
+    if (unlikely(err)) {
+        pr_err("%s: km_AesXtsInitCommon failed: %d\n", name, err);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
+static int km_AesXtsInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesXtsInitCommon(ctx, WOLFKM_AESXTS_DRIVER);
+}
+
+static void km_AesXtsExit(struct crypto_skcipher *tfm)
+{
+    struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
+    wc_AesXtsFree(ctx->aesXts);
+    free(ctx->aesXts);
+    ctx->aesXts = NULL;
+}
+
+static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    int err;
+    struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
+
+    err = wc_AesXtsSetKeyNoInit(ctx->aesXts, in_key, key_len,
+                                AES_ENCRYPTION_AND_DECRYPTION);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
+/* see /usr/src/linux/drivers/md/dm-crypt.c */
+
+static int km_AesXtsEncrypt(struct skcipher_request *req)
+{
+    int                      err = 0;
+
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesXtsCtx *    ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesXtsEncrypt(ctx->aesXts, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes,
+                               walk.iv, walk.ivsize);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesXtsEncrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static int km_AesXtsDecrypt(struct skcipher_request *req)
+{
+    int                      err = 0;
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesXtsCtx *    ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesXtsDecrypt(ctx->aesXts, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes,
+                               walk.iv, walk.ivsize);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCbcDecrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static struct skcipher_alg xtsAesAlg = {
+    .base.cra_name          = WOLFKM_AESXTS_NAME,
+    .base.cra_driver_name   = WOLFKM_AESXTS_DRIVER,
+    .base.cra_priority      = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize     = AES_BLOCK_SIZE,
+    .base.cra_ctxsize       = sizeof(struct km_AesXtsCtx),
+    .base.cra_module        = THIS_MODULE,
+
+    .min_keysize            = 2 * AES_128_KEY_SIZE,
+    .max_keysize            = 2 * AES_256_KEY_SIZE,
+    .ivsize                 = AES_BLOCK_SIZE,
+    .walksize               = 2 * AES_BLOCK_SIZE,
+    .init                   = km_AesXtsInit,
+    .exit                   = km_AesXtsExit,
+    .setkey                 = km_AesXtsSetKey,
+    .encrypt                = km_AesXtsEncrypt,
+    .decrypt                = km_AesXtsDecrypt
+};
+static int xtsAesAlg_loaded = 0;
+
+#endif /* WOLFSSL_AES_XTS &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
+        */
+
+/* cipher tests, cribbed from test.c, with supplementary LKCAPI tests: */
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+static int linuxkm_test_aescbc(void)
+{
+    int    ret = 0;
+    struct crypto_skcipher *  tfm = NULL;
+    struct skcipher_request * req = NULL;
+    struct scatterlist        src, dst;
+    Aes    *aes;
+    int    aes_inited = 0;
+    static const byte key32[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    static const byte p_vector[] =
+    /* Now is the time for all good men w/o trailing 0 */
+    {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
+        0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
+    };
+    static const byte iv[] = "1234567890abcdef";
+
+    static const byte c_vector[] =
+    {
+        0xd7,0xd6,0x04,0x5b,0x4d,0xc4,0x90,0xdf,
+        0x4a,0x82,0xed,0x61,0x26,0x4e,0x23,0xb3,
+        0xe4,0xb5,0x85,0x30,0x29,0x4c,0x9d,0xcf,
+        0x73,0xc9,0x46,0xd1,0xaa,0xc8,0xcb,0x62
+    };
+
+    byte    iv_copy[sizeof(iv)];
+    byte    enc[sizeof(p_vector)];
+    byte    dec[sizeof(p_vector)];
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+
+    aes = (Aes *)malloc(sizeof(*aes));
+    if (aes == NULL)
+        return -ENOMEM;
+
+    XMEMSET(enc, 0, sizeof(enc));
+    XMEMSET(dec, 0, sizeof(enc));
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cbc_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = wc_AesCbcEncrypt(aes, enc, p_vector, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCbcEncrypt failed with return code %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
+        pr_err("wolfcrypt wc_AesCbcEncrypt KAT mismatch\n");
+        return LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+    }
+
+    /* Re init for decrypt and set flag. */
+    wc_AesFree(aes);
+    aes_inited = 0;
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cbc_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = wc_AesCbcDecrypt(aes, dec, enc, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCbcDecrypt failed with return code %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: p_vector and dec do not match: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    /* now the kernel crypto part */
+    enc2 = malloc(sizeof(p_vector));
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        goto test_cbc_end;
+    }
+
+    dec2 = malloc(sizeof(p_vector));
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        goto test_cbc_end;
+    }
+
+    memcpy(dec2, p_vector, sizeof(p_vector));
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESCBC_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
+               WOLFKM_AESCBC_DRIVER, PTR_ERR(tfm));
+        goto test_cbc_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name =
+            crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESCBC_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESCBC_NAME, driver_name, WOLFKM_AESCBC_DRIVER);
+            ret = -ENOENT;
+            goto test_cbc_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        pr_err("error: allocating AES skcipher request %s failed\n",
+               WOLFKM_AESCBC_DRIVER);
+        goto test_cbc_end;
+    }
+
+    sg_init_one(&src, dec2, sizeof(p_vector));
+    sg_init_one(&dst, enc2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = XMEMCMP(enc, enc2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: enc and enc2 do not match: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    memset(dec2, 0, sizeof(p_vector));
+    sg_init_one(&src, enc2, sizeof(p_vector));
+    sg_init_one(&dst, dec2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = XMEMCMP(dec, dec2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: dec and dec2 do not match: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+test_cbc_end:
+
+    if (enc2) { free(enc2); }
+    if (dec2) { free(dec2); }
+    if (req) { skcipher_request_free(req); }
+    if (tfm) { crypto_free_skcipher(tfm); }
+
+    if (aes_inited)
+        wc_AesFree(aes);
+    free(aes);
+
+    return ret;
+}
+
+#endif /* HAVE_AES_CBC &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
+        */
+
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+static int linuxkm_test_aescfb(void)
+{
+    int    ret = 0;
+    struct crypto_skcipher *  tfm = NULL;
+    struct skcipher_request * req = NULL;
+    struct scatterlist        src, dst;
+    Aes    *aes;
+    int    aes_inited = 0;
+    static const byte key32[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    static const byte p_vector[] =
+    /* Now is the time for all good men w/o trailing 0 */
+    {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
+        0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
+    };
+    static const byte iv[] = "1234567890abcdef";
+    static const byte c_vector[] =
+    {
+        0x56,0x35,0x3f,0xdd,0xde,0xa6,0x15,0x87,
+        0x57,0xdc,0x34,0x62,0x9a,0x68,0x96,0x51,
+        0xc7,0x09,0xb9,0x4e,0x47,0x6b,0x24,0x72,
+        0x19,0x5a,0xdf,0x7e,0xba,0xa8,0x01,0xb6
+    };
+    byte    iv_copy[sizeof(iv)];
+    byte    enc[sizeof(p_vector)];
+    byte    dec[sizeof(p_vector)];
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+
+    aes = (Aes *)malloc(sizeof(*aes));
+    if (aes == NULL)
+        return -ENOMEM;
+
+    XMEMSET(enc, 0, sizeof(enc));
+    XMEMSET(dec, 0, sizeof(enc));
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cfb_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = wc_AesCfbEncrypt(aes, enc, p_vector, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCfbEncrypt failed with return code %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
+        pr_err("wolfcrypt wc_AesCfbEncrypt KAT mismatch\n");
+        return LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+    }
+
+    /* Re init for decrypt and set flag. */
+    wc_AesFree(aes);
+    aes_inited = 0;
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cfb_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = wc_AesCfbDecrypt(aes, dec, enc, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCfbDecrypt failed with return code %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: p_vector and dec do not match: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    /* now the kernel crypto part */
+    enc2 = malloc(sizeof(p_vector));
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        goto test_cfb_end;
+    }
+
+    dec2 = malloc(sizeof(p_vector));
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        goto test_cfb_end;
+    }
+
+    memcpy(dec2, p_vector, sizeof(p_vector));
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESCFB_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
+               WOLFKM_AESCFB_DRIVER, PTR_ERR(tfm));
+        goto test_cfb_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name =
+            crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESCFB_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESCFB_NAME, driver_name, WOLFKM_AESCFB_DRIVER);
+            ret = -ENOENT;
+            goto test_cfb_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        pr_err("error: allocating AES skcipher request %s failed\n",
+               WOLFKM_AESCFB_DRIVER);
+        goto test_cfb_end;
+    }
+
+    sg_init_one(&src, dec2, sizeof(p_vector));
+    sg_init_one(&dst, enc2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = XMEMCMP(enc, enc2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: enc and enc2 do not match: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    memset(dec2, 0, sizeof(p_vector));
+    sg_init_one(&src, enc2, sizeof(p_vector));
+    sg_init_one(&dst, dec2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_decrypt returned: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = XMEMCMP(dec, dec2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: dec and dec2 do not match: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+test_cfb_end:
+
+    if (enc2) { free(enc2); }
+    if (dec2) { free(dec2); }
+    if (req) { skcipher_request_free(req); }
+    if (tfm) { crypto_free_skcipher(tfm); }
+
+    if (aes_inited)
+        wc_AesFree(aes);
+    free(aes);
+
+    return ret;
+}
+
+#endif /* WOLFSSL_AES_CFB &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCFB)
+        */
+
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+static int linuxkm_test_aesgcm(void)
+{
+    int     ret = 0;
+    struct crypto_aead *  tfm = NULL;
+    struct aead_request * req = NULL;
+    struct scatterlist *  src = NULL;
+    struct scatterlist *  dst = NULL;
+    Aes    *aes;
+    int    aes_inited = 0;
+    static const byte key32[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    static const byte p_vector[] =
+    /* Now is the time for all w/o trailing 0 */
+    {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    static const byte assoc[] =
+    {
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    };
+    static const byte ivstr[] = "1234567890abcdef";
+    static const byte c_vector[] =
+    {
+        0x0c,0x97,0x05,0x3c,0xef,0x5c,0x63,0x6b,
+        0x15,0xe4,0x00,0x63,0xf8,0x8c,0xd0,0x95,
+        0x27,0x81,0x90,0x9c,0x9f,0xe6,0x98,0xe9
+    };
+    static const byte KAT_authTag[] =
+    {
+        0xc9,0xd5,0x7a,0x77,0xac,0x28,0xc2,0xe7,
+        0xe4,0x28,0x90,0xaa,0x09,0xab,0xf9,0x7c
+    };
+    byte    enc[sizeof(p_vector)];
+    byte    authTag[AES_BLOCK_SIZE];
+    byte    dec[sizeof(p_vector)];
+    u8 *    assoc2 = NULL;
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+    u8 *    iv = NULL;
+    size_t  encryptLen = sizeof(p_vector);
+    size_t  decryptLen = sizeof(p_vector) + sizeof(authTag);
+
+    /* Init stack variables. */
+    XMEMSET(enc, 0, sizeof(p_vector));
+    XMEMSET(dec, 0, sizeof(p_vector));
+    XMEMSET(authTag, 0, AES_BLOCK_SIZE);
+
+    aes = (Aes *)malloc(sizeof(*aes));
+    if (aes == NULL)
+        return -ENOMEM;
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("error: wc_AesInit failed with return code %d.\n", ret);
+        goto test_gcm_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
+                        AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, assoc, sizeof(assoc));
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptUpdate failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmEncryptUpdate(aes, enc, p_vector, sizeof(p_vector), NULL, 0);
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptUpdate failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
+        pr_err("wolfcrypt AES-GCM KAT mismatch on ciphertext\n");
+        ret = LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E;
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmEncryptFinal(aes, authTag, AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    if (XMEMCMP(authTag, KAT_authTag, sizeof(KAT_authTag)) != 0) {
+        pr_err("wolfcrypt AES-GCM KAT mismatch on authTag\n");
+        ret = LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E;
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
+                        AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmDecryptUpdate(aes, dec, enc, sizeof(p_vector),
+                                 assoc, sizeof(assoc));
+    if (ret) {
+        pr_err("error: wc_AesGcmDecryptUpdate failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmDecryptFinal(aes, authTag, AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: gcm: p_vector and dec do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    /* now the kernel crypto part */
+    assoc2 = malloc(sizeof(assoc));
+    if (IS_ERR(assoc2)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+    memset(assoc2, 0, sizeof(assoc));
+    memcpy(assoc2, assoc, sizeof(assoc));
+
+    iv = malloc(AES_BLOCK_SIZE);
+    if (IS_ERR(iv)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+    memset(iv, 0, AES_BLOCK_SIZE);
+    memcpy(iv, ivstr, AES_BLOCK_SIZE);
+
+    enc2 = malloc(decryptLen);
+    if (IS_ERR(enc2)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+
+    dec2 = malloc(decryptLen);
+    if (IS_ERR(dec2)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+
+    memset(enc2, 0, decryptLen);
+    memset(dec2, 0, decryptLen);
+    memcpy(dec2, p_vector, sizeof(p_vector));
+
+    tfm = crypto_alloc_aead(WOLFKM_AESGCM_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
+               WOLFKM_AESGCM_DRIVER, PTR_ERR(tfm));
+        goto test_gcm_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESGCM_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESGCM_NAME, driver_name, WOLFKM_AESGCM_DRIVER);
+            ret = -ENOENT;
+            goto test_gcm_end;
+        }
+    }
+#endif
+
+    ret = crypto_aead_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
+    if (ret) {
+        pr_err("error: crypto_aead_setkey returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = crypto_aead_setauthsize(tfm, sizeof(authTag));
+    if (ret) {
+        pr_err("error: crypto_aead_setauthsize returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    req = aead_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        pr_err("error: allocating AES aead request %s failed: %ld\n",
+               WOLFKM_AESCBC_DRIVER, PTR_ERR(req));
+        goto test_gcm_end;
+    }
+
+    src = malloc(sizeof(struct scatterlist) * 2);
+    dst = malloc(sizeof(struct scatterlist) * 2);
+
+    if (IS_ERR(src) || IS_ERR(dst)) {
+        pr_err("error: malloc src or dst failed: %ld, %ld\n",
+               PTR_ERR(src), PTR_ERR(dst));
+        goto test_gcm_end;
+    }
+
+    sg_init_table(src, 2);
+    sg_set_buf(src, assoc2, sizeof(assoc));
+    sg_set_buf(&src[1], dec2, sizeof(p_vector));
+
+    sg_init_table(dst, 2);
+    sg_set_buf(dst, assoc2, sizeof(assoc));
+    sg_set_buf(&dst[1], enc2, decryptLen);
+
+    aead_request_set_callback(req, 0, NULL, NULL);
+    aead_request_set_ad(req, sizeof(assoc));
+    aead_request_set_crypt(req, src, dst, sizeof(p_vector), iv);
+
+    ret = crypto_aead_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_aead_encrypt returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(enc, enc2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: enc and enc2 do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(authTag, enc2 + encryptLen, sizeof(authTag));
+    if (ret) {
+        pr_err("error: authTags do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    /* Now decrypt crypto request. Reverse src and dst. */
+    memset(dec2, 0, decryptLen);
+    aead_request_set_ad(req, sizeof(assoc));
+    aead_request_set_crypt(req, dst, src, decryptLen, iv);
+
+    ret = crypto_aead_decrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_aead_decrypt returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(dec, dec2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: dec and dec2 do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+test_gcm_end:
+    if (req) { aead_request_free(req); req = NULL; }
+    if (tfm) { crypto_free_aead(tfm); tfm = NULL; }
+
+    if (src) { free(src); src = NULL; }
+    if (dst) { free(dst); dst = NULL; }
+
+    if (dec2) { free(dec2); dec2 = NULL; }
+    if (enc2) { free(enc2); enc2 = NULL; }
+
+    if (assoc2) { free(assoc2); assoc2 = NULL; }
+    if (iv) { free(iv); iv = NULL; }
+
+    if (aes_inited)
+        wc_AesFree(aes);
+    free(aes);
+
+    return ret;
+}
+
+#endif /* HAVE_AESGCM &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
+        */
+
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+/* test vectors from
+ * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html
+ */
+#ifdef WOLFSSL_AES_128
+static int aes_xts_128_test(void)
+{
+    XtsAes *aes = NULL;
+    int aes_inited = 0;
+    int ret = 0;
+#define AES_XTS_128_TEST_BUF_SIZ (AES_BLOCK_SIZE * 2 + 8)
+    unsigned char *buf = NULL;
+    unsigned char *cipher = NULL;
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+    struct scatterlist *  src = NULL;
+    struct scatterlist *  dst = NULL;
+    struct crypto_skcipher *tfm = NULL;
+    struct skcipher_request *req = NULL;
+    u8 iv[AES_BLOCK_SIZE];
+    byte* large_input = NULL;
+
+    /* 128 key tests */
+    static const unsigned char k1[] = {
+        0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
+        0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
+        0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
+        0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
+    };
+
+    static const unsigned char i1[] = {
+        0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    static const unsigned char p1[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
+    };
+
+    /* plain text test of partial block is not from NIST test vector list */
+    static const unsigned char pp[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    static const unsigned char c1[] = {
+        0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
+        0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
+    };
+
+    /* plain text test of partial block is not from NIST test vector list */
+    static const unsigned char cp[] = {
+        0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
+        0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
+        0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
+    };
+
+    static const unsigned char k2[] = {
+        0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
+        0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
+        0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
+        0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
+    };
+
+    static const unsigned char i2[] = {
+        0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
+        0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
+    };
+
+    static const unsigned char p2[] = {
+        0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
+        0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
+        0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
+        0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
+    };
+
+    static const unsigned char c2[] = {
+        0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
+        0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
+        0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
+        0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
+    };
+
+#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
+    static const unsigned char k3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    };
+    static const unsigned char i3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    };
+    static const unsigned char p3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
+    };
+    static const unsigned char c3[] = {
+        0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
+        0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
+        0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
+        0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
+        0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
+    };
+#endif /* HAVE_FIPS */
+
+    if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES))
+        == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    if ((buf = (unsigned char *)XMALLOC(AES_XTS_128_TEST_BUF_SIZ, NULL,
+                                        DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+    if ((cipher = (unsigned char *)XMALLOC(AES_XTS_128_TEST_BUF_SIZ, NULL,
+                                           DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsInit(aes, NULL, INVALID_DEVID);
+    if (ret != 0)
+        goto out;
+    else
+        aes_inited = 1;
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* partial block encryption test */
+    XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(cp, cipher, sizeof(cp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(cp, cipher, sizeof(cp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* partial block decrypt test */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(pp, buf, sizeof(pp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(pp, buf, sizeof(pp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* NIST decrypt test vector */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* fail case with decrypting using wrong key */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p2, buf, sizeof(p2)) == 0) { /* fail case with wrong key */
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    /* set correct key and retest */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p2, buf, sizeof(p2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#ifndef HAVE_FIPS
+
+    /* Test ciphertext stealing in-place. */
+    XMEMCPY(buf, p3, sizeof(p3));
+    ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+
+    ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c3, buf, sizeof(c3))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p3, buf, sizeof(p3))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#endif /* HAVE_FIPS */
+
+    {
+    #define LARGE_XTS_SZ        1024
+        int i;
+        int j;
+
+        large_input = (byte *)XMALLOC(LARGE_XTS_SZ, NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (large_input == NULL) {
+            ret = MEMORY_E;
+            goto out;
+        }
+
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
+                sizeof(i1));
+            if (ret != 0)
+                goto out;
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
+                sizeof(i1));
+            if (ret != 0)
+                goto out;
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+                    goto out;
+                }
+            }
+        }
+    }
+
+    /* now the kernel crypto part */
+
+    enc2 = XMALLOC(sizeof(pp), NULL, DYNAMIC_TYPE_AES);
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dec2 = XMALLOC(sizeof(pp), NULL, DYNAMIC_TYPE_AES);
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    src = XMALLOC(sizeof(*src) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! src) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dst = XMALLOC(sizeof(*dst) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! dst) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESXTS_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        ret = PTR_ERR(tfm);
+        pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name =
+            crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
+            ret = -ENOENT;
+            goto test_xts_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_ivsize(tfm);
+    if (ret != sizeof(iv)) {
+        pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()"
+               " returned %d but expected %d\n",
+               WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(iv));
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    ret = crypto_skcipher_setkey(tfm, k1, sizeof(k1));
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey for %s returned: %d\n",
+               WOLFKM_AESXTS_NAME, ret);
+        goto test_xts_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        ret = PTR_ERR(req);
+        pr_err("error: allocating AES skcipher request %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, p1, sizeof(p1));
+    memset(enc2, 0, sizeof(p1));
+
+    sg_init_one(src, dec2, sizeof(p1));
+    sg_init_one(dst, enc2, sizeof(p1));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(c1, enc2, sizeof(c1));
+    if (ret) {
+        pr_err("error: c1 and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(p1));
+    sg_init_one(src, enc2, sizeof(p1));
+    sg_init_one(dst, dec2, sizeof(p1));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(p1, dec2, sizeof(p1));
+    if (ret) {
+        pr_err("error: p1 and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, pp, sizeof(pp));
+    memset(enc2, 0, sizeof(pp));
+
+    sg_init_one(src, dec2, sizeof(pp));
+    sg_init_one(dst, enc2, sizeof(pp));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(cp, enc2, sizeof(cp));
+    if (ret) {
+        pr_err("error: cp and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(pp));
+    sg_init_one(src, enc2, sizeof(pp));
+    sg_init_one(dst, dec2, sizeof(pp));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(pp, dec2, sizeof(pp));
+    if (ret) {
+        pr_err("error: pp and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    test_xts_end:
+
+    if (enc2)
+        XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
+    if (dec2)
+        XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
+    if (src)
+        XFREE(src, NULL, DYNAMIC_TYPE_AES);
+    if (dst)
+        XFREE(dst, NULL, DYNAMIC_TYPE_AES);
+    if (req)
+        skcipher_request_free(req);
+    if (tfm)
+        crypto_free_skcipher(tfm);
+
+  out:
+
+    if (large_input)
+        XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (aes_inited)
+        wc_AesXtsFree(aes);
+
+    if (buf)
+        XFREE(buf, NULL, DYNAMIC_TYPE_AES);
+    if (cipher)
+        XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
+
+    if (aes)
+        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+
+#undef AES_XTS_128_TEST_BUF_SIZ
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_128 */
+
+#ifdef WOLFSSL_AES_256
+static int aes_xts_256_test(void)
+{
+    XtsAes *aes = NULL;
+    int aes_inited = 0;
+    int ret = 0;
+#define AES_XTS_256_TEST_BUF_SIZ (AES_BLOCK_SIZE * 3)
+    unsigned char *buf = NULL;
+    unsigned char *cipher = NULL;
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+    struct scatterlist *  src = NULL;
+    struct scatterlist *  dst = NULL;
+    struct crypto_skcipher *tfm = NULL;
+    struct skcipher_request *req = NULL;
+    u8 iv[AES_BLOCK_SIZE];
+
+    /* 256 key tests */
+    static const unsigned char k1[] = {
+        0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
+        0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
+        0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
+        0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
+        0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
+        0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
+        0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
+        0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
+    };
+
+    static const unsigned char i1[] = {
+        0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
+        0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
+    };
+
+    static const unsigned char p1[] = {
+        0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
+        0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
+        0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
+        0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
+    };
+
+    static const unsigned char c1[] = {
+        0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
+        0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
+        0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
+        0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
+    };
+
+    /* plain text test of partial block is not from NIST test vector list */
+    static const unsigned char pp[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    static const unsigned char cp[] = {
+        0x65, 0x5e, 0x1d, 0x37, 0x4a, 0x91, 0xe7, 0x6c,
+        0x4f, 0x83, 0x92, 0xbc, 0x5a, 0x10, 0x55, 0x27,
+        0x61, 0x0e, 0x5a, 0xde, 0xca, 0xc5, 0x12, 0xd8
+    };
+
+    static const unsigned char k2[] = {
+        0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
+        0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
+        0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
+        0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
+        0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
+        0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
+        0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
+        0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
+    };
+
+    static const unsigned char i2[] = {
+        0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
+        0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
+    };
+
+    static const unsigned char p2[] = {
+        0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
+        0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
+        0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
+        0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
+        0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
+        0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
+    };
+
+    static const unsigned char c2[] = {
+        0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
+        0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
+        0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
+        0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
+        0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
+        0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
+    };
+
+    if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES))
+        == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    if ((buf = (unsigned char *)XMALLOC(AES_XTS_256_TEST_BUF_SIZ, NULL,
+                                        DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+    if ((cipher = (unsigned char *)XMALLOC(AES_XTS_256_TEST_BUF_SIZ, NULL,
+                                           DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    ret = wc_AesXtsInit(aes, NULL, INVALID_DEVID);
+    if (ret != 0)
+        goto out;
+    else
+        aes_inited = 1;
+
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    /* partial block encryption test */
+    XMEMSET(cipher, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+
+    /* partial block decrypt test */
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(pp, buf, sizeof(pp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    /* NIST decrypt test vector */
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p2, buf, sizeof(p2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    /* now the kernel crypto part */
+
+    enc2 = XMALLOC(sizeof(p1), NULL, DYNAMIC_TYPE_AES);
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dec2 = XMALLOC(sizeof(p1), NULL, DYNAMIC_TYPE_AES);
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    src = XMALLOC(sizeof(*src) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! src) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dst = XMALLOC(sizeof(*dst) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! dst) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESXTS_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        ret = PTR_ERR(tfm);
+        pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
+            ret = -ENOENT;
+            goto test_xts_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_ivsize(tfm);
+    if (ret != sizeof(iv)) {
+        pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()"
+               " returned %d but expected %d\n",
+               WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(iv));
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    ret = crypto_skcipher_setkey(tfm, k1, sizeof(k1));
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey for %s returned: %d\n",
+               WOLFKM_AESXTS_NAME, ret);
+        goto test_xts_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        ret = PTR_ERR(req);
+        pr_err("error: allocating AES skcipher request %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, p1, sizeof(p1));
+    memset(enc2, 0, sizeof(p1));
+
+    sg_init_one(src, dec2, sizeof(p1));
+    sg_init_one(dst, enc2, sizeof(p1));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(c1, enc2, sizeof(c1));
+    if (ret) {
+        pr_err("error: c1 and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(p1));
+    sg_init_one(src, enc2, sizeof(p1));
+    sg_init_one(dst, dec2, sizeof(p1));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), iv);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(p1, dec2, sizeof(p1));
+    if (ret) {
+        pr_err("error: p1 and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, pp, sizeof(pp));
+    memset(enc2, 0, sizeof(pp));
+
+    sg_init_one(src, dec2, sizeof(pp));
+    sg_init_one(dst, enc2, sizeof(pp));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(cp, enc2, sizeof(cp));
+    if (ret) {
+        pr_err("error: cp and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(pp));
+    sg_init_one(src, enc2, sizeof(pp));
+    sg_init_one(dst, dec2, sizeof(pp));
+
+    memcpy(iv, i1, sizeof(iv));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), iv);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(pp, dec2, sizeof(pp));
+    if (ret) {
+        pr_err("error: pp and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    test_xts_end:
+
+    if (enc2)
+        XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
+    if (dec2)
+        XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
+    if (src)
+        XFREE(src, NULL, DYNAMIC_TYPE_AES);
+    if (dst)
+        XFREE(dst, NULL, DYNAMIC_TYPE_AES);
+    if (req)
+        skcipher_request_free(req);
+    if (tfm)
+        crypto_free_skcipher(tfm);
+
+  out:
+
+    if (aes_inited)
+        wc_AesXtsFree(aes);
+
+    if (buf)
+        XFREE(buf, NULL, DYNAMIC_TYPE_AES);
+    if (cipher)
+        XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
+
+    if (aes)
+        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+
+#undef AES_XTS_256_TEST_BUF_SIZ
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_256 */
+
+static int linuxkm_test_aesxts(void) {
+    int ret;
+
+    #ifdef WOLFSSL_AES_128
+    ret = aes_xts_128_test();
+    if (ret != 0) {
+        pr_err("aes_xts_128_test() failed with retval %d.\n", ret);
+        goto out;
+    }
+    #endif
+    #ifdef WOLFSSL_AES_256
+    ret = aes_xts_256_test();
+    if (ret != 0) {
+        pr_err("aes_xts_256_test() failed with retval %d.\n", ret);
+        goto out;
+    }
+    #endif
+
+out:
+
+    return ret;
+}
+
+#endif /* WOLFSSL_AES_XTS &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
+        */
+
+#endif /* !NO_AES */
+
+static int linuxkm_lkcapi_register(void)
+{
+    int ret = 0;
+
+#define REGISTER_ALG(alg, installer, tester) do {                       \
+        if (alg ## _loaded) {                                           \
+            pr_err("ERROR: %s is already registered.\n",                \
+                   (alg).base.cra_driver_name);                         \
+            return -EEXIST;                                             \
+        }                                                               \
+                                                                        \
+        ret =  (installer)(&(alg));                                     \
+                                                                        \
+        if (ret) {                                                      \
+            pr_err("ERROR: " #installer " for %s failed "               \
+                   "with return code %d.\n",                            \
+                   (alg).base.cra_driver_name, ret);                    \
+            return ret;                                                 \
+        }                                                               \
+                                                                        \
+        alg ## _loaded = 1;                                             \
+                                                                        \
+        ret = (tester());                                               \
+                                                                        \
+        if (ret) {                                                      \
+            pr_err("ERROR: self-test for %s failed "                    \
+                   "with return code %d.\n",                            \
+                   (alg).base.cra_driver_name, ret);                    \
+            return ret;                                                 \
+        }                                                               \
+        pr_info("%s self-test OK -- "                                   \
+                "registered for %s with priority %d.\n",                \
+                (alg).base.cra_driver_name,                             \
+                (alg).base.cra_name,                                    \
+                (alg).base.cra_priority);                               \
+    } while (0)
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+    REGISTER_ALG(cbcAesAlg, crypto_register_skcipher, linuxkm_test_aescbc);
+#endif
+
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+    REGISTER_ALG(cfbAesAlg, crypto_register_skcipher, linuxkm_test_aescfb);
+#endif
+
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+    REGISTER_ALG(gcmAesAead, crypto_register_aead, linuxkm_test_aesgcm);
+#endif
+
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+    REGISTER_ALG(xtsAesAlg, crypto_register_skcipher, linuxkm_test_aesxts);
+#endif
+
+#undef REGISTER_ALG
+
+    return 0;
+}
+
+static void linuxkm_lkcapi_unregister(void)
+{
+#define UNREGISTER_ALG(alg, uninstaller) do {                           \
+        if (alg ## _loaded) {                                           \
+            (uninstaller)(&(alg));                                      \
+            alg ## _loaded = 0;                                         \
+        }                                                               \
+    } while (0)
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+    UNREGISTER_ALG(cbcAesAlg, crypto_unregister_skcipher);
+#endif
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+    UNREGISTER_ALG(cfbAesAlg, crypto_unregister_skcipher);
+#endif
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+    UNREGISTER_ALG(gcmAesAead, crypto_unregister_aead);
+#endif
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+    UNREGISTER_ALG(xtsAesAlg, crypto_unregister_skcipher);
+#endif
+
+#undef UNREGISTER_ALG
+}
diff --git a/extra/wolfssl/wolfssl/linuxkm/module_hooks.c b/extra/wolfssl/wolfssl/linuxkm/module_hooks.c
index 5b513374..6030480e 100644
--- a/extra/wolfssl/wolfssl/linuxkm/module_hooks.c
+++ b/extra/wolfssl/wolfssl/linuxkm/module_hooks.c
@@ -20,8 +20,12 @@
  */
 
 #ifndef WOLFSSL_LICENSE
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+#define WOLFSSL_LICENSE "wolfSSL Commercial"
+#else
 #define WOLFSSL_LICENSE "GPL v2"
 #endif
+#endif
 
 #define FIPS_NO_WRAPPERS
 
@@ -43,7 +47,6 @@
 #endif
 #ifndef NO_CRYPT_TEST
     #include <wolfcrypt/test/test.h>
-    #include <linux/delay.h>
 #endif
 
 static int libwolfssl_cleanup(void) {
@@ -67,6 +70,8 @@ static int libwolfssl_cleanup(void) {
 
 #ifdef HAVE_LINUXKM_PIE_SUPPORT
 
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+
 extern int wolfCrypt_PIE_first_function(void);
 extern int wolfCrypt_PIE_last_function(void);
 extern const unsigned int wolfCrypt_PIE_rodata_start[];
@@ -86,6 +91,8 @@ static unsigned int hash_span(char *start, char *end) {
     return sum;
 }
 
+#endif /* DEBUG_LINUXKM_PIE_SUPPORT */
+
 #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
 extern struct wolfssl_linuxkm_pie_redirect_table wolfssl_linuxkm_pie_redirect_table;
 static int set_up_wolfssl_linuxkm_pie_redirect_table(void);
@@ -114,14 +121,13 @@ static int updateFipsHash(void);
 #endif
 
 #ifdef WOLFSSL_LINUXKM_BENCHMARKS
-#undef HAVE_PTHREAD
-#define STRING_USER
-#define NO_MAIN_FUNCTION
-#define current_time benchmark_current_time
-#define WOLFSSL_NO_FLOAT_FMT
-#include "wolfcrypt/benchmark/benchmark.c"
+extern int wolfcrypt_benchmark_main(int argc, char** argv);
 #endif /* WOLFSSL_LINUXKM_BENCHMARKS */
 
+#ifdef LINUXKM_LKCAPI_REGISTER
+    #include "linuxkm/lkcapi_glue.c"
+#endif
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
 static int __init wolfssl_init(void)
 #else
@@ -148,7 +154,7 @@ static int wolfssl_init(void)
         return ret;
 #endif
 
-#ifdef HAVE_LINUXKM_PIE_SUPPORT
+#if defined(HAVE_LINUXKM_PIE_SUPPORT) && defined(DEBUG_LINUXKM_PIE_SUPPORT)
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0)
     /* see linux commit ac3b432839 */
@@ -215,7 +221,7 @@ static int wolfssl_init(void)
                 text_hash, pie_text_end-pie_text_start,
                 rodata_hash, pie_rodata_end-pie_rodata_start);
     }
-#endif /* HAVE_LINUXKM_PIE_SUPPORT */
+#endif /* HAVE_LINUXKM_PIE_SUPPORT && DEBUG_LINUXKM_PIE_SUPPORT */
 
 #ifdef HAVE_FIPS
     ret = wolfCrypt_SetCb_fips(lkmFipsCb);
@@ -235,19 +241,32 @@ static int wolfssl_init(void)
         return -ECANCELED;
     }
 
-    pr_info("wolfCrypt FIPS ["
-
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 3)
-            "ready"
-#elif defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) \
-    && defined(WOLFCRYPT_FIPS_RAND)
-            "140-2 rand"
-#elif defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
-            "140-2"
+    pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup "
+            "self-test succeeded.\n",
+#ifdef HAVE_FIPS_VERSION_MAJOR
+            HAVE_FIPS_VERSION_MAJOR,
+#else
+            HAVE_FIPS_VERSION,
+#endif
+#ifdef HAVE_FIPS_VERSION_MINOR
+            HAVE_FIPS_VERSION_MINOR,
+#else
+            0,
+#endif
+#ifdef HAVE_FIPS_VERSION_PATCH
+            HAVE_FIPS_VERSION_PATCH,
+#else
+            0,
+#endif
+#ifdef HAVE_FIPS_VERSION_PORT
+            "-",
+            HAVE_FIPS_VERSION_PORT
 #else
-            "140"
+            "",
+            ""
 #endif
-            "] POST succeeded.\n");
+        );
+
 #endif /* HAVE_FIPS */
 
 #ifdef WC_RNG_SEED_CB
@@ -283,6 +302,21 @@ static int wolfssl_init(void)
         return -ECANCELED;
     }
     pr_info("wolfCrypt self-test passed.\n");
+#else
+    pr_info("skipping full wolfcrypt_test() "
+            "(configure with --enable-crypttests to enable).\n");
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER
+    ret = linuxkm_lkcapi_register();
+
+    if (ret) {
+        pr_err("linuxkm_lkcapi_register() failed with return code %d.\n", ret);
+        linuxkm_lkcapi_unregister();
+        (void)libwolfssl_cleanup();
+        msleep(10);
+        return -ECANCELED;
+    }
 #endif
 
 #ifdef WOLFSSL_LINUXKM_BENCHMARKS
@@ -322,6 +356,10 @@ static void __exit wolfssl_exit(void)
 static void wolfssl_exit(void)
 #endif
 {
+#ifdef LINUXKM_LKCAPI_REGISTER
+    linuxkm_lkcapi_unregister();
+#endif
+
     (void)libwolfssl_cleanup();
 
     return;
@@ -346,6 +384,22 @@ static int my_preempt_count(void) {
     return preempt_count();
 }
 
+#if defined(WOLFSSL_LINUXKM_SIMD_X86) && defined(WOLFSSL_COMMERCIAL_LICENSE)
+
+/* ditto for fpregs_lock/fpregs_unlock */
+#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+static void my_fpregs_lock(void) {
+    fpregs_lock();
+}
+
+static void my_fpregs_unlock(void) {
+    fpregs_unlock();
+}
+
+#endif /* WOLFSSL_LINUXKM_SIMD_X86 && WOLFSSL_COMMERCIAL_LICENSE */
+
+#endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */
+
 static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     memset(
         &wolfssl_linuxkm_pie_redirect_table,
@@ -355,6 +409,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 #ifndef __ARCH_MEMCMP_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.memcmp = memcmp;
 #endif
+#ifndef CONFIG_FORTIFY_SOURCE
 #ifndef __ARCH_MEMCPY_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.memcpy = memcpy;
 #endif
@@ -364,6 +419,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 #ifndef __ARCH_MEMMOVE_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.memmove = memmove;
 #endif
+#endif /* !CONFIG_FORTIFY_SOURCE */
 #ifndef __ARCH_STRCMP_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.strcmp = strcmp;
 #endif
@@ -395,6 +451,11 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     #else
         wolfssl_linuxkm_pie_redirect_table.printk = printk;
     #endif
+
+#ifdef CONFIG_FORTIFY_SOURCE
+    wolfssl_linuxkm_pie_redirect_table.__warn_printk = __warn_printk;
+#endif
+
     wolfssl_linuxkm_pie_redirect_table.snprintf = snprintf;
 
     wolfssl_linuxkm_pie_redirect_table._ctype = _ctype;
@@ -442,21 +503,28 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     #endif
     wolfssl_linuxkm_pie_redirect_table.nr_cpu_ids = &nr_cpu_ids;
 
-    #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
+    #if defined(CONFIG_SMP) && \
+        (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \
+        !defined(WOLFSSL_COMMERCIAL_LICENSE)
         wolfssl_linuxkm_pie_redirect_table.migrate_disable = &migrate_disable;
         wolfssl_linuxkm_pie_redirect_table.migrate_enable = &migrate_enable;
     #endif
 
 #ifdef WOLFSSL_LINUXKM_SIMD_X86
     wolfssl_linuxkm_pie_redirect_table.irq_fpu_usable = irq_fpu_usable;
-    #ifdef kernel_fpu_begin
-    wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin_mask =
-        kernel_fpu_begin_mask;
-    #else
-    wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin =
-        kernel_fpu_begin;
-    #endif
-    wolfssl_linuxkm_pie_redirect_table.kernel_fpu_end = kernel_fpu_end;
+    #ifdef WOLFSSL_COMMERCIAL_LICENSE
+        wolfssl_linuxkm_pie_redirect_table.fpregs_lock = my_fpregs_lock;
+        wolfssl_linuxkm_pie_redirect_table.fpregs_unlock = my_fpregs_unlock;
+    #else /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */
+        #ifdef kernel_fpu_begin
+        wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin_mask =
+            kernel_fpu_begin_mask;
+        #else
+        wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin =
+            kernel_fpu_begin;
+        #endif
+        wolfssl_linuxkm_pie_redirect_table.kernel_fpu_end = kernel_fpu_end;
+    #endif /* !defined(WOLFSSL_COMMERCIAL_LICENSE) */
 #endif /* WOLFSSL_LINUXKM_SIMD_X86 */
 
 #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
@@ -489,11 +557,15 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     /* runtime assert that the table has no null slots after initialization. */
     {
         unsigned long *i;
+        static_assert(sizeof(unsigned long) == sizeof(void *),
+                      "unexpected pointer size");
         for (i = (unsigned long *)&wolfssl_linuxkm_pie_redirect_table;
              i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot;
              ++i)
             if (*i == 0) {
-                pr_err("wolfCrypt container redirect table initialization was incomplete.\n");
+                pr_err("wolfCrypt container redirect table initialization was "
+                       "incomplete [%lu].\n",
+                       i-(unsigned long *)&wolfssl_linuxkm_pie_redirect_table);
                 return -EFAULT;
             }
     }
@@ -684,11 +756,19 @@ static int updateFipsHash(void)
         }
     }
 
-    if (XMEMCMP(hash, binVerify, WC_SHA256_DIGEST_SIZE) == 0)
+    if (XMEMCMP(hash, binVerify, WC_SHA256_DIGEST_SIZE) == 0) {
+#if defined(DEBUG_LINUXKM_PIE_SUPPORT) || defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
+        pr_info("updateFipsHash: verifyCore already matches [%s]\n", verifyCore);
+#else
         pr_info("updateFipsHash: verifyCore already matches.\n");
-    else {
+#endif
+    } else {
         XMEMCPY(verifyCore, base16_hash, WC_SHA256_DIGEST_SIZE*2 + 1);
+#if defined(DEBUG_LINUXKM_PIE_SUPPORT) || defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
+        pr_info("updateFipsHash: verifyCore updated [%s].\n", base16_hash);
+#else
         pr_info("updateFipsHash: verifyCore updated.\n");
+#endif
     }
 
     ret = 0;
diff --git a/extra/wolfssl/wolfssl/pre-commit.sh b/extra/wolfssl/wolfssl/pre-commit.sh
deleted file mode 100755
index a426d0d3..00000000
--- a/extra/wolfssl/wolfssl/pre-commit.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-#
-#
-# Our "pre-commit" hook.
-
-# save current config
-echo "\n\nSaving current config\n\n"
-cp config.status tmp.status
-cp wolfssl/options.h tmp.options.h
-
-# stash modified files, if any, that are not part of this commit, don't test
-# them
-STASHED=0
-if ! git diff --quiet
-then
-    STASHED=1
-    echo "\n\nStashing modified files not part of commit\n\n"
-    git stash -q --keep-index
-fi
-
-# do the commit tests
-echo "\n\nRunning commit tests...\n\n"
-./commit-tests.sh
-RESULT=$?
-
-# restore modified files not part of this commit
-if test $STASHED -eq 1
-then
-    echo "\n\nPopping stashed modified files not part of commit\n"
-    git stash pop -q
-fi
-
-# restore current config
-echo "\nRestoring current config\n"
-mv tmp.status config.status
-# don't show output in case error from above
-./config.status >/dev/null 2>&1
-mv tmp.options.h wolfssl/options.h
-make clean >/dev/null 2>&1
-make -j 8 >/dev/null 2>&1
-
-[ $RESULT -ne 0 ] && echo "\nOops, your commit failed\n" && exit 1
-
-echo "\nCommit tests passed!\n"
-exit 0
diff --git a/extra/wolfssl/wolfssl/pre-push.sh b/extra/wolfssl/wolfssl/pre-push.sh
deleted file mode 100755
index 2251bd33..00000000
--- a/extra/wolfssl/wolfssl/pre-push.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-#
-#
-# Our "pre-push" hook.
-
-RESULT=0
-
-if [ -d ./fips ];
-then
-    echo "\n\nTesting with FIPS release code...\n\n"
-    ./fips-check.sh
-    RESULT=$?
-    [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
-fi
-
-[ $RESULT -ne 0 ] && echo "\nOops, your push failed\n" && exit 1
-
-echo "\nPush tests passed!\n"
-exit 0
diff --git a/extra/wolfssl/wolfssl/rpm/spec.in b/extra/wolfssl/wolfssl/rpm/spec.in
index b99f3bed..dae98a77 100644
--- a/extra/wolfssl/wolfssl/rpm/spec.in
+++ b/extra/wolfssl/wolfssl/rpm/spec.in
@@ -49,7 +49,6 @@ fi
 %install
 %{__rm} -rf %{buildroot}
 %{__make} install  DESTDIR="%{buildroot}" AM_INSTALL_PROGRAM_FLAGS=""
-mkdir -p $RPM_BUILD_ROOT/
 %{__rm} -f %{buildroot}/%{_libdir}/libwolfssl@LIBSUFFIX@.la
 %{__rm} -f %{buildroot}/%{_libdir}/libwolfssl.a
 
diff --git a/extra/wolfssl/wolfssl/scripts/makedistsmall.sh b/extra/wolfssl/wolfssl/scripts/makedistsmall.sh
index 9c38e568..0b92e1ce 100755
--- a/extra/wolfssl/wolfssl/scripts/makedistsmall.sh
+++ b/extra/wolfssl/wolfssl/scripts/makedistsmall.sh
@@ -62,7 +62,6 @@ rm -rf ./swig
 rm -rf ./tests
 rm -rf ./testsuite
 rm -rf ./tirtos
-rm -rf ./wolfcrypt/user-crypto
 rm -rf ./wrapper
 rm -f -- *.rc *.supp *.ac *.am *.conf *.sh *.cproject *.project *.pl
 rm -f Vagrantfile SCRIPTS-LIST quit input resource.h
diff --git a/extra/wolfssl/wolfssl/scripts/openssl.test b/extra/wolfssl/wolfssl/scripts/openssl.test
index 9bd98e5f..7cbe3833 100755
--- a/extra/wolfssl/wolfssl/scripts/openssl.test
+++ b/extra/wolfssl/wolfssl/scripts/openssl.test
@@ -1143,7 +1143,7 @@ do
                 do_wolfssl_client
                 psk=""
                 adh=""
-                openssl_psk="-psk 0123456789abcdef0123456789abcdef"
+                openssl_psk="-psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
                 open_temp_cases_total=$((open_temp_cases_total + 1))
                 port=$wolfssl_port
                 do_openssl_client
diff --git a/extra/wolfssl/wolfssl/src/bio.c b/extra/wolfssl/wolfssl/src/bio.c
index 85de16dd..2dab43e6 100644
--- a/extra/wolfssl/wolfssl/src/bio.c
+++ b/extra/wolfssl/wolfssl/src/bio.c
@@ -70,16 +70,31 @@ static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len)
  */
 static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
 {
-    int   sz;
+    int   sz1;
+    int   sz2;
     char* pt;
 
-    sz = wolfSSL_BIO_nread(bio, &pt, len);
+    if (buf == NULL || len == 0)
+        return 0;
 
-    if (sz > 0) {
-        XMEMCPY(buf, pt, sz);
+    sz1 = wolfSSL_BIO_nread(bio, &pt, len);
+    if (sz1 > 0) {
+        XMEMCPY(buf, pt, sz1);
+        buf = (char*)buf + sz1;
+        len -= sz1;
+        if (len > 0) {
+            /* try again to see if maybe we wrapped around the ring buffer */
+            sz2 = wolfSSL_BIO_nread(bio, &pt, len);
+            if (sz2 > 0) {
+                XMEMCPY(buf, pt, sz2);
+                sz1 += sz2;
+            }
+        }
     }
+    if (sz1 == 0)
+        sz1 = -1;
 
-    return sz;
+    return sz1;
 }
 
 #ifndef WOLFSSL_BIO_RESIZE_THRESHOLD
@@ -470,7 +485,6 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
 }
 #endif /* WOLFCRYPT_ONLY */
 
-
 /* Writes to a WOLFSSL_BIO_BIO type.
  *
  * returns the amount written on success
@@ -478,27 +492,40 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
 static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
         int len)
 {
-    int   sz;
+    int   sz1;
+    int   sz2;
     char* buf;
 
     WOLFSSL_ENTER("wolfSSL_BIO_BIO_write");
 
     /* adding in sanity checks for static analysis tools */
-    if (bio == NULL || data == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    sz = wolfSSL_BIO_nwrite(bio, &buf, len);
+    if (bio == NULL || data == NULL || len == 0)
+        return 0;
 
-    /* test space for write */
-    if (sz <= 0) {
+    sz1 = wolfSSL_BIO_nwrite(bio, &buf, len);
+    if (sz1 == 0) {
         WOLFSSL_MSG("No room left to write");
-        return sz;
+        return WOLFSSL_BIO_ERROR;
+    }
+    if (sz1 < 0) {
+        WOLFSSL_MSG("Error in wolfSSL_BIO_nwrite");
+        return sz1;
+    }
+    XMEMCPY(buf, data, sz1);
+    data = (char*)data + sz1;
+    len -= sz1;
+
+    if (len > 0) {
+        /* try again to see if maybe we wrapped around the ring buffer */
+        sz2 = wolfSSL_BIO_nwrite(bio, &buf, len);
+        if (sz2 > 0) {
+            XMEMCPY(buf, data, sz2);
+            sz1 += sz2;
+        }
     }
 
-    XMEMCPY(buf, data, sz);
 
-    return sz;
+    return sz1;
 }
 
 
@@ -907,7 +934,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
                 char* c;
                 int   cSz;
                 cSz = wolfSSL_BIO_nread0(bio, &c);
-                if (cSz == 0) {
+                if (cSz <= 0) {
                     ret = 0; /* Nothing to read */
                     buf[0] = '\0';
                     break;
@@ -1297,7 +1324,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
 
     if (bio == NULL || buf == NULL) {
         WOLFSSL_MSG("NULL argument passed in");
-        return 0;
+        return -2;
     }
 
     /* if paired read from pair */
@@ -1314,7 +1341,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
         }
     }
 
-    return 0;
+    return -2;
 }
 
 
@@ -1343,7 +1370,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
 
         /* get amount able to read and set buffer pointer */
         sz = wolfSSL_BIO_nread0(bio, buf);
-        if (sz == 0) {
+        if (sz < 0) {
             return WOLFSSL_BIO_ERROR;
         }
 
diff --git a/extra/wolfssl/wolfssl/src/crl.c b/extra/wolfssl/wolfssl/src/crl.c
index 9c847b8c..3e61ec95 100644
--- a/extra/wolfssl/wolfssl/src/crl.c
+++ b/extra/wolfssl/wolfssl/src/crl.c
@@ -69,9 +69,9 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
     crl->cm = cm;
     crl->crlList  = NULL;
     crl->currentEntry = NULL;
+#ifdef HAVE_CRL_MONITOR
     crl->monitors[0].path = NULL;
     crl->monitors[1].path = NULL;
-#ifdef HAVE_CRL_MONITOR
     crl->tid = INVALID_THREAD_VAL;
     crl->mfd = WOLFSSL_CRL_MFD_INIT_VAL;
     crl->setup = 0; /* thread setup done predicate */
@@ -149,6 +149,23 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
             crle->toBeSigned = NULL;
             return -1;
         }
+
+    #ifdef WC_RSA_PSS
+        crle->sigParamsSz = dcrl->sigParamsLength;
+        if (dcrl->sigParamsLength > 0) {
+            crle->sigParams = (byte*)XMALLOC(crle->sigParamsSz, heap,
+                                             DYNAMIC_TYPE_CRL_ENTRY);
+            if (crle->sigParams== NULL) {
+                XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+                crle->toBeSigned = NULL;
+                XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
+                crle->signature = NULL;
+                return -1;
+            }
+            XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex,
+                crle->sigParamsSz);
+        }
+    #endif
         XMEMCPY(crle->toBeSigned, buff + dcrl->certBegin, crle->tbsSz);
         XMEMCPY(crle->signature, dcrl->signature, crle->signatureSz);
     #ifndef NO_SKID
@@ -206,6 +223,10 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
         XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
     if (crle->toBeSigned != NULL)
         XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+#ifdef WC_RSA_PSS
+    if (crle->sigParams != NULL)
+        XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY);
+#endif
 #if defined(OPENSSL_EXTRA)
     if (crle->issuer != NULL) {
         FreeX509Name(crle->issuer);
@@ -228,11 +249,13 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
 
     tmp = crl->crlList;
     WOLFSSL_ENTER("FreeCRL");
+#ifdef HAVE_CRL_MONITOR
     if (crl->monitors[0].path)
         XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
 
     if (crl->monitors[1].path)
         XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
+#endif
 
     XFREE(crl->currentEntry, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
     crl->currentEntry = NULL;
@@ -337,13 +360,20 @@ static int VerifyCRLE(const WOLFSSL_CRL* crl, CRL_Entry* crle)
     }
 
     ret = VerifyCRL_Signature(&sigCtx, crle->toBeSigned, crle->tbsSz,
-            crle->signature, crle->signatureSz, crle->signatureOID, ca,
-            crl->heap);
+            crle->signature, crle->signatureSz, crle->signatureOID,
+        #ifdef WC_RSA_PSS
+            crle->sigParams, crle->sigParamsSz,
+        #else
+            NULL, 0,
+        #endif
+            ca, crl->heap);
 
-    if (ret == 0)
+    if (ret == 0) {
         crle->verified = 1;
-    else
+    }
+    else {
         crle->verified = ret;
+    }
 
     return ret;
 }
@@ -461,7 +491,8 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
     /* if not find entry in the CRL list, it looks at the folder that sets  */
     /* by LOOKUP_ctrl because user would want to use hash_dir.              */
     /* Loading <issuer-hash>.rN form CRL file if find at the folder,        */
@@ -735,18 +766,35 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
                                           DYNAMIC_TYPE_CRL_ENTRY);
         dupl->signature = (byte*)XMALLOC(dupl->signatureSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
-        if (dupl->toBeSigned == NULL || dupl->signature == NULL) {
+    #ifdef WC_RSA_PSS
+        dupl->sigParams = (byte*)XMALLOC(dupl->sigParamsSz, heap,
+                                         DYNAMIC_TYPE_CRL_ENTRY);
+    #endif
+        if (dupl->toBeSigned == NULL || dupl->signature == NULL
+        #ifdef WC_RSA_PSS
+            || dupl->sigParams == NULL
+        #endif
+        ) {
             CRL_Entry_free(dupl, heap);
             return NULL;
         }
         XMEMCPY(dupl->toBeSigned, ent->toBeSigned, dupl->tbsSz);
         XMEMCPY(dupl->signature, ent->signature, dupl->signatureSz);
+    #ifdef WC_RSA_PSS
+        if (dupl->sigParamsSz > 0) {
+            XMEMCPY(dupl->sigParams, ent->sigParams, dupl->sigParamsSz);
+        }
+    #endif
     }
     else {
         dupl->toBeSigned = NULL;
         dupl->tbsSz = 0;
         dupl->signature = NULL;
         dupl->signatureSz = 0;
+#ifdef WC_RSA_PSS
+        dupl->sigParams = NULL;
+        dupl->sigParamsSz = 0;
+#endif
 #if !defined(NO_SKID) && !defined(NO_ASN)
         dupl->extAuthKeyIdSet = 0;
 #endif
@@ -794,6 +842,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
         return BAD_FUNC_ARG;
     }
 
+#ifdef HAVE_CRL_MONITOR
     if (crl->monitors[0].path) {
         int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1;
         dupl->monitors[0].path = (char*)XMALLOC(pathSz, dupl->heap,
@@ -821,6 +870,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
             return MEMORY_E;
         }
     }
+#endif
 
     dupl->crlList = DupCRL_list(crl->crlList, dupl->heap);
 #ifdef HAVE_CRL_IO
diff --git a/extra/wolfssl/wolfssl/src/dtls.c b/extra/wolfssl/wolfssl/src/dtls.c
index fceeedbe..aecd2605 100644
--- a/extra/wolfssl/wolfssl/src/dtls.c
+++ b/extra/wolfssl/wolfssl/src/dtls.c
@@ -114,6 +114,7 @@ int DtlsIgnoreError(int err)
     case SOCKET_ERROR_E:
     case WANT_READ:
     case WANT_WRITE:
+    case COOKIE_ERROR:
         return 0;
     default:
         return 1;
@@ -207,6 +208,13 @@ static int CreateDtls12Cookie(const WOLFSSL* ssl, const WolfSSL_CH* ch,
 {
     int ret;
     Hmac cookieHmac;
+
+    if (ssl->buffers.dtlsCookieSecret.buffer == NULL ||
+            ssl->buffers.dtlsCookieSecret.length == 0) {
+        WOLFSSL_MSG("Missing DTLS 1.2 cookie secret");
+        return COOKIE_ERROR;
+    }
+
     ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, DTLS_COOKIE_TYPE,
diff --git a/extra/wolfssl/wolfssl/src/dtls13.c b/extra/wolfssl/wolfssl/src/dtls13.c
index 3591d67b..86e5fb8b 100644
--- a/extra/wolfssl/wolfssl/src/dtls13.c
+++ b/extra/wolfssl/wolfssl/src/dtls13.c
@@ -262,6 +262,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
         return wc_AesEncryptDirect(c->aes, mask, ciphertext);
 #else
         wc_AesEncryptDirect(c->aes, mask, ciphertext);
+        return 0;
 #endif
     }
 #endif /* HAVE_AESGCM || HAVE_AESCCM */
diff --git a/extra/wolfssl/wolfssl/src/include.am b/extra/wolfssl/wolfssl/src/include.am
index a69822ff..b89618b0 100644
--- a/extra/wolfssl/wolfssl/src/include.am
+++ b/extra/wolfssl/wolfssl/src/include.am
@@ -32,25 +32,11 @@ if !BUILD_NO_LIBRARY
 lib_LTLIBRARIES+= src/libwolfssl@LIBSUFFIX@.la
 endif
 src_libwolfssl@LIBSUFFIX@_la_SOURCES =
-src_libwolfssl@LIBSUFFIX@_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${WOLFSSL_LIBRARY_VERSION}
+src_libwolfssl@LIBSUFFIX@_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-number ${WOLFSSL_LIBRARY_VERSION}
 src_libwolfssl@LIBSUFFIX@_la_LIBADD = $(LIBM) $(LIB_ADD) $(LIB_STATIC_ADD)
 src_libwolfssl@LIBSUFFIX@_la_CFLAGS = -DBUILDING_WOLFSSL $(AM_CFLAGS) -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(EXTRA_CFLAGS)\""
 src_libwolfssl@LIBSUFFIX@_la_CPPFLAGS = -DBUILDING_WOLFSSL $(AM_CPPFLAGS)
 
-# install the packaged IPP libraries
-if BUILD_FAST_RSA
-
-# Link needed IPP libraries
-noinst_SCRIPTS+=IPP_links
-IPP_links:
-	@$(IPPLINK)
-
-ippdir = $(libdir)
-ipp_DATA = $(IPPLIBS)
-
-include_HEADERS+=$(IPPHEADERS)
-endif # BUILD_FAST_RSA
-
 if BUILD_FIPS
 
 if BUILD_FIPS_V2
@@ -93,23 +79,29 @@ if BUILD_SHA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c
 endif
 
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256_asm.S
 endif
+endif
 
 if BUILD_SHA512
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
 endif
 endif
+endif
 
 if BUILD_SHA3
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
 endif
+endif
 
 if BUILD_DH
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dh.c
@@ -216,9 +208,11 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256_asm.S
 endif BUILD_INTELASM
+endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
 
@@ -244,9 +238,11 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
 endif BUILD_INTELASM
+endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
 endif BUILD_SHA512
@@ -260,10 +256,12 @@ else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
 endif
+endif
 
 if BUILD_DH
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dh.c
@@ -342,9 +340,11 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-a
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
 endif !BUILD_ARMASM_INLINE
 else
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256_asm.S
 endif BUILD_INTELASM
+endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
 endif !BUILD_FIPS_CURRENT
@@ -370,17 +370,11 @@ if BUILD_ASYNCCRYPT
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/async.c
 endif
 
-if !BUILD_USER_RSA
 if BUILD_RSA
-if BUILD_FAST_RSA
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/user-crypto/src/rsa.c
-else
 if !BUILD_FIPS_CURRENT
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rsa.c
 endif !BUILD_FIPS_CURRENT
 endif
-endif
-endif
 
 if BUILD_RC2
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rc2.c
@@ -493,9 +487,11 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
 endif BUILD_INTELASM
+endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
 endif BUILD_SHA512
@@ -511,10 +507,12 @@ else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
 endif
+endif
 endif !BUILD_FIPS_CURRENT
 
 if !BUILD_FIPS_CURRENT
@@ -555,9 +553,11 @@ endif !BUILD_FIPS_CURRENT
 if !BUILD_FIPS_CURRENT
 if BUILD_SM3
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sm3.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sm3_asm.S
 endif
+endif
 endif BUILD_SM3
 endif !BUILD_FIPS_CURRENT
 
@@ -622,10 +622,12 @@ if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c
 endif
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/poly1305.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/poly1305_asm.S
 endif
 endif
+endif
 
 if BUILD_RC4
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/arc4.c
@@ -684,10 +686,12 @@ if BUILD_ARMASM_NEON
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S
 endif
 endif
+endif
 if BUILD_POLY1305
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c
 endif
@@ -722,18 +726,22 @@ if !BUILD_FIPS_CURRENT
 if BUILD_WC_KYBER
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S
 endif
 endif
 endif
+endif
 
 if BUILD_WC_LMS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms_impl.c
 endif
 
 if BUILD_WC_XMSS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss_impl.c
 endif
 
 if BUILD_CURVE25519
@@ -749,7 +757,9 @@ if BUILD_CURVE25519_SMALL
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_low_mem.c
 else
 if BUILD_INTELASM
+if !BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
+endif !BUILD_X86_ASM
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_NEON
@@ -785,7 +795,9 @@ else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_operations.c
 if !BUILD_FEMATH
 if BUILD_INTELASM
+if !BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
+endif !BUILD_X86_ASM
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_NEON
@@ -835,6 +847,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/falcon.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sphincs.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_kyber.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c
 endif
 
 if BUILD_LIBLMS
@@ -900,6 +913,9 @@ endif
 
 endif !BUILD_CRYPTONLY
 
+if BUILD_XILINX
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/xilinx/xil-aesgcm.c
+endif
 
 endif !BUILD_FIPS_RAND
 
@@ -907,3 +923,4 @@ if BUILD_ARIA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c
 endif
+
diff --git a/extra/wolfssl/wolfssl/src/internal.c b/extra/wolfssl/wolfssl/src/internal.c
index 2274ab7e..d889f337 100644
--- a/extra/wolfssl/wolfssl/src/internal.c
+++ b/extra/wolfssl/wolfssl/src/internal.c
@@ -1254,7 +1254,7 @@ static int ExportOptions(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
     exp[idx++] = 0;
 #endif
 #ifdef HAVE_ANON
-    exp[idx++] = options->haveAnon;
+    exp[idx++] = options->useAnon;
 #else
     exp[idx++] = 0;
 #endif
@@ -1459,7 +1459,7 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
     idx++;
 #endif
 #ifdef HAVE_ANON
-    options->haveAnon = exp[idx++];     /* User wants to allow Anon suites */
+    options->useAnon = exp[idx++];     /* User wants to allow Anon suites */
 #else
     idx++;
 #endif
@@ -2585,6 +2585,12 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
         ForceZero(ctx->privateKey->buffer, ctx->privateKey->length);
     }
     FreeDer(&ctx->privateKey);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (ctx->altPrivateKey != NULL && ctx->altPrivateKey->buffer != NULL) {
+        ForceZero(ctx->altPrivateKey->buffer, ctx->altPrivateKey->length);
+    }
+    FreeDer(&ctx->altPrivateKey);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef OPENSSL_ALL
     wolfSSL_EVP_PKEY_free(ctx->privateKeyPKey);
 #endif
@@ -4575,6 +4581,12 @@ void FreeX509(WOLFSSL_X509* x509)
         x509->altNames = NULL;
     }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    XFREE(x509->sapkiDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+    XFREE(x509->altSigAlgDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+    XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
         wolfSSL_RefFree(&x509->ref);
     #endif
@@ -4644,7 +4656,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
 static void SetDigest(WOLFSSL* ssl, int hashAlgo)
 {
     switch (hashAlgo) {
-    #ifndef NO_SHA
+    #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
+                              defined(WOLFSSL_ALLOW_TLS_SHA1))
         case sha_mac:
             ssl->options.dontFreeDigest = 1;
             ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
@@ -6396,7 +6409,7 @@ void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx)
     havePSK = ctx->havePSK;
 #endif /* NO_PSK */
 #ifdef HAVE_ANON
-    haveAnon = ctx->haveAnon;
+    haveAnon = ctx->useAnon;
 #endif /* HAVE_ANON*/
 #ifndef NO_CERTS
     keySz = ctx->privateKeySz;
@@ -6429,7 +6442,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
 #endif /* NO_PSK */
 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
 #ifdef HAVE_ANON
-    haveAnon = (byte)ssl->options.haveAnon;
+    haveAnon = (byte)ssl->options.useAnon;
 #endif /* HAVE_ANON*/
 #ifdef WOLFSSL_MULTICAST
     haveMcast = (byte)ssl->options.haveMcast;
@@ -6459,7 +6472,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
                 havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
                 ssl->options.haveECC, ssl->options.haveStaticECC,
                 ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                ssl->options.haveAnon, ssl->options.side);
+                ssl->options.useAnon, ssl->options.side);
     }
 
 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
@@ -6679,7 +6692,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
 
 #ifdef HAVE_ANON
-    ssl->options.haveAnon = ctx->haveAnon;
+    ssl->options.useAnon = ctx->useAnon;
 #endif
 #ifndef NO_DH
     ssl->options.minDhKeySz = ctx->minDhKeySz;
@@ -6747,6 +6760,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.keyLabel = ctx->privateKeyLabel;
     ssl->buffers.keySz    = ctx->privateKeySz;
     ssl->buffers.keyDevId = ctx->privateKeyDevId;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    ssl->buffers.altKey     = ctx->altPrivateKey;
+    ssl->buffers.altKeySz   = ctx->altPrivateKeySz;
+    ssl->buffers.altKeyType = ctx->altPrivateKeyType;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #endif
 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
                ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \
@@ -6839,8 +6857,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
     }
     XMEMSET(ssl->hsHashes, 0, sizeof(HS_Hashes));
 
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
+#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
     ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
     if (ret != 0)
         return ret;
@@ -6848,7 +6865,8 @@ int InitHandshakeHashes(WOLFSSL* ssl)
         wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
     #endif
 #endif
-#ifndef NO_SHA
+#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
+                          defined(WOLFSSL_ALLOW_TLS_SHA1))
     ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
     if (ret != 0)
         return ret;
@@ -6856,7 +6874,6 @@ int InitHandshakeHashes(WOLFSSL* ssl)
         wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
     #endif
 #endif
-#endif /* !NO_OLD_TLS */
 #ifndef NO_SHA256
     ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
     if (ret != 0)
@@ -6896,14 +6913,13 @@ int InitHandshakeHashes(WOLFSSL* ssl)
 void FreeHandshakeHashes(WOLFSSL* ssl)
 {
     if (ssl->hsHashes) {
-#ifndef NO_OLD_TLS
-    #ifndef NO_MD5
+    #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
         wc_Md5Free(&ssl->hsHashes->hashMd5);
     #endif
-    #ifndef NO_SHA
+    #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
+                              defined(WOLFSSL_ALLOW_TLS_SHA1))
         wc_ShaFree(&ssl->hsHashes->hashSha);
     #endif
-#endif /* !NO_OLD_TLS */
     #ifndef NO_SHA256
         wc_Sha256Free(&ssl->hsHashes->hashSha256);
     #endif
@@ -7389,6 +7405,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     /* all done with init, now can return errors, call other stuff */
     if ((ret = ReinitSSL(ssl, ctx, writeDup)) != 0) {
+        WOLFSSL_MSG_EX("ReinitSSL failed. err = %d", ret);
         return ret;
     }
 
@@ -7422,6 +7439,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         && ret != NO_PRIVATE_KEY
 #endif
         ) {
+        WOLFSSL_MSG_EX("SetSSL_CTX failed. err = %d", ret);
         return ret;
     }
     ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
@@ -7435,20 +7453,21 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     /* hsHashes */
     ret = InitHandshakeHashes(ssl);
-    if (ret != 0)
+    if (ret != 0) {
+        WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret);
         return ret;
+    }
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
     if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
-        if (!IsAtLeastTLSv1_3(ssl->version)) {
-                ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
-                if (ret != 0) {
-                    WOLFSSL_MSG("DTLS Cookie Secret error");
-                    return ret;
-                }
+        /* Initialize both in case we allow downgrading. */
+        ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
+        if (ret != 0) {
+            WOLFSSL_MSG("DTLS Cookie Secret error");
+            return ret;
         }
 #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
-        else {
+        if (IsAtLeastTLSv1_3(ssl->version)) {
             ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0);
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("DTLS1.3 Cookie secret error");
@@ -7478,10 +7497,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     ssl->session = wolfSSL_NewSession(ssl->heap);
     if (ssl->session == NULL) {
-        WOLFSSL_MSG("SSL Session Memory error");
+        WOLFSSL_MSG_EX("SSL Session Memory error. wolfSSL_NewSession "
+                       "err = %d", ret);
         return MEMORY_E;
     }
-
 #ifdef HAVE_SESSION_TICKET
     ssl->options.noTicketTls12 = ctx->noTicketTls12;
 #endif
@@ -7554,7 +7573,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     defined(WOLFSSL_SSLKEYLOGFILE) && defined(WOLFSSL_TLS13)
     (void)wolfSSL_set_tls13_secret_cb(ssl, tls13ShowSecrets, NULL);
 #endif
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    ssl->sigSpec = ctx->sigSpec;
+    ssl->sigSpecSz = ctx->sigSpecSz;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+    /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */
+    WOLFSSL_MSG_EX("InitSSL done. return 0 (success)");
     return 0;
 }
 
@@ -7788,13 +7812,13 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
     #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         case DYNAMIC_TYPE_FALCON:
-            wc_falcon_init((falcon_key*)*pKey);
+            wc_falcon_init_ex((falcon_key*)*pKey, ssl->heap, ssl->devId);
             ret = 0;
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
         case DYNAMIC_TYPE_DILITHIUM:
-            wc_dilithium_init((dilithium_key*)*pKey);
+            wc_dilithium_init_ex((dilithium_key*)*pKey, ssl->heap, ssl->devId);
             ret = 0;
             break;
     #endif /* HAVE_DILITHIUM */
@@ -7935,6 +7959,9 @@ void FreeKeyExchange(WOLFSSL* ssl)
 
     /* Free handshake key */
     FreeKey(ssl, ssl->hsType, &ssl->hsKey);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    FreeKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
 #ifndef NO_DH
     /* Free temp DH key */
@@ -8303,6 +8330,9 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     wolfSSL_CTX_free(ssl->initial_ctx);
     ssl->initial_ctx = NULL;
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    XFREE(ssl->peerSigSpec, ssl->heap, DYNAMIC_TYPE_TLSX);
+#endif
 }
 
 /* Free any handshake resources no longer needed */
@@ -9836,14 +9866,13 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
     }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
-#ifndef NO_OLD_TLS
-    #ifndef NO_SHA
-        wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz);
-    #endif
-    #ifndef NO_MD5
-        wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz);
-    #endif
-#endif /* NO_OLD_TLS */
+#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
+                          defined(WOLFSSL_ALLOW_TLS_SHA1))
+    wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz);
+#endif
+#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
+    wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz);
+#endif
 
     if (IsAtLeastTLSv1_2(ssl)) {
     #ifndef NO_SHA256
@@ -10973,18 +11002,11 @@ int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz)
 {
     int ret = 0;
 #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
-    byte version_negotiated = 0;
-
-    WOLFSSL_ENTER("EarlySanityCheckMsgReceived");
-
-#ifdef WOLFSSL_DTLS
     /* Version has only been negotiated after we either send or process a
      * ServerHello message */
-    if (ssl->options.dtls)
-        version_negotiated = ssl->options.serverState >= SERVER_HELLO_COMPLETE;
-    else
-#endif
-        version_negotiated = 1;
+    byte version_negotiated = ssl->options.serverState >= SERVER_HELLO_COMPLETE;
+
+    WOLFSSL_ENTER("EarlySanityCheckMsgReceived");
 
     if (version_negotiated)
         ret = MsgCheckEncryption(ssl, type, ssl->keys.decryptedCur == 1);
@@ -11454,7 +11476,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     if (ret == 0)
         ret = wc_Md5Update(md5, sender, SIZEOF_SENDER);
     if (ret == 0)
-        ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
+        ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
     if (ret == 0)
         ret = wc_Md5Update(md5, PAD1, PAD_MD5);
     if (ret == 0)
@@ -11464,7 +11486,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     if (ret == 0) {
         ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
         if (ret == 0) {
-            ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
+            ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
             if (ret == 0)
                 ret = wc_Md5Update(md5, PAD2, PAD_MD5);
             if (ret == 0)
@@ -11500,7 +11522,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     if (ret == 0)
         ret = wc_ShaUpdate(sha, sender, SIZEOF_SENDER);
     if (ret == 0)
-        ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
+        ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
     if (ret == 0)
         ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
     if (ret == 0)
@@ -11510,7 +11532,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     if (ret == 0) {
         ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
         if (ret == 0) {
-            ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
+            ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
             if (ret == 0)
                 ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
             if (ret == 0)
@@ -12937,6 +12959,30 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
     x509->pkCurveOID = dCert->pkCurveOID;
 #endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Copy over alternative sig and pubkey. In this case we will allocate new
+     * buffers for them as we have no knowledge of when the DecodedCert is
+     * freed. */
+    x509->sapkiDer = (byte*)XMALLOC(dCert->sapkiLen, x509->heap,
+                                    DYNAMIC_TYPE_X509_EXT);
+    x509->altSigAlgDer = (byte*)XMALLOC(dCert->altSigAlgLen, x509->heap,
+                                        DYNAMIC_TYPE_X509_EXT);
+    x509->altSigValDer = (byte*)XMALLOC(dCert->altSigValLen, x509->heap,
+                                        DYNAMIC_TYPE_X509_EXT);
+    if ((x509->sapkiDer != NULL) && (x509->altSigAlgDer != NULL) &&
+        (x509->altSigValDer != NULL)) {
+        XMEMCPY(x509->sapkiDer, dCert->sapkiDer, dCert->sapkiLen);
+        XMEMCPY(x509->altSigAlgDer, dCert->altSigAlgDer, dCert->altSigAlgLen);
+        XMEMCPY(x509->altSigValDer, dCert->altSigValDer, dCert->altSigValLen);
+        x509->sapkiLen = dCert->sapkiLen;
+        x509->altSigAlgLen = dCert->altSigAlgLen;
+        x509->altSigValLen = dCert->altSigValLen;
+    }
+    else {
+        ret = MEMORY_E;
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     return ret;
 }
 
@@ -13529,7 +13575,8 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
 }
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
 /* load certificate file which has the form <hash>.(r)N[0..N]       */
 /* in the folder.                                                   */
 /* (r), in the case of CRL file                                     */
@@ -13883,6 +13930,39 @@ PRAGMA_GCC_DIAG_POP
         alreadySigner = AlreadySigner(SSL_CM(ssl), subjectHash);
     }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if ((ret == 0) && (args->dCert->sapkiDer != NULL)) {
+#ifndef WOLFSSL_SMALL_STACK
+        byte der[MAX_CERT_VERIFY_SZ];
+#else
+        byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, ssl->heap,
+                                   DYNAMIC_TYPE_DCERT);
+        if (der == NULL) {
+            ret = MEMORY_E;
+        }
+#endif /* ! WOLFSSL_SMALL_STACK */
+
+        if (ret == 0) {
+            ret = wc_GeneratePreTBS(args->dCert, der, MAX_CERT_VERIFY_SZ);
+
+            if (ret > 0) {
+                ret = wc_ConfirmAltSignature(der, ret,
+                    args->dCert->sapkiDer, args->dCert->sapkiLen,
+                    args->dCert->sapkiOID,
+                    args->dCert->altSigValDer, args->dCert->altSigValLen,
+                    args->dCert->altSigAlgOID, ssl->heap);
+            }
+#ifdef WOLFSSL_SMALL_STACK
+            XFREE(der, ssl->heap, DYNAMIC_TYPE_DCERT);
+#endif /* WOLFSSL_SMALL_STACK */
+
+            if (ret == 0) {
+               WOLFSSL_MSG("Alternative signature has been verified!");
+            }
+        }
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 #ifdef WOLFSSL_SMALL_CERT_VERIFY
     /* get signature check failures from above */
     if (ret == 0)
@@ -14406,7 +14486,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         &subjectHash, &alreadySigner);
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
                     if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) {
                         WOLFSSL_MSG("try to load certificate if hash dir is set");
                         ret = LoadCertByIssuer(SSL_STORE(ssl),
@@ -14692,7 +14773,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         &subjectHash, &alreadySigner);
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
                     if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) {
                         int lastErr = ret; /* save error from last time */
                         WOLFSSL_MSG("try to load certificate if hash dir is set");
@@ -20660,8 +20742,10 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
 #endif
 
     ret = RetrySendAlert(ssl);
-    if (ret != 0)
+    if (ret != 0) {
+        WOLFSSL_MSG_EX("RetrySendAlert failed, giving up. err = %d", ret);
         return ret;
+    }
 
     for (;;) {
         switch (ssl->options.processReply) {
@@ -21162,11 +21246,11 @@ default:
                 ssl->keys.decryptedCur = 1;
 #ifdef WOLFSSL_TLS13
                 if (ssl->options.tls1_3) {
-                    /* end of plaintext */
-                    word16 i = (word16)(ssl->buffers.inputBuffer.idx +
-                                 ssl->curSize - ssl->specs.aead_mac_size);
-
-                    if (i > ssl->buffers.inputBuffer.length) {
+                    word32 i = (ssl->buffers.inputBuffer.idx +
+                        ssl->curSize - ssl->specs.aead_mac_size);
+                    /* check that the end of the logical length doesn't extend
+                     * past the real buffer */
+                    if (i > ssl->buffers.inputBuffer.length || i == 0) {
                         WOLFSSL_ERROR(BUFFER_ERROR);
                         return BUFFER_ERROR;
                     }
@@ -21992,7 +22076,8 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
     int ret;
     byte md5_result[WC_MD5_DIGEST_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
-    wc_Md5* md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
+    wc_Md5* md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), ssl->heap,
+        DYNAMIC_TYPE_HASHCTX);
 #else
     wc_Md5  md5[1];
 #endif
@@ -22000,7 +22085,7 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
     /* make md5 inner */
     ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */
     if (ret == 0)
-        ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
+        ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
     if (ret == 0)
         ret = wc_Md5Update(md5, PAD1, PAD_MD5);
     if (ret == 0)
@@ -22030,13 +22115,14 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
 #endif /* !NO_MD5 && !NO_OLD_TLS */
 
 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
-                              defined(WOLFSSL_ALLOW_TLS_SHA1))
+                          defined(WOLFSSL_ALLOW_TLS_SHA1))
 static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
 {
     int ret;
     byte sha_result[WC_SHA_DIGEST_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
-    wc_Sha* sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
+    wc_Sha* sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), ssl->heap,
+        DYNAMIC_TYPE_HASHCTX);
 #else
     wc_Sha  sha[1];
 #endif
@@ -22044,7 +22130,7 @@ static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
     /* make sha inner */
     ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
     if (ret == 0)
-        ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
+        ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
     if (ret == 0)
         ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
     if (ret == 0)
@@ -22054,7 +22140,7 @@ static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
     if (ret == 0) {
         ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
         if (ret == 0) {
-            ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
+            ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret, SECRET_LEN);
             if (ret == 0)
                 ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
             if (ret == 0)
@@ -22085,7 +22171,8 @@ int BuildCertHashes(const WOLFSSL* ssl, Hashes* hashes)
         if (ret != 0)
             return ret;
     #endif
-    #if !defined(NO_SHA)
+    #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
+                              defined(WOLFSSL_ALLOW_TLS_SHA1))
         ret = wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
         if (ret != 0)
             return ret;
@@ -23943,13 +24030,62 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
                 ssl->keys.sequence_number_lo);
     }
 
-    if (w64GTE(seq, limit))
+    if (w64GTE(seq, limit)) { /* cppcheck-suppress uninitvar
+                               * (false positive from cppcheck-2.13.0)
+                               */
         return Tls13UpdateKeys(ssl); /* Need to generate new keys */
+    }
 
     return 0;
 }
 #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */
 
+/**
+ * ssl_in_handshake():
+ * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is
+ * needed in the handshake.
+ *
+ * In TLSv1.2 negotiate until the end of the handshake, unless:
+ * 1 in SCR and sending data or
+ * 2 in SCR and we have plain data ready
+ * Early data logic may bypass this logic in TLSv1.3 when appropriate.
+ */
+static int ssl_in_handshake(WOLFSSL *ssl, int send)
+{
+    if (IsSCR(ssl)) {
+        if (send) {
+            /* allow sending data in SCR */
+            return 0;
+        } else {
+            /* allow reading buffered data in SCR */
+            if (ssl->buffers.clearOutputBuffer.length != 0)
+                return 0;
+        }
+        return 1;
+    }
+
+    if (ssl->options.handShakeState != HANDSHAKE_DONE)
+        return 1;
+
+    if (ssl->options.side == WOLFSSL_SERVER_END) {
+        if (IsAtLeastTLSv1_3(ssl->version))
+            return ssl->options.acceptState < TLS13_TICKET_SENT;
+        if (IsAtLeastTLSv1_2(ssl))
+            return ssl->options.acceptState < ACCEPT_THIRD_REPLY_DONE;
+        return 0;
+    }
+
+    if (ssl->options.side == WOLFSSL_CLIENT_END) {
+        if (IsAtLeastTLSv1_3(ssl->version))
+            return ssl->options.connectState < FINISHED_DONE;
+        if (IsAtLeastTLSv1_2(ssl))
+            return ssl->options.connectState < SECOND_REPLY_DONE;
+        return 0;
+    }
+
+    return 0;
+}
+
 int SendData(WOLFSSL* ssl, const void* data, int sz)
 {
     int sent = 0,  /* plainText size */
@@ -23981,7 +24117,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
     }
 
 #ifdef WOLFSSL_EARLY_DATA
-    if (ssl->earlyData != no_early_data) {
+    if (ssl->options.side == WOLFSSL_CLIENT_END &&
+            ssl->earlyData != no_early_data &&
+            ssl->earlyData != done_early_data) {
         if (ssl->options.handShakeState == HANDSHAKE_DONE) {
             WOLFSSL_MSG("handshake complete, trying to send early data");
             ssl->error = BUILD_MSG_ERROR;
@@ -23999,7 +24137,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
     }
     else
 #endif
-    if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
+    if (ssl_in_handshake(ssl, 1)) {
         int err;
         WOLFSSL_MSG("handshake not complete, trying to finish");
         if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
@@ -24075,7 +24213,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
                 return ssl->error = BAD_STATE_E;
 
 #ifdef WOLFSSL_EARLY_DATA
-            isEarlyData = ssl->earlyData != no_early_data;
+            isEarlyData = ssl->options.side == WOLFSSL_CLIENT_END &&
+                    ssl->earlyData != no_early_data &&
+                    ssl->earlyData != done_early_data;
 #endif
 
             if (isEarlyData) {
@@ -24243,24 +24383,13 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
     }
 
 #ifdef WOLFSSL_EARLY_DATA
-    if (ssl->earlyData != no_early_data) {
+    if (ssl->options.side == WOLFSSL_SERVER_END &&
+          ssl->earlyData > early_data_ext && ssl->earlyData < done_early_data) {
     }
     else
 #endif
     {
-        int negotiate = 0;
-#ifdef HAVE_SECURE_RENEGOTIATION
-        if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
-            if (ssl->options.handShakeState != HANDSHAKE_DONE
-                && ssl->buffers.clearOutputBuffer.length == 0)
-                negotiate = 1;
-        }
-        else
-#endif
-        if (ssl->options.handShakeState != HANDSHAKE_DONE)
-            negotiate = 1;
-
-        if (negotiate) {
+        if (ssl_in_handshake(ssl, 0)) {
             int err;
             WOLFSSL_MSG("Handshake not complete, trying to finish");
             if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
@@ -24547,8 +24676,16 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
 
 int RetrySendAlert(WOLFSSL* ssl)
 {
-    int type = ssl->pendingAlert.code;
-    int severity = ssl->pendingAlert.level;
+    int type;
+    int severity;
+    WOLFSSL_ENTER("RetrySendAlert");
+
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    type = ssl->pendingAlert.code;
+    severity = ssl->pendingAlert.level;
 
     if (severity == alert_none)
         return 0;
@@ -24562,6 +24699,12 @@ int RetrySendAlert(WOLFSSL* ssl)
 /* send alert message */
 int SendAlert(WOLFSSL* ssl, int severity, int type)
 {
+    WOLFSSL_ENTER("SendAlert");
+
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
     if (ssl->pendingAlert.level != alert_none) {
         int ret = RetrySendAlert(ssl);
         if (ret != 0) {
@@ -26106,7 +26249,8 @@ ciphersuites introduced through the "bulk" ciphersuites.
 
 @return true on success, else false.
 */
-int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
+static int ParseCipherList(Suites* suites,
+        const char* list, ProtocolVersion version, int privateKeySz, byte side)
 {
     int       ret              = 0;
     int       idx              = 0;
@@ -26135,14 +26279,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
 #ifndef NO_RSA
         haveRSA = 1;
 #endif
-        InitSuites(suites, ctx->method->version,
+        InitSuites(suites, version,
 #ifndef NO_CERTS
-                ctx->privateKeySz,
+                privateKeySz,
 #else
                 0,
 #endif
                 haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 1, 1, 0, 0,
-                ctx->method->side);
+                side);
         return 1; /* wolfSSL default */
     }
 
@@ -26219,9 +26363,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                 haveSig |= SIG_ANON;
             else
                 haveSig &= ~SIG_ANON;
-        #ifdef HAVE_ANON
-            ctx->haveAnon = (haveSig & SIG_ANON) == SIG_ANON;
-        #endif
             haveRSA = 1;
             haveDH = 1;
             haveECC = 1;
@@ -26244,9 +26385,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
         if (XSTRCMP(name, "HIGH") == 0 && allowing) {
             /* Disable static, anonymous, and null ciphers */
             haveSig &= ~SIG_ANON;
-        #ifdef HAVE_ANON
-            ctx->haveAnon = 0;
-        #endif
             haveRSA = 1;
             haveDH = 1;
             haveECC = 1;
@@ -26266,9 +26404,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                 haveSig |= SIG_ANON;
             else
                 haveSig &= ~SIG_ANON;
-        #ifdef HAVE_ANON
-            ctx->haveAnon = allowing;
-        #endif
             if (allowing) {
                 /* Allow RSA by default. */
                 if (!haveECC)
@@ -26382,7 +26517,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
 
             #ifdef WOLFSSL_DTLS
                 /* don't allow stream ciphers with DTLS */
-                if (ctx->method->version.major == DTLS_MAJOR) {
+                if (version.major == DTLS_MAJOR) {
                     if (XSTRSTR(name, "RC4"))
                     {
                         WOLFSSL_MSG("Stream ciphers not supported with DTLS");
@@ -26499,14 +26634,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
     if (ret) {
         int keySz = 0;
     #ifndef NO_CERTS
-        keySz = ctx->privateKeySz;
+        keySz = privateKeySz;
     #endif
     #ifdef OPENSSL_EXTRA
         if (callInitSuites) {
             suites->setSuites = 0; /* Force InitSuites */
             suites->hashSigAlgoSz = 0; /* Force InitSuitesHashSigAlgo call
                                         * inside InitSuites */
-            InitSuites(suites, ctx->method->version, keySz, (word16)haveRSA,
+            InitSuites(suites, version, keySz, (word16)haveRSA,
                        (word16)havePSK, (word16)haveDH,
                        (word16)((haveSig & SIG_ECDSA) != 0),
                        (word16)haveECC, (word16)haveStaticRSA,
@@ -26514,7 +26649,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                        (word16)((haveSig & SIG_FALCON) != 0),
                        (word16)((haveSig & SIG_DILITHIUM) != 0),
                        (word16)((haveSig & SIG_ANON) != 0),
-                       (word16)haveNull, ctx->method->side);
+                       (word16)haveNull, side);
             /* Restore user ciphers ahead of defaults */
             XMEMMOVE(suites->suites + idx, suites->suites,
                     min(suites->suiteSz, WOLFSSL_MAX_SUITE_SZ-idx));
@@ -26529,7 +26664,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
         }
 
 #ifdef HAVE_RENEGOTIATION_INDICATION
-        if (ctx->method->side == WOLFSSL_CLIENT_END) {
+        if (side == WOLFSSL_CLIENT_END) {
             if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) {
                 WOLFSSL_MSG("Too many ciphersuites");
                 return 0;
@@ -26543,11 +26678,46 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
         suites->setSuites = 1;
     }
 
-    (void)ctx;
+    (void)privateKeySz;
 
     return ret;
 }
 
+int SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl,
+        Suites* suites, const char* list)
+{
+    ProtocolVersion version;
+    int privateKeySz = 0;
+    byte side;
+
+    if (ctx != NULL) {
+        version = ctx->method->version;
+#ifndef NO_CERTS
+        privateKeySz = ctx->privateKeySz;
+#endif
+        side = ctx->method->side;
+    }
+    else if (ssl != NULL) {
+        version = ssl->version;
+#ifndef NO_CERTS
+        privateKeySz = ssl->buffers.keySz;
+#endif
+        side = (byte)ssl->options.side;
+    }
+    else {
+        WOLFSSL_MSG("SetCipherList_ex parameter error");
+        return 0;
+    }
+
+    return ParseCipherList(suites, list, version, privateKeySz, side);
+}
+
+int SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites,
+                                 const char* list)
+{
+    return SetCipherList_ex(ctx, NULL, suites, list);
+}
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
 int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
                            const int listSz)
@@ -27442,6 +27612,55 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
         }
 #endif
     }
+    else if (hsType == DYNAMIC_TYPE_DILITHIUM) {
+#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+        dilithium_key* dilithiumKey;
+
+        dilithiumKey = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
+                                               DYNAMIC_TYPE_DILITHIUM);
+        if (dilithiumKey == NULL) {
+            return MEMORY_E;
+        }
+
+        if (label) {
+            ret = wc_dilithium_init_label(dilithiumKey, (char*)data,
+                                          heap, devId);
+        }
+        else if (id) {
+            ret = wc_dilithium_init_id(dilithiumKey, data, length, heap, devId);
+        }
+        if (ret == 0) {
+            *pkey = (void*)dilithiumKey;
+        }
+        else {
+            XFREE(dilithiumKey, heap, DYNAMIC_TYPE_DILITHIUM);
+        }
+#endif
+    }
+    else if (hsType == DYNAMIC_TYPE_FALCON) {
+#if defined(HAVE_PQC) && defined(HAVE_FALCON)
+        falcon_key* falconKey;
+
+        falconKey = (falcon_key*)XMALLOC(sizeof(falcon_key), heap,
+                                         DYNAMIC_TYPE_FALCON);
+        if (falconKey == NULL) {
+            return MEMORY_E;
+        }
+
+        if (label) {
+            ret = wc_falcon_init_label(falconKey, (char*)data, heap, devId);
+        }
+        else if (id) {
+            ret = wc_falcon_init_id(falconKey, data, length, heap, devId);
+        }
+        if (ret == 0) {
+            *pkey = (void*)falconKey;
+        }
+        else {
+            XFREE(falconKey, heap, DYNAMIC_TYPE_FALCON);
+        }
+#endif
+    }
 
     return ret;
 }
@@ -27490,6 +27709,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             ssl->hsType = DYNAMIC_TYPE_RSA;
         else if (ssl->buffers.keyType == ecc_dsa_sa_algo)
             ssl->hsType = DYNAMIC_TYPE_ECC;
+        else if (ssl->buffers.keyType == falcon_level5_sa_algo)
+            ssl->hsType = DYNAMIC_TYPE_FALCON;
+        else if (ssl->buffers.keyType == dilithium_level5_sa_algo)
+            ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
         ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
@@ -27545,6 +27768,59 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             }
     #else
             ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if (ssl->buffers.keyType == falcon_level5_sa_algo) {
+    #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+            if (ssl->buffers.keyLabel) {
+                ret = wc_falcon_init_label((falcon_key*)ssl->hsKey,
+                                           (char*)ssl->buffers.key->buffer,
+                                           ssl->heap, ssl->buffers.keyDevId);
+            }
+            else if (ssl->buffers.keyId) {
+                ret = wc_falcon_init_id((falcon_key*)ssl->hsKey,
+                                        ssl->buffers.key->buffer,
+                                        ssl->buffers.key->length, ssl->heap,
+                                        ssl->buffers.keyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keySz < ssl->options.minFalconKeySz) {
+                    WOLFSSL_MSG("Falcon key size too small");
+                    ERROR_OUT(FALCON_KEY_SIZE_E, exit_dpk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = (word16)wc_falcon_sig_size((falcon_key*)ssl->hsKey);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
+    #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+            if (ssl->buffers.keyLabel) {
+                ret = wc_dilithium_init_label((dilithium_key*)ssl->hsKey,
+                                              (char*)ssl->buffers.key->buffer,
+                                              ssl->heap, ssl->buffers.keyDevId);
+            }
+            else if (ssl->buffers.keyId) {
+                ret = wc_dilithium_init_id((dilithium_key*)ssl->hsKey,
+                                        ssl->buffers.key->buffer,
+                                        ssl->buffers.key->length, ssl->heap,
+                                        ssl->buffers.keyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keySz < ssl->options.minDilithiumKeySz) {
+                    WOLFSSL_MSG("Dilithium key size too small");
+                    ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = (word16)wc_dilithium_sig_size(
+                                    (dilithium_key*)ssl->hsKey);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
     #endif
         }
         goto exit_dpk;
@@ -27776,6 +28052,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
 #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
 #if defined(HAVE_PQC)
 #if defined(HAVE_FALCON)
+    #if !defined(NO_RSA) || defined(HAVE_ECC)
+        FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
+    #endif
+
     if (ssl->buffers.keyType == falcon_level1_sa_algo ||
         ssl->buffers.keyType == falcon_level5_sa_algo ||
         ssl->buffers.keyType == 0) {
@@ -27837,6 +28117,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
     }
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+    #if !defined(NO_RSA) || defined(HAVE_ECC)
+        FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
+    #endif
+
     if (ssl->buffers.keyType == dilithium_level2_sa_algo ||
         ssl->buffers.keyType == dilithium_level3_sa_algo ||
         ssl->buffers.keyType == dilithium_level5_sa_algo ||
@@ -27917,6 +28201,119 @@ exit_dpk:
     return ret;
 }
 
+#if defined(HAVE_PQC) && defined(WOLFSSL_DUAL_ALG_CERTS)
+/* This is just like the above, but only consider Falcon and Dilthium and
+ * only for the alternative key; not the native key. */
+int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
+{
+    int      ret = BAD_FUNC_ARG;
+
+    /* make sure alt private key exists */
+    if (ssl->buffers.altKey == NULL || ssl->buffers.altKey->buffer == NULL) {
+        WOLFSSL_MSG("Alternative Private key missing!");
+        ERROR_OUT(NO_PRIVATE_KEY, exit_dapk);
+    }
+
+    if (ssl->buffers.altKeyType == falcon_level1_sa_algo ||
+        ssl->buffers.altKeyType == falcon_level5_sa_algo) {
+
+        ssl->hsAltType = DYNAMIC_TYPE_FALCON;
+        ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        if (ssl->buffers.altKeyType == falcon_level1_sa_algo) {
+            ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 1);
+        }
+        else if (ssl->buffers.altKeyType == falcon_level5_sa_algo) {
+            ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 5);
+        }
+        else {
+            ret = ALGO_ID_E;
+        }
+
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+        WOLFSSL_MSG("Trying Falcon private key");
+
+        /* Decode the key assuming it is a Falcon private key. */
+        ret = wc_falcon_import_private_only(ssl->buffers.altKey->buffer,
+                                            ssl->buffers.altKey->length,
+                                            (falcon_key*)ssl->hsAltKey);
+        if (ret == 0) {
+            WOLFSSL_MSG("Using Falcon private key");
+
+            /* Check it meets the minimum Falcon key size requirements. */
+            if (FALCON_MAX_KEY_SIZE < ssl->options.minFalconKeySz) {
+                WOLFSSL_MSG("Falcon key size too small");
+                ERROR_OUT(FALCON_KEY_SIZE_E, exit_dapk);
+            }
+
+            *length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
+
+            goto exit_dapk;
+        }
+    }
+    FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
+
+    if (ssl->buffers.altKeyType == dilithium_level2_sa_algo ||
+        ssl->buffers.altKeyType == dilithium_level3_sa_algo ||
+        ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
+
+        ssl->hsAltType = DYNAMIC_TYPE_DILITHIUM;
+        ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 2);
+        }
+        else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 3);
+        }
+        else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 5);
+        }
+        else {
+            ret = ALGO_ID_E;
+        }
+
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        WOLFSSL_MSG("Trying Dilithium private key");
+
+        /* Decode the key assuming it is a Dilithium private key. */
+        ret = wc_dilithium_import_private_only(ssl->buffers.altKey->buffer,
+                                               ssl->buffers.altKey->length,
+                                               (dilithium_key*)ssl->hsAltKey);
+        if (ret == 0) {
+            WOLFSSL_MSG("Using Dilithium private key");
+
+            /* Check it meets the minimum Dilithium key size requirements. */
+            if (DILITHIUM_MAX_KEY_SIZE < ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG("Dilithium key size too small");
+                ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dapk);
+            }
+
+            *length = wc_dilithium_sig_size((dilithium_key*)ssl->hsAltKey);
+
+            goto exit_dapk;
+        }
+    }
+
+exit_dapk:
+    if (ret != 0) {
+        WOLFSSL_ERROR_VERBOSE(ret);
+    }
+
+    return ret;
+}
+#endif /* HAVE_PQC && WOLFSSL_DUAL_ALG_CERTS */
 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
 
 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12)
@@ -29285,8 +29682,6 @@ typedef struct DskeArgs {
     word16 verifySigSz;
 #endif
     word16 sigSz;
-    byte   sigAlgo;
-    byte   hashAlgo;
 #if !defined(NO_RSA) && defined(WC_RSA_PSS)
     int    bits;
 #endif
@@ -29605,8 +30000,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
         XMEMSET(args, 0, sizeof(DskeArgs));
         args->idx = *inOutIdx;
         args->begin = *inOutIdx;
-        args->sigAlgo = ssl->specs.sig_algo;
-        args->hashAlgo = sha_mac;
+        ssl->options.peerSigAlgo = ssl->specs.sig_algo;
+        ssl->options.peerHashAlgo = sha_mac;
     #ifdef WOLFSSL_ASYNC_CRYPT
         ssl->async->freeArgs = FreeDskeArgs;
     #endif
@@ -29886,6 +30281,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     if ((curveOid = CheckCurveId(b)) < 0) {
                         ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
                     }
+                    ssl->ecdhCurveOID = curveOid;
 
                     length = input[args->idx++];
                     if ((args->idx - args->begin) + length > size) {
@@ -30056,43 +30452,43 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                             ERROR_OUT(BUFFER_ERROR, exit_dske);
                         }
 
-                        DecodeSigAlg(&input[args->idx], &args->hashAlgo,
+                        DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo,
                                      &sigAlgo);
                     #ifndef NO_RSA
                         if (sigAlgo == rsa_pss_sa_algo &&
-                                                 args->sigAlgo == rsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                                 ssl->options.peerSigAlgo == rsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                     #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                         if (sigAlgo == sm2_sa_algo &&
-                                             args->sigAlgo == ecc_dsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                             ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                     #ifdef HAVE_ED25519
                         if (sigAlgo == ed25519_sa_algo &&
-                                             args->sigAlgo == ecc_dsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                             ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                     #ifdef HAVE_ED448
                         if (sigAlgo == ed448_sa_algo &&
-                                             args->sigAlgo == ecc_dsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                             ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                         /* Signature algorithm from message must match signature
                          * algorithm in cipher suite. */
-                        if (sigAlgo != args->sigAlgo) {
+                        if (sigAlgo != ssl->options.peerSigAlgo) {
                             ERROR_OUT(ALGO_ID_E, exit_dske);
                         }
                         args->idx += 2;
-                        hashType = HashAlgoToType(args->hashAlgo);
+                        hashType = HashAlgoToType(ssl->options.peerHashAlgo);
                         if (hashType == WC_HASH_TYPE_NONE) {
                             ERROR_OUT(ALGO_ID_E, exit_dske);
                         }
@@ -30100,7 +30496,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         /* only using sha and md5 for rsa */
                         #ifndef NO_OLD_TLS
                             hashType = WC_HASH_TYPE_SHA;
-                            if (args->sigAlgo == rsa_sa_algo) {
+                            if (ssl->options.peerSigAlgo == rsa_sa_algo) {
                                 hashType = WC_HASH_TYPE_MD5_SHA;
                             }
                         #else
@@ -30121,12 +30517,12 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     }
 
                     ret = HashSkeData(ssl, hashType, input + args->begin,
-                        verifySz, args->sigAlgo);
+                        verifySz, ssl->options.peerSigAlgo);
                     if (ret != 0) {
                         goto exit_dske;
                     }
 
-                    switch (args->sigAlgo)
+                    switch (ssl->options.peerSigAlgo)
                     {
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
@@ -30174,7 +30570,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
 
                     default:
                         ret = ALGO_ID_E;
-                    } /* switch (args->sigAlgo) */
+                    } /* switch (ssl->options.peerSigAlgo) */
 
             #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 && !HAVE_ED448 */
                     break;
@@ -30226,7 +30622,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                                             args->verifySigSz);
                     }
 
-                    switch (args->sigAlgo)
+                    switch (ssl->options.peerSigAlgo)
                     {
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
@@ -30237,7 +30633,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                             ret = RsaVerify(ssl,
                                 args->verifySig, args->verifySigSz,
                                 &args->output,
-                                args->sigAlgo, args->hashAlgo,
+                                ssl->options.peerSigAlgo, ssl->options.peerHashAlgo,
                                 ssl->peerRsaKey,
                             #ifdef HAVE_PK_CALLBACKS
                                 &ssl->buffers.peerRsaKey
@@ -30275,7 +30671,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         #ifdef HAVE_PK_CALLBACKS
                             if (ssl->ctx && ssl->ctx->ProcessServerSigKexCb) {
                                 ret = ssl->ctx->ProcessServerSigKexCb(ssl,
-                                    args->sigAlgo,
+                                    ssl->options.peerSigAlgo,
                                     args->verifySig, args->verifySigSz,
                                     ssl->buffers.sig.buffer, SEED_LEN,
                                     &ssl->buffers.sig.buffer[SEED_LEN],
@@ -30284,7 +30680,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         #endif /* HAVE_PK_CALLBACKS */
                             if (ret == NOT_COMPILED_IN) {
                             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                                if (args->sigAlgo == sm2_sa_algo) {
+                                if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                                     ret = Sm2wSm3Verify(ssl,
                                         TLS12_SM2_SIG_ID, TLS12_SM2_SIG_ID_SZ,
                                         args->verifySig, args->verifySigSz,
@@ -30437,7 +30833,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     /* increment index after verify is done */
                     args->idx += args->verifySigSz;
 
-                    switch(args->sigAlgo)
+                    switch(ssl->options.peerSigAlgo)
                     {
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
@@ -30447,13 +30843,13 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                              ssl->buffers.digest.buffer,
                                              ssl->buffers.digest.length,
                                              args->output, args->sigSz,
-                                             HashAlgoToType(args->hashAlgo));
+                                             HashAlgoToType(ssl->options.peerHashAlgo));
                         #else
                             ret = wc_RsaPSS_CheckPadding_ex(
                                              ssl->buffers.digest.buffer,
                                              ssl->buffers.digest.length,
                                              args->output, args->sigSz,
-                                             HashAlgoToType(args->hashAlgo),
+                                             HashAlgoToType(ssl->options.peerHashAlgo),
                                              -1, args->bits);
                         #endif
                             if (ret != 0)
@@ -30493,7 +30889,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                 encSigSz = wc_EncodeSignature(encodedSig,
                                     ssl->buffers.digest.buffer,
                                     ssl->buffers.digest.length,
-                                    TypeHash(args->hashAlgo));
+                                    TypeHash(ssl->options.peerHashAlgo));
                                 if (encSigSz != args->sigSz || !args->output ||
                                     XMEMCMP(args->output, encodedSig,
                                             min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) {
@@ -31068,23 +31464,13 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                 case psk_kea:
                 {
                     byte* pms = ssl->arrays->preMasterSecret;
-                    int cbret = (int)ssl->options.client_psk_cb(ssl,
+                    ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
                         ssl->arrays->server_hint, ssl->arrays->client_identity,
                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
-
-                    if (cbret == 0 || cbret > MAX_PSK_KEY_LEN) {
-                        if (cbret != USE_HW_PSK) {
-                            ERROR_OUT(PSK_KEY_ERROR, exit_scke);
-                        }
-                    }
-
-                    if (cbret == USE_HW_PSK) {
-                        /* USE_HW_PSK indicates that the hardware has the PSK
-                         * and generates the premaster secret. */
-                        ssl->arrays->psk_keySz = 0;
-                    }
-                    else {
-                        ssl->arrays->psk_keySz = (word32)cbret;
+                    if (ssl->arrays->psk_keySz == 0 ||
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
+                        ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                     }
 
                     /* Ensure the buffer is null-terminated. */
@@ -31096,7 +31482,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     XMEMCPY(args->encSecret, ssl->arrays->client_identity,
                             args->encSz);
                     ssl->options.peerAuthGood = 1;
-                    if (cbret != USE_HW_PSK) {
+                    if ((int)ssl->arrays->psk_keySz > 0) {
                         /* CLIENT: Pre-shared Key for peer authentication. */
 
                         /* make psk pre master secret */
@@ -31112,8 +31498,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2)
                                                    + (2 * OPAQUE16_LEN);
                         ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                        ssl->arrays->psk_keySz = 0; /* No further need */
                     }
+                    ssl->arrays->psk_keySz = 0; /* No further need */
                     break;
                 }
             #endif /* !NO_PSK */
@@ -31124,12 +31510,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     args->output = args->encSecret;
 
                     ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
-                         ssl->arrays->server_hint, ssl->arrays->client_identity,
-                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
+                        ssl->arrays->server_hint, ssl->arrays->client_identity,
+                        MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                     if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
                         ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                     }
+
                     ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
                     esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
 
@@ -31205,12 +31593,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     /* Send PSK client identity */
                     ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
-                         ssl->arrays->server_hint, ssl->arrays->client_identity,
-                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
+                        ssl->arrays->server_hint, ssl->arrays->client_identity,
+                        MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                     if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
                         ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                     }
+
                     ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
                     esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
                     if (esSz > MAX_PSK_ID_LEN) {
@@ -31230,7 +31620,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     args->length = MAX_ENCRYPT_SZ;
 
                     /* Create shared ECC key leaving room at the beginning
-                       of buffer for size of shared key. */
+                     * of buffer for size of shared key. */
                     ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
 
                 #ifdef HAVE_CURVE25519
@@ -31621,13 +32011,15 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     pms += ssl->arrays->preMasterSz;
 
                     /* make psk pre master secret */
-                    /* length of key + length 0s + length of key + key */
-                    c16toa((word16)ssl->arrays->psk_keySz, pms);
-                    pms += OPAQUE16_LEN;
-                    XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                    ssl->arrays->preMasterSz +=
-                                         ssl->arrays->psk_keySz + OPAQUE16_LEN;
-                    ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                    if ((int)ssl->arrays->psk_keySz > 0) {
+                        /* length of key + length 0s + length of key + key */
+                        c16toa((word16)ssl->arrays->psk_keySz, pms);
+                        pms += OPAQUE16_LEN;
+                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        ssl->arrays->preMasterSz +=
+                                            ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                        ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                    }
                     ssl->arrays->psk_keySz = 0; /* No further need */
                     break;
                 }
@@ -31648,18 +32040,19 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     args->encSz += args->length + OPAQUE8_LEN;
 
                     /* Create pre master secret is the concatenation of
-                       eccSize + eccSharedKey + pskSize + pskKey */
+                     * eccSize + eccSharedKey + pskSize + pskKey */
                     c16toa((word16)ssl->arrays->preMasterSz, pms);
                     ssl->arrays->preMasterSz += OPAQUE16_LEN;
                     pms += ssl->arrays->preMasterSz;
 
-                    c16toa((word16)ssl->arrays->psk_keySz, pms);
-                    pms += OPAQUE16_LEN;
-                    XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                    ssl->arrays->preMasterSz +=
-                                          ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                    if ((int)ssl->arrays->psk_keySz > 0) {
+                        c16toa((word16)ssl->arrays->psk_keySz, pms);
+                        pms += OPAQUE16_LEN;
+                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
 
-                    ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                    }
                     ssl->arrays->psk_keySz = 0; /* No further need */
                     break;
                 }
@@ -32683,6 +33076,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             case PSK_KEY_ERROR:
             case INVALID_PARAMETER:
             case HRR_COOKIE_ERROR:
+            case BAD_BINDER:
                 return illegal_parameter;
             case INCOMPLETE_DATA:
                 return missing_extension;
@@ -34935,7 +35329,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #ifndef NO_SHA
         wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
 #endif
-#endif
+#endif /* !NO_OLD_TLS */
 #ifndef NO_SHA256
         if (IsAtLeastTLSv1_2(ssl)) {
             int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,
@@ -35003,7 +35397,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                        ssl->options.haveDH, ssl->options.haveECDSAsig,
                        ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                        ssl->options.haveFalconSig,
-                       ssl->options.haveDilithiumSig, ssl->options.haveAnon,
+                       ssl->options.haveDilithiumSig, ssl->options.useAnon,
                        TRUE, ssl->options.side);
         }
 
@@ -35394,7 +35788,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                        ssl->options.haveDH, ssl->options.haveECDSAsig,
                        ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                        ssl->options.haveFalconSig,
-                       ssl->options.haveDilithiumSig, ssl->options.haveAnon,
+                       ssl->options.haveDilithiumSig, ssl->options.useAnon,
                        TRUE, ssl->options.side);
         }
 
@@ -35472,7 +35866,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                            ssl->options.haveDH, ssl->options.haveECDSAsig,
                            ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                            ssl->options.haveFalconSig,
-                           ssl->options.haveDilithiumSig, ssl->options.haveAnon,
+                           ssl->options.haveDilithiumSig, ssl->options.useAnon,
                            TRUE, ssl->options.side);
             }
         }
@@ -35827,7 +36221,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
 
 #ifdef OPENSSL_EXTRA
-        ssl->clSuites = clSuites;
+        ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables
+                                   *
+                                   * (suppress warning that ssl, a persistent
+                                   * non-local allocation, has its ->clSuites
+                                   * set to clSuites, a local stack allocation.
+                                   * we clear this assignment before returning.)
+                                   */
         /* Give user last chance to provide a cert for cipher selection */
         if (ret == 0 && ssl->ctx->certSetupCb != NULL)
             ret = CertSetupCbWrapper(ssl);
@@ -35879,8 +36279,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         word32 sigSz;
         word32 idx;
         word32 begin;
-        byte   hashAlgo;
-        byte   sigAlgo;
     } DcvArgs;
 
     static void FreeDcvArgs(WOLFSSL* ssl, void* pArgs)
@@ -35929,8 +36327,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ret = 0;
             ssl->options.asyncState = TLS_ASYNC_BEGIN;
             XMEMSET(args, 0, sizeof(DcvArgs));
-            args->hashAlgo = sha_mac;
-            args->sigAlgo = anonymous_sa_algo;
+            ssl->options.peerHashAlgo = sha_mac;
+            ssl->options.peerSigAlgo = anonymous_sa_algo;
             args->idx = *inOutIdx;
             args->begin = *inOutIdx;
         #ifdef WOLFSSL_ASYNC_CRYPT
@@ -35961,34 +36359,34 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         ERROR_OUT(BUFFER_ERROR, exit_dcv);
                     }
 
-                    DecodeSigAlg(&input[args->idx], &args->hashAlgo,
-                                 &args->sigAlgo);
+                    DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo,
+                                 &ssl->options.peerSigAlgo);
                     args->idx += 2;
                 }
             #ifndef NO_RSA
                 else if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0)
-                    args->sigAlgo = rsa_sa_algo;
+                    ssl->options.peerSigAlgo = rsa_sa_algo;
             #endif
             #ifdef HAVE_ECC
                 else if (ssl->peerEccDsaKeyPresent) {
                 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                     if (ssl->peerEccDsaKey->dp->id == ECC_SM2P256V1) {
-                        args->sigAlgo = sm2_sa_algo;
+                        ssl->options.peerSigAlgo = sm2_sa_algo;
                     }
                     else
                 #endif
                     {
-                        args->sigAlgo = ecc_dsa_sa_algo;
+                        ssl->options.peerSigAlgo = ecc_dsa_sa_algo;
                     }
                 }
             #endif
             #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
                 else if (ssl->peerEd25519KeyPresent)
-                    args->sigAlgo = ed25519_sa_algo;
+                    ssl->options.peerSigAlgo = ed25519_sa_algo;
             #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
             #if defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)
                 else if (ssl->peerEd448KeyPresent)
-                    args->sigAlgo = ed448_sa_algo;
+                    ssl->options.peerSigAlgo = ed448_sa_algo;
             #endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
 
                 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
@@ -36024,15 +36422,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 #endif
 
                     if (IsAtLeastTLSv1_2(ssl)) {
-                        if (args->sigAlgo != ecc_dsa_sa_algo
+                        if (ssl->options.peerSigAlgo != ecc_dsa_sa_algo
                         #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                            && args->sigAlgo != sm2_sa_algo
+                            && ssl->options.peerSigAlgo != sm2_sa_algo
                         #endif
                             ) {
                             WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
                         }
 
-                        SetDigest(ssl, args->hashAlgo);
+                        SetDigest(ssl, ssl->options.peerHashAlgo);
                     }
                 }
             #endif /* HAVE_ECC */
@@ -36040,7 +36438,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 if (ssl->peerEd25519KeyPresent) {
                     WOLFSSL_MSG("Doing ED25519 peer cert verify");
                     if (IsAtLeastTLSv1_2(ssl) &&
-                                             args->sigAlgo != ed25519_sa_algo) {
+                                             ssl->options.peerSigAlgo != ed25519_sa_algo) {
                         WOLFSSL_MSG(
                                "Oops, peer sent ED25519 key but not in verify");
                     }
@@ -36050,7 +36448,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 if (ssl->peerEd448KeyPresent) {
                     WOLFSSL_MSG("Doing ED448 peer cert verify");
                     if (IsAtLeastTLSv1_2(ssl) &&
-                                               args->sigAlgo != ed448_sa_algo) {
+                                               ssl->options.peerSigAlgo != ed448_sa_algo) {
                         WOLFSSL_MSG(
                                  "Oops, peer sent ED448 key but not in verify");
                     }
@@ -36072,7 +36470,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         input + args->idx,
                         args->sz,
                         &args->output,
-                        args->sigAlgo, args->hashAlgo,
+                        ssl->options.peerSigAlgo, ssl->options.peerHashAlgo,
                         ssl->peerRsaKey,
                     #ifdef HAVE_PK_CALLBACKS
                         &ssl->buffers.peerRsaKey
@@ -36081,7 +36479,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     #endif
                     );
                     if (ret >= 0) {
-                        if (args->sigAlgo == rsa_sa_algo)
+                        if (ssl->options.peerSigAlgo == rsa_sa_algo)
                             args->sendSz = ret;
                         else {
                             args->sigSz = ret;
@@ -36096,7 +36494,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     WOLFSSL_MSG("Doing ECC peer cert verify");
 
                 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                    if (args->sigAlgo == sm2_sa_algo) {
+                    if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                         ret = Sm2wSm3Verify(ssl,
                             TLS12_SM2_SIG_ID, TLS12_SM2_SIG_ID_SZ,
                             input + args->idx, args->sz,
@@ -36191,21 +36589,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
                     if (IsAtLeastTLSv1_2(ssl)) {
                     #ifdef WC_RSA_PSS
-                        if (args->sigAlgo == rsa_pss_sa_algo) {
-                            SetDigest(ssl, args->hashAlgo);
+                        if (ssl->options.peerSigAlgo == rsa_pss_sa_algo) {
+                            SetDigest(ssl, ssl->options.peerHashAlgo);
 
                         #ifdef HAVE_SELFTEST
                             ret = wc_RsaPSS_CheckPadding(
                                             ssl->buffers.digest.buffer,
                                             ssl->buffers.digest.length,
                                             args->output, args->sigSz,
-                                            HashAlgoToType(args->hashAlgo));
+                                            HashAlgoToType(ssl->options.peerHashAlgo));
                         #else
                             ret = wc_RsaPSS_CheckPadding_ex(
                                             ssl->buffers.digest.buffer,
                                             ssl->buffers.digest.length,
                                             args->output, args->sigSz,
-                                            HashAlgoToType(args->hashAlgo), -1,
+                                            HashAlgoToType(ssl->options.peerHashAlgo), -1,
                                             mp_count_bits(&ssl->peerRsaKey->n));
                         #endif
                             if (ret != 0) {
@@ -36226,17 +36624,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             }
                         #endif
 
-                            if (args->sigAlgo != rsa_sa_algo) {
+                            if (ssl->options.peerSigAlgo != rsa_sa_algo) {
                                 WOLFSSL_MSG("Oops, peer sent RSA key but not "
                                             "in verify");
                             }
 
-                            SetDigest(ssl, args->hashAlgo);
+                            SetDigest(ssl, ssl->options.peerHashAlgo);
 
                             args->sigSz = wc_EncodeSignature(encodedSig,
                                 ssl->buffers.digest.buffer,
                                 ssl->buffers.digest.length,
-                                TypeHash(args->hashAlgo));
+                                TypeHash(ssl->options.peerHashAlgo));
 
                             if (args->sendSz != args->sigSz || !args->output ||
                                 XMEMCMP(args->output, encodedSig,
@@ -38290,31 +38688,35 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             MAX_PSK_KEY_LEN);
 
                         if (ssl->arrays->psk_keySz == 0 ||
-                                ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                            #if defined(WOLFSSL_EXTRA_ALERTS) || \
-                                defined(WOLFSSL_PSK_IDENTITY_ALERT)
-                                SendAlert(ssl, alert_fatal,
-                                        unknown_psk_identity);
-                            #endif
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
+                        #if defined(WOLFSSL_EXTRA_ALERTS) || \
+                            defined(WOLFSSL_PSK_IDENTITY_ALERT)
+                            SendAlert(ssl, alert_fatal,
+                                    unknown_psk_identity);
+                        #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
                         /* SERVER: Pre-shared Key for peer authentication. */
                         ssl->options.peerAuthGood = 1;
 
                         /* make psk pre master secret */
-                        /* length of key + length 0s + length of key + key */
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
+                        if ((int)ssl->arrays->psk_keySz > 0) {
+                            /* length of key + length 0s + length of key + key */
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        XMEMSET(pms, 0, ssl->arrays->psk_keySz);
-                        pms += ssl->arrays->psk_keySz;
+                            XMEMSET(pms, 0, ssl->arrays->psk_keySz);
+                            pms += ssl->arrays->psk_keySz;
 
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                        ssl->arrays->preMasterSz =
-                            (ssl->arrays->psk_keySz * 2) + (OPAQUE16_LEN * 2);
+                            XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                            ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
+                                (OPAQUE16_LEN * 2);
+                        }
+                        ssl->arrays->psk_keySz = 0; /* no further need */
                         break;
                     }
                 #endif /* !NO_PSK */
@@ -39129,24 +39531,27 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             MAX_PSK_KEY_LEN);
 
                         if (ssl->arrays->psk_keySz == 0 ||
-                                ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                            #if defined(WOLFSSL_EXTRA_ALERTS) || \
-                                defined(WOLFSSL_PSK_IDENTITY_ALERT)
-                                SendAlert(ssl, alert_fatal,
-                                        unknown_psk_identity);
-                            #endif
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
+                        #if defined(WOLFSSL_EXTRA_ALERTS) || \
+                            defined(WOLFSSL_PSK_IDENTITY_ALERT)
+                            SendAlert(ssl, alert_fatal,
+                                    unknown_psk_identity);
+                        #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
                         /* SERVER: Pre-shared Key for peer authentication. */
                         ssl->options.peerAuthGood = 1;
 
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
+                        if ((int)ssl->arrays->psk_keySz > 0) {
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        XMEMCPY(pms, ssl->arrays->psk_key,
-                                                    ssl->arrays->psk_keySz);
-                        ssl->arrays->preMasterSz += ssl->arrays->psk_keySz +
-                                                                OPAQUE16_LEN;
+                            XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                            ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                            ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        }
+                        ssl->arrays->psk_keySz = 0; /* no further need */
                         break;
                     }
                 #endif /* !NO_DH && !NO_PSK */
@@ -39172,18 +39577,21 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             MAX_PSK_KEY_LEN);
 
                         if (ssl->arrays->psk_keySz == 0 ||
-                                   ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
                         /* SERVER: Pre-shared Key for peer authentication. */
                         ssl->options.peerAuthGood = 1;
+                        if ((int)ssl->arrays->psk_keySz > 0) {
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
-
-                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                        ssl->arrays->preMasterSz +=
-                                      ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                            XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                            ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                            ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        }
+                        ssl->arrays->psk_keySz = 0; /* no further need */
                         break;
                     }
                 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */
diff --git a/extra/wolfssl/wolfssl/src/pk.c b/extra/wolfssl/wolfssl/src/pk.c
index f3d1483b..d7d32dd5 100644
--- a/extra/wolfssl/wolfssl/src/pk.c
+++ b/extra/wolfssl/wolfssl/src/pk.c
@@ -50,8 +50,7 @@
 #endif
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \
-    (!defined(HAVE_USER_RSA) || defined(HAVE_ECC) || \
-     (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
+    (defined(HAVE_ECC) || (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
 /* Forward declaration for wolfSSL_PEM_write_bio_DSA_PUBKEY.
  * Implementation in ssl.c.
  */
@@ -220,8 +219,8 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
 #endif /* !NO_FILESYSTEM */
 #endif
 
-#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) \
-    && !defined(HAVE_USER_RSA)) || !defined(WOLFCRYPT_ONLY))
+#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) \
+    || !defined(WOLFCRYPT_ONLY))
 /* Convert DER data to PEM in an allocated buffer.
  *
  * @param [in]  der    Buffer containing DER data.
@@ -298,8 +297,7 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
 #endif
 #endif
 
-#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-     !defined(HAVE_USER_RSA)) || \
+#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
      (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
      (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN))
 #if !defined(NO_FILESYSTEM)
@@ -337,7 +335,7 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
 
 #if defined(WOLFSSL_KEY_GEN) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
-    ((!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || defined(HAVE_ECC))
+    (!defined(NO_RSA) || defined(HAVE_ECC))
 static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
     const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type,
     void* heap, byte** out, int* outSz)
@@ -532,8 +530,7 @@ static int pk_bn_field_print_fp(XFILE fp, int indent, const char* field,
 #endif /* !NO_CERTS && XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM &&
         * (!NO_DSA || !NO_RSA || HAVE_ECC) */
 
-#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA) && \
-    !defined(HAVE_FAST_RSA)
+#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA)
 /* snprintf() must be available */
 
 /* Maximum number of extra indent spaces on each line. */
@@ -737,7 +734,7 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
     return ret;
 }
 
-#endif /* XSNPRINTF && !NO_BIO && !NO_RSA && !HAVE_FAST_RSA */
+#endif /* XSNPRINTF && !NO_BIO && !NO_RSA */
 
 #if !defined(NO_RSA) || (!defined(NO_DH) && !defined(NO_CERTS) && \
     defined(HAVE_FIPS) && !FIPS_VERSION_GT(2,0)) || defined(HAVE_ECC)
@@ -922,8 +919,7 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
     #endif
 
         if (rsa->internal != NULL) {
-        #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
-            !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
+        #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
             /* Check if RNG is owned before freeing it. */
             if (rsa->ownRng) {
                 WC_RNG* rng = ((RsaKey*)(rsa->internal))->rng;
@@ -1022,8 +1018,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId)
             rsaKeyInited = 1;
         }
     }
-    #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
-        !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
+    #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
     if (!err) {
         WC_RNG* rng;
 
@@ -1052,8 +1047,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId)
             /* Won't fail as key and rng are not NULL. */
         }
     }
-    #endif /* !HAVE_FIPS && !HAVE_USER_RSA && !HAVE_FAST_RSA &&
-            * WC_RSA_BLINDING */
+    #endif /* !HAVE_FIPS && WC_RSA_BLINDING */
     if (!err) {
         /* Set wolfCrypt RSA key into RSA key. */
         rsa->internal = key;
@@ -1105,7 +1099,7 @@ int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa)
 
 #ifdef OPENSSL_EXTRA
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 
 /* Allocate a new RSA key and make it a copy.
  *
@@ -1161,12 +1155,10 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa)
 
 /* wolfSSL_RSAPrivateKey_dup not supported */
 
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
-#ifndef HAVE_USER_RSA
 static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
     void* heap);
-#endif
 
 /*
  * RSA to/from bin APIs
@@ -1270,8 +1262,6 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **out,
     return rsa;
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(HAVE_USER_RSA) && \
-    !defined(HAVE_FAST_RSA)
 /* Converts an internal RSA structure to DER format for the private key.
  *
  * If "pp" is null then buffer size only is returned.
@@ -1345,8 +1335,6 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
 
     return ret;
 }
-#endif /* defined(OPENSSL_EXTRA) && !defined(HAVE_USER_RSA) &&
-        * !defined(HAVE_FAST_RSA) */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -1359,8 +1347,7 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
     || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
-    !defined(HAVE_FAST_RSA) && !defined(NO_BIO)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_BIO)
 
 /* Read DER data from a BIO.
  *
@@ -1464,8 +1451,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
     XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return key;
 }
-#endif /* defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) &&
-        * !defined(HAVE_FAST_RSA) && !NO_BIO */
+#endif /* defined(WOLFSSL_KEY_GEN) && !NO_BIO */
 
 #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
 
@@ -1475,7 +1461,6 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
 
 #ifdef OPENSSL_EXTRA
 
-#ifndef HAVE_USER_RSA
 /* Create a DER encoding of key.
  *
  * Not OpenSSL API.
@@ -1612,7 +1597,6 @@ static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
     WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", ret);
     return ret;
 }
-#endif /* !HAVE_USER_RSA */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -1772,7 +1756,7 @@ static WOLFSSL_RSA* wolfssl_rsa_d2i(WOLFSSL_RSA** rsa, const unsigned char* in,
 #ifdef OPENSSL_EXTRA
 
 #ifndef NO_BIO
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 /* Writes PEM encoding of an RSA public key to a BIO.
  *
  * @param [in] bio  BIO object to write to.
@@ -1812,10 +1796,10 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 #endif /* !NO_BIO */
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 #ifndef NO_FILESYSTEM
 
 /* Writes PEM encoding of an RSA public key to a file pointer.
@@ -1886,7 +1870,7 @@ int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* rsa)
     return wolfssl_pem_write_rsa_public_key(fp, rsa, RSA_PUBLICKEY_TYPE);
 }
 #endif /* !NO_FILESYSTEM */
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
 #ifndef NO_BIO
 /* Create an RSA public key by reading the PEM encoded data from the BIO.
@@ -1983,7 +1967,7 @@ WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa,
 
 #endif /* NO_FILESYSTEM */
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
+#if defined(WOLFSSL_KEY_GEN) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
 
 /* Writes PEM encoding of an RSA private key to newly allocated buffer.
@@ -2142,7 +2126,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
     return ret;
 }
 #endif /* NO_FILESYSTEM */
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA && WOLFSSL_PEM_TO_DER */
+#endif /* WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */
 
 #ifndef NO_BIO
 /* Create an RSA private key by reading the PEM encoded data from the BIO.
@@ -2290,7 +2274,7 @@ int wolfSSL_RSA_print_fp(XFILE fp, WOLFSSL_RSA* rsa, int indent)
 }
 #endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
-#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(HAVE_FAST_RSA)
+#if defined(XSNPRINTF) && !defined(NO_BIO)
 /* snprintf() must be available */
 
 /* Maximum size of a header line. */
@@ -2398,7 +2382,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
 
     return ret;
 }
-#endif /* XSNPRINTF && !NO_BIO && !HAVE_FAST_RSA */
+#endif /* XSNPRINTF && !NO_BIO */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -2407,7 +2391,6 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
  */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Set RSA key data (external) from wolfCrypt RSA key (internal).
  *
  * @param [in, out] rsa  RSA key.
@@ -2500,12 +2483,10 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
 
     return ret;
 }
-#endif /* !HAVE_USER_RSA && !HAVE_FAST_RSA */
 #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef OPENSSL_EXTRA
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Set wolfCrypt RSA key data (internal) from RSA key (external).
  *
  * @param [in, out] rsa  RSA key.
@@ -2601,8 +2582,6 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* HAVE_USER_RSA */
-
 /* Set the RSA method into object.
  *
  * @param [in, out] rsa   RSA key.
@@ -2679,8 +2658,6 @@ int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#ifndef HAVE_USER_RSA
-
 /* Get the BN objects that are the Chinese-Remainder Theorem (CRT) parameters.
  *
  * Only for those that are not NULL parameters.
@@ -2922,8 +2899,6 @@ int wolfSSL_RSA_set0_key(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
     return ret;
 }
 
-#endif /* !HAVE_USER_RSA */
-
 /* Get the flags of the RSA key.
  *
  * @param [in] rsa  RSA key.
@@ -3088,7 +3063,6 @@ int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa)
  * RSA generate APIs
  */
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Get a random number generator associated with the RSA key.
  *
  * If not able, then get the global if possible.
@@ -3131,7 +3105,6 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA* rsa, WC_RNG** tmpRng, int* initTmpRng)
 
     return rng;
 }
-#endif
 
 /* Use the wolfCrypt RSA APIs to generate a new RSA key.
  *
@@ -3652,8 +3625,6 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
 
 #if defined(OPENSSL_EXTRA)
 
-#if !defined(HAVE_USER_RSA)
-
 /* Encode the message hash.
  *
  * Used by signing and verification.
@@ -4082,8 +4053,6 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
  * RSA public/private encrypt/decrypt APIs
  */
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
-
 /* Encrypt with the RSA public key.
  *
  * Return compliant with OpenSSL.
@@ -4481,7 +4450,6 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
     WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret);
     return ret;
 }
-#endif /* !HAVE_USER_RSA && !HAVE_FAST_RSA */
 
 /*
  * RSA misc operation APIs
@@ -4581,7 +4549,6 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* !HAVE_USER_RSA */
 
 #ifndef NO_WOLFSSL_STUB
 /* Enable blinding for RSA key operations.
@@ -5066,15 +5033,19 @@ int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
     WOLFSSL_ENTER("wolfSSL_DSA_set0_key");
 
     /* The private key may be NULL */
-    if (pub_key == NULL) {
+    if (d->pub_key == NULL && pub_key == NULL) {
         WOLFSSL_MSG("Bad parameter");
         return 0;
     }
 
-    wolfSSL_BN_free(d->pub_key);
-    wolfSSL_BN_free(d->priv_key);
-    d->pub_key = pub_key;
-    d->priv_key = priv_key;
+    if (pub_key != NULL) {
+        wolfSSL_BN_free(d->pub_key);
+        d->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        wolfSSL_BN_free(d->priv_key);
+        d->priv_key = priv_key;
+    }
 
     return 1;
 }
@@ -8528,7 +8499,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
     word32         keySz  = 0;
     int            pubSz  = MAX_DHKEY_SZ;
     int            privSz = MAX_DHKEY_SZ;
-    int            sz;
+    int            sz     = 0;
 #ifdef WOLFSSL_SMALL_STACK
     unsigned char* pub    = NULL;
     unsigned char* priv   = NULL;
diff --git a/extra/wolfssl/wolfssl/src/quic.c b/extra/wolfssl/wolfssl/src/quic.c
index 02622a7e..66f866a4 100644
--- a/extra/wolfssl/wolfssl/src/quic.c
+++ b/extra/wolfssl/wolfssl/src/quic.c
@@ -83,6 +83,11 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl,
         }
         else {
             qr->capacity = qr->len = qr_length(data, len);
+            if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
+                WOLFSSL_MSG("QUIC length read larger than expected");
+                quic_record_free(ssl, qr);
+                return NULL;
+            }
         }
         if (qr->capacity == 0) {
             qr->capacity = 2*1024;
@@ -129,6 +134,14 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
         consumed = missing;
 
         qr->len = qr_length(qr->data, qr->end);
+
+        /* sanity check on length read from wire before use */
+        if (qr->len > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
+            WOLFSSL_MSG("Length read for quic is larger than expected");
+            ret = BUFFER_E;
+            goto cleanup;
+        }
+
         if (qr->len > qr->capacity) {
             uint8_t *ndata = (uint8_t*)XREALLOC(qr->data, qr->len, ssl->heap,
                                                 DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/extra/wolfssl/wolfssl/src/sniffer.c b/extra/wolfssl/wolfssl/src/sniffer.c
index ddcb5403..d5fc5c17 100644
--- a/extra/wolfssl/wolfssl/src/sniffer.c
+++ b/extra/wolfssl/wolfssl/src/sniffer.c
@@ -447,7 +447,6 @@ typedef struct SnifferServer {
     struct SnifferServer* next;                  /* for list */
 } SnifferServer;
 
-
 /* Session Flags */
 typedef struct Flags {
     byte           side;            /* which end is current packet headed */
@@ -569,13 +568,13 @@ typedef struct SnifferSession {
 /* Sniffer Server List and mutex */
 static THREAD_LS_T WOLFSSL_GLOBAL SnifferServer* ServerList = NULL;
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex ServerListMutex;
+static WOLFSSL_GLOBAL wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex);
 #endif
 
 /* Session Hash Table, mutex, and count */
 static THREAD_LS_T WOLFSSL_GLOBAL SnifferSession* SessionTable[HASH_SIZE];
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex SessionMutex;
+static WOLFSSL_GLOBAL wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex);
 #endif
 static THREAD_LS_T WOLFSSL_GLOBAL int SessionCount = 0;
 
@@ -584,7 +583,7 @@ static WOLFSSL_GLOBAL int MaxRecoveryMemory  = -1;
                                            /* per session max recovery memory */
 #ifndef WOLFSSL_SNIFFER_NO_RECOVERY
 /* Recovery of missed data switches and stats */
-static WOLFSSL_GLOBAL wolfSSL_Mutex RecoveryMutex; /* for stats */
+static WOLFSSL_GLOBAL wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */
 /* # of sessions with missed data */
 static WOLFSSL_GLOBAL word32 MissedDataSessions = 0;
 #endif
@@ -596,7 +595,7 @@ static WOLFSSL_GLOBAL void*     ConnectionCbCtx = NULL;
 #ifdef WOLFSSL_SNIFFER_STATS
 /* Sessions Statistics */
 static WOLFSSL_GLOBAL SSLStats SnifferStats;
-static WOLFSSL_GLOBAL wolfSSL_Mutex StatsMutex;
+static WOLFSSL_GLOBAL wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex);
 #endif
 
 #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK
@@ -683,6 +682,7 @@ static int addKeyLogSnifferServerHelper(const char* address,
 void ssl_InitSniffer_ex(int devId)
 {
     wolfSSL_Init();
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 #ifndef HAVE_C___ATOMIC
     wc_InitMutex(&ServerListMutex);
     wc_InitMutex(&SessionMutex);
@@ -694,6 +694,11 @@ void ssl_InitSniffer_ex(int devId)
     XMEMSET(&SnifferStats, 0, sizeof(SSLStats));
     wc_InitMutex(&StatsMutex);
 #endif
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
+
+#ifdef WOLFSSL_SNIFFER_STATS
+    XMEMSET(&SnifferStats, 0, sizeof(SSLStats));
+#endif
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
     CryptoDeviceId = devId;
 #endif
@@ -903,6 +908,7 @@ void ssl_FreeSniffer(void)
 #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
 
 
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 #ifndef WOLFSSL_SNIFFER_NO_RECOVERY
     wc_FreeMutex(&RecoveryMutex);
 #endif
@@ -910,6 +916,7 @@ void ssl_FreeSniffer(void)
     wc_FreeMutex(&SessionMutex);
     wc_FreeMutex(&ServerListMutex);
 #endif
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
 
 #ifdef WOLF_CRYPTO_CB
     #ifdef HAVE_INTEL_QA_SYNC
@@ -7235,7 +7242,7 @@ static THREAD_LS_T WOLFSSL_GLOBAL
 SecretNode*
 secretHashTable[WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE] = {NULL};
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex secretListMutex;
+static WOLFSSL_GLOBAL wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex);
 #endif
 
 static unsigned int secretHashFunction(unsigned char* clientRandom);
diff --git a/extra/wolfssl/wolfssl/src/ssl.c b/extra/wolfssl/wolfssl/src/ssl.c
index e99f702f..ea66e429 100644
--- a/extra/wolfssl/wolfssl/src/ssl.c
+++ b/extra/wolfssl/wolfssl/src/ssl.c
@@ -309,8 +309,10 @@ int wc_OBJ_sn2nid(const char *sn)
 static WC_RNG globalRNG;
 static int initGlobalRNG = 0;
 
-static wolfSSL_Mutex globalRNGMutex;
+static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 static int globalRNGMutex_valid = 0;
+#endif
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG)
 static WOLFSSL_DRBG_CTX* gDrbgDefCtx = NULL;
@@ -406,8 +408,10 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local)
      *                OPENSSL_EXTRA where RAND callbacks are not used */
     #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
         static const WOLFSSL_RAND_METHOD* gRandMethods = NULL;
+        static wolfSSL_Mutex gRandMethodMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(gRandMethodMutex);
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         static int gRandMethodsInit = 0;
-        static wolfSSL_Mutex gRandMethodMutex;
+        #endif
     #endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */
 #endif /* OPENSSL_EXTRA */
 
@@ -1265,11 +1269,9 @@ int wolfSSL_send_session(WOLFSSL* ssl)
 
 /* prevent multiple mutex initializations */
 static volatile WOLFSSL_GLOBAL int initRefCount = 0;
-#ifdef WOLFSSL_MUTEX_INITIALIZER
-static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex = WOLFSSL_MUTEX_INITIALIZER;
-#else
-static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex;   /* init ref count mutex */
-static WOLFSSL_GLOBAL int count_mutex_valid = 0;
+static WOLFSSL_GLOBAL wolfSSL_Mutex inits_count_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex); /* init ref count mutex */
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+static WOLFSSL_GLOBAL int inits_count_mutex_valid = 0;
 #endif
 
 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
@@ -1474,17 +1476,35 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
 
     WOLFSSL_ENTER("wolfSSL_new");
 
-    if (ctx == NULL)
-        return ssl;
+    if (ctx == NULL) {
+        WOLFSSL_MSG("wolfSSL_new ctx is null");
+        return NULL;
+    }
 
     ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);
-    if (ssl)
-        if ( (ret = InitSSL(ssl, ctx, 0)) < 0) {
+
+    if (ssl == NULL) {
+        WOLFSSL_MSG_EX("ssl xmalloc failed to allocate %d bytes",
+                        (int)sizeof(WOLFSSL));
+    }
+    else {
+        ret = InitSSL(ssl, ctx, 0);
+        if (ret < 0) {
+            WOLFSSL_MSG_EX("wolfSSL_new failed during InitSSL. err = %d", ret);
             FreeSSL(ssl, ctx->heap);
-            ssl = 0;
+            ssl = NULL;
+        }
+        else if (ret == 0) {
+            WOLFSSL_MSG("wolfSSL_new InitSSL success");
         }
+        else {
+            /* Only success (0) or negative values should ever be seen. */
+            WOLFSSL_MSG_EX("WARNING: wolfSSL_new unexpected InitSSL return"
+                           " value = %d", ret);
+        } /* InitSSL check */
+    } /* ssl XMALLOC success */
 
-    WOLFSSL_LEAVE("wolfSSL_new", ret);
+    WOLFSSL_LEAVE("wolfSSL_new InitSSL =", ret);
     (void)ret;
 
     return ssl;
@@ -1495,8 +1515,14 @@ WOLFSSL_ABI
 void wolfSSL_free(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_free");
-    if (ssl)
+
+    if (ssl) {
+        WOLFSSL_MSG_EX("Free SSL: %p", (wc_ptr_t)ssl);
         FreeSSL(ssl, ssl->ctx->heap);
+    }
+    else {
+        WOLFSSL_MSG("Free SSL: wolfSSL_free already null");
+    }
     WOLFSSL_LEAVE("wolfSSL_free", 0);
 }
 
@@ -1581,6 +1607,18 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
     XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion));
     XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion));
 
+#ifdef HAVE_ONE_TIME_AUTH
+#ifdef HAVE_POLY1305
+    if (ssl->auth.setup && ssl->auth.poly1305 != NULL) {
+        dup->auth.poly1305 =
+            (Poly1305*)XMALLOC(sizeof(Poly1305), dup->heap, DYNAMIC_TYPE_CIPHER);
+        if (dup->auth.poly1305 == NULL)
+            return MEMORY_E;
+        dup->auth.setup = 1;
+    }
+#endif
+#endif
+
     /* dup side now owns encrypt/write ciphers */
     XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
 
@@ -3068,7 +3106,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                    ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, ssl->options.side);
     }
 
     WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
@@ -3240,20 +3278,6 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
         return BAD_FUNC_ARG;
     }
 #endif
-#ifdef WOLFSSL_EARLY_DATA
-    if (IsAtLeastTLSv1_3(ssl->version) &&
-            ssl->options.side == WOLFSSL_SERVER_END &&
-            ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
-        /* We can send data without waiting on peer finished msg */
-        WOLFSSL_MSG("server sending data before receiving client finished");
-    }
-    else if (ssl->earlyData != no_early_data &&
-            (ret = wolfSSL_negotiate(ssl)) < 0) {
-        ssl->error = ret;
-        return WOLFSSL_FATAL_ERROR;
-    }
-    ssl->earlyData = no_early_data;
-#endif
 
 #ifdef HAVE_WRITE_DUP
     { /* local variable scope */
@@ -5343,7 +5367,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, ssl->options.side);
     return WOLFSSL_SUCCESS;
 }
 #endif /* !leanpsk */
@@ -5610,7 +5634,8 @@ Signer* GetCAByName(void* vp, byte* hash)
 /* add a trusted peer cert to linked list */
 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
 {
-    int ret, row;
+    int ret = 0;
+    int row = 0;
     TrustedPeerCert* peerCert;
     DecodedCert* cert;
     DerBuffer*   der = *pDer;
@@ -5892,6 +5917,12 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
             signer->publicKey      = cert->publicKey;
             signer->pubKeySize     = cert->pubKeySize;
         }
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        signer->sapkiDer = cert->sapkiDer;
+        signer->sapkiLen = cert->sapkiLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
         if (cert->subjectCNStored) {
             signer->nameLen        = cert->subjectCNLen;
             signer->name           = cert->subjectCN;
@@ -5925,6 +5956,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         cert->permittedNames = NULL;
         cert->excludedNames = NULL;
     #endif
+        signer->type = (byte)type;
 
     #ifndef NO_SKID
         row = HashSigner(signer->subjectKeyIdHash);
@@ -6008,10 +6040,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
        aren't under heavy load, basically allows 200 new sessions per minute
 
        SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
-       or systems where the default of nearly 3kB is too much RAM, this define
-       uses less than 500 bytes RAM
+       or systems where the default of is too much RAM.
+       SessionCache takes about 2K, ClientCache takes about 3Kbytes
+
+       MICRO_SESSION_CACHE only stores 1 session, good for embedded clients
+       or systems where memory is at a premium.
+       SessionCache takes about 400 bytes, ClientCache takes 576 bytes
 
        default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
+       SessionCache takes about 13K bytes, ClientCache takes 17K bytes
     */
     #if defined(TITAN_SESSION_CACHE)
         #define SESSIONS_PER_ROW 31
@@ -6031,6 +6068,9 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     #elif defined(SMALL_SESSION_CACHE)
         #define SESSIONS_PER_ROW 2
         #define SESSION_ROWS 3
+    #elif defined(MICRO_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 1
+        #define SESSION_ROWS 1
     #else
         #define SESSIONS_PER_ROW 3
         #define SESSION_ROWS 11
@@ -6126,8 +6166,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                                                      /* Client Cache */
                                                      /* uses session mutex */
 
-        static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex; /* ClientCache mutex */
+        static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex); /* ClientCache mutex */
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         static WOLFSSL_GLOBAL int clisession_mutex_valid = 0;
+        #endif
     #endif /* !NO_CLIENT_CACHE */
 
     void EvictSessionFromCache(WOLFSSL_SESSION* session)
@@ -6185,22 +6227,40 @@ int wolfSSL_Init(void)
 
     WOLFSSL_ENTER("wolfSSL_Init");
 
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    if (inits_count_mutex_valid == 0) {
+        if (wc_InitMutex(&inits_count_mutex) != 0) {
+            WOLFSSL_MSG("Bad Init Mutex count");
+            return BAD_MUTEX_E;
+        }
+        else {
+            inits_count_mutex_valid = 1;
+        }
+    }
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
+
+    if (wc_LockMutex(&inits_count_mutex) != 0) {
+        WOLFSSL_MSG("Bad Lock Mutex count");
+        return BAD_MUTEX_E;
+    }
+
     #if FIPS_VERSION_GE(5,1)
+    if ((ret == WOLFSSL_SUCCESS) && (initRefCount == 0)) {
         ret = wolfCrypt_SetPrivateKeyReadEnable_fips(1, WC_KEYTYPE_ALL);
-        if (ret != 0)
-            return ret;
-        else
+        if (ret == 0)
             ret = WOLFSSL_SUCCESS;
+    }
     #endif
 
-    if (initRefCount == 0) {
+    if ((ret == WOLFSSL_SUCCESS) && (initRefCount == 0)) {
         /* Initialize crypto for use with TLS connection */
+
         if (wolfCrypt_Init() != 0) {
             WOLFSSL_MSG("Bad wolfCrypt Init");
             ret = WC_INIT_E;
         }
 
-#ifdef HAVE_GLOBAL_RNG
+#if defined(HAVE_GLOBAL_RNG) && !defined(WOLFSSL_MUTEX_INITIALIZER)
         if (ret == WOLFSSL_SUCCESS) {
             if (wc_InitMutex(&globalRNGMutex) != 0) {
                 WOLFSSL_MSG("Bad Init Mutex rng");
@@ -6255,6 +6315,7 @@ int wolfSSL_Init(void)
         }
     #endif
     #ifndef NO_CLIENT_CACHE
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (ret == WOLFSSL_SUCCESS) {
             if (wc_InitMutex(&clisession_mutex) != 0) {
                 WOLFSSL_MSG("Bad Init Mutex session");
@@ -6264,19 +6325,9 @@ int wolfSSL_Init(void)
                 clisession_mutex_valid = 1;
             }
         }
+        #endif
     #endif
 #endif
-#ifndef WOLFSSL_MUTEX_INITIALIZER
-        if (ret == WOLFSSL_SUCCESS) {
-            if (wc_InitMutex(&count_mutex) != 0) {
-                WOLFSSL_MSG("Bad Init Mutex count");
-                ret = BAD_MUTEX_E;
-            }
-            else {
-                count_mutex_valid = 1;
-            }
-        }
-#endif /* !WOLFSSL_MUTEX_INITIALIZER */
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
         /* OpenSSL registers cleanup using atexit */
         if ((ret == WOLFSSL_SUCCESS) && (atexit(AtExitCleanup) != 0)) {
@@ -6287,16 +6338,11 @@ int wolfSSL_Init(void)
     }
 
     if (ret == WOLFSSL_SUCCESS) {
-        if (wc_LockMutex(&count_mutex) != 0) {
-            WOLFSSL_MSG("Bad Lock Mutex count");
-            ret = BAD_MUTEX_E;
-        }
-        else {
-            initRefCount++;
-            wc_UnLockMutex(&count_mutex);
-        }
+        initRefCount++;
     }
 
+    wc_UnLockMutex(&inits_count_mutex);
+
     if (ret != WOLFSSL_SUCCESS) {
         initRefCount = 1; /* Force cleanup */
         (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */
@@ -6505,7 +6551,10 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                     "not enabled to try");
         ret = WOLFSSL_BAD_FILE;
     #else
-        ret = 0; /* continue trying other algorithms */
+        if (*keyFormat == 0) {
+            /* Format unknown so keep trying. */
+            ret = 0; /* continue trying other algorithms */
+        }
     #endif
     }
     else {
@@ -6578,7 +6627,10 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                         "not enabled to try");
             ret = WOLFSSL_BAD_FILE;
         #else
-            ret = 0; /* continue trying other algorithms */
+            if (*keyFormat == 0) {
+                /* Format unknown so keep trying. */
+                ret = 0; /* continue trying other algorithms */
+            }
         #endif
         }
         else {
@@ -6690,7 +6742,7 @@ static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 *resetSuites = 1;
             }
         }
-        else {
+        else if (*keyFormat == 0) {
             ret = 0; /* continue trying other algorithms */
         }
 
@@ -6753,7 +6805,7 @@ static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                     ssl->buffers.keyType = ed25519_sa_algo;
                     ssl->buffers.keySz = *keySz;
                 }
-                else if (ctx) {
+                else {
                     ctx->privateKeyType = ed25519_sa_algo;
                     ctx->privateKeySz = *keySz;
                 }
@@ -6771,7 +6823,7 @@ static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 }
             }
         }
-        else {
+        else if (*keyFormat == 0) {
             ret = 0; /* continue trying other algorithms */
         }
 
@@ -6849,6 +6901,9 @@ static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 }
             }
         }
+        else if (*keyFormat == 0) {
+            ret = 0; /* continue trying other algorithms */
+        }
 
         wc_ed448_free(key);
     }
@@ -6864,12 +6919,13 @@ static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 #if defined(HAVE_FALCON)
 static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap)
+    void* heap, int type)
 {
     int ret;
     /* make sure Falcon key can be used */
     falcon_key* key = (falcon_key*)XMALLOC(sizeof(falcon_key), heap,
                                            DYNAMIC_TYPE_FALCON);
+    (void) type;
     if (key == NULL) {
         return MEMORY_E;
     }
@@ -6902,28 +6958,60 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 ret = FALCON_KEY_SIZE_E;
             }
             if (ssl) {
-                if (*keyFormat == FALCON_LEVEL1k) {
-                    ssl->buffers.keyType = falcon_level1_sa_algo;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (type == ALT_PRIVATEKEY_TYPE) {
+                    if (*keyFormat == FALCON_LEVEL1k) {
+                        ssl->buffers.altKeyType = falcon_level1_sa_algo;
+                    }
+                    else {
+                        ssl->buffers.altKeyType = falcon_level5_sa_algo;
+                    }
+                    ssl->buffers.altKeySz = *keySz;
                 }
-                else {
-                    ssl->buffers.keyType = falcon_level5_sa_algo;
+                else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                {
+                    if (*keyFormat == FALCON_LEVEL1k) {
+                        ssl->buffers.keyType = falcon_level1_sa_algo;
+                    }
+                    else {
+                        ssl->buffers.keyType = falcon_level5_sa_algo;
+                    }
+                    ssl->buffers.keySz = *keySz;
                 }
-                ssl->buffers.keySz = *keySz;
             }
             else {
-                if (*keyFormat == FALCON_LEVEL1k) {
-                    ctx->privateKeyType = falcon_level1_sa_algo;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (type == ALT_PRIVATEKEY_TYPE) {
+                    if (*keyFormat == FALCON_LEVEL1k) {
+                        ctx->altPrivateKeyType = falcon_level1_sa_algo;
+                    }
+                    else {
+                        ctx->altPrivateKeyType = falcon_level5_sa_algo;
+                    }
+                    ctx->altPrivateKeySz = *keySz;
                 }
-                else {
-                    ctx->privateKeyType = falcon_level5_sa_algo;
+                else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                {
+                    if (*keyFormat == FALCON_LEVEL1k) {
+                        ctx->privateKeyType = falcon_level1_sa_algo;
+                    }
+                    else {
+                        ctx->privateKeyType = falcon_level5_sa_algo;
+                    }
+                    ctx->privateKeySz = *keySz;
                 }
-                ctx->privateKeySz = *keySz;
             }
 
             if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
                 *resetSuites = 1;
             }
         }
+        else if (*keyFormat == 0) {
+            ret = 0; /* continue trying other algorithms */
+        }
+
         wc_falcon_free(key);
     }
     XFREE(key, heap, DYNAMIC_TYPE_FALCON);
@@ -6934,12 +7022,13 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 #if defined(HAVE_DILITHIUM)
 static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap)
+    void* heap, int type)
 {
     int ret;
     /* make sure Dilithium key can be used */
     dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
                                                  DYNAMIC_TYPE_DILITHIUM);
+    (void) type;
     if (key == NULL) {
         return MEMORY_E;
     }
@@ -6975,34 +7064,72 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 ret = DILITHIUM_KEY_SIZE_E;
             }
             if (ssl) {
-                if (*keyFormat == DILITHIUM_LEVEL2k) {
-                    ssl->buffers.keyType = dilithium_level2_sa_algo;
-                }
-                else if (*keyFormat == DILITHIUM_LEVEL3k) {
-                    ssl->buffers.keyType = dilithium_level3_sa_algo;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (type == ALT_PRIVATEKEY_TYPE) {
+                    if (*keyFormat == DILITHIUM_LEVEL2k) {
+                        ssl->buffers.altKeyType = dilithium_level2_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL3k) {
+                        ssl->buffers.altKeyType = dilithium_level3_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL5k) {
+                        ssl->buffers.altKeyType = dilithium_level5_sa_algo;
+                    }
+                    ssl->buffers.altKeySz = *keySz;
                 }
-                else if (*keyFormat == DILITHIUM_LEVEL5k) {
-                    ssl->buffers.keyType = dilithium_level5_sa_algo;
+                else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                {
+                    if (*keyFormat == DILITHIUM_LEVEL2k) {
+                        ssl->buffers.keyType = dilithium_level2_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL3k) {
+                        ssl->buffers.keyType = dilithium_level3_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL5k) {
+                        ssl->buffers.keyType = dilithium_level5_sa_algo;
+                    }
+                    ssl->buffers.keySz = *keySz;
                 }
-                ssl->buffers.keySz = *keySz;
             }
             else {
-                if (*keyFormat == DILITHIUM_LEVEL2k) {
-                    ctx->privateKeyType = dilithium_level2_sa_algo;
-                }
-                else if (*keyFormat == DILITHIUM_LEVEL3k) {
-                    ctx->privateKeyType = dilithium_level3_sa_algo;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (type == ALT_PRIVATEKEY_TYPE) {
+                    if (*keyFormat == DILITHIUM_LEVEL2k) {
+                        ctx->altPrivateKeyType = dilithium_level2_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL3k) {
+                        ctx->altPrivateKeyType = dilithium_level3_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL5k) {
+                        ctx->altPrivateKeyType = dilithium_level5_sa_algo;
+                    }
+                    ctx->altPrivateKeySz = *keySz;
                 }
-                else if (*keyFormat == DILITHIUM_LEVEL5k) {
-                    ctx->privateKeyType = dilithium_level5_sa_algo;
+                else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                {
+                    if (*keyFormat == DILITHIUM_LEVEL2k) {
+                        ctx->privateKeyType = dilithium_level2_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL3k) {
+                        ctx->privateKeyType = dilithium_level3_sa_algo;
+                    }
+                    else if (*keyFormat == DILITHIUM_LEVEL5k) {
+                        ctx->privateKeyType = dilithium_level5_sa_algo;
+                    }
+                    ctx->privateKeySz = *keySz;
                 }
-                ctx->privateKeySz = *keySz;
             }
 
             if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
                 *resetSuites = 1;
             }
         }
+        else if (*keyFormat == 0) {
+            ret = 0; /* continue trying other algorithms */
+        }
+
         wc_dilithium_free(key);
     }
     XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
@@ -7014,12 +7141,13 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 
 static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap, int devId)
+    void* heap, int devId, int type)
 {
     int ret = 0;
 
     (void)heap;
     (void)devId;
+    (void)type;
 
     if (ctx == NULL && ssl == NULL)
         return BAD_FUNC_ARG;
@@ -7073,7 +7201,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     if (((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) ||
          (*keyFormat == FALCON_LEVEL5k))) {
         ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keySz, idx,
-            resetSuites, keyFormat, heap);
+            resetSuites, keyFormat, heap, type);
         if (ret != 0)
             return ret;
     }
@@ -7084,7 +7212,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         (*keyFormat == DILITHIUM_LEVEL3k) ||
         (*keyFormat == DILITHIUM_LEVEL5k)) {
         ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keySz, idx,
-            resetSuites, keyFormat, heap);
+            resetSuites, keyFormat, heap, type);
         if (ret != 0) {
             return ret;
         }
@@ -7317,6 +7445,35 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 #endif
         }
     }
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    else if (type == ALT_PRIVATEKEY_TYPE) {
+        if (ssl != NULL) {
+             /* Make sure previous is free'd */
+            if (ssl->buffers.weOwnAltKey) {
+                ForceZero(ssl->buffers.altKey->buffer,
+                          ssl->buffers.altKey->length);
+                FreeDer(&ssl->buffers.altKey);
+            }
+            ssl->buffers.altKey = der;
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+            wc_MemZero_Add("SSL Buffers key", der->buffer, der->length);
+#endif
+            ssl->buffers.weOwnAltKey = 1;
+        }
+        else if (ctx != NULL) {
+            if (ctx->altPrivateKey != NULL &&
+                ctx->altPrivateKey->buffer != NULL) {
+                ForceZero(ctx->altPrivateKey->buffer,
+                          ctx->altPrivateKey->length);
+            }
+            FreeDer(&ctx->altPrivateKey);
+            ctx->altPrivateKey = der;
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+            wc_MemZero_Add("CTX private key", der->buffer, der->length);
+#endif
+        }
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
     else {
         FreeDer(&der);
         return WOLFSSL_BAD_CERTTYPE;
@@ -7325,9 +7482,13 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
     if (done == 1) {
         /* No operation, just skip the next section */
     }
-    else if (type == PRIVATEKEY_TYPE) {
+    else if (type == PRIVATEKEY_TYPE
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+             || type == ALT_PRIVATEKEY_TYPE
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+            ) {
         ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites,
-                &keyFormat, heap, devId);
+                &keyFormat, heap, devId, type);
 
     #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
         /* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */
@@ -7373,7 +7534,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             wc_MemZero_Check(password, NAME_SZ);
         #endif
             ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx,
-                &resetSuites, &keyFormat, heap, devId);
+                &resetSuites, &keyFormat, heap, devId, type);
         }
     #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
 
@@ -7747,6 +7908,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
         #if defined(HAVE_FALCON)
             case FALCON_LEVEL1k:
             case FALCON_LEVEL5k:
+            #ifdef WOLF_PRIVATE_KEY_ID
+                keyType = falcon_level5_sa_algo;
+            #endif
                 /* Falcon is fixed key size */
                 keySz = FALCON_MAX_KEY_SIZE;
                 if (ssl && !ssl->options.verifyNone) {
@@ -7769,6 +7933,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             case DILITHIUM_LEVEL2k:
             case DILITHIUM_LEVEL3k:
             case DILITHIUM_LEVEL5k:
+            #ifdef WOLF_PRIVATE_KEY_ID
+                keyType = dilithium_level5_sa_algo;
+            #endif
                 /* Dilithium is fixed key size */
                 keySz = DILITHIUM_MAX_KEY_SIZE;
                 if (ssl && !ssl->options.verifyNone) {
@@ -7853,7 +8020,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                    havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                    ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, ssl->options.side);
     }
     else if (ctx && resetSuites) {
         word16 havePSK = 0;
@@ -7877,7 +8044,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                    ctx->haveECC, TRUE, ctx->haveStaticECC,
                    ctx->haveFalconSig, ctx->haveDilithiumSig,
 #ifdef HAVE_ANON
-                   ctx->haveAnon,
+                   ctx->useAnon,
 #else
                    FALSE,
 #endif
@@ -8874,7 +9041,20 @@ int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
     return WOLFSSL_FAILURE;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wolfSSL_CTX_use_AltPrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
+                                       int format)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_file");
+
+    if (ProcessFile(ctx, file, format, ALT_PRIVATEKEY_TYPE, NULL, 0, NULL,
+                    GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
+        return WOLFSSL_SUCCESS;
+    }
 
+    return WOLFSSL_FAILURE;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #endif /* NO_FILESYSTEM */
 
 
@@ -9103,6 +9283,19 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
             type = DYNAMIC_TYPE_ECC;
         }
     #endif
+    #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+        if ((der->keyOID == DILITHIUM_LEVEL2k) ||
+            (der->keyOID == DILITHIUM_LEVEL3k) ||
+            (der->keyOID == DILITHIUM_LEVEL5k)) {
+            type = DYNAMIC_TYPE_DILITHIUM;
+        }
+    #endif
+    #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+        if ((der->keyOID == FALCON_LEVEL1k) ||
+            (der->keyOID == FALCON_LEVEL5k)) {
+            type = DYNAMIC_TYPE_FALCON;
+        }
+    #endif
 
         ret = CreateDevPrivateKey(&pkey, buff, size, type,
                                   isKeyLabel, isKeyId, heap, devId);
@@ -9124,6 +9317,23 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
                                                der->publicKey, der->pubKeySize);
             }
             #endif
+            #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+            if ((der->keyOID == DILITHIUM_LEVEL2k) ||
+                (der->keyOID == DILITHIUM_LEVEL3k) ||
+                (der->keyOID == DILITHIUM_LEVEL5k)) {
+                ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
+                                            WC_PQC_SIG_TYPE_DILITHIUM,
+                                            der->publicKey, der->pubKeySize);
+            }
+            #endif
+            #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+            if ((der->keyOID == FALCON_LEVEL1k) ||
+                (der->keyOID == FALCON_LEVEL5k)) {
+                ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
+                                            WC_PQC_SIG_TYPE_FALCON,
+                                            der->publicKey, der->pubKeySize);
+            }
+            #endif
         }
         #else
             /* devId was set, don't check, for now */
@@ -9143,6 +9353,19 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
             if (der->keyOID == ECDSAk) {
                 wc_ecc_free((ecc_key*)pkey);
             }
+        #endif
+        #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+            if ((der->keyOID == DILITHIUM_LEVEL2k) ||
+                (der->keyOID == DILITHIUM_LEVEL3k) ||
+                (der->keyOID == DILITHIUM_LEVEL5k)) {
+                wc_dilithium_free((dilithium_key*)pkey);
+            }
+        #endif
+        #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+            if ((der->keyOID == FALCON_LEVEL1k) ||
+                (der->keyOID == FALCON_LEVEL5k)) {
+                wc_falcon_free((falcon_key*)pkey);
+            }
         #endif
             XFREE(pkey, heap, type);
         }
@@ -9948,7 +10171,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
     word32 idx = 0, algId;
     word16 pkcs8HeaderSz = 0;
     WOLFSSL_EVP_PKEY* local;
-    int opt;
+    int opt = 0;
 
     (void)opt;
 
@@ -10281,7 +10504,7 @@ int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz)
 
 int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
 {
-    long idx;
+    long idx = 0;
 
     WOLFSSL_ENTER("wolfSSL_use_certificate");
     if (x509 != NULL && ssl != NULL && x509->derCert != NULL) {
@@ -10527,7 +10750,7 @@ WOLFSSL_API int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp)
 int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
                                  int derSz)
 {
-    long idx;
+    long idx = 0;
 
     WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");
     if (der != NULL && ssl != NULL) {
@@ -11684,8 +11907,8 @@ static int CheckcipherList(const char* list)
  *
  * returns WOLFSSL_SUCCESS on success and sets the cipher suite list
  */
-static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
-        const char* list)
+static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+        Suites* suites, const char* list)
 {
     int     ret = 0;
     int     listattribute = 0;
@@ -11710,7 +11933,7 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
        /* list has mixed(pre-TLSv13 and TLSv13) suites
         * update cipher suites the same as before
         */
-        return (SetCipherList(ctx, suites, list)) ? WOLFSSL_SUCCESS :
+        return (SetCipherList_ex(ctx, ssl, suites, list)) ? WOLFSSL_SUCCESS :
         WOLFSSL_FAILURE;
     }
     else if (listattribute == 1) {
@@ -11724,28 +11947,37 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
         * simulate set_ciphersuites() compatibility layer API
         */
         tls13Only = 1;
-        if (!IsAtLeastTLSv1_3(ctx->method->version)) {
+        if ((ctx != NULL && !IsAtLeastTLSv1_3(ctx->method->version)) ||
+                (ssl != NULL && !IsAtLeastTLSv1_3(ssl->version))) {
             /* Silently ignore TLS 1.3 ciphers if we don't support it. */
             return WOLFSSL_SUCCESS;
         }
     }
 
     /* list contains ciphers either only for TLS 1.3 or <= TLS 1.2 */
-
+    if (suites->suiteSz == 0) {
+        WOLFSSL_MSG("Warning suites->suiteSz = 0 set to WOLFSSL_MAX_SUITE_SZ");
+        suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
+    }
 #ifdef WOLFSSL_SMALL_STACK
     if (suites->suiteSz > 0) {
         suitesCpy = (byte*)XMALLOC(suites->suiteSz, NULL,
                 DYNAMIC_TYPE_TMP_BUFFER);
-        if (suitesCpy == NULL)
+        if (suitesCpy == NULL) {
             return WOLFSSL_FAILURE;
+        }
+
+        XMEMSET(suitesCpy, 0, suites->suiteSz);
     }
+#else
+        XMEMSET(suitesCpy, 0, sizeof(suitesCpy));
 #endif
 
     if (suites->suiteSz > 0)
         XMEMCPY(suitesCpy, suites->suites, suites->suiteSz);
     suitesCpySz = suites->suiteSz;
 
-    ret = SetCipherList(ctx, suites, list);
+    ret = SetCipherList_ex(ctx, ssl, suites, list);
     if (ret != 1) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11809,7 +12041,7 @@ int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
         return WOLFSSL_FAILURE;
 
 #ifdef OPENSSL_EXTRA
-    return wolfSSL_parse_cipher_list(ctx, ctx->suites, list);
+    return wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list);
 #else
     return (SetCipherList(ctx, ctx->suites, list)) ?
         WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
@@ -11845,9 +12077,9 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
         return WOLFSSL_FAILURE;
 
 #ifdef OPENSSL_EXTRA
-    return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list);
+    return wolfSSL_parse_cipher_list(NULL, ssl, ssl->suites, list);
 #else
-    return (SetCipherList(ssl->ctx, ssl->suites, list)) ?
+    return (SetCipherList_ex(NULL, ssl, ssl->suites, list)) ?
         WOLFSSL_SUCCESS :
         WOLFSSL_FAILURE;
 #endif
@@ -12418,10 +12650,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         return wolfSSL_connect_TLSv13(ssl);
     #else
         #ifdef WOLFSSL_TLS13
-        if (ssl->options.tls1_3)
+        if (ssl->options.tls1_3) {
+            WOLFSSL_MSG("TLS 1.3");
             return wolfSSL_connect_TLSv13(ssl);
+        }
         #endif
 
+        WOLFSSL_MSG("TLS 1.2 or lower");
         WOLFSSL_ENTER("wolfSSL_connect");
 
         /* make sure this wolfSSL object has arrays and rng setup. Protects
@@ -12539,11 +12774,14 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                     neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
             #endif
             /* get response */
+            WOLFSSL_MSG("Server state up to needed state.");
             while (ssl->options.serverState < neededState) {
+                WOLFSSL_MSG("Progressing server state...");
                 #ifdef WOLFSSL_TLS13
                     if (ssl->options.tls1_3)
                         return wolfSSL_connect_TLSv13(ssl);
                 #endif
+                WOLFSSL_MSG("ProcessReply...");
                 if ( (ssl->error = ProcessReply(ssl)) < 0) {
                     WOLFSSL_ERROR(ssl->error);
                     return WOLFSSL_FATAL_ERROR;
@@ -12559,6 +12797,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                             neededState = SERVER_HELLODONE_COMPLETE;
                     }
                 }
+                WOLFSSL_MSG("ProcessReply done.");
 
 #ifdef WOLFSSL_DTLS13
                 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)
@@ -12947,7 +13186,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         (void)havePSK;
 
         #ifdef HAVE_ANON
-            haveAnon = ssl->options.haveAnon;
+            haveAnon = ssl->options.useAnon;
         #endif
         (void)haveAnon;
 
@@ -13389,9 +13628,9 @@ int wolfSSL_Cleanup(void)
     WOLFSSL_ENTER("wolfSSL_Cleanup");
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
-    if (count_mutex_valid == 1) {
+    if (inits_count_mutex_valid == 1) {
 #endif
-        if (wc_LockMutex(&count_mutex) != 0) {
+        if (wc_LockMutex(&inits_count_mutex) != 0) {
             WOLFSSL_MSG("Bad Lock Mutex count");
             return BAD_MUTEX_E;
         }
@@ -13406,9 +13645,9 @@ int wolfSSL_Cleanup(void)
     }
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
-    if (count_mutex_valid == 1) {
+    if (inits_count_mutex_valid == 1) {
 #endif
-        wc_UnLockMutex(&count_mutex);
+        wc_UnLockMutex(&inits_count_mutex);
 #ifndef WOLFSSL_MUTEX_INITIALIZER
     }
 #endif
@@ -13452,6 +13691,7 @@ int wolfSSL_Cleanup(void)
         }
     }
     #ifndef NO_CLIENT_CACHE
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     if ((clisession_mutex_valid == 1) &&
         (wc_FreeMutex(&clisession_mutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
@@ -13459,14 +13699,15 @@ int wolfSSL_Cleanup(void)
     }
     clisession_mutex_valid = 0;
     #endif
+    #endif
 #endif /* !NO_SESSION_CACHE */
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
-    if ((count_mutex_valid == 1) && (wc_FreeMutex(&count_mutex) != 0)) {
+    if ((inits_count_mutex_valid == 1) && (wc_FreeMutex(&inits_count_mutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
             ret = BAD_MUTEX_E;
     }
-    count_mutex_valid = 0;
+    inits_count_mutex_valid = 0;
 #endif
 
 #ifdef OPENSSL_EXTRA
@@ -13487,11 +13728,13 @@ int wolfSSL_Cleanup(void)
 #endif
 
 #ifdef HAVE_GLOBAL_RNG
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if ((globalRNGMutex_valid == 1) && (wc_FreeMutex(&globalRNGMutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
             ret = BAD_MUTEX_E;
     }
     globalRNGMutex_valid = 0;
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
 
     #if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG)
     wolfSSL_FIPS_drbg_free(gDrbgDefCtx);
@@ -14469,6 +14712,9 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
             WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
             error = -1;
         }
+        /* Prevent memory access before clientSession->serverRow and
+         * clientSession->serverIdx are sanitized. */
+        XFENCE();
         if (error == 0) {
             /* Lock row */
             sessRow = &SessionCache[clientSession->serverRow];
@@ -15543,7 +15789,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                    ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, ssl->options.side);
     }
     #ifdef OPENSSL_EXTRA
     /**
@@ -15600,7 +15846,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                    ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, ssl->options.side);
     }
 
     const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@@ -15691,7 +15937,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         if (ctx == NULL)
             return WOLFSSL_FAILURE;
 
-        ctx->haveAnon = 1;
+        ctx->useAnon = 1;
 
         return WOLFSSL_SUCCESS;
     }
@@ -15762,10 +16008,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return BAD_FUNC_ARG;
         }
 
-        verify = GET_VERIFY_SETTING_CTX(ctx);
-        if (WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS &
-                 WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
+        #if (WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
             verify = VERIFY_SKIP_DATE;
+        #else
+            verify = GET_VERIFY_SETTING_CTX(ctx);
+        #endif
 
         if (format == WOLFSSL_FILETYPE_PEM)
             return ProcessChainBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE,
@@ -16115,6 +16362,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             ssl->buffers.weOwnKey = 0;
         }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        if (ssl->buffers.weOwnAltKey) {
+            WOLFSSL_MSG("Unloading alt key");
+            ForceZero(ssl->buffers.altKey->buffer, ssl->buffers.altKey->length);
+            FreeDer(&ssl->buffers.altKey);
+            ssl->buffers.weOwnAltKey = 0;
+        }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
         return WOLFSSL_SUCCESS;
     }
 
@@ -16129,6 +16385,22 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         return wolfSSL_CertManagerUnloadCAs(ctx->cm);
     }
 
+    int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx)
+    {
+        WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts");
+
+        if (ctx == NULL)
+            return BAD_FUNC_ARG;
+
+        if (ctx->ref.count > 1) {
+            WOLFSSL_MSG("ctx object must have a ref count of 1 before "
+                        "unloading intermediate certs");
+            return BAD_STATE_E;
+        }
+
+        return wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm);
+    }
+
 
 #ifdef WOLFSSL_TRUST_PEER_CERT
     int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx)
@@ -16393,7 +16665,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         /* cast so that compiler reminds us of unimplemented values */
         switch ((enum SignatureAlgorithm)sigType) {
         case anonymous_sa_algo:
-            *sigAlgo = (enum Key_Sum)0;
+            *sigAlgo = ANONk;
             break;
         case rsa_sa_algo:
             *sigAlgo = RSAk;
@@ -16710,6 +16982,11 @@ cleanup:
         }
 #endif
 
+#ifdef NO_FILESYSTEM
+        WOLFSSL_MSG("wolfSSL_CTX_set_default_verify_paths not supported"
+                    " with NO_FILESYSTEM enabled");
+        ret = WOLFSSL_FATAL_ERROR;
+#else
         ret = wolfSSL_CTX_load_system_CA_certs(ctx);
         if (ret == WOLFSSL_BAD_PATH) {
             /*
@@ -16718,6 +16995,7 @@ cleanup:
              */
             ret = WOLFSSL_SUCCESS;
         }
+#endif
 
         WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
 
@@ -18860,7 +19138,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
     sk = wolfSSL_sk_X509_new_null();
     i = ssl->session->chain.count-1;
     for (; i >= 0; i--) {
-        x509 = wolfSSL_X509_new();
+        x509 = wolfSSL_X509_new_ex(ssl->heap);
         if (x509 == NULL) {
             WOLFSSL_MSG("Error Creating X509");
             wolfSSL_sk_X509_pop_free(sk, NULL);
@@ -19228,9 +19506,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
                 return NULL;
             }
             #ifndef WOLFSSL_X509_STORE_CERTS
-            ssl->ourCert = wolfSSL_X509_d2i(NULL,
+            ssl->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                               ssl->buffers.certificate->buffer,
-                                              ssl->buffers.certificate->length);
+                                              ssl->buffers.certificate->length,
+                                              ssl->heap);
             #endif
         }
         return ssl->ourCert;
@@ -19243,9 +19522,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
                     return NULL;
                 }
                 #ifndef WOLFSSL_X509_STORE_CERTS
-                ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
+                ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                                ssl->ctx->certificate->buffer,
-                                               ssl->ctx->certificate->length);
+                                               ssl->ctx->certificate->length,
+                                               ssl->heap);
                 #endif
                 ssl->ctx->ownOurCert = 1;
             }
@@ -19265,9 +19545,9 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx)
                 return NULL;
             }
             #ifndef WOLFSSL_X509_STORE_CERTS
-            ctx->ourCert = wolfSSL_X509_d2i(NULL,
+            ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                            ctx->certificate->buffer,
-                                           ctx->certificate->length);
+                                           ctx->certificate->length, ctx->heap);
             #endif
             ctx->ownOurCert = 1;
         }
@@ -19778,12 +20058,17 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
 #ifdef HAVE_SESSION_TICKET
     if (session->ticketLenAlloc > 0) {
         XFREE(session->ticket, session->heap, DYNAMIC_TYPE_SESSION_TICK);
+        session->ticket = session->staticTicket;
+        session->ticketLen = 0;
+        session->ticketLenAlloc = 0;
     }
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
     (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
     if (session->ticketNonce.data != session->ticketNonce.dataStatic) {
         XFREE(session->ticketNonce.data, session->heap,
             DYNAMIC_TYPE_SESSION_TICK);
+        session->ticketNonce.data = session->ticketNonce.dataStatic;
+        session->ticketNonce.len = 0;
     }
 #endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
 #endif
@@ -21793,7 +22078,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                    ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, ssl->options.side);
     }
 
     return ssl->options.mask;
@@ -23150,7 +23435,7 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
     WOLFSSL_SESSION* s = NULL;
     int ret = 0;
 #if defined(HAVE_EXT_CACHE)
-    int idx;
+    int idx = 0;
     byte* data;
 #ifdef SESSION_CERTS
     int j;
@@ -24175,7 +24460,7 @@ static int pem_write_pubkey(WOLFSSL_EVP_PKEY* key, void* heap, byte** derBuf,
     }
 
     switch (key->type) {
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
         case EVP_PKEY_RSA:
             if ((sz = wolfSSL_RSA_To_Der(key->rsa, &buf, 1, heap))
                     < 0) {
@@ -24183,7 +24468,7 @@ static int pem_write_pubkey(WOLFSSL_EVP_PKEY* key, void* heap, byte** derBuf,
                 break;
             }
             break;
-#endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
         defined(WOLFSSL_CERT_GEN))
         case EVP_PKEY_DSA:
@@ -24373,119 +24658,167 @@ int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list)
     return SetSuitesHashSigAlgo(ssl->suites, list);
 }
 
-struct WOLFSSL_HashSigInfo {
-    int hashAlgo;
-    int sigAlgo;
-    int nid;
-}  wolfssl_hash_sig_info[] =
+static int HashToNid(byte hashAlgo, int* nid)
 {
-#ifndef NO_RSA
-    #ifndef NO_SHA256
-        { sha256_mac, rsa_sa_algo, CTC_SHA256wRSA },
-    #endif
-    #ifdef WOLFSSL_SHA384
-        { sha384_mac, rsa_sa_algo, CTC_SHA384wRSA },
-    #endif
-    #ifdef WOLFSSL_SHA512
-        { sha512_mac, rsa_sa_algo, CTC_SHA512wRSA },
-    #endif
-    #ifdef WOLFSSL_SHA224
-        { sha224_mac, rsa_sa_algo, CTC_SHA224wRSA },
-    #endif
-    #ifndef NO_SHA
-        { sha_mac,    rsa_sa_algo, CTC_SHAwRSA },
-    #endif
-    #ifdef WC_RSA_PSS
-        #ifndef NO_SHA256
-            { sha256_mac, rsa_pss_sa_algo, CTC_SHA256wRSA },
-        #endif
-        #ifdef WOLFSSL_SHA384
-            { sha384_mac, rsa_pss_sa_algo, CTC_SHA384wRSA },
-        #endif
-        #ifdef WOLFSSL_SHA512
-            { sha512_mac, rsa_pss_sa_algo, CTC_SHA512wRSA },
-        #endif
-        #ifdef WOLFSSL_SHA224
-            { sha224_mac, rsa_pss_sa_algo, CTC_SHA224wRSA },
-        #endif
-    #endif
-#endif
-#ifdef HAVE_ECC
-    #ifndef NO_SHA256
-        { sha256_mac, ecc_dsa_sa_algo, CTC_SHA256wECDSA },
-    #endif
-    #ifdef WOLFSSL_SHA384
-        { sha384_mac, ecc_dsa_sa_algo, CTC_SHA384wECDSA },
-    #endif
-    #ifdef WOLFSSL_SHA512
-        { sha512_mac, ecc_dsa_sa_algo, CTC_SHA512wECDSA },
-    #endif
-    #ifdef WOLFSSL_SHA224
-        { sha224_mac, ecc_dsa_sa_algo, CTC_SHA224wECDSA },
-    #endif
-    #ifndef NO_SHA
-        { sha_mac,    ecc_dsa_sa_algo, CTC_SHAwECDSA },
-    #endif
-#endif
-#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-    { sm3_mac, sm2_sa_algo, CTC_SM3wSM2 },
-#endif
+    int ret = WOLFSSL_SUCCESS;
+
+    /* Cast for compiler to check everything is implemented */
+    switch ((enum wc_MACAlgorithm)hashAlgo) {
+        case no_mac:
+        case rmd_mac:
+            *nid = NID_undef;
+            break;
+        case md5_mac:
+            *nid = NID_md5;
+            break;
+        case sha_mac:
+            *nid = NID_sha1;
+            break;
+        case sha224_mac:
+            *nid = NID_sha224;
+            break;
+        case sha256_mac:
+            *nid = NID_sha256;
+            break;
+        case sha384_mac:
+            *nid = NID_sha384;
+            break;
+        case sha512_mac:
+            *nid = NID_sha512;
+            break;
+        case blake2b_mac:
+            *nid = NID_blake2b512;
+            break;
+        case sm3_mac:
+            *nid = NID_sm3;
+            break;
+        default:
+            ret = WOLFSSL_FAILURE;
+            break;
+    }
+
+    return ret;
+}
+
+static int SaToNid(byte sa, int* nid)
+{
+    int ret = WOLFSSL_SUCCESS;
+    /* Cast for compiler to check everything is implemented */
+    switch ((enum SignatureAlgorithm)sa) {
+        case anonymous_sa_algo:
+            *nid = NID_undef;
+            break;
+        case rsa_sa_algo:
+            *nid = NID_rsaEncryption;
+            break;
+        case dsa_sa_algo:
+            *nid = NID_dsa;
+            break;
+        case ecc_dsa_sa_algo:
+            *nid = NID_X9_62_id_ecPublicKey;
+            break;
+        case rsa_pss_sa_algo:
+            *nid = NID_rsassaPss;
+            break;
+        case ed25519_sa_algo:
 #ifdef HAVE_ED25519
-    { no_mac, ed25519_sa_algo, CTC_ED25519 },
+            *nid = NID_ED25519;
+#else
+            ret = WOLFSSL_FAILURE;
 #endif
+            break;
+        case rsa_pss_pss_algo:
+            *nid = NID_rsassaPss;
+            break;
+        case ed448_sa_algo:
 #ifdef HAVE_ED448
-    { no_mac, ed448_sa_algo, CTC_ED448 },
-#endif
-#ifdef HAVE_PQC
-#ifdef HAVE_FALCON
-    { no_mac, falcon_level1_sa_algo, CTC_FALCON_LEVEL1 },
-    { no_mac, falcon_level5_sa_algo, CTC_FALCON_LEVEL5 },
-#endif /* HAVE_FALCON */
-#ifdef HAVE_DILITHIUM
-    { no_mac, dilithium_level2_sa_algo, CTC_DILITHIUM_LEVEL2 },
-    { no_mac, dilithium_level3_sa_algo, CTC_DILITHIUM_LEVEL3 },
-    { no_mac, dilithium_level5_sa_algo, CTC_DILITHIUM_LEVEL5 },
-#endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
-#ifndef NO_DSA
-    #ifndef NO_SHA
-        { sha_mac,    dsa_sa_algo, CTC_SHAwDSA },
-    #endif
+            *nid = NID_ED448;
+#else
+            ret = WOLFSSL_FAILURE;
 #endif
-};
-#define WOLFSSL_HASH_SIG_INFO_SZ \
-    (int)(sizeof(wolfssl_hash_sig_info)/sizeof(*wolfssl_hash_sig_info))
+            break;
+        case falcon_level1_sa_algo:
+            *nid = CTC_FALCON_LEVEL1;
+            break;
+        case falcon_level5_sa_algo:
+            *nid = CTC_FALCON_LEVEL5;
+            break;
+        case dilithium_level2_sa_algo:
+            *nid = CTC_DILITHIUM_LEVEL2;
+            break;
+        case dilithium_level3_sa_algo:
+            *nid = CTC_DILITHIUM_LEVEL3;
+            break;
+        case dilithium_level5_sa_algo:
+            *nid = CTC_DILITHIUM_LEVEL5;
+            break;
+        case sm2_sa_algo:
+            *nid = NID_sm2;
+            break;
+        case invalid_sa_algo:
+        default:
+            ret = WOLFSSL_FAILURE;
+            break;
+    }
+    return ret;
+}
 
+/* This API returns the hash selected. */
 int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid)
 {
-    int i;
-    int ret = WOLFSSL_FAILURE;
-
     WOLFSSL_MSG("wolfSSL_get_signature_nid");
 
-    if (ssl == NULL) {
+    if (ssl == NULL || nid == NULL) {
         WOLFSSL_MSG("Bad function arguments");
         return WOLFSSL_FAILURE;
     }
 
-    for (i = 0; i < WOLFSSL_HASH_SIG_INFO_SZ; i++) {
-        if (ssl->options.hashAlgo == wolfssl_hash_sig_info[i].hashAlgo &&
-                     ssl->options.sigAlgo == wolfssl_hash_sig_info[i].sigAlgo) {
-            *nid = wolfssl_hash_sig_info[i].nid;
-            ret = WOLFSSL_SUCCESS;
-            break;
-        }
+    return HashToNid(ssl->options.hashAlgo, nid);
+}
+
+/* This API returns the signature selected. */
+int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid)
+{
+    WOLFSSL_MSG("wolfSSL_get_signature_type_nid");
+
+    if (ssl == NULL || nid == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return WOLFSSL_FAILURE;
     }
 
-    return ret;
+    return SaToNid(ssl->options.sigAlgo, nid);
+}
+
+int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid)
+{
+    WOLFSSL_MSG("wolfSSL_get_peer_signature_nid");
+
+    if (ssl == NULL || nid == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return WOLFSSL_FAILURE;
+    }
+
+    return HashToNid(ssl->options.peerHashAlgo, nid);
+}
+
+int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl, int* nid)
+{
+    WOLFSSL_MSG("wolfSSL_get_peer_signature_type_nid");
+
+    if (ssl == NULL || nid == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return WOLFSSL_FAILURE;
+    }
+
+    return SaToNid(ssl->options.peerSigAlgo, nid);
 }
 
 #ifdef HAVE_ECC
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
-static int populate_groups(int* groups, int max_count, char *list)
+static int populate_groups(int* groups, int max_count, const char *list)
 {
-    char *end;
+    const char *end;
     int count = 0;
     const WOLF_EC_NIST_NAME* nist_name;
 
@@ -24525,10 +24858,10 @@ static int populate_groups(int* groups, int max_count, char *list)
     return count;
 }
 
-int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list)
+int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list)
 {
     int groups[WOLFSSL_MAX_GROUP_COUNT];
-    int count;
+    int count = 0;
 
     if (!ctx || !list) {
         return WOLFSSL_FAILURE;
@@ -24542,10 +24875,10 @@ int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list)
     return wolfSSL_CTX_set1_groups(ctx, groups, count);
 }
 
-int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list)
+int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list)
 {
     int groups[WOLFSSL_MAX_GROUP_COUNT];
-    int count;
+    int count = 0;
 
     if (!ssl || !list) {
         return WOLFSSL_FAILURE;
@@ -24769,7 +25102,7 @@ byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx)
 /* Get peer's wolfSSL X509 certificate at index (idx) */
 WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
 {
-    int          ret;
+    int          ret = 0;
     WOLFSSL_X509* x509 = NULL;
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert* cert = NULL;
@@ -26220,7 +26553,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             return WOLFSSL_FAILURE;
         }
         #else
-        ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length);
+        ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer,
+            x->derCert->length, ctx->heap);
         if(ctx->ourCert == NULL){
             return WOLFSSL_FAILURE;
         }
@@ -26838,7 +27172,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
     }
 
     switch (pkey->type) {
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     case EVP_PKEY_RSA:
         WOLFSSL_MSG("populating RSA key");
         if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS)
@@ -27271,6 +27605,11 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
     ssl->buffers.keyLabel = 0;
     ssl->buffers.keySz    = 0;
     ssl->buffers.keyDevId = 0;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (ssl->buffers.weOwnAltKey)
+        FreeDer(&ssl->buffers.altKey);
+    ssl->buffers.altKey   = NULL;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 }
 #endif
 
@@ -27493,8 +27832,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
 }
 
 
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
 /* Adds the rsa private key to the user ctx.
 Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/
 int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
@@ -27532,7 +27870,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
     XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
-#endif /* NO_RSA && !HAVE_FAST_RSA */
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
 
 
 #ifndef NO_BIO
@@ -28072,6 +28410,11 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->options.haveStaticECC    = ctx->haveStaticECC;
     ssl->options.haveFalconSig    = ctx->haveFalconSig;
     ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    ssl->buffers.altKey     = ctx->altPrivateKey;
+    ssl->buffers.altKeySz   = ctx->altPrivateKeySz;
+    ssl->buffers.altKeyType = ctx->altPrivateKeyType;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #endif
 
 #ifdef WOLFSSL_SESSION_ID_CTX
@@ -28309,6 +28652,7 @@ static int wolfSSL_SESSION_print_ticket(WOLFSSL_BIO* bio,
 
     for (i = 0; i < sz;) {
         char asc[16];
+        XMEMSET(asc, 0, sizeof(asc));
 
         if (sz - i < 16) {
             if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag + (sz - i)) <= 0)
@@ -30056,8 +30400,8 @@ int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** ch
         idx += 3;
 
         /* Create a new X509 from DER encoded data. */
-        node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx,
-            length);
+        node->data.x509 = wolfSSL_X509_d2i_ex(NULL,
+            ctx->certChain->buffer + idx, length, ctx->heap);
         if (node->data.x509 == NULL) {
             XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
             /* Return as much of the chain as we created. */
@@ -30337,9 +30681,9 @@ int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id)
     }
     if (curve_id >= 32) {
         /* 0 is for invalid and 1-14 aren't used otherwise. */
-        return (ssl->disabledCurves & (1 << (curve_id - 32))) != 0;
+        return (ssl->disabledCurves & (1U << (curve_id - 32))) != 0;
     }
-    return (ssl->disabledCurves & (1 << curve_id)) != 0;
+    return (ssl->disabledCurves & (1U << curve_id)) != 0;
 }
 
 #if (defined(HAVE_ECC) || \
@@ -32617,6 +32961,7 @@ void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf)
 #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
 static int wolfSSL_RAND_InitMutex(void)
 {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (gRandMethodsInit == 0) {
         if (wc_InitMutex(&gRandMethodMutex) != 0) {
             WOLFSSL_MSG("Bad Init Mutex rand methods");
@@ -32624,6 +32969,7 @@ static int wolfSSL_RAND_InitMutex(void)
         }
         gRandMethodsInit = 1;
     }
+#endif
     return 0;
 }
 #endif
@@ -32692,7 +33038,7 @@ int wolfSSL_RAND_seed(const void* seed, int len)
  */
 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 {
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && defined(XGETENV)
     char* rt;
 
     WOLFSSL_ENTER("wolfSSL_RAND_file_name");
@@ -32702,7 +33048,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
     }
 
     XMEMSET(fname, 0, len);
-    /* if access to stdlib.h */
+
     if ((rt = XGETENV("RANDFILE")) != NULL) {
         if (len > XSTRLEN(rt)) {
             XMEMCPY(fname, rt, XSTRLEN(rt));
@@ -32715,7 +33061,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 
     /* $RANDFILE was not set or is too large, check $HOME */
     if (rt == NULL) {
-        char ap[] = "/.rnd";
+        const char ap[] = "/.rnd";
 
         WOLFSSL_MSG("Environment variable RANDFILE not set");
         if ((rt = XGETENV("HOME")) == NULL) {
@@ -32723,7 +33069,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
             return NULL;
         }
 
-        if (len > XSTRLEN(rt) +  XSTRLEN(ap)) {
+        if (len > XSTRLEN(rt) + XSTRLEN(ap)) {
             fname[0] = '\0';
             XSTRNCAT(fname, rt, len);
             XSTRNCAT(fname, ap, len - XSTRLEN(rt));
@@ -32737,9 +33083,9 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 
     return fname;
 #else
-    /* no filesystem defined */
     WOLFSSL_ENTER("wolfSSL_RAND_file_name");
-    WOLFSSL_MSG("No filesystem feature enabled, not compiled in");
+    WOLFSSL_MSG("RAND_file_name requires filesystem and getenv support, "
+                "not compiled in");
     (void)fname;
     (void)len;
     return NULL;
@@ -32995,8 +33341,10 @@ void wolfSSL_RAND_Cleanup(void)
         wc_UnLockMutex(&gRandMethodMutex);
     }
 
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     if (wc_FreeMutex(&gRandMethodMutex) == 0)
         gRandMethodsInit = 0;
+    #endif
 #endif
 #ifdef HAVE_GLOBAL_RNG
     if (wc_LockMutex(&globalRNGMutex) == 0) {
@@ -33783,8 +34131,8 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
         return p7->certs;
 
     for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
-        WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i],
-            p7->pkcs7.certSz[i]);
+        WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i],
+            p7->pkcs7.certSz[i], pkcs7->heap);
         if (!ret)
             ret = wolfSSL_sk_X509_new_null();
         if (x509) {
@@ -35199,7 +35547,7 @@ void wolfSSL_PKCS12_PBE_add(void)
     WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add");
 }
 
-#if !defined(NO_FILESYSTEM)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp,
         WOLFSSL_X509_PKCS12 **pkcs12)
 {
diff --git a/extra/wolfssl/wolfssl/src/ssl_bn.c b/extra/wolfssl/wolfssl/src/ssl_bn.c
index 8a054c80..cbb4a92f 100644
--- a/extra/wolfssl/wolfssl/src/ssl_bn.c
+++ b/extra/wolfssl/wolfssl/src/ssl_bn.c
@@ -2303,7 +2303,8 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks,
  * Print APIs
  ******************************************************************************/
 
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+    defined(XFPRINTF)
 /* Print big number to file pointer.
  *
  * Return code compliant with OpenSSL.
diff --git a/extra/wolfssl/wolfssl/src/ssl_certman.c b/extra/wolfssl/wolfssl/src/ssl_certman.c
index 65a6c559..e074996a 100644
--- a/extra/wolfssl/wolfssl/src/ssl_certman.c
+++ b/extra/wolfssl/wolfssl/src/ssl_certman.c
@@ -25,7 +25,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
- #include <wolfssl/internal.h>
+#include <wolfssl/internal.h>
 
 #if !defined(WOLFSSL_SSL_CERTMAN_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -42,33 +42,33 @@
  * @return  A TLS method on success.
  * @return  NULL when no TLS method built into wolfSSL.
  */
-static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void)
+static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
 {
     #ifndef NO_WOLFSSL_CLIENT
         #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
-            return wolfSSLv3_client_method();
+            return wolfSSLv3_client_method_ex(heap);
         #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
-            return wolfTLSv1_client_method();
+            return wolfTLSv1_client_method_ex(heap);
         #elif !defined(NO_OLD_TLS)
-            return wolfTLSv1_1_client_method();
+            return wolfTLSv1_1_client_method_ex(heap);
         #elif !defined(WOLFSSL_NO_TLS12)
-            return wolfTLSv1_2_client_method();
+            return wolfTLSv1_2_client_method_ex(heap);
         #elif defined(WOLFSSL_TLS13)
-            return wolfTLSv1_3_client_method();
+            return wolfTLSv1_3_client_method_ex(heap);
         #else
             return NULL;
         #endif
     #elif !defined(NO_WOLFSSL_SERVER)
         #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
-            return wolfSSLv3_server_method();
+            return wolfSSLv3_server_method_ex(heap);
         #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
-            return wolfTLSv1_server_method();
+            return wolfTLSv1_server_method_ex(heap);
         #elif !defined(NO_OLD_TLS)
-            return wolfTLSv1_1_server_method();
+            return wolfTLSv1_1_server_method_ex(heap);
         #elif !defined(WOLFSSL_NO_TLS12)
-            return wolfTLSv1_2_server_method();
+            return wolfTLSv1_2_server_method_ex(heap);
         #elif defined(WOLFSSL_TLS13)
-            return wolfTLSv1_3_server_method();
+            return wolfTLSv1_3_server_method_ex(heap);
         #else
             return NULL;
         #endif
@@ -89,11 +89,22 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
     WOLFSSL_CERT_MANAGER* cm;
 
     WOLFSSL_ENTER("wolfSSL_CertManagerNew");
+    if (heap == NULL) {
+         WOLFSSL_MSG("heap param is null");
+    }
+    else {
+        /* Some systems may have heap in unexpected segments. (IRAM vs DRAM) */
+        WOLFSSL_MSG_EX("heap param = %p", heap);
+    }
+    WOLFSSL_MSG_EX("DYNAMIC_TYPE_CERT_MANAGER Allocating = %d bytes",
+                    (word32)sizeof(WOLFSSL_CERT_MANAGER));
 
     /* Allocate memory for certificate manager. */
     cm = (WOLFSSL_CERT_MANAGER*)XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap,
         DYNAMIC_TYPE_CERT_MANAGER);
     if (cm == NULL) {
+        WOLFSSL_MSG_EX("XMALLOC failed to allocate WOLFSSL_CERT_MANAGER %d "
+                    "bytes.", (int)sizeof(WOLFSSL_CERT_MANAGER));
         err = 1;
     }
     if (!err) {
@@ -446,6 +457,31 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
+int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
+
+    /* Validate parameter. */
+    if (cm == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Lock CA table. */
+    if ((ret == WOLFSSL_SUCCESS) && (wc_LockMutex(&cm->caLock) != 0)) {
+        ret = BAD_MUTEX_E;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Dispose of CA table. */
+        FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, WOLFSSL_CHAIN_CA,
+                cm->heap);
+
+        /* Unlock CA table. */
+        wc_UnLockMutex(&cm->caLock);
+    }
+
+    return ret;
+}
 
 #ifdef WOLFSSL_TRUST_PEER_CERT
 /* Unload the trusted peers table.
@@ -513,8 +549,8 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
         ret = WOLFSSL_FATAL_ERROR;
     }
     /* Allocate a temporary WOLFSSL_CTX to load with. */
-    if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
-            == NULL)) {
+    if ((ret == WOLFSSL_SUCCESS) && ((tmp =
+        wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
         WOLFSSL_MSG("CTX new failed");
         ret = WOLFSSL_FATAL_ERROR;
     }
@@ -575,6 +611,19 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
 }
 #endif /* NO_WOLFSSL_CM_VERIFY */
 
+#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
+    && defined(HAVE_OID_DECODING)
+void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
+        wc_UnknownExtCallback cb)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerSetUnknownExtCallback");
+    if (cm != NULL) {
+        cm->unknownExtCallback = cb;
+    }
+
+}
+#endif /* WOLFSSL_CUSTOM_OID && WOLFSSL_ASN_TEMPLATE && HAVE_OID_DECODING */
+
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 /* Verify the certificate.
  *
@@ -643,6 +692,12 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff,
         /* Create a decoded certificate with DER buffer. */
         InitDecodedCert(cert, buff, (word32)sz, cm->heap);
 
+#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
+    && defined(HAVE_OID_DECODING)
+        if (cm->unknownExtCallback != NULL)
+            wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
+#endif
+
         /* Parse DER into decoded certificate fields and verify signature
          * against a known CA. */
         ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm);
@@ -876,8 +931,8 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
         ret = WOLFSSL_FATAL_ERROR;
     }
     /* Create temporary WOLFSSL_CTX. */
-    if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
-            == NULL)) {
+    if ((ret == WOLFSSL_SUCCESS) && ((tmp =
+        wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
         WOLFSSL_MSG("CTX new failed");
         ret = WOLFSSL_FATAL_ERROR;
     }
diff --git a/extra/wolfssl/wolfssl/src/tls.c b/extra/wolfssl/wolfssl/src/tls.c
index 48d76dfa..a28568c6 100644
--- a/extra/wolfssl/wolfssl/src/tls.c
+++ b/extra/wolfssl/wolfssl/src/tls.c
@@ -182,10 +182,12 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     byte handshake_hash[HSHASH_SZ];
 #else
     WC_DECLARE_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap);
+    WC_ALLOC_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap);
     if (handshake_hash == NULL)
         return MEMORY_E;
 #endif
 
+    XMEMSET(handshake_hash, 0, HSHASH_SZ);
     ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
     if (ret == 0) {
         if (XSTRNCMP((const char*)sender, (const char*)kTlsClientStr,
@@ -316,6 +318,7 @@ static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
     int ret;
 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
     WC_DECLARE_VAR(seed, byte, SEED_LEN, heap);
+    WC_ALLOC_VAR(seed, byte, SEED_LEN, heap);
     if (seed == NULL)
         return MEMORY_E;
 #else
@@ -421,6 +424,7 @@ static int _MakeTlsMasterSecret(byte* ms, word32 msLen,
     byte seed[SEED_LEN];
 #else
     WC_DECLARE_VAR(seed, byte, SEED_LEN, heap);
+    WC_ALLOC_VAR(seed, byte, SEED_LEN, heap);
     if (seed == NULL)
         return MEMORY_E;
 #endif
@@ -544,6 +548,7 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
         byte handshake_hash[HSHASH_SZ];
     #endif
 
+        XMEMSET(handshake_hash, 0, HSHASH_SZ);
         ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
         if (ret == 0) {
             ret = _MakeTlsExtendedMasterSecret(
@@ -1323,6 +1328,10 @@ static WC_INLINE word16 TLSX_ToSemaphore(word16 type)
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
         case TLSX_ECH: /* 0xfe0d */
             return 65;
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        case TLSX_CKS:
+            return 66;
 #endif
         default:
             if (type > 62) {
@@ -3080,14 +3089,15 @@ static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
     return size;
 }
 
-static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
-                                                                 byte isRequest)
+static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest)
 {
     /* shut up compiler warnings */
     (void) csr; (void) output; (void) isRequest;
 
 #ifndef NO_WOLFSSL_CLIENT
     if (isRequest) {
+        int ret = 0;
         word16 offset = 0;
         word16 length = 0;
 
@@ -3101,19 +3111,26 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
                 offset += OPAQUE16_LEN;
 
                 /* request extensions */
-                if (csr->request.ocsp.nonceSz)
-                    length = (word16)EncodeOcspRequestExtensions(
-                                                 &csr->request.ocsp,
+                if (csr->request.ocsp.nonceSz) {
+                    ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp,
                                                  output + offset + OPAQUE16_LEN,
                                                  OCSP_NONCE_EXT_SZ);
 
+                    if (ret > 0) {
+                        length = (word16)ret;
+                    }
+                    else {
+                        return ret;
+                    }
+                }
+
                 c16toa(length, output + offset);
                 offset += OPAQUE16_LEN + length;
 
             break;
         }
 
-        return offset;
+        return (int)offset;
     }
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
@@ -3541,7 +3558,7 @@ static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
     return size;
 }
 
-static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
+static int TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
                                                    byte* output, byte isRequest)
 {
     /* shut up compiler warnings */
@@ -3549,6 +3566,7 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
 
 #ifndef NO_WOLFSSL_CLIENT
     if (isRequest) {
+        int ret = 0;
         word16 offset;
         word16 length;
 
@@ -3576,12 +3594,20 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
                     /* request extensions */
                     length = 0;
 
-                    if (csr2->request.ocsp[0].nonceSz)
-                        length = (word16)EncodeOcspRequestExtensions(
+                    if (csr2->request.ocsp[0].nonceSz) {
+                        ret = (int)EncodeOcspRequestExtensions(
                                                  &csr2->request.ocsp[0],
                                                  output + offset + OPAQUE16_LEN,
                                                  OCSP_NONCE_EXT_SZ);
 
+                        if (ret > 0) {
+                            length = (word16)ret;
+                        }
+                        else {
+                            return ret;
+                        }
+                    }
+
                     c16toa(length, output + offset);
                     offset += OPAQUE16_LEN + length;
                 break;
@@ -3591,7 +3617,7 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
         /* list size */
         c16toa(offset - OPAQUE16_LEN, output);
 
-        return offset;
+        return (int)offset;
     }
 #endif
 
@@ -6473,7 +6499,7 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         return BUFFER_E;
 
     if (msgType == hello_retry_request)
-        return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0,
+        return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 1,
                                &ssl->extensions);
 
     /* client_hello */
@@ -7453,7 +7479,9 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
         /* Allocate an ECC key to hold private key. */
         kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
         if (kse->key == NULL) {
-            WOLFSSL_MSG("EccTempKey Memory error");
+            WOLFSSL_MSG_EX("Failed to allocate %d bytes, ssl->heap: %p",
+                           (int)sizeof(ecc_key), (wc_ptr_t)ssl->heap);
+            WOLFSSL_MSG("EccTempKey Memory error!");
             return MEMORY_E;
         }
 
@@ -7652,6 +7680,13 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
     word32 privSz = 0;
     word32 pubSz = 0;
 
+    /* This gets called twice. Once during parsing of the key share and once
+     * during the population of the extension. No need to do work the second
+     * time. Just return success if its already been done. */
+    if (kse->pubKey != NULL) {
+        return ret;
+    }
+
     findEccPqc(&ecc_group, &oqs_group, kse->group);
     ret = kyber_id2type(oqs_group, &type);
     if (ret == NOT_COMPILED_IN) {
@@ -7721,17 +7756,19 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
         ret = wc_KyberKey_EncodePrivateKey(kem, privKey, privSz);
     }
     if (ret == 0) {
-        XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+        if (ecc_kse->pubKeyLen > 0)
+            XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
         kse->pubKey = pubKey;
         kse->pubKeyLen = ecc_kse->pubKeyLen + pubSz;
         pubKey = NULL;
 
         /* Note we are saving the OQS private key and ECC private key
          * separately. That's because the ECC private key is not simply a
-         * buffer. Its is an ecc_key struct.
-         */
+         * buffer. Its is an ecc_key struct. Typically do not need the private
+         * key size, but will need to zero it out upon freeing. */
         kse->privKey = privKey;
         privKey = NULL;
+        kse->privKeyLen = privSz;
 
         kse->key = ecc_kse->key;
         ecc_kse->key = NULL;
@@ -7807,9 +7844,19 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
 #endif
         }
 #ifdef HAVE_PQC
-        else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group) &&
-                 current->key != NULL) {
-            ForceZero((byte*)current->key, current->keyLen);
+        else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) {
+            if (current->key != NULL) {
+                ForceZero((byte*)current->key, current->keyLen);
+            }
+            if (current->pubKey != NULL) {
+                XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+                current->pubKey = NULL;
+            }
+            if (current->privKey != NULL) {
+                ForceZero(current->privKey, current->privKeyLen);
+                XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
+                current->privKey = NULL;
+            }
         }
 #endif
         else {
@@ -8412,7 +8459,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
+    ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
     if (ret != 0) {
         wc_ecc_free(&eccpubkey);
         WOLFSSL_MSG("Error creating Kyber KEM");
@@ -8904,7 +8951,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
         return MEMORY_E;
     }
 
-    ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
+    ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
     if (ret != 0) {
         wc_ecc_free(&eccpubkey);
         WOLFSSL_MSG("Error creating Kyber KEM");
@@ -9009,7 +9056,8 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
         keyShareEntry->keLen = outlen + ssSz;
         sharedSecret = NULL;
 
-        XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+        if (ecc_kse->pubKeyLen > 0)
+            XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
         keyShareEntry->pubKey = ciphertext;
         keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen + ctSz);
         ciphertext = NULL;
@@ -9470,6 +9518,121 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions)
     return ret;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Writes the CKS objects of a list in a buffer. */
+static word16 CKS_WRITE(WOLFSSL* ssl, byte* output)
+{
+    XMEMCPY(output, ssl->sigSpec, ssl->sigSpecSz);
+    return ssl->sigSpecSz;
+}
+
+static int TLSX_UseCKS(TLSX** extensions, WOLFSSL* ssl, void* heap)
+{
+    int ret = 0;
+    TLSX* extension;
+
+    if (extensions == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    extension = TLSX_Find(*extensions, TLSX_CKS);
+    /* If it is already present, do nothing. */
+    if (extension == NULL) {
+        /* The data required is in the ssl struct, so push it in. */
+        ret = TLSX_Push(extensions, TLSX_CKS, (void*)ssl, heap);
+    }
+
+    return ret;
+}
+
+int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions)
+{
+    int ret;
+    TLSX* extension;
+    /* Push new KeyShare extension. This will also free the old one */
+    ret = TLSX_Push(extensions, TLSX_CKS, NULL, ssl->heap);
+    if (ret != 0)
+        return ret;
+    /* Extension got pushed to head */
+    extension = *extensions;
+    /* Need ssl->sigSpecSz during extension length calculation. */
+    extension->data = ssl;
+    /* Set extension to be in response. */
+    extension->resp = 1;
+    return ret;
+}
+
+int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length,
+                   TLSX** extensions)
+{
+    (void) extensions;
+    int ret;
+    int i, j;
+
+    /* Validating the input. */
+    if (length == 0)
+        return BUFFER_ERROR;
+    for (i = 0; i < length; i++) {
+        switch (input[i])
+        {
+            case WOLFSSL_CKS_SIGSPEC_NATIVE:
+            case WOLFSSL_CKS_SIGSPEC_ALTERNATIVE:
+            case WOLFSSL_CKS_SIGSPEC_BOTH:
+                /* These are all valid values; do nothing */
+                break;
+            case WOLFSSL_CKS_SIGSPEC_EXTERNAL:
+            default:
+                /* All other values (including external) are not. */
+                return WOLFSSL_NOT_IMPLEMENTED;
+        }
+    }
+
+    /* Extension data is valid, but if we are the server and we don't have an
+     * alt private key, do not respond with CKS extension. */
+    if (wolfSSL_is_server(ssl) && ssl->buffers.altKey == NULL) {
+        ssl->sigSpec = NULL;
+        ssl->sigSpecSz = 0;
+        return 0;
+    }
+
+    /* Copy as the lifetime of input seems to be ephemeral. */
+    ssl->peerSigSpec = (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_TLSX);
+    if (ssl->peerSigSpec == NULL) {
+        return BUFFER_ERROR;
+    }
+    XMEMCPY(ssl->peerSigSpec, input, length);
+    ssl->peerSigSpecSz = length;
+
+    /* If there is no preference set, use theirs... */
+    if (ssl->sigSpec == NULL) {
+        ret = wolfSSL_UseCKS(ssl, ssl->peerSigSpec, 1);
+        if (ret == WOLFSSL_SUCCESS) {
+            ret = TLSX_UseCKS(&ssl->extensions, ssl, ssl->heap);
+            TLSX_SetResponse(ssl, TLSX_CKS);
+        }
+        return ret;
+    }
+
+    /* ...otherwise, prioritize our preference. */
+    for (i = 0; i < ssl->sigSpecSz; i++) {
+        for (j = 0; j < length; j++) {
+            if (ssl->sigSpec[i] == input[j]) {
+                /* Got the match, set to this one. */
+                ret = wolfSSL_UseCKS(ssl, &ssl->peerSigSpec[i], 1);
+                if (ret == WOLFSSL_SUCCESS) {
+                    ret = TLSX_UseCKS(&ssl->extensions, ssl, ssl->heap);
+                    TLSX_SetResponse(ssl, TLSX_CKS);
+                }
+                return ret;
+            }
+        }
+    }
+
+    /* No match found. Cannot continue. */
+    return MATCH_SUITE_ERROR;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Server side KSE processing */
 int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
     byte cipherSuite0, byte cipherSuite, KeyShareEntry** kse, byte* searched)
@@ -12002,7 +12165,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
         list = extension->next;
 
         switch (extension->type) {
-
 #if defined(HAVE_RPK)
             case TLSX_CLIENT_CERTIFICATE_TYPE:
                 WOLFSSL_MSG("Client Certificate Type extension free");
@@ -12164,6 +12326,12 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("ECH extension free");
                 ECH_FREE((WOLFSSL_ECH*)extension->data, heap);
                 break;
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                WOLFSSL_MSG("CKS extension free");
+                /* nothing to do */
+                break;
 #endif
             default:
                 break;
@@ -12205,7 +12373,11 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
         length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
 
         switch (extension->type) {
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                length += ((WOLFSSL*)extension->data)->sigSpecSz ;
+                break;
+#endif
 #ifdef HAVE_SNI
             case TLSX_SERVER_NAME:
                 /* SNI only sends the name on the request. */
@@ -12396,6 +12568,13 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
         /* extension data should be written internally. */
         switch (extension->type) {
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                WOLFSSL_MSG("CKS extension to write");
+                offset += CKS_WRITE(((WOLFSSL*)extension->data),
+                                    output + offset);
+                break;
+#endif
 #ifdef HAVE_SNI
             case TLSX_SERVER_NAME:
                 if (isRequest) {
@@ -12441,15 +12620,23 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
             case TLSX_STATUS_REQUEST:
                 WOLFSSL_MSG("Certificate Status Request extension to write");
-                offset += CSR_WRITE((CertificateStatusRequest*)extension->data,
+                ret = CSR_WRITE((CertificateStatusRequest*)extension->data,
                         output + offset, isRequest);
+                if (ret > 0) {
+                    offset += (word16)ret;
+                    ret = 0;
+                }
                 break;
 
             case TLSX_STATUS_REQUEST_V2:
                 WOLFSSL_MSG("Certificate Status Request v2 extension to write");
-                offset += CSR2_WRITE(
+                ret = CSR2_WRITE(
                         (CertificateStatusRequestItemV2*)extension->data,
                         output + offset, isRequest);
+                if (ret > 0) {
+                    offset += (word16)ret;
+                    ret = 0;
+                }
                 break;
 
             case TLSX_RENEGOTIATION_INFO:
@@ -12905,6 +13092,14 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                 return ret;
             }
         }
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        if ((IsAtLeastTLSv1_3(ssl->version)) && (ssl->sigSpec != NULL)) {
+            WOLFSSL_MSG("Adding CKS extension");
+            if ((ret = TLSX_UseCKS(&ssl->extensions, ssl, ssl->heap)) != 0) {
+                return ret;
+            }
+        }
 #endif
     } /* is not server */
 
@@ -13146,7 +13341,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
             else
         #endif
             if (ssl->options.client_psk_cb != NULL ||
-                                     ssl->options.client_psk_tls13_cb != NULL) {
+                ssl->options.client_psk_tls13_cb != NULL) {
                 /* Default cipher suite. */
                 byte cipherSuite0 = TLS13_BYTE;
                 byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
@@ -13168,42 +13363,40 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         ssl->arrays->server_hint, ssl->arrays->client_identity,
                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                 }
-        #if defined(OPENSSL_EXTRA)
-                /* OpenSSL treats 0 as a PSK key length of 0
-                 * and meaning no PSK available.
-                 */
-                if (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                    return PSK_KEY_ERROR;
-                }
-                if (ssl->arrays->psk_keySz > 0) {
-        #else
-                if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                    return PSK_KEY_ERROR;
+                if (
+                #ifdef OPENSSL_EXTRA
+                    /* OpenSSL treats a PSK key length of 0
+                     * to indicate no PSK available.
+                     */
+                    ssl->arrays->psk_keySz == 0 ||
+                #endif
+                         (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                     (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
+                #ifndef OPENSSL_EXTRA
+                    ret = PSK_KEY_ERROR;
+                #endif
                 }
-        #endif
-                ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
-
-                ssl->options.cipherSuite0 = cipherSuite0;
-                ssl->options.cipherSuite  = cipherSuite;
-                (void)cipherSuiteFlags;
-                ret = SetCipherSpecs(ssl);
-                if (ret != 0)
-                    return ret;
+                else {
+                    ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
 
-                ret = TLSX_PreSharedKey_Use(&ssl->extensions,
-                                  (byte*)ssl->arrays->client_identity,
-                                  (word16)XSTRLEN(ssl->arrays->client_identity),
-                                  0, ssl->specs.mac_algorithm,
-                                  cipherSuite0, cipherSuite, 0,
-                                  NULL, ssl->heap);
+                    ssl->options.cipherSuite0 = cipherSuite0;
+                    ssl->options.cipherSuite  = cipherSuite;
+                    (void)cipherSuiteFlags;
+                    ret = SetCipherSpecs(ssl);
+                    if (ret == 0) {
+                        ret = TLSX_PreSharedKey_Use(
+                            &ssl->extensions,
+                                     (byte*)ssl->arrays->client_identity,
+                            (word16)XSTRLEN(ssl->arrays->client_identity),
+                            0, ssl->specs.mac_algorithm,
+                            cipherSuite0, cipherSuite, 0,
+                            NULL, ssl->heap);
+                    }
+                    if (ret == 0)
+                        usingPSK = 1;
+                }
                 if (ret != 0)
                     return ret;
-
-                usingPSK = 1;
-        #if defined(OPENSSL_EXTRA)
-                }
-        #endif
             }
     #endif /* !NO_PSK */
         #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@@ -13649,6 +13842,10 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
             TURN_ON(semaphore,
                     TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
         #endif
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            TURN_ON(semaphore,
+                    TLSX_ToSemaphore(TLSX_CKS));
+        #endif
         }
     #endif
     #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@@ -13743,7 +13940,6 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
 
     return ret;
 }
-
 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
 
 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
@@ -14274,7 +14470,19 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
                 ret = EC_PARSE(ssl, input + offset, size, isRequest,
                         &ssl->extensions);
                 break;
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                WOLFSSL_MSG("CKS extension received");
+                if (!IsAtLeastTLSv1_3(ssl->version) ||
+                    (msgType != client_hello &&
+                     msgType != encrypted_extensions)) {
+                        WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED);
+                        return EXT_NOT_ALLOWED;
+                }
+                ret = TLSX_CKS_Parse(ssl, (byte *)(input + offset), size,
+                                     &ssl->extensions);
+            break;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
             case TLSX_EC_POINT_FORMATS:
                 WOLFSSL_MSG("Point Formats extension received");
             #ifdef WOLFSSL_DEBUG_TLS
diff --git a/extra/wolfssl/wolfssl/src/tls13.c b/extra/wolfssl/wolfssl/src/tls13.c
index d16a5761..9a2e240c 100644
--- a/extra/wolfssl/wolfssl/src/tls13.c
+++ b/extra/wolfssl/wolfssl/src/tls13.c
@@ -117,6 +117,7 @@
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/dh.h>
 #include <wolfssl/wolfcrypt/kdf.h>
+#include <wolfssl/wolfcrypt/signature.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -135,6 +136,15 @@
     #define FALSE 0
 #endif
 
+#ifndef HAVE_AEAD
+    #ifndef _MSC_VER
+        #error "The build option HAVE_AEAD is required for TLS 1.3"
+    #else
+        #pragma \
+        message("error: The build option HAVE_AEAD is required for TLS 1.3")
+    #endif
+#endif
+
 #ifndef HAVE_HKDF
     #ifndef _MSC_VER
         #error "The build option HAVE_HKDF is required for TLS 1.3"
@@ -187,21 +197,7 @@ static WC_INLINE int GetMsgHash(WOLFSSL* ssl, byte* hash);
 #endif
 
 /* Expand data using HMAC, salt and label and info.
- * TLS v1.3 defines this function. Use callback if available.
- *
- * ssl          The SSL/TLS object.
- * okm          The generated pseudorandom key - output key material.
- * okmLen       The length of generated pseudorandom key -
- *              output key material.
- * prk          The salt - pseudo-random key.
- * prkLen       The length of the salt - pseudo-random key.
- * protocol     The TLS protocol label.
- * protocolLen  The length of the TLS protocol label.
- * info         The information to expand.
- * infoLen      The length of the information.
- * digest       The type of digest to use.
- * returns 0 on success, otherwise failure.
- */
+ * TLS v1.3 defines this function. Use callback if available. */
 static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                 const byte* prk, word32 prkLen,
                                 const byte* protocol, word32 protocolLen,
@@ -225,18 +221,24 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
 #endif
     (void)ssl;
     PRIVATE_KEY_UNLOCK();
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+    ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
+                                     protocol, protocolLen,
+                                     label, labelLen,
+                                     info, infoLen, digest,
+                                     ssl->heap, ssl->devId);
+#else
     ret = wc_Tls13_HKDF_Expand_Label(okm, okmLen, prk, prkLen,
                                      protocol, protocolLen,
                                      label, labelLen,
                                      info, infoLen, digest);
+#endif
     PRIVATE_KEY_LOCK();
     return ret;
 }
 
-#if !defined(HAVE_FIPS) || !defined(wc_Tls13_HKDF_Expand_Label)
-/* Same as above, but pass in the side we are expanding for.
- *
- * side      The side (WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END).
+/* Same as above, but pass in the side we are expanding for:
+ * side: either WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END.
  */
 static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                    const byte* prk, word32 prkLen,
@@ -245,8 +247,9 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                    const byte* info, word32 infoLen,
                                    int digest, int side)
 {
+    int ret;
 #if defined(HAVE_PK_CALLBACKS)
-    int ret = NOT_COMPILED_IN;
+    ret = NOT_COMPILED_IN;
     if (ssl->ctx && ssl->ctx->HKDFExpandLabelCb) {
         ret = ssl->ctx->HKDFExpandLabelCb(okm, okmLen, prk, prkLen,
                                          protocol, protocolLen,
@@ -254,25 +257,33 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                          info, infoLen,
                                          digest, side);
     }
-
     if (ret != NOT_COMPILED_IN)
         return ret;
 #endif
 
-/* hash buffer may not be fully initialized, but the sending length won't
- * extend beyond the initialized span.
- */
-PRAGMA_GCC_DIAG_PUSH
-PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
-    (void)ssl;
-    (void)side;
-    return wc_Tls13_HKDF_Expand_Label(okm, okmLen, prk, prkLen,
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+    ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
+                                      protocol, protocolLen,
+                                      label, labelLen,
+                                      info, infoLen, digest,
+                                      ssl->heap, ssl->devId);
+
+#elif defined(HAVE_FIPS) && defined(wc_Tls13_HKDF_Expand_Label)
+    ret = wc_Tls13_HKDF_Expand_Label_fips(okm, okmLen, prk, prkLen,
+                                      protocol, protocolLen,
+                                      label, labelLen,
+                                      info, infoLen, digest);
+#else
+    ret = wc_Tls13_HKDF_Expand_Label(okm, okmLen, prk, prkLen,
                                       protocol, protocolLen,
                                       label, labelLen,
                                       info, infoLen, digest);
-PRAGMA_GCC_DIAG_POP
+#endif
+    (void)ssl;
+    (void)side;
+    return ret;
 }
-#endif /* !HAVE_FIPS || !wc_Tls13_HKDF_Expand_Label */
+
 
 /* Derive a key from a message.
  *
@@ -302,7 +313,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
     switch (hashAlgo) {
 #ifndef NO_WOLFSSL_SHA256
         case sha256_mac:
-            ret = wc_InitSha256_ex(&digest.sha256, ssl->heap, INVALID_DEVID);
+            ret = wc_InitSha256_ex(&digest.sha256, ssl->heap, ssl->devId);
             if (ret == 0) {
                     ret = wc_Sha256Update(&digest.sha256, msg, msgLen);
                 if (ret == 0)
@@ -315,7 +326,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
 #endif
 #ifdef WOLFSSL_SHA384
         case sha384_mac:
-            ret = wc_InitSha384_ex(&digest.sha384, ssl->heap, INVALID_DEVID);
+            ret = wc_InitSha384_ex(&digest.sha384, ssl->heap, ssl->devId);
             if (ret == 0) {
                 ret = wc_Sha384Update(&digest.sha384, msg, msgLen);
                 if (ret == 0)
@@ -328,7 +339,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
 #endif
 #ifdef WOLFSSL_TLS13_SHA512
         case sha512_mac:
-            ret = wc_InitSha512_ex(&digest.sha512, ssl->heap, INVALID_DEVID);
+            ret = wc_InitSha512_ex(&digest.sha512, ssl->heap, ssl->devId);
             if (ret == 0) {
                 ret = wc_Sha512Update(&digest.sha512, msg, msgLen);
                 if (ret == 0)
@@ -341,7 +352,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
 #endif
 #ifdef WOLFSSL_SM3
         case sm3_mac:
-            ret = wc_InitSm3(&digest.sm3, ssl->heap, INVALID_DEVID);
+            ret = wc_InitSm3(&digest.sm3, ssl->heap, ssl->devId);
             if (ret == 0) {
                 ret = wc_Sm3Update(&digest.sm3, msg, msgLen);
                 if (ret == 0)
@@ -469,34 +480,31 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    if (outputLen == -1)
+    if (outputLen == -1) {
         outputLen = hashSz;
-    if (includeMsgs)
+    }
+    if (includeMsgs) {
         hashOutSz = hashSz;
+    }
+    else {
+        /* Appease static analyzers by making sure hash is cleared, since it is
+         * passed into expand key label where older wc_Tls13_HKDF_Expand_Label
+         * will unconditionally try to call a memcpy on it, however length will
+         * always be 0. */
+        XMEMSET(hash, 0, sizeof(hash));
+        hashOutSz = 0;
+    }
 
-    /* hash buffer may not be fully initialized, but the sending length won't
-     * extend beyond the initialized span.
-     */
-    PRAGMA_GCC_DIAG_PUSH
-    PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
     PRIVATE_KEY_UNLOCK();
-    #if defined(HAVE_FIPS) && defined(wc_Tls13_HKDF_Expand_Label)
-    (void)side;
-    ret = wc_Tls13_HKDF_Expand_Label_fips(output, outputLen, secret, hashSz,
-                             protocol, protocolLen, label, labelLen,
-                             hash, hashOutSz, digestAlg);
-    #else
     ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
                                   protocol, protocolLen, label, labelLen,
                                   hash, hashOutSz, digestAlg, side);
-    #endif
     PRIVATE_KEY_LOCK();
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Add("TLS 1.3 derived key", output, outputLen);
 #endif
     return ret;
-    PRAGMA_GCC_DIAG_POP
 }
 
 /* Convert TLS mac ID to a hash algorithm ID
@@ -1108,8 +1116,8 @@ static int DeriveTrafficSecret(WOLFSSL* ssl, byte* secret, int side)
 }
 
 
-static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, int saltLen,
-                                 byte* ikm, int ikmLen, int digest)
+static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
+                              int saltLen, byte* ikm, int ikmLen, int digest)
 {
     int ret;
 #ifdef HAVE_PK_CALLBACKS
@@ -1119,10 +1127,22 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, int sal
         ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx);
     }
     else
+#endif
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    if ((int)ssl->arrays->psk_keySz < 0) {
+        ret = PSK_KEY_ERROR;
+    }
+    else
 #endif
     {
-        (void)ssl;
+    #if !defined(HAVE_FIPS) || \
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        ret = wc_Tls13_HKDF_Extract_ex(prk, salt, saltLen, ikm, ikmLen, digest,
+            ssl->heap, ssl->devId);
+    #else
         ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
+        (void)ssl;
+    #endif
     }
     return ret;
 }
@@ -3541,6 +3561,12 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
         return BAD_FUNC_ARG;
     }
 
+    if (ssl->buffers.tls13CookieSecret.buffer == NULL ||
+            ssl->buffers.tls13CookieSecret.length == 0) {
+        WOLFSSL_MSG("Missing DTLS 1.3 cookie secret");
+        return COOKIE_ERROR;
+    }
+
     /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
     cookie[cookieSz++] = (byte)hashSz;
     XMEMCPY(cookie + cookieSz, hash, hashSz);
@@ -3923,7 +3949,8 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
             ssl->options.cipherSuite  = WOLFSSL_DEF_PSK_CIPHER;
         }
         if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+            (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
             WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
             return PSK_KEY_ERROR;
         }
@@ -3936,7 +3963,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
 #endif /* !WOLFSSL_PSK_ONE_ID */
 
         if (!clientHello && (psk->cipherSuite0 != suite[0] ||
-                                                psk->cipherSuite != suite[1])) {
+                             psk->cipherSuite  != suite[1])) {
             WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
             return PSK_KEY_ERROR;
         }
@@ -4688,7 +4715,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 }
 
 #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT)
-static int Dtls13DoDowngrade(WOLFSSL* ssl)
+static int Dtls13ClientDoDowngrade(WOLFSSL* ssl)
 {
     int ret;
     if (ssl->dtls13ClientHello == NULL)
@@ -4719,8 +4746,8 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
     int serverRandomOffset, int helloSz)
 {
     int ret = 0;
-    int digestType;
-    int digestSize;
+    int digestType = 0;
+    int digestSize = 0;
     HS_Hashes* tmpHashes;
     HS_Hashes* acceptHashes;
     byte zeros[WC_MAX_DIGEST_SIZE];
@@ -4786,17 +4813,30 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
         }
     }
     /* extract clientRandomInner with a key of all zeros */
-    if (ret == 0)
+    if (ret == 0) {
+        PRIVATE_KEY_UNLOCK();
+    #if !defined(HAVE_FIPS) || \
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        ret = wc_HKDF_Extract_ex(digestType, zeros, digestSize,
+            ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk,
+            ssl->heap, ssl->devId);
+    #else
         ret = wc_HKDF_Extract(digestType, zeros, digestSize,
             ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk);
+    #endif
+        PRIVATE_KEY_LOCK();
+    }
     /* tls expand with the confirmation label */
-    if (ret == 0)
-        ret = wc_Tls13_HKDF_Expand_Label(acceptConfirmation,
-            ECH_ACCEPT_CONFIRMATION_SZ,
-            expandLabelPrk, digestSize, tls13ProtocolLabel,
-            TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel,
-            ECH_ACCEPT_CONFIRMATION_LABEL_SZ, transcriptEchConf, digestSize,
-            digestType);
+    if (ret == 0) {
+        PRIVATE_KEY_UNLOCK();
+        ret = Tls13HKDFExpandKeyLabel(ssl,
+            acceptConfirmation, ECH_ACCEPT_CONFIRMATION_SZ,
+            expandLabelPrk, digestSize,
+            tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ,
+            echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ,
+            transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END);
+        PRIVATE_KEY_LOCK();
+    }
     if (ret == 0) {
         /* last 8 bytes should match our expand output */
         ret = XMEMCMP(acceptConfirmation,
@@ -4839,10 +4879,10 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
   int serverRandomOffset, int helloSz)
 {
     int ret = 0;
-    int digestType;
-    int digestSize;
-    HS_Hashes* tmpHashes;
-    HS_Hashes* acceptHashes;
+    int digestType = 0;
+    int digestSize = 0;
+    HS_Hashes* tmpHashes = NULL;
+    HS_Hashes* acceptHashes = NULL;
     byte zeros[WC_MAX_DIGEST_SIZE];
     byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
     byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
@@ -4913,21 +4953,28 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
     /* extract clientRandom with a key of all zeros */
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
+    #if !defined(HAVE_FIPS) || \
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        ret = wc_HKDF_Extract_ex(digestType, zeros, digestSize,
+            ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk,
+            ssl->heap, ssl->devId);
+    #else
         ret = wc_HKDF_Extract(digestType, zeros, digestSize,
             ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk);
+    #endif
         PRIVATE_KEY_LOCK();
     }
 
     /* tls expand with the confirmation label */
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
-        ret = wc_Tls13_HKDF_Expand_Label(
+        ret = Tls13HKDFExpandKeyLabel(ssl,
             output + serverRandomOffset + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ,
-            ECH_ACCEPT_CONFIRMATION_SZ,
-            expandLabelPrk, digestSize, tls13ProtocolLabel,
-            TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel,
-            ECH_ACCEPT_CONFIRMATION_LABEL_SZ, transcriptEchConf, digestSize,
-            digestType);
+                ECH_ACCEPT_CONFIRMATION_SZ,
+            expandLabelPrk, digestSize,
+            tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ,
+            echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ,
+            transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END);
         PRIVATE_KEY_LOCK();
     }
 
@@ -5074,7 +5121,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             if (ssl->options.dtls) {
                 ssl->chVersion.minor = DTLSv1_2_MINOR;
                 ssl->version.minor = DTLSv1_2_MINOR;
-                ret = Dtls13DoDowngrade(ssl);
+                ret = Dtls13ClientDoDowngrade(ssl);
                 if (ret != 0)
                     return ret;
             }
@@ -5168,7 +5215,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->options.dtls) {
             ssl->chVersion.minor = DTLSv1_2_MINOR;
             ssl->version.minor = DTLSv1_2_MINOR;
-            ret = Dtls13DoDowngrade(ssl);
+            ret = Dtls13ClientDoDowngrade(ssl);
             if (ret != 0)
                 return ret;
         }
@@ -5241,7 +5288,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #ifdef WOLFSSL_DTLS13
             if (ssl->options.dtls) {
-                ret = Dtls13DoDowngrade(ssl);
+                ret = Dtls13ClientDoDowngrade(ssl);
                 if (ret != 0)
                     return ret;
             }
@@ -5799,7 +5846,8 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
          *found = (*psk_keySz != 0);
     }
     if (*found) {
-        if (*psk_keySz > MAX_PSK_KEY_LEN) {
+        if (*psk_keySz > MAX_PSK_KEY_LEN &&
+            *((int*)psk_keySz) != USE_HW_PSK) {
             WOLFSSL_MSG("Key len too long in FindPsk()");
             ret = PSK_KEY_ERROR;
             WOLFSSL_ERROR_VERBOSE(ret);
@@ -5854,29 +5902,27 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err)
     ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz,
                        suite, &found, foundSuite);
     if (ret == 0 && found) {
-        if ((ret == 0) && found) {
-            /* Default to ciphersuite if cb doesn't specify. */
-            ssl->options.resuming = 0;
-            /* Don't send certificate request when using PSK. */
-            ssl->options.verifyPeer = 0;
+        /* Default to ciphersuite if cb doesn't specify. */
+        ssl->options.resuming = 0;
+        /* Don't send certificate request when using PSK. */
+        ssl->options.verifyPeer = 0;
 
-            /* PSK age is always zero. */
-            if (psk->ticketAge != 0) {
-                ret = PSK_KEY_ERROR;
-                WOLFSSL_ERROR_VERBOSE(ret);
-            }
+        /* PSK age is always zero. */
+        if (psk->ticketAge != 0) {
+            ret = PSK_KEY_ERROR;
+            WOLFSSL_ERROR_VERBOSE(ret);
         }
-        if ((ret == 0) && found) {
+        if (ret == 0) {
             /* Set PSK ciphersuite into SSL. */
             ssl->options.cipherSuite0 = foundSuite[0];
             ssl->options.cipherSuite  = foundSuite[1];
             ret = SetCipherSpecs(ssl);
         }
-        if ((ret == 0) && found) {
+        if (ret == 0) {
             /* Derive the early secret using the PSK. */
             ret = DeriveEarlySecret(ssl);
         }
-        if ((ret == 0) && found) {
+        if (ret == 0) {
             /* PSK negotiation has succeeded */
             ssl->options.isPSK = 1;
             /* SERVER: using PSK for peer authentication. */
@@ -6296,6 +6342,12 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
     byte cookieType = 0;
     byte macSz = 0;
 
+    if (ssl->buffers.tls13CookieSecret.buffer == NULL ||
+            ssl->buffers.tls13CookieSecret.length == 0) {
+        WOLFSSL_MSG("Missing DTLS 1.3 cookie secret");
+        return COOKIE_ERROR;
+    }
+
 #if !defined(NO_SHA) && defined(NO_SHA256)
     cookieType = SHA;
     macSz = WC_SHA_DIGEST_SIZE;
@@ -6670,6 +6722,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
      * wolfSSL_accept_TLSv13 when changing this one. */
     if (IsDtlsNotSctpMode(ssl) && ssl->options.sendCookie &&
             !ssl->options.dtlsStateful) {
+        DtlsSetSeqNumForReply(ssl);
         ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0, NULL);
         if (ret != 0 || !ssl->options.dtlsStateful) {
             *inOutIdx += helloSz;
@@ -7088,6 +7141,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     #ifdef HAVE_SESSION_TICKET
         if (ssl->options.resuming) {
             ssl->options.resuming = 0;
+            ssl->arrays->psk_keySz = 0;
             XMEMSET(ssl->arrays->psk_key, 0, ssl->specs.hash_size);
         }
     #endif
@@ -7760,6 +7814,54 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
     }
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* These match up with what the OQS team has defined. */
+#define HYBRID_SA_MAJOR 0xFE
+#define HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR    0xA1
+#define HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR 0xA2
+#define HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR    0xA4
+#define HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR    0xA6
+#define HYBRID_P256_FALCON_LEVEL1_SA_MINOR       0x0C
+#define HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR    0x0D
+#define HYBRID_P521_FALCON_LEVEL5_SA_MINOR       0x0F
+
+static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
+{
+    /* Initialize output to error indicator. */
+    output[0] = 0x0;
+    output[1] = 0x0;
+
+    if (sigAlg == ecc_dsa_sa_algo && altSigAlg == dilithium_level2_sa_algo) {
+        output[1] = HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR;
+    }
+    else if (sigAlg == rsa_pss_sa_algo &&
+             altSigAlg == dilithium_level2_sa_algo) {
+        output[1] = HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo &&
+             altSigAlg == dilithium_level3_sa_algo) {
+        output[1] = HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo &&
+             altSigAlg == dilithium_level5_sa_algo) {
+        output[1] = HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo && altSigAlg == falcon_level1_sa_algo) {
+        output[1] = HYBRID_P256_FALCON_LEVEL1_SA_MINOR;
+    }
+    else if (sigAlg == rsa_pss_sa_algo && altSigAlg == falcon_level1_sa_algo) {
+        output[1] = HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo && altSigAlg == falcon_level5_sa_algo) {
+        output[1] = HYBRID_P521_FALCON_LEVEL5_SA_MINOR;
+    }
+
+    if (output[1] != 0x0) {
+        output[0] = HYBRID_SA_MAJOR;
+    }
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Decode the signature algorithm.
  *
  * input     The encoded signature algorithm.
@@ -7852,6 +7954,65 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
     return ret;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Decode the hybrid signature algorithm.
+ *
+ * input     The encoded signature algorithm.
+ * hashalgo  The hash algorithm.
+ * hsType    The signature type.
+ * returns INVALID_PARAMETER if not recognized and 0 otherwise.
+ */
+static WC_INLINE int DecodeTls13HybridSigAlg(byte* input, byte* hashAlg,
+                                             byte *sigAlg, byte *altSigAlg)
+{
+
+    if (input[0] != HYBRID_SA_MAJOR) {
+        return INVALID_PARAMETER;
+    }
+
+    if (input[1] == HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = 4; /* WC_HASH_TYPE_SHA? Reviewer? */
+        *altSigAlg = dilithium_level2_sa_algo;
+    }
+    else if (input[1] == HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR) {
+        *sigAlg = rsa_pss_sa_algo;
+        *hashAlg = 4;
+        *altSigAlg = dilithium_level2_sa_algo;
+    }
+    else if (input[1] == HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = 5;
+        *altSigAlg = dilithium_level3_sa_algo;
+    }
+    else if (input[1] == HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = 6;
+        *altSigAlg = dilithium_level5_sa_algo;
+    }
+    else if (input[1] == HYBRID_P256_FALCON_LEVEL1_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = 4;
+        *altSigAlg = falcon_level1_sa_algo;
+    }
+    else if (input[1] == HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR) {
+        *sigAlg = rsa_pss_sa_algo;
+        *hashAlg = 4;
+        *altSigAlg = falcon_level1_sa_algo;
+    }
+    else if (input[1] == HYBRID_P521_FALCON_LEVEL5_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = 6;
+        *altSigAlg = falcon_level5_sa_algo;
+    }
+    else {
+        return INVALID_PARAMETER;
+    }
+
+    return 0;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Get the hash of the messages so far.
  *
  * ssl   The SSL/TLS object.
@@ -8505,6 +8666,10 @@ typedef struct Scv13Args {
     byte   sigAlgo;
     byte*  sigData;
     word16 sigDataSz;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte   altSigAlgo;
+    word16 altSigLen;    /* Only used in the case of both native and alt. */
+#endif
 } Scv13Args;
 
 static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
@@ -8647,6 +8812,29 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                     ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
             }
             else {
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (wolfSSL_is_server(ssl) &&
+                    ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) {
+                    /* In the case of alternative, we swap in the alt. */
+                    if (ssl->ctx->altPrivateKey == NULL) {
+                        ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
+                    }
+                    ssl->buffers.keyType = ssl->buffers.altKeyType;
+                    ssl->buffers.keySz = ssl->buffers.altKeySz;
+                    /* If we own it, free key before overriding it. */
+                    if (ssl->buffers.weOwnKey) {
+                        FreeDer(&ssl->buffers.key);
+                    }
+
+                    /* Transfer ownership. ssl->ctx always owns the alt private
+                     * key. */
+                    ssl->buffers.key = ssl->ctx->altPrivateKey;
+                    ssl->ctx->altPrivateKey = NULL;
+                    ssl->buffers.weOwnKey = 1;
+                    ssl->buffers.weOwnAltKey = 0;
+                }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
                 ret = DecodePrivateKey(ssl, &args->length);
                 if (ret != 0)
                     goto exit_scv;
@@ -8728,7 +8916,51 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             else {
                 ERROR_OUT(ALGO_ID_E, exit_scv);
             }
-            EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo, args->verify);
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->peerSigSpec == NULL) {
+                /* The peer did not respond. We didn't send CKS or they don't
+                 * support it. Either way, we do not need to handle dual
+                 * key/sig case. */
+                ssl->sigSpec = NULL;
+                ssl->sigSpecSz = 0;
+            }
+
+            if (wolfSSL_is_server(ssl) &&
+                ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* The native was already decoded. Now we need to do the
+                 * alternative. Note that no swap was done because this case is
+                 * both native and alternative, not just alternative. */
+                if (ssl->ctx->altPrivateKey == NULL) {
+                    ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
+                }
+
+                if (ssl->buffers.altKeyType == falcon_level1_sa_algo ||
+                    ssl->buffers.altKeyType == falcon_level5_sa_algo ||
+                    ssl->buffers.altKeyType == dilithium_level2_sa_algo ||
+                    ssl->buffers.altKeyType == dilithium_level3_sa_algo ||
+                    ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
+                    args->altSigAlgo = ssl->buffers.altKeyType;
+                }
+                else {
+                    ERROR_OUT(ALGO_ID_E, exit_scv);
+                }
+                /* After this call, args->altSigLen has the length we need for
+                 * the alternative signature. */
+                ret = DecodeAltPrivateKey(ssl, &args->altSigLen);
+                if (ret != 0)
+                    goto exit_scv;
+
+                EncodeDualSigAlg(args->sigAlgo, args->altSigAlgo, args->verify);
+                if (args->verify[0] == 0) {
+                    ERROR_OUT(ALGO_ID_E, exit_scv);
+                }
+            }
+            else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo,
+                             args->verify);
 
             if (args->sigData == NULL) {
                 if (ssl->hsType == DYNAMIC_TYPE_RSA) {
@@ -8807,6 +9039,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 }
                 sig->length = ED448_SIG_SIZE;
             }
+
         #endif /* HAVE_ED448 */
         #if defined(HAVE_PQC)
             #if defined(HAVE_FALCON)
@@ -8850,6 +9083,32 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 #endif
                     );
                 }
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (wolfSSL_is_server(ssl) &&
+                    ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
+                        /* note the + sig->length; we are appending. */
+                        ret = wc_dilithium_sign_msg(
+                                  args->sigData, args->sigDataSz,
+                                  args->verify + HASH_SIG_SIZE +
+                                  VERIFY_HEADER + sig->length,
+                                  (word32*)&args->altSigLen,
+                                  (dilithium_key*)ssl->hsAltKey, ssl->rng);
+
+                    }
+                    else if (ssl->hsAltType == DYNAMIC_TYPE_FALCON) {
+                        /* note the sig->length; we are appending. */
+                        ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
+                                                 args->verify + HASH_SIG_SIZE +
+                                                 VERIFY_HEADER + sig->length,
+                                                 (word32*)&args->altSigLen,
+                                                 (falcon_key*)ssl->hsAltKey,
+                                                 ssl->rng);
+                    }
+                }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
                 args->length = (word16)sig->length;
             }
         #endif /* HAVE_ECC */
@@ -8887,7 +9146,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
                                          args->verify + HASH_SIG_SIZE +
                                          VERIFY_HEADER, (word32*)&sig->length,
-                                         (falcon_key*)ssl->hsKey);
+                                         (falcon_key*)ssl->hsKey, ssl->rng);
                 args->length = (word16)sig->length;
             }
             #endif
@@ -8896,7 +9155,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
                                          args->verify + HASH_SIG_SIZE +
                                          VERIFY_HEADER, (word32*)&sig->length,
-                                         (dilithium_key*)ssl->hsKey);
+                                         (dilithium_key*)ssl->hsKey, ssl->rng);
                 args->length = (word16)sig->length;
             }
             #endif
@@ -8909,6 +9168,36 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                     (RsaKey*)ssl->hsKey,
                     ssl->buffers.key
                 );
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                /* In the case of RSA, we need to do the CKS both case here
+                 * BEFORE args->sigData is overwritten!! We keep the sig
+                 * separate and then append later so we don't interfere with the
+                 * checks below. */
+                if (wolfSSL_is_server(ssl) &&
+                    ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
+                        /* note the + args->sigLen; we are appending. */
+                        ret = wc_dilithium_sign_msg(args->sigData,
+                                  args->sigDataSz,
+                                  args->verify + HASH_SIG_SIZE + VERIFY_HEADER +
+                                  args->sigLen,
+                                  (word32*)&args->altSigLen,
+                                  (dilithium_key*)ssl->hsAltKey, ssl->rng);
+                    }
+                    else if (ssl->hsAltType == DYNAMIC_TYPE_FALCON) {
+                        /* note the + args->sigLen; we are appending. */
+                        ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
+                                                 args->verify + HASH_SIG_SIZE +
+                                                 VERIFY_HEADER + args->sigLen,
+                                                 (word32*)&args->altSigLen,
+                                                 (falcon_key*)ssl->hsAltKey,
+                                                 ssl->rng);
+                    }
+                }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
                 if (ret == 0) {
                     args->length = (word16)args->sigLen;
 
@@ -8924,6 +9213,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 goto exit_scv;
             }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            /* Add in length of the alt sig which will be appended to the sig */
+            args->length += args->altSigLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             /* Add signature length. */
             c16toa(args->length, args->verify + HASH_SIG_SIZE);
 
@@ -9142,11 +9436,16 @@ typedef struct Dcv13Args {
     word32 sigSz;
     word32 idx;
     word32 begin;
-    byte   hashAlgo;
-    byte   sigAlgo;
 
     byte*  sigData;
     word16 sigDataSz;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte   altSigAlgo;
+    byte*  altSigData;
+    word16 altSigDataSz;
+    word16 altSignatureSz;
+    byte   altPeerAuthGood;
+#endif
 } Dcv13Args;
 
 static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs)
@@ -9157,10 +9456,82 @@ static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs)
         XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
         args->sigData = NULL;
     }
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (args && args->altSigData != NULL) {
+        XFREE(args->altSigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+        args->altSigData = NULL;
+    }
+#endif
     (void)ssl;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
+ * dilithium public key. Convert it into a usable public key. */
+static int decodeDilithiumKey(WOLFSSL* ssl, int level)
+{
+    int keyRet;
+    word32 tmpIdx = 0;
+
+    if (ssl->peerDilithiumKeyPresent)
+        return INVALID_PARAMETER;
+
+    keyRet = AllocKey(ssl, DYNAMIC_TYPE_DILITHIUM,
+                      (void**)&ssl->peerDilithiumKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    ssl->peerDilithiumKeyPresent = 1;
+    keyRet = wc_dilithium_init(ssl->peerDilithiumKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    keyRet = wc_dilithium_set_level(ssl->peerDilithiumKey, level);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    keyRet = wc_Dilithium_PublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
+                                          ssl->peerDilithiumKey,
+                                          ssl->peerCert.sapkiLen);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    return 0;
+}
+
+/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
+ * falcon public key. Convert it into a usable public key. */
+static int decodeFalconKey(WOLFSSL* ssl, int level)
+{
+    int keyRet;
+    word32 tmpIdx = 0;
+
+    if (ssl->peerFalconKeyPresent)
+        return INVALID_PARAMETER;
+
+    keyRet = AllocKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    ssl->peerFalconKeyPresent = 1;
+    keyRet = wc_falcon_init(ssl->peerFalconKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    keyRet = wc_falcon_set_level(ssl->peerFalconKey, level);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    keyRet = wc_Falcon_PublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
+                                       ssl->peerFalconKey,
+                                       ssl->peerCert.sapkiLen);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    return 0;
+}
+#endif
+
 /* handle processing TLS v1.3 certificate_verify (15) */
 /* Parse and handle a TLS v1.3 CertificateVerify message.
  *
@@ -9218,8 +9589,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         ret = 0;
         ssl->options.asyncState = TLS_ASYNC_BEGIN;
         XMEMSET(args, 0, sizeof(Dcv13Args));
-        args->hashAlgo = sha_mac;
-        args->sigAlgo = anonymous_sa_algo;
+        ssl->options.peerHashAlgo = sha_mac;
+        ssl->options.peerSigAlgo = anonymous_sa_algo;
         args->idx = *inOutIdx;
         args->begin = *inOutIdx;
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -9250,8 +9621,36 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
             if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > totalSz) {
                 ERROR_OUT(BUFFER_ERROR, exit_dcv);
             }
-            ret = DecodeTls13SigAlg(input + args->idx, &args->hashAlgo,
-                                                                &args->sigAlgo);
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->peerSigSpec == NULL) {
+                /* The peer did not respond. We didn't send CKS or they don't
+                 * support it. Either way, we do not need to handle dual
+                 * key/sig case. */
+                ssl->sigSpec = NULL;
+                ssl->sigSpecSz = 0;
+            }
+
+            /* If no CKS extension or either native or alternative, then just
+             * get a normal sigalgo.  But if BOTH, then get the native and alt
+             * sig algos. */
+            if (wolfSSL_is_server(ssl) ||
+                ssl->sigSpec == NULL ||
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_NATIVE ||
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) {
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                ret = DecodeTls13SigAlg(input + args->idx,
+                        &ssl->options.peerHashAlgo, &ssl->options.peerSigAlgo);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            }
+            else {
+                ret = DecodeTls13HybridSigAlg(input + args->idx,
+                                              &ssl->options.peerHashAlgo,
+                                              &ssl->options.peerSigAlgo,
+                                              &args->altSigAlgo);
+            }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             if (ret < 0)
                 goto exit_dcv;
             args->idx += OPAQUE16_LEN;
@@ -9269,70 +9668,159 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 ERROR_OUT(BUFFER_ERROR, exit_dcv);
             }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (!wolfSSL_is_server(ssl) &&
+                (ssl->sigSpec != NULL) &&
+                (*ssl->sigSpec != WOLFSSL_CKS_SIGSPEC_NATIVE)) {
+
+                word16 sa;
+                if (args->altSigAlgo == 0)
+                    sa = ssl->options.peerSigAlgo;
+                else
+                    sa = args->altSigAlgo;
+
+                switch(sa) {
+                case dilithium_level2_sa_algo:
+                    ret = decodeDilithiumKey(ssl, 2);
+                    break;
+                case dilithium_level3_sa_algo:
+                    ret = decodeDilithiumKey(ssl, 3);
+                    break;
+                case dilithium_level5_sa_algo:
+                    ret = decodeDilithiumKey(ssl, 5);
+                    break;
+                case falcon_level1_sa_algo:
+                    ret = decodeFalconKey(ssl, 1);
+                    break;
+                case falcon_level5_sa_algo:
+                    ret = decodeFalconKey(ssl, 5);
+                    break;
+                default:
+                    ERROR_OUT(PEER_KEY_ERROR, exit_dcv);
+                    break;
+                }
+
+                if (ret != 0)
+                    ERROR_OUT(ret, exit_dcv);
+
+                if (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) {
+                    /* Now swap in the alternative. We only support hybrid certs
+                     * where native is RSA or ECC so check that either of those
+                     * are present and then remove it. */
+                    if (ssl->peerRsaKeyPresent &&
+                        ssl->peerEccDsaKeyPresent) {
+                        /* They shouldn't both be present. */
+                        ERROR_OUT(PEER_KEY_ERROR, exit_dcv);
+                    }
+                    else if (ssl->peerRsaKeyPresent) {
+                        FreeKey(ssl, DYNAMIC_TYPE_RSA,
+                                (void**)&ssl->peerRsaKey);
+                        ssl->peerRsaKeyPresent = 0;
+                    }
+                    else if (ssl->peerEccDsaKeyPresent) {
+                        FreeKey(ssl, DYNAMIC_TYPE_ECC,
+                                (void**)&ssl->peerEccDsaKey);
+                        ssl->peerEccDsaKeyPresent = 0;
+                    }
+                    else {
+                        ERROR_OUT(WOLFSSL_NOT_IMPLEMENTED, exit_dcv);
+                    }
+                }
+                else if (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    /* Use alternative public key to figure out the expected
+                     * alt sig size. We only support Post-quantum key as SAPKI.
+                     */
+                    switch(sa) {
+                    case dilithium_level2_sa_algo:
+                    case dilithium_level3_sa_algo:
+                    case dilithium_level5_sa_algo:
+                        ret = wc_dilithium_sig_size(ssl->peerDilithiumKey);
+                        break;
+                    case falcon_level1_sa_algo:
+                    case falcon_level5_sa_algo:
+                        ret = wc_falcon_sig_size(ssl->peerFalconKey);
+                        break;
+                    default:
+                        ERROR_OUT(PEER_KEY_ERROR, exit_dcv);
+                        break;
+                    }
+
+                    if (ret <= 0) {
+                        ERROR_OUT(PEER_KEY_ERROR, exit_dcv);
+                    }
+                    args->altSignatureSz = ret;
+                    ret = 0;
+                }
+                else {
+                    ERROR_OUT(WOLFSSL_NOT_IMPLEMENTED, exit_dcv);
+                }
+            }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             /* Check for public key of required type. */
             /* Assume invalid unless signature algo matches the key provided */
             validSigAlgo = 0;
         #ifdef HAVE_ED25519
-            if (args->sigAlgo == ed25519_sa_algo) {
+            if (ssl->options.peerSigAlgo == ed25519_sa_algo) {
                 WOLFSSL_MSG("Peer sent ED25519 sig");
                 validSigAlgo = (ssl->peerEd25519Key != NULL) &&
                                                      ssl->peerEd25519KeyPresent;
             }
         #endif
         #ifdef HAVE_ED448
-            if (args->sigAlgo == ed448_sa_algo) {
+            if (ssl->options.peerSigAlgo == ed448_sa_algo) {
                 WOLFSSL_MSG("Peer sent ED448 sig");
                 validSigAlgo = (ssl->peerEd448Key != NULL) &&
                                                        ssl->peerEd448KeyPresent;
             }
         #endif
         #ifdef HAVE_ECC
-            if (args->sigAlgo == ecc_dsa_sa_algo) {
+            if (ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
                 WOLFSSL_MSG("Peer sent ECC sig");
                 validSigAlgo = (ssl->peerEccDsaKey != NULL) &&
                                                       ssl->peerEccDsaKeyPresent;
             }
         #endif
         #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-            if (args->sigAlgo == sm2_sa_algo) {
+            if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                 WOLFSSL_MSG("Peer sent SM2 sig");
                 validSigAlgo = (ssl->peerEccDsaKey != NULL) &&
                                                       ssl->peerEccDsaKeyPresent;
             }
         #endif
         #ifdef HAVE_PQC
-            if (args->sigAlgo == falcon_level1_sa_algo) {
+            if (ssl->options.peerSigAlgo == falcon_level1_sa_algo) {
                 WOLFSSL_MSG("Peer sent Falcon Level 1 sig");
                 validSigAlgo = (ssl->peerFalconKey != NULL) &&
                                ssl->peerFalconKeyPresent;
             }
-            if (args->sigAlgo == falcon_level5_sa_algo) {
+            if (ssl->options.peerSigAlgo == falcon_level5_sa_algo) {
                 WOLFSSL_MSG("Peer sent Falcon Level 5 sig");
                 validSigAlgo = (ssl->peerFalconKey != NULL) &&
                                ssl->peerFalconKeyPresent;
             }
-            if (args->sigAlgo == dilithium_level2_sa_algo) {
+            if (ssl->options.peerSigAlgo == dilithium_level2_sa_algo) {
                 WOLFSSL_MSG("Peer sent Dilithium Level 2 sig");
                 validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
                                ssl->peerDilithiumKeyPresent;
             }
-            if (args->sigAlgo == dilithium_level3_sa_algo) {
+            if (ssl->options.peerSigAlgo == dilithium_level3_sa_algo) {
                 WOLFSSL_MSG("Peer sent Dilithium Level 3 sig");
                 validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
                                ssl->peerDilithiumKeyPresent;
             }
-            if (args->sigAlgo == dilithium_level5_sa_algo) {
+            if (ssl->options.peerSigAlgo == dilithium_level5_sa_algo) {
                 WOLFSSL_MSG("Peer sent Dilithium Level 5 sig");
                 validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
                                ssl->peerDilithiumKeyPresent;
             }
         #endif
         #ifndef NO_RSA
-            if (args->sigAlgo == rsa_sa_algo) {
+            if (ssl->options.peerSigAlgo == rsa_sa_algo) {
                 WOLFSSL_MSG("Peer sent PKCS#1.5 algo - not valid TLS 1.3");
                 ERROR_OUT(INVALID_PARAMETER, exit_dcv);
             }
-            if (args->sigAlgo == rsa_pss_sa_algo) {
+            if (ssl->options.peerSigAlgo == rsa_pss_sa_algo) {
                 WOLFSSL_MSG("Peer sent RSA sig");
                 validSigAlgo = (ssl->peerRsaKey != NULL) &&
                                                          ssl->peerRsaKeyPresent;
@@ -9343,14 +9831,48 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 ERROR_OUT(SIG_VERIFY_E, exit_dcv);
             }
 
-            sig->buffer = (byte*)XMALLOC(args->sz, ssl->heap,
+            sig->length = args->sz;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (!wolfSSL_is_server(ssl) &&
+                ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* If its RSA, we only hybridize with RSA3072 which has a sig
+                 * size of 384. For ECC, this is actually encoded as an RFC5912
+                 * formatted signature which means we can use the ASN APIs to
+                 * figure out the length. Note that some post-quantum sig algs
+                 * have variable length signatures (Falcon). That is why we
+                 * don't do:
+                 *   sig->length -= args->altSignatureSz; */
+                #define RSA3072_SIG_LEN 384
+                if (ssl->options.peerSigAlgo == rsa_pss_sa_algo) {
+                    sig->length = RSA3072_SIG_LEN;
+                }
+                else if (ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
+                    word32 tmpIdx = args->idx;
+                    sig->length = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC,
+                                      ssl->peerEccDsaKey,
+                                      sizeof(*ssl->peerEccDsaKey));
+                    if (GetSequence(input, &tmpIdx, (int*)&sig->length,
+                                    args->sz) < 0) {
+                        ERROR_OUT(SIG_VERIFY_E, exit_dcv);
+                    }
+                    /* We have to increment by the size of the header. */
+                    sig->length += tmpIdx - args->idx;
+                }
+                else {
+                    ERROR_OUT(WOLFSSL_NOT_IMPLEMENTED, exit_dcv);
+                }
+            }
+#endif
+
+            sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap,
                                          DYNAMIC_TYPE_SIGNATURE);
+
             if (sig->buffer == NULL) {
                 ERROR_OUT(MEMORY_E, exit_dcv);
             }
-            sig->length = args->sz;
-            XMEMCPY(sig->buffer, input + args->idx, args->sz);
 
+            XMEMCPY(sig->buffer, input + args->idx, sig->length);
         #ifdef HAVE_ECC
             if (ssl->peerEccDsaKeyPresent) {
                 WOLFSSL_MSG("Doing ECC peer cert verify");
@@ -9365,11 +9887,11 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 if (ret != 0)
                     goto exit_dcv;
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                if (args->sigAlgo != sm2_sa_algo)
+                if (ssl->options.peerSigAlgo != sm2_sa_algo)
             #endif
                 {
                     ret = CreateECCEncodedSig(args->sigData,
-                        args->sigDataSz, args->hashAlgo);
+                        args->sigDataSz, ssl->options.peerHashAlgo);
                     if (ret < 0)
                         goto exit_dcv;
                     args->sigDataSz = (word16)ret;
@@ -9387,8 +9909,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                     ERROR_OUT(MEMORY_E, exit_dcv);
                 }
 
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                ret = 0;
+                ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
+                if (ret < 0)
+                    goto exit_dcv;
             }
         #endif
         #ifdef HAVE_ED448
@@ -9401,34 +9924,39 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                     ERROR_OUT(MEMORY_E, exit_dcv);
                 }
 
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                ret = 0;
+                ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
+                if (ret < 0)
+                    goto exit_dcv;
             }
        #endif
        #ifdef HAVE_PQC
-            if (ssl->peerFalconKeyPresent) {
-                WOLFSSL_MSG("Doing Falcon peer cert verify");
-
-                args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
+            if (ssl->peerFalconKeyPresent || ssl->peerDilithiumKeyPresent) {
+                word16 sigDataSz;
+                byte *sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
                                                         DYNAMIC_TYPE_SIGNATURE);
-                if (args->sigData == NULL) {
+                if (sigData == NULL) {
                     ERROR_OUT(MEMORY_E, exit_dcv);
                 }
 
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                ret = 0;
-            }
-
-            if (ssl->peerDilithiumKeyPresent) {
-                WOLFSSL_MSG("Doing Dilithium peer cert verify");
-
-                args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-                if (args->sigData == NULL) {
-                    ERROR_OUT(MEMORY_E, exit_dcv);
+                ret = CreateSigData(ssl, sigData, &sigDataSz, 1);
+                if (ret < 0) {
+                    goto exit_dcv;
                 }
 
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (!wolfSSL_is_server(ssl) &&
+                    ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    /* In this case (BOTH), the pq sig is the alternative. */
+                    args->altSigData = sigData;
+                    args->altSigDataSz = sigDataSz;
+                }
+                else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                {
+                    args->sigData = sigData;
+                    args->sigDataSz = sigDataSz;
+                }
                 ret = 0;
             }
        #endif
@@ -9443,7 +9971,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         #ifndef NO_RSA
             if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
                 ret = RsaVerify(ssl, sig->buffer, (word32)sig->length, &args->output,
-                    args->sigAlgo, args->hashAlgo, ssl->peerRsaKey,
+                    ssl->options.peerSigAlgo, ssl->options.peerHashAlgo, ssl->peerRsaKey,
                 #ifdef HAVE_PK_CALLBACKS
                     &ssl->buffers.peerRsaKey
                 #else
@@ -9459,7 +9987,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         #ifdef HAVE_ECC
             if (ssl->peerEccDsaKeyPresent) {
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                if (args->sigAlgo == sm2_sa_algo) {
+                if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                     ret = Sm2wSm3Verify(ssl, TLS13_SM2_SIG_ID,
                         TLS13_SM2_SIG_ID_SZ, input + args->idx, args->sz,
                         args->sigData, args->sigDataSz,
@@ -9468,7 +9996,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 else
             #endif
                 {
-                    ret = EccVerify(ssl, input + args->idx, args->sz,
+                    ret = EccVerify(ssl, input + args->idx, sig->length,
                         args->sigData, args->sigDataSz,
                         ssl->peerEccDsaKey,
                     #ifdef HAVE_PK_CALLBACKS
@@ -9535,15 +10063,43 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         #if defined(HAVE_PQC) && defined(HAVE_FALCON)
             if (ssl->peerFalconKeyPresent) {
                 int res = 0;
+                byte *sigIn = input + args->idx;
+                word32 sigInLen = args->sz;
+                byte *sigData = args->sigData;
+                word32 sigDataSz = args->sigDataSz;
                 WOLFSSL_MSG("Doing Falcon peer cert verify");
-                ret = wc_falcon_verify_msg(input + args->idx, args->sz,
-                                    args->sigData, args->sigDataSz,
-                                    &res, ssl->peerFalconKey);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (!wolfSSL_is_server(ssl) &&
+                    ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    /* Note: + sig->length; we are skipping the native sig. */
+                    sigIn = input + args->idx + sig->length;
+                    sigInLen = args->sz - sig->length;
+
+                    /* For RSA, something different was verified. */
+                    if (ssl->peerRsaKeyPresent) {
+                        sigData = args->altSigData;
+                        sigDataSz = args->altSigDataSz;
+                    }
+                }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                ret = wc_falcon_verify_msg(sigIn, sigInLen,
+                                           sigData, sigDataSz,
+                                           &res, ssl->peerFalconKey);
 
                 if ((ret >= 0) && (res == 1)) {
                     /* CLIENT/SERVER: data verified with public key from
                      * certificate. */
-                    ssl->options.peerAuthGood = 1;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                    if (!wolfSSL_is_server(ssl) &&
+                        ssl->sigSpec != NULL &&
+                        *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                        args->altPeerAuthGood = 1;
+                    }
+                    else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                        ssl->options.peerAuthGood = 1;
+
                     FreeKey(ssl, DYNAMIC_TYPE_FALCON,
                                                    (void**)&ssl->peerFalconKey);
                     ssl->peerFalconKeyPresent = 0;
@@ -9553,15 +10109,43 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
             if (ssl->peerDilithiumKeyPresent) {
                 int res = 0;
+                byte *sigIn = input + args->idx;
+                word32 sigInLen = args->sz;
+                byte *sigData = args->sigData;
+                word32 sigDataSz = args->sigDataSz;
                 WOLFSSL_MSG("Doing Dilithium peer cert verify");
-                ret = wc_dilithium_verify_msg(input + args->idx, args->sz,
-                                              args->sigData, args->sigDataSz,
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (!wolfSSL_is_server(ssl) &&
+                    ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    /* Go backwards from the end of the signature the size of
+                     * the alt sig to find the beginning of the alt sig. */
+                    sigIn = input + args->idx + args->sz - args->altSignatureSz;
+                    sigInLen = args->altSignatureSz;
+                    /* For RSA, something different was verified. */
+                    if (ssl->peerRsaKeyPresent) {
+                        sigData = args->altSigData;
+                        sigDataSz = args->altSigDataSz;
+                    }
+                }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                ret = wc_dilithium_verify_msg(sigIn, sigInLen,
+                                              sigData, sigDataSz,
                                               &res, ssl->peerDilithiumKey);
 
                 if ((ret >= 0) && (res == 1)) {
                     /* CLIENT/SERVER: data verified with public key from
                      * certificate. */
-                    ssl->options.peerAuthGood = 1;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                    if (!wolfSSL_is_server(ssl) &&
+                        ssl->sigSpec != NULL &&
+                        *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                        args->altPeerAuthGood = 1;
+                    }
+                    else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                        ssl->options.peerAuthGood = 1;
+
                     FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
                             (void**)&ssl->peerDilithiumKey);
                     ssl->peerDilithiumKeyPresent = 0;
@@ -9583,8 +10167,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         {
         #if !defined(NO_RSA) && defined(WC_RSA_PSS)
             if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
-                ret = CheckRSASignature(ssl, args->sigAlgo, args->hashAlgo,
-                                        args->output, args->sendSz);
+                ret = CheckRSASignature(ssl, ssl->options.peerSigAlgo,
+                        ssl->options.peerHashAlgo, args->output, args->sendSz);
                 if (ret != 0)
                     goto exit_dcv;
 
@@ -9603,6 +10187,14 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
 
         case TLS_ASYNC_FINALIZE:
         {
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (!wolfSSL_is_server(ssl) &&
+                ssl->options.peerAuthGood &&
+                ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                ssl->options.peerAuthGood = args->altPeerAuthGood;
+            }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
             ssl->options.havePeerVerify = 1;
 
             /* Set final index */
@@ -9790,7 +10382,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     if (sniff == NO_SNIFF) {
         /* Actually check verify data. */
-        if (XMEMCMP(input + *inOutIdx, mac, size) != 0){
+        if (size > WC_MAX_DIGEST_SIZE ||
+                XMEMCMP(input + *inOutIdx, mac, size) != 0){
             WOLFSSL_MSG("Verify finished error on hashes");
             SendAlert(ssl, alert_fatal, decrypt_error);
             WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);
@@ -10354,6 +10947,8 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl)
     if (!ssl->options.groupMessages)
         ret = SendBuffered(ssl);
 
+    ssl->earlyData = done_early_data;
+
     WOLFSSL_LEAVE("SendTls13EndOfEarlyData", ret);
     WOLFSSL_END(WC_FUNC_END_OF_EARLY_DATA_SEND);
 
@@ -12053,7 +12648,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
             }
 
             ssl->options.connectState = CLIENT_HELLO_SENT;
-            WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT");
+            WOLFSSL_MSG("TLSv13 connect state: CLIENT_HELLO_SENT");
     #ifdef WOLFSSL_EARLY_DATA
             if (ssl->earlyData != no_early_data) {
         #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
@@ -12484,6 +13079,30 @@ int wolfSSL_NoKeyShares(WOLFSSL* ssl)
 }
 #endif
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wolfSSL_UseCKS(WOLFSSL* ssl, byte *sigSpec, word16 sigSpecSz)
+{
+    if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->ctx->method->version) ||
+        sigSpec == NULL || sigSpecSz == 0)
+        return BAD_FUNC_ARG;
+
+    ssl->sigSpec = sigSpec;
+    ssl->sigSpecSz = sigSpecSz;
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_CTX_UseCKS(WOLFSSL_CTX* ctx, byte *sigSpec, word16 sigSpecSz)
+{
+    if (ctx == NULL || !IsAtLeastTLSv1_3(ctx->method->version) ||
+        sigSpec == NULL || sigSpecSz == 0)
+        return BAD_FUNC_ARG;
+
+    ctx->sigSpec = sigSpec;
+    ctx->sigSpecSz = sigSpecSz;
+    return WOLFSSL_SUCCESS;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Do not send a ticket after TLS v1.3 handshake for resumption.
  *
  * ctx  The SSL/TLS CTX object.
@@ -12901,7 +13520,7 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, ssl->options.side);
 }
 
 /* Set the PSK callback that returns the cipher suite for a client to use
@@ -12954,7 +13573,7 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, ssl->options.side);
 }
 
 /* Set the PSK callback that returns the cipher suite for a server to use
@@ -13004,7 +13623,7 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
                ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, ssl->options.side);
 }
 
 /* Get name of first supported cipher suite that uses the hash indicated.
@@ -13753,6 +14372,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
     if (!IsAtLeastTLSv1_3(ssl->version))
         return BAD_FUNC_ARG;
 
+    *outSz = 0;
 #ifndef NO_WOLFSSL_SERVER
     if (ssl->options.side == WOLFSSL_CLIENT_END)
         return SIDE_ERROR;
diff --git a/extra/wolfssl/wolfssl/src/wolfio.c b/extra/wolfssl/wolfssl/src/wolfio.c
index 4fee9583..041e0b77 100644
--- a/extra/wolfssl/wolfssl/src/wolfio.c
+++ b/extra/wolfssl/wolfssl/src/wolfio.c
@@ -41,6 +41,56 @@
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfio.h>
 
+#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
+    #ifndef USE_WINDOWS_API
+        #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
+        #elif defined(ARDUINO)
+        #elif defined(FREESCALE_MQX)
+        #elif defined(FREESCALE_KSDK_MQX)
+        #elif (defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET))
+        #elif defined(WOLFSSL_CMSIS_RTOS)
+        #elif defined(WOLFSSL_CMSIS_RTOSv2)
+        #elif defined(WOLFSSL_TIRTOS)
+        #elif defined(FREERTOS_TCP)
+        #elif defined(WOLFSSL_IAR_ARM)
+        #elif defined(HAVE_NETX_BSD)
+        #elif defined(WOLFSSL_VXWORKS)
+        #elif defined(WOLFSSL_NUCLEUS_1_2)
+        #elif defined(WOLFSSL_LINUXKM)
+            /* the requisite linux/net.h is included in wc_port.h, with incompatible warnings masked out. */
+        #elif defined(WOLFSSL_ATMEL)
+        #elif defined(INTIME_RTOS)
+            #include <netdb.h>
+        #elif defined(WOLFSSL_PRCONNECT_PRO)
+            #include <netdb.h>
+            #include <sys/ioctl.h>
+        #elif defined(WOLFSSL_SGX)
+        #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
+        #elif defined(WOLFSSL_DEOS)
+        #elif defined(WOLFSSL_ZEPHYR)
+        #elif defined(MICROCHIP_PIC32)
+        #elif defined(HAVE_NETX)
+        #elif defined(FUSION_RTOS)
+        #elif !defined(WOLFSSL_NO_SOCK)
+            #if defined(HAVE_RTP_SYS)
+            #elif defined(EBSNET)
+            #elif defined(NETOS)
+            #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \
+                    && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
+                    && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
+                #include <netdb.h>
+                #ifdef __PPU
+                    #include <netex/errno.h>
+                #else
+                    #include <sys/ioctl.h>
+                #endif
+            #endif
+        #endif
+
+    #endif /* USE_WINDOWS_API */
+#endif /* defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) */
+
+
 #if defined(HAVE_HTTP_CLIENT)
     #include <stdlib.h>   /* strtol() */
 #endif
@@ -1409,6 +1459,9 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
             word32 bigPort = 0;
             i = 0;
             cur++;
+
+            XMEMSET(port, 0, sizeof(port));
+
             while (i < 6 && cur < urlSz && url[cur] != 0 && url[cur] != '/') {
                 port[i] = url[cur];
                 i++; cur++;
diff --git a/extra/wolfssl/wolfssl/src/x509.c b/extra/wolfssl/wolfssl/src/x509.c
index a1c4fc4d..eefa69cb 100644
--- a/extra/wolfssl/wolfssl/src/x509.c
+++ b/extra/wolfssl/wolfssl/src/x509.c
@@ -1545,22 +1545,10 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
                         WOLFSSL_MSG("Memory error");
                         return rc;
                     }
-                    if (sk->next) {
-                        if ((valLen = XSNPRINTF(val, len, "%*s%s,",
-                                      indent, "", str->strData))
-                            >= len) {
-                            XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                            return rc;
-                        }
-                    } else {
-                        if ((valLen = XSNPRINTF(val, len, "%*s%s",
-                                      indent, "", str->strData))
-                            >= len) {
-                            XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                            return rc;
-                        }
-                    }
-                    if ((tmpLen + valLen) >= tmpSz) {
+                    valLen = XSNPRINTF(val, len, "%*s%s", indent, "",
+                            str->strData);
+                    if ((valLen < 0) || (valLen >= len)
+                            || ((tmpLen + valLen) >= tmpSz)) {
                         XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         return rc;
                     }
@@ -3593,7 +3581,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
 }
 
 static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
-                                        const byte* in, int len, int req)
+                                  const byte* in, int len, int req, void* heap)
 {
     WOLFSSL_X509 *newX509 = NULL;
     int type = req ? CERTREQ_TYPE : CERT_TYPE;
@@ -3620,12 +3608,12 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
             return NULL;
     #endif
 
-        InitDecodedCert(cert, (byte*)in, len, NULL);
+        InitDecodedCert(cert, (byte*)in, len, heap);
     #ifdef WOLFSSL_CERT_REQ
         cert->isCSR = (byte)req;
     #endif
         if (ParseCertRelative(cert, type, 0, NULL) == 0) {
-            newX509 = wolfSSL_X509_new();
+            newX509 = wolfSSL_X509_new_ex(heap);
             if (newX509 != NULL) {
                 if (CopyDecodedToX509(newX509, cert) != 0) {
                     wolfSSL_X509_free(newX509);
@@ -3659,16 +3647,22 @@ int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
     return isCA;
 }
 
+WOLFSSL_X509* wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const byte* in, int len,
+    void* heap)
+{
+    return d2i_X509orX509REQ(x509, in, len, 0, heap);
+}
+
 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
 {
-    return d2i_X509orX509REQ(x509, in, len, 0);
+    return wolfSSL_X509_d2i_ex(x509, in, len, NULL);
 }
 
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
         const unsigned char* in, int len)
 {
-    return d2i_X509orX509REQ(x509, in, len, 1);
+    return d2i_X509orX509REQ(x509, in, len, 1, NULL);
 }
 #endif
 
@@ -5319,19 +5313,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
 /* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
  * fail
  */
-WOLFSSL_X509* wolfSSL_X509_new(void)
+WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap)
 {
     WOLFSSL_X509* x509;
 
-    x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
+    x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
             DYNAMIC_TYPE_X509);
     if (x509 != NULL) {
-        InitX509(x509, 1, NULL);
+        InitX509(x509, 1, heap);
     }
 
     return x509;
 }
 
+WOLFSSL_X509* wolfSSL_X509_new(void)
+{
+    return wolfSSL_X509_new_ex(NULL);
+}
+
 WOLFSSL_ABI
 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
 {
@@ -7523,6 +7522,45 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out)
     return derSz;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) {
+    int ret = 0;
+    WOLFSSL_X509 *x = NULL;
+
+    if ((cert == NULL) || (der == NULL) || (derSz <= 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    x = wolfSSL_X509_new();
+    if (x == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = CopyDecodedToX509(x, cert);
+    }
+
+    if (ret == 0) {
+        /* Remove the altsigval extension. */
+        XFREE(x->altSigValDer, x->heap, DYNAMIC_TYPE_X509_EXT);
+        x->altSigValDer = NULL;
+        x->altSigValDer = 0;
+        /* Remove sigOID so it won't be encoded. */
+        x->sigOID = 0;
+        /* We now have a PreTBS. Encode it. */
+        ret = wolfssl_x509_make_der(x, 0, der, &derSz, 0);
+        if (ret == WOLFSSL_SUCCESS) {
+            ret = derSz;
+        }
+    }
+
+    if (x != NULL) {
+        wolfSSL_X509_free(x);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 #ifndef NO_BIO
 /**
  * Converts the DER from bio and creates a WOLFSSL_X509 structure from it.
@@ -7571,7 +7609,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
 #endif
     }
     else {
-        localX509 = wolfSSL_X509_d2i(NULL, mem, size);
+        localX509 = wolfSSL_X509_d2i_ex(NULL, mem, size, bio->heap);
     }
     if (localX509 == NULL) {
         WOLFSSL_MSG("wolfSSL_X509_d2i error");
@@ -7934,7 +7972,7 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
 }
 #endif
 
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
 {
     WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
@@ -9928,6 +9966,16 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
             XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
             cert->crlInfoSz = x509->rawCRLInfoSz;
         }
+
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        /* We point to instance in x509 so DON'T need to be free'd. */
+        cert->sapkiDer = x509->sapkiDer;
+        cert->sapkiLen = x509->sapkiLen;
+        cert->altSigAlgDer = x509->altSigAlgDer;
+        cert->altSigAlgLen = x509->altSigAlgLen;
+        cert->altSigValDer = x509->altSigValDer;
+        cert->altSigValLen = x509->altSigValLen;
+    #endif /* WOLFSSL_DUAL_ALG_CERTS */
     #endif /* WOLFSSL_CERT_EXT */
 
     #ifdef WOLFSSL_CERT_REQ
@@ -11173,7 +11221,7 @@ err:
         pemSz = (int)(l - i);
 
         /* check calculated length */
-        if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz < 0) {
+        if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) {
             WOLFSSL_MSG("PEM_read_X509_ex file size error");
             return NULL;
         }
@@ -13304,7 +13352,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
 #endif
 
     /* Use existing CA retrieval APIs that use DecodedCert. */
-    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
+    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
     if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0
             && !cert->selfSigned) {
     #ifndef NO_SKID
@@ -13326,8 +13374,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
 
 #ifdef WOLFSSL_SIGNER_DER_CERT
     /* populate issuer with Signer DER */
-    if (wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
-            ca->derCert->length) == NULL)
+    if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
+            ca->derCert->length, cm->heap) == NULL)
         return WOLFSSL_FAILURE;
 #else
     /* Create an empty certificate as CA doesn't have a certificate. */
@@ -13422,7 +13470,8 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
         return NULL;
     }
 
-    return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
+    return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
+        x->heap);
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
@@ -13787,35 +13836,50 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
 {
     int ret = WOLFSSL_SUCCESS;
     WOLFSSL_ENTER("wolfSSL_X509V3_set_ctx");
-    if (!ctx)
-        return;
+    if (!ctx) {
+        ret = WOLFSSL_FAILURE;
+        WOLFSSL_MSG("wolfSSL_X509V3_set_ctx() called with null ctx.");
+    }
 
-    /* not checking ctx->x509 for null first since app won't have initialized
-     * this X509V3_CTX before this function call */
-    ctx->x509 = wolfSSL_X509_new();
-    if (!ctx->x509)
-        return;
+    if (ret == WOLFSSL_SUCCESS && (ctx->x509 != NULL)) {
+        ret = WOLFSSL_FAILURE;
+        WOLFSSL_MSG("wolfSSL_X509V3_set_ctx() called "
+                    "with ctx->x509 already allocated.");
+    }
+
+    if (ret == WOLFSSL_SUCCESS) {
+        ctx->x509 = wolfSSL_X509_new_ex(
+            (issuer && issuer->heap) ? issuer->heap :
+            (subject && subject->heap) ? subject->heap :
+            (req && req->heap) ? req->heap :
+            NULL);
+        if (!ctx->x509) {
+            ret = WOLFSSL_FAILURE;
+            WOLFSSL_MSG("wolfSSL_X509_new_ex() failed "
+                        "in wolfSSL_X509V3_set_ctx().");
+        }
+    }
 
     /* Set parameters in ctx as long as ret == WOLFSSL_SUCCESS */
-    if (issuer)
+    if (ret == WOLFSSL_SUCCESS && issuer)
         ret = wolfSSL_X509_set_issuer_name(ctx->x509,&issuer->issuer);
 
-    if (subject && ret == WOLFSSL_SUCCESS)
+    if (ret == WOLFSSL_SUCCESS && subject)
         ret = wolfSSL_X509_set_subject_name(ctx->x509,&subject->subject);
 
-    if (req && ret == WOLFSSL_SUCCESS) {
+    if (ret == WOLFSSL_SUCCESS && req) {
         WOLFSSL_MSG("req not implemented.");
     }
 
-    if (crl && ret == WOLFSSL_SUCCESS) {
+    if (ret == WOLFSSL_SUCCESS && crl) {
         WOLFSSL_MSG("crl not implemented.");
     }
 
-    if (flag && ret == WOLFSSL_SUCCESS) {
+    if (ret == WOLFSSL_SUCCESS && flag) {
         WOLFSSL_MSG("flag not implemented.");
     }
 
-    if (!ret) {
+    if (ret != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("Error setting WOLFSSL_X509V3_CTX parameters.");
     }
 }
diff --git a/extra/wolfssl/wolfssl/src/x509_str.c b/extra/wolfssl/wolfssl/src/x509_str.c
index b0b365bc..a38f93b2 100644
--- a/extra/wolfssl/wolfssl/src/x509_str.c
+++ b/extra/wolfssl/wolfssl/src/x509_str.c
@@ -63,7 +63,8 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
 
 
 int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
-     WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk)
+     WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509,
+     WOLF_STACK_OF(WOLFSSL_X509)* sk)
 {
     int ret = 0;
     (void)sk;
@@ -75,8 +76,8 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
         ctx->current_cert = x509;
         #else
         if(x509 != NULL){
-            ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,
-                    x509->derCert->length);
+            ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer,
+                    x509->derCert->length, x509->heap);
             if(ctx->current_cert == NULL)
                 return WOLFSSL_FAILURE;
         } else
@@ -556,6 +557,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
                     }
                 }
                 else {
+                    wolfSSL_X509_free(x509);
                     WOLFSSL_MSG("Could not find CA for certificate");
                 }
             }
@@ -1035,7 +1037,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
         return WOLFSSL_FAILURE;
 
     /* tmp ctx for setting our cert manager */
-    ctx = wolfSSL_CTX_new(cm_pick_method());
+    ctx = wolfSSL_CTX_new_ex(cm_pick_method(str->cm->heap), str->cm->heap);
     if (ctx == NULL)
         return WOLFSSL_FAILURE;
 
diff --git a/extra/wolfssl/wolfssl/support/wolfssl.pc.in b/extra/wolfssl/wolfssl/support/wolfssl.pc.in
index e8cb694f..19aa4431 100644
--- a/extra/wolfssl/wolfssl/support/wolfssl.pc.in
+++ b/extra/wolfssl/wolfssl/support/wolfssl.pc.in
@@ -7,4 +7,5 @@ Name: wolfssl
 Description: wolfssl C library.
 Version: @VERSION@
 Libs: -L${libdir} -lwolfssl
+Libs.private: @LIBM@
 Cflags: -I${includedir}
diff --git a/extra/wolfssl/wolfssl/tests/api.c b/extra/wolfssl/wolfssl/tests/api.c
index 19cca234..c6c6cc90 100644
--- a/extra/wolfssl/wolfssl/tests/api.c
+++ b/extra/wolfssl/wolfssl/tests/api.c
@@ -234,10 +234,6 @@
 
     #define FOURK_BUF 4096
     #define GEN_BUF  294
-
-    #ifndef USER_CRYPTO_ERROR
-        #define USER_CRYPTO_ERROR (-101) /* error returned by IPP lib. */
-    #endif
 #endif
 
 #ifndef NO_SIG_WRAPPER
@@ -445,6 +441,7 @@ typedef struct test_ssl_cbf {
     ctx_cb ctx_ready;
     ssl_cb ssl_ready;
     ssl_cb on_result;
+    ctx_cb on_ctx_cleanup;
     ssl_cb on_cleanup;
     hs_cb  on_handshake;
     WOLFSSL_CTX* ctx;
@@ -839,6 +836,344 @@ static int test_wolfSSL_Method_Allocators(void)
     return EXPECT_RESULT();
 }
 
+#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(NO_FILESYSTEM)
+/*----------------------------------------------------------------------------*
+ | Dual algorithm Certificate Tests
+ *----------------------------------------------------------------------------*/
+#define LARGE_TEMP_SZ 4096
+
+/* To better understand this, please see the X9.146 example in wolfssl-examples
+ * repo. */
+static int do_dual_alg_root_certgen(byte **out, char *caKeyFile,
+                                    char *sapkiFile, char *altPrivFile)
+{
+    EXPECT_DECLS;
+    FILE* file = NULL;
+    Cert newCert;
+    DecodedCert preTBS;
+
+    byte caKeyBuf[LARGE_TEMP_SZ];
+    word32 caKeySz = LARGE_TEMP_SZ;
+    byte sapkiBuf[LARGE_TEMP_SZ];
+    word32 sapkiSz = LARGE_TEMP_SZ;
+    byte altPrivBuf[LARGE_TEMP_SZ];
+    word32 altPrivSz = LARGE_TEMP_SZ;
+    byte altSigAlgBuf[LARGE_TEMP_SZ];
+    word32 altSigAlgSz = LARGE_TEMP_SZ;
+    byte scratchBuf[LARGE_TEMP_SZ];
+    word32 scratchSz = LARGE_TEMP_SZ;
+    byte preTbsBuf[LARGE_TEMP_SZ];
+    word32 preTbsSz = LARGE_TEMP_SZ;
+    byte altSigValBuf[LARGE_TEMP_SZ];
+    word32 altSigValSz = LARGE_TEMP_SZ;
+    byte *outBuf = NULL;
+    word32 outSz = LARGE_TEMP_SZ;
+    WC_RNG rng;
+    RsaKey caKey;
+    ecc_key altCaKey;
+    word32 idx = 0;
+    ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
+                  DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    XMEMSET(caKeyBuf, 0, caKeySz);
+    ExpectNotNull(file = fopen(caKeyFile, "rb"));
+    ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
+    fclose(file);
+    ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz),
+                0);
+    XMEMSET(sapkiBuf, 0, sapkiSz);
+    ExpectNotNull(file = fopen(sapkiFile, "rb"));
+    ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
+    fclose(file);
+    XMEMSET(altPrivBuf, 0, altPrivSz);
+    ExpectNotNull(file = fopen(altPrivFile, "rb"));
+    ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
+    fclose(file);
+    wc_ecc_init(&altCaKey);
+    idx = 0;
+    ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
+                                       (word32)altPrivSz), 0);
+    XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
+    ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
+                                         oidSigType, 0), 0);
+    wc_InitCert(&newCert);
+    strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(newCert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE);
+    newCert.sigType = CTC_SHA256wRSA;
+    newCert.isCA    = 1;
+
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5",
+                (const byte *)"This is NOT a critical extension", 32), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf,
+                sapkiSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf,
+                                altSigAlgSz), 0);
+
+    XMEMSET(scratchBuf, 0, scratchSz);
+    ExpectIntGT(scratchSz = wc_MakeSelfCert(&newCert, scratchBuf, scratchSz,
+                &caKey, &rng), 0);
+    wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
+    ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
+
+    XMEMSET(preTbsBuf, 0, preTbsSz);
+    ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
+    XMEMSET(altSigValBuf, 0, altSigValSz);
+    ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
+                CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
+                &rng), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74", altSigValBuf,
+                altSigValSz), 0);
+
+    /* Finally, generate the new certificate. */
+    XMEMSET(outBuf, 0, outSz);
+    ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey, &rng),
+                0);
+    *out = outBuf;
+    wc_FreeRsaKey(&caKey);
+    wc_FreeRng(&rng);
+    return outSz;
+}
+
+static int do_dual_alg_server_certgen(byte **out, char *caKeyFile,
+                                      char *sapkiFile, char *altPrivFile,
+                                      char *serverKeyFile,
+                                      byte *caCertBuf, int caCertSz)
+{
+    EXPECT_DECLS;
+    FILE* file = NULL;
+    Cert newCert;
+    DecodedCert preTBS;
+
+    byte serverKeyBuf[LARGE_TEMP_SZ];
+    word32 serverKeySz = LARGE_TEMP_SZ;
+    byte caKeyBuf[LARGE_TEMP_SZ];
+    word32 caKeySz = LARGE_TEMP_SZ;
+    byte sapkiBuf[LARGE_TEMP_SZ];
+    word32 sapkiSz = LARGE_TEMP_SZ;
+    byte altPrivBuf[LARGE_TEMP_SZ];
+    word32 altPrivSz = LARGE_TEMP_SZ;
+    byte altSigAlgBuf[LARGE_TEMP_SZ];
+    word32 altSigAlgSz = LARGE_TEMP_SZ;
+    byte scratchBuf[LARGE_TEMP_SZ];
+    word32 scratchSz = LARGE_TEMP_SZ;
+    byte preTbsBuf[LARGE_TEMP_SZ];
+    word32 preTbsSz = LARGE_TEMP_SZ;
+    byte altSigValBuf[LARGE_TEMP_SZ];
+    word32 altSigValSz = LARGE_TEMP_SZ;
+    byte *outBuf = NULL;
+    word32 outSz = LARGE_TEMP_SZ;
+    WC_RNG rng;
+    RsaKey caKey;
+    RsaKey serverKey;
+    ecc_key altCaKey;
+    word32 idx = 0;
+    ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
+                  DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    XMEMSET(serverKeyBuf, 0, serverKeySz);
+    ExpectNotNull(file = fopen(serverKeyFile, "rb"));
+    ExpectIntGT(serverKeySz = (word32)fread(serverKeyBuf, 1, serverKeySz, file),
+                0);
+    fclose(file);
+    ExpectIntEQ(wc_InitRsaKey_ex(&serverKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(serverKeyBuf, &idx, &serverKey,
+                (word32)serverKeySz), 0);
+    XMEMSET(caKeyBuf, 0, caKeySz);
+    ExpectNotNull(file = fopen(caKeyFile, "rb"));
+    ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
+    fclose(file);
+    ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey,
+                (word32)caKeySz), 0);
+    XMEMSET(sapkiBuf, 0, sapkiSz);
+    ExpectNotNull(file = fopen(sapkiFile, "rb"));
+    ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
+    fclose(file);
+    XMEMSET(altPrivBuf, 0, altPrivSz);
+    ExpectNotNull(file = fopen(altPrivFile, "rb"));
+    ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
+    fclose(file);
+    wc_ecc_init(&altCaKey);
+    idx = 0;
+    ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
+                (word32)altPrivSz), 0);
+    XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
+    ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
+                oidSigType, 0), 0);
+    wc_InitCert(&newCert);
+    strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(newCert.subject.email, "server@wolfssl.com", CTC_NAME_SIZE);
+
+    newCert.sigType = CTC_SHA256wRSA;
+    newCert.isCA    = 0;
+    ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5",
+                (const byte *)"This is NOT a critical extension", 32), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf,
+                sapkiSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf,
+                altSigAlgSz), 0);
+    XMEMSET(scratchBuf, 0, scratchSz);
+    ExpectIntGT(wc_MakeCert(&newCert, scratchBuf, scratchSz, &serverKey, NULL,
+                &rng), 0);
+    ExpectIntGT(scratchSz = wc_SignCert(newCert.bodySz, newCert.sigType,
+                scratchBuf, scratchSz, &caKey, NULL, &rng), 0);
+    wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
+    ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
+    XMEMSET(preTbsBuf, 0, preTbsSz);
+    ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
+    XMEMSET(altSigValBuf, 0, altSigValSz);
+    ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
+                CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
+                &rng), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74",
+                 altSigValBuf, altSigValSz), 0);
+    /* Finally, generate the new certificate. */
+    XMEMSET(outBuf, 0, outSz);
+    ExpectIntGT(wc_MakeCert(&newCert, outBuf, outSz, &serverKey, NULL, &rng),
+                0);
+    ExpectIntGT(outSz = wc_SignCert(newCert.bodySz, newCert.sigType, outBuf,
+                outSz, &caKey, NULL, &rng), 0);
+    *out = outBuf;
+    wc_FreeRsaKey(&caKey);
+    wc_FreeRsaKey(&serverKey);
+    wc_FreeRng(&rng);
+    return outSz;
+}
+
+static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz,
+                                        byte *serverCert, word32 serverCertSz,
+                                        byte *serverKey, word32 serverKeySz,
+                                        int negative_test)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup_ex(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+                caCert, caCertSz, serverCert, serverCertSz,
+                serverKey, serverKeySz), 0);
+    if (negative_test) {
+        ExpectTrue(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0);
+    }
+    else {
+        ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    }
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+    return EXPECT_RESULT();
+}
+
+static int extCount = 0;
+static int myUnknownExtCallback(const word16* oid, word32 oidSz, int crit,
+                                const unsigned char* der, word32 derSz)
+{
+   (void) oid;
+   (void) oidSz;
+   (void) crit;
+   (void) der;
+   (void) derSz;
+   extCount ++;
+   /* Accept all extensions. This is only a test. Normally we would be much more
+    * careful about critical extensions. */
+   return 1;
+}
+
+static int test_dual_alg_support(void)
+{
+    EXPECT_DECLS;
+    /* Root CA and server keys will be the same. This is only appropriate for
+     * testing. */
+    char keyFile[] = "./certs/ca-key.der";
+    char sapkiFile[] = "./certs/ecc-keyPub.der";
+    char altPrivFile[] = "./certs/ecc-key.der";
+    char wrongPrivFile[] = "./certs/ecc-client-key.der";
+    byte *serverKey = NULL;
+    size_t serverKeySz = 0;
+    byte *root = NULL;
+    int rootSz = 0;
+    byte *server = NULL;
+    int serverSz = 0;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+
+    ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0);
+
+    /* Base normal case. */
+    rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, altPrivFile);
+    ExpectNotNull(root);
+    ExpectIntGT(rootSz, 0);
+    serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile,
+                                        altPrivFile, keyFile, root, rootSz);
+    ExpectNotNull(server);
+    ExpectIntGT(serverSz, 0);
+    ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
+                server, serverSz, serverKey, (word32)serverKeySz, 0),
+                TEST_SUCCESS);
+    XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    /* Now we try a negative case. Note that we use wrongPrivFile to generate
+     * the alternative signature and then set negative_test to true for the
+     * call to do_dual_alg_tls13_connection(). Its expecting a failed connection
+     * because the signature won't verify. */
+    rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, wrongPrivFile);
+    ExpectNotNull(root);
+    ExpectIntGT(rootSz, 0);
+    serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile,
+                                          wrongPrivFile, keyFile, root, rootSz);
+    ExpectNotNull(server);
+    ExpectIntGT(serverSz, 0);
+    ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
+                server, serverSz, serverKey, (word32)serverKeySz, 1),
+                TEST_SUCCESS);
+
+    /* Lets see if CertManager can find the new extensions */
+    extCount = 0;
+    ExpectNotNull(cm = wolfSSL_CertManagerNew());
+    wolfSSL_CertManagerSetUnknownExtCallback(cm, myUnknownExtCallback);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, root, rootSz,
+                SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server, serverSz,
+                SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+    /* There is only 1 unknown exension (1.2.3.4.5). The other ones are known
+     * because they are for the dual alg extensions. */
+    ExpectIntEQ(extCount, 1);
+    wolfSSL_CertManagerFree(cm);
+
+    XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    free(serverKey);
+
+    return EXPECT_RESULT();
+}
+#else
+static int test_dual_alg_support(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS && !NO_FILESYSTEM */
 
 /*----------------------------------------------------------------------------*
  | Context
@@ -2086,7 +2421,7 @@ static int test_wolfSSL_CertManagerGetCerts(void)
 #endif
     int i = 0;
     int ret = 0;
-    const byte* der;
+    const byte* der = NULL;
     int derSz = 0;
 
     ExpectNotNull(file1 = fopen("./certs/ca-cert.pem", "rb"));
@@ -3044,6 +3379,10 @@ static int test_wolfSSL_CertManagerCRL(void)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* crl1     = "./certs/crl/crl.pem";
     const char* crl2     = "./certs/crl/crl2.pem";
+#ifdef WC_RSA_PSS
+    const char* crl_rsapss = "./certs/crl/crl_rsapss.pem";
+    const char* ca_rsapss  = "./certs/rsapss/ca-rsapss.pem";
+#endif
     const unsigned char crl_buff[] = {
         0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xed, 0x02,
         0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
@@ -3199,6 +3538,18 @@ static int test_wolfSSL_CertManagerCRL(void)
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff),
         WOLFSSL_FILETYPE_ASN1), 1);
 
+#if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS)
+    /* loading should fail without the CA set */
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
+        WOLFSSL_FILETYPE_PEM), ASN_CRL_NO_SIGNER_E);
+
+    /* now successfully load the RSA-PSS crl once loading in it's CA */
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+        wolfSSL_CertManagerLoadCA(cm, ca_rsapss, NULL));
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
+        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif
+
     wolfSSL_CertManagerFree(cm);
 #endif
 
@@ -4705,7 +5056,7 @@ static int test_wolfSSL_EVP_PKEY_print_public(void)
     WOLFSSL_EVP_PKEY* pkey = NULL;
     char line[256] = { 0 };
     char line1[256] = { 0 };
-    int i;
+    int i = 0;
 
     /* test error cases */
     ExpectIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L);
@@ -5799,8 +6150,10 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     int c_sharedCtx = 0;
     int s_sharedCtx = 0;
 #endif
-    const char* certFile = svrCertFile;
-    const char* keyFile = svrKeyFile;
+    const char* clientCertFile = cliCertFile;
+    const char* clientKeyFile = cliKeyFile;
+    const char* serverCertFile = svrCertFile;
+    const char* serverKeyFile = svrKeyFile;
 
     /********************************
      * Create WOLFSSL_CTX for client.
@@ -5832,13 +6185,19 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     else
         ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->c_ctx,
                 caCertFile, 0), WOLFSSL_SUCCESS);
+    if (ctx->c_cb.certPemFile != NULL) {
+        clientCertFile = ctx->c_cb.certPemFile;
+    }
+    if (ctx->c_cb.keyPemFile != NULL) {
+        clientKeyFile = ctx->c_cb.keyPemFile;
+    }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!c_sharedCtx)
 #endif
     {
         ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->c_ctx,
-            cliCertFile), WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, cliKeyFile,
+            clientCertFile), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, clientKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
 #ifdef HAVE_CRL
@@ -5905,23 +6264,23 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     wolfSSL_CTX_set_default_passwd_cb(ctx->s_ctx, PasswordCallBack);
 #endif
     if (ctx->s_cb.certPemFile != NULL) {
-        certFile = ctx->s_cb.certPemFile;
+        serverCertFile = ctx->s_cb.certPemFile;
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!s_sharedCtx)
 #endif
     {
         ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->s_ctx,
-            certFile), WOLFSSL_SUCCESS);
+            serverCertFile), WOLFSSL_SUCCESS);
     }
     if (ctx->s_cb.keyPemFile != NULL) {
-        keyFile = ctx->s_cb.keyPemFile;
+        serverKeyFile = ctx->s_cb.keyPemFile;
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!s_sharedCtx)
 #endif
     {
-        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, keyFile,
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, serverKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
     if (ctx->s_ciphers != NULL) {
@@ -5945,9 +6304,9 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 #endif
         )
     {
-        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl, cliCertFile),
-            WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, cliKeyFile,
+        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl,
+                clientCertFile), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, clientKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
     if (ctx->c_cb.ssl_ready != NULL) {
@@ -5966,9 +6325,9 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 #endif
         )
     {
-        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl, certFile),
-            WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, keyFile,
+        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl,
+                serverCertFile), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, serverKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
@@ -6010,6 +6369,9 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                 err = wolfSSL_get_error(ctx->c_ssl, ret);
                 if (err != WOLFSSL_ERROR_WANT_READ &&
                     err != WOLFSSL_ERROR_WANT_WRITE) {
+                    char buff[WOLFSSL_MAX_ERROR_SZ];
+                    fprintf(stderr, "error = %d, %s\n", err,
+                        wolfSSL_ERR_error_string(err, buff));
                     failing_c = 1;
                     hs_c = 1;
                     if (failing_c && failing_s) {
@@ -6029,6 +6391,9 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                 err = wolfSSL_get_error(ctx->s_ssl, ret);
                 if (err != WOLFSSL_ERROR_WANT_READ &&
                     err != WOLFSSL_ERROR_WANT_WRITE) {
+                    char buff[WOLFSSL_MAX_ERROR_SZ];
+                    fprintf(stderr, "error = %d, %s\n", err,
+                        wolfSSL_ERR_error_string(err, buff));
                     failing_s = 1;
                     hs_s = 1;
                     if (failing_c && failing_s) {
@@ -6044,7 +6409,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
         }
     }
 
-    if (!handshake_complete) {
+    if (!handshake_complete || failing_c || failing_s) {
         return TEST_FAIL;
     }
 
@@ -6112,14 +6477,20 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
     wolfSSL_shutdown(ctx->c_ssl);
     wolfSSL_free(ctx->s_ssl);
     wolfSSL_free(ctx->c_ssl);
-    if (!ctx->s_cb.isSharedCtx) {
-        wolfSSL_CTX_free(ctx->s_ctx);
-        ctx->s_ctx = NULL;
+    if (ctx->c_cb.on_ctx_cleanup != NULL) {
+        ctx->c_cb.on_ctx_cleanup(ctx->c_ctx);
     }
     if (!ctx->c_cb.isSharedCtx) {
         wolfSSL_CTX_free(ctx->c_ctx);
         ctx->c_ctx = NULL;
     }
+    if (ctx->s_cb.on_ctx_cleanup != NULL) {
+        ctx->s_cb.on_ctx_cleanup(ctx->s_ctx);
+    }
+    if (!ctx->s_cb.isSharedCtx) {
+        wolfSSL_CTX_free(ctx->s_ctx);
+        ctx->s_ctx = NULL;
+    }
 
     if (!ctx->s_cb.ticNoInit) {
 #if defined(HAVE_SESSION_TICKET) && \
@@ -11205,14 +11576,14 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
         (defined(OPENSSL_EXTRA) && \
             (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
     /* use openssl like name to test mapping */
-    X509_NAME_ENTRY* ne;
-    X509_NAME* name;
+    X509_NAME_ENTRY* ne = NULL;
+    X509_NAME* name = NULL;
     X509* x509 = NULL;
 #ifndef NO_FILESYSTEM
-    ASN1_STRING* asn;
+    ASN1_STRING* asn = NULL;
     char* subCN = NULL;
 #endif
-    int idx;
+    int idx = 0;
     ASN1_OBJECT *object = NULL;
 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \
     defined(WOLFSSL_NGINX)
@@ -11269,6 +11640,7 @@ static int test_wolfSSL_PKCS12(void)
                    * Password Key
                    */
 #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM) && \
     !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
     !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO)
     byte buf[6000];
@@ -11285,7 +11657,7 @@ static int test_wolfSSL_PKCS12(void)
     WOLFSSL_X509      *x509 = NULL;
 #endif
     XFILE f = XBADFILE;
-    int  bytes, ret, goodPswLen, badPswLen;
+    int  bytes = 0, ret = 0, goodPswLen = 0, badPswLen = 0;
     WOLFSSL_BIO      *bio = NULL;
     WOLFSSL_EVP_PKEY *pkey = NULL;
     WC_PKCS12        *pkcs12 = NULL;
@@ -18145,9 +18517,15 @@ static int test_wc_AesGcmEncryptDecrypt(void)
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)),
         BAD_FUNC_ARG);
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM))
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
+        AES_GCM_AUTH_E);
+    #else
     ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
         sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
         BAD_FUNC_ARG);
+    #endif
     #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
             (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
             !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
@@ -18685,11 +19063,7 @@ static int test_wc_InitRsaKey(void)
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
 
     /* Test bad args. */
-#ifndef HAVE_USER_RSA
     ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), BAD_FUNC_ARG);
-#else
-    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), USER_CRYPTO_ERROR);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
 #endif
@@ -18726,7 +19100,7 @@ static int test_wc_RsaPrivateKeyDecode(void)
     }
 
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes), 0);
-#ifndef HAVE_USER_RSA
+
     /* Test bad args. */
     ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
         BAD_FUNC_ARG);
@@ -18734,15 +19108,6 @@ static int test_wc_RsaPrivateKeyDecode(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
         BAD_FUNC_ARG);
-#else
-    /* Test bad args. User RSA. */
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        USER_CRYPTO_ERROR);
-#endif
 
     XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -18789,7 +19154,7 @@ static int test_wc_RsaPublicKeyDecode(void)
     }
 
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
         BAD_FUNC_ARG);
@@ -18797,15 +19162,6 @@ static int test_wc_RsaPublicKeyDecode(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
         BAD_FUNC_ARG);
-#else
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        USER_CRYPTO_ERROR);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0);
 
@@ -18854,7 +19210,7 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
 
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
        BAD_FUNC_ARG);
@@ -18862,15 +19218,7 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
        BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
        BAD_FUNC_ARG);
-#else
-    /* Pass in bad args. User RSA. */
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
-       USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
-       USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
-       USER_CRYPTO_ERROR);
-#endif
+
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
 #endif
@@ -18879,7 +19227,7 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
 } /* END test_wc_RsaPublicKeyDecodeRaw */
 
 
-#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
      * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
      * trying until it gets a probable prime. */
@@ -18929,7 +19277,6 @@ static int test_wc_MakeRsaKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
     DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
 
-#ifndef HAVE_USER_RSA
     /* Test bad args. */
     ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), BAD_FUNC_ARG);
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
@@ -18938,17 +19285,6 @@ static int test_wc_MakeRsaKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), BAD_FUNC_ARG);
     /* e & 1 == 0 */
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), BAD_FUNC_ARG);
-#else
-    /* Test bad args. */
-    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
-        USER_CRYPTO_ERROR);
-    /* e < 3 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), USER_CRYPTO_ERROR);
-    /* e & 1 == 0 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), USER_CRYPTO_ERROR);
-#endif /* HAVE_USER_RSA */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif
@@ -19351,7 +19687,7 @@ static int test_wc_RsaKeyToDer(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass good/bad args. */
     ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
     /* Get just the output length */
@@ -19363,19 +19699,6 @@ static int test_wc_RsaKeyToDer(void)
         /* Put back to Private Key */
         genKey.type = 1;
     #endif
-#else
-    /* Pass good/bad args. */
-    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), USER_CRYPTO_ERROR);
-    /* Get just the output length */
-    ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
-    /* Try Public Key. */
-    genKey.type = 0;
-    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), USER_CRYPTO_ERROR);
-    #ifdef WOLFSSL_CHECK_MEM_ZERO
-        /* Put back to Private Key */
-        genKey.type = 1;
-    #endif
-#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
@@ -19402,9 +19725,7 @@ static int test_wc_RsaKeyToPublicDer(void)
     int    bits = 2048;
     word32 derLen = 294;
 #endif
-#ifndef HAVE_USER_RSA
     int    ret;
-#endif
 
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(&key, 0, sizeof(key));
@@ -19422,16 +19743,10 @@ static int test_wc_RsaKeyToPublicDer(void)
     ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0), 0);
     ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0);
 
-#ifndef HAVE_USER_RSA
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), BAD_FUNC_ARG);
     ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0);
     ExpectTrue((ret == BUFFER_E) || (ret == BAD_FUNC_ARG));
-#else
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaKeyToPublicDer(&key, der, -1), USER_CRYPTO_ERROR);
-#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19460,6 +19775,10 @@ static int test_wc_RsaPublicEncryptDecrypt(void)
     WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
     WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     ExpectNotNull(in);
     ExpectNotNull(plain);
@@ -19507,8 +19826,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
-        && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
-        && !defined(NO_SHA256)
+        && !defined(WC_NO_RSA_OAEP) && !defined(NO_SHA256)
     RsaKey  key;
     WC_RNG  rng;
     const char inStr[] = TEST_STRING;
@@ -19523,6 +19841,10 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
     WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
     WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     ExpectNotNull(in);
     ExpectNotNull(plain);
@@ -19588,6 +19910,10 @@ static int test_wc_RsaSSL_SignVerify(void)
     WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
     WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(out, byte, TEST_RSA_BYTES, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     ExpectNotNull(in);
     ExpectNotNull(out);
@@ -19605,7 +19931,7 @@ static int test_wc_RsaSSL_SignVerify(void)
     /* Sign. */
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng), (int)outSz);
     idx = (int)outSz;
-#ifndef HAVE_USER_RSA
+
     /* Test bad args. */
     ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
         BAD_FUNC_ARG);
@@ -19615,21 +19941,10 @@ static int test_wc_RsaSSL_SignVerify(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
         BAD_FUNC_ARG);
-#else
-    /* Test bad args. */
-    ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
-        USER_CRYPTO_ERROR);
-#endif
 
     /* Verify. */
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen);
-#ifndef HAVE_USER_RSA
+
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
         BAD_FUNC_ARG);
@@ -19639,17 +19954,6 @@ static int test_wc_RsaSSL_SignVerify(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
         BAD_FUNC_ARG);
-#else
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
-        USER_CRYPTO_ERROR);
-#endif
 
     WC_FREE_VAR(in, NULL);
     WC_FREE_VAR(out, NULL);
@@ -19689,11 +19993,7 @@ static int test_wc_RsaEncryptSize(void)
     ExpectIntEQ(wc_RsaEncryptSize(&key), 256);
 
     /* Pass in bad arg. */
-#ifndef HAVE_USER_RSA
     ExpectIntEQ(wc_RsaEncryptSize(NULL), BAD_FUNC_ARG);
-#else
-    ExpectIntEQ(wc_RsaEncryptSize(NULL), 0);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -19730,7 +20030,7 @@ static int test_wc_RsaFlattenPublicKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
         BAD_FUNC_ARG);
@@ -19742,19 +20042,6 @@ static int test_wc_RsaFlattenPublicKey(void)
         BAD_FUNC_ARG);
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
         BAD_FUNC_ARG);
-#else
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
-        USER_CRYPTO_ERROR);
-#endif
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -21510,9 +21797,9 @@ static int test_wc_DsaPublicPrivateKeyDecode(void)
     EXPECT_DECLS;
 #if !defined(NO_DSA)
     DsaKey key;
-    word32 bytes;
+    word32 bytes = 0;
     word32 idx  = 0;
-    int    ret;
+    int    ret = 0;
 #ifdef USE_CERT_BUFFERS_1024
     byte   tmp[ONEK_BUF];
 
@@ -24798,14 +25085,15 @@ static int test_wc_ecc_pointFns(void)
 
 
 /*
- * Testing wc_ecc_sahred_secret_ssh()
+ * Testing wc_ecc_shared_secret_ssh()
  */
 static int test_wc_ecc_shared_secret_ssh(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-    !defined(WOLFSSL_ATECC608A)
+    !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
+    !defined(WOLFSSL_CRYPTOCELL)
     ecc_key key;
     ecc_key key2;
     WC_RNG  rng;
@@ -25739,7 +26027,7 @@ static int test_ToTraditional(void)
      defined(OPENSSL_EXTRA_X509_SMALL)) && !defined(NO_FILESYSTEM)
     XFILE  f = XBADFILE;
     byte   input[TWOK_BUF];
-    word32 sz;
+    word32 sz = 0;
 
     ExpectTrue((f = XFOPEN("./certs/server-keyPkcs8.der", "rb")) != XBADFILE);
     ExpectTrue((sz = (word32)XFREAD(input, 1, sizeof(input), f)) > 0);
@@ -26583,6 +26871,43 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
 }
 #endif
 
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+typedef struct encodeSignedDataStream {
+    byte out[FOURK_BUF*3];
+    int  idx;
+    word32 outIdx;
+} encodeSignedDataStream;
+
+
+/* content is 8k of partially created bundle */
+static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
+{
+    int ret = 0;
+    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
+
+    if (strm->outIdx  < pkcs7->contentSz) {
+        ret = (pkcs7->contentSz > strm->outIdx + FOURK_BUF)?
+                FOURK_BUF : pkcs7->contentSz - strm->outIdx;
+        *content = strm->out + strm->outIdx;
+        strm->outIdx += ret;
+    }
+
+    (void)pkcs7;
+    return ret;
+}
+
+static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz,
+    void* ctx)
+{
+    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
+
+    XMEMCPY(strm->out + strm->idx, output, outputSz);
+    strm->idx += outputSz;
+    (void)pkcs7;
+    return 0;
+}
+#endif
+
 
 /*
  * Testing wc_PKCS7_EncodeSignedData()
@@ -26657,7 +26982,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         int             certSz;
         int             keySz;
 
-        ExpectTrue((fp = XOPEN("./certs/client-ecc-cert.der", "rb")) !=
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
             XBADFILE);
         ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
         if (fp != XBADFILE) {
@@ -26698,13 +27023,116 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     }
 
     ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
-
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
 
+#ifdef ASN_BER_TO_DER
+    wc_PKCS7_Free(pkcs7);
+
+    /* reinitialize and test setting stream mode */
+    {
+        int signedSz;
+        encodeSignedDataStream strm;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+        if (pkcs7 != NULL) {
+            pkcs7->content = data;
+            pkcs7->contentSz = (word32)sizeof(data);
+            pkcs7->privateKey = key;
+            pkcs7->privateKeySz = (word32)sizeof(key);
+            pkcs7->encryptOID = RSAk;
+        #ifdef NO_SHA
+            pkcs7->hashOID = SHA256h;
+        #else
+            pkcs7->hashOID = SHAh;
+        #endif
+            pkcs7->rng = &rng;
+        }
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
+            BAD_FUNC_ARG);
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
+
+        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
+            outputSz), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* use exact signed buffer size since BER encoded */
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, signedSz), 0);
+        wc_PKCS7_Free(pkcs7);
+
+        /* now try with using callbacks for IO */
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+        if (pkcs7 != NULL) {
+            pkcs7->contentSz  = FOURK_BUF*2;
+            pkcs7->privateKey = key;
+            pkcs7->privateKeySz = (word32)sizeof(key);
+            pkcs7->encryptOID = RSAk;
+        #ifdef NO_SHA
+            pkcs7->hashOID = SHA256h;
+        #else
+            pkcs7->hashOID = SHAh;
+        #endif
+            pkcs7->rng = &rng;
+        }
+        XMEMSET(&strm, 0, sizeof(strm));
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+            StreamOutputCB, (void*)&strm), 0);
+
+        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* use exact signed buffer size since BER encoded */
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, signedSz), 0);
+    }
+#endif
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    {
+        word32 z;
+        int ret;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* test for streaming mode */
+        ret = -1;
+        for (z = 0; z < outputSz && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectIntNE(pkcs7->contentSz, 0);
+        ExpectNotNull(pkcs7->contentDynamic);
+    }
+#endif /* !NO_PKCS7_STREAM */
+
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
         BAD_FUNC_ARG);
@@ -26743,6 +27171,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
 
     wc_PKCS7_Free(pkcs7);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_EncodeSignedData */
@@ -26912,6 +27341,10 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
     {
         byte* output = NULL;
         word32 outputSz = 0;
+    #ifndef NO_PKCS7_STREAM
+        word32 z;
+        int ret;
+    #endif /* !NO_PKCS7_STREAM */
 
         ExpectNotNull(output = (byte*)XMALLOC(
             outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
@@ -26928,6 +27361,32 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
         ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* test for streaming mode */
+        ret = -1;
+        for (z = 0; z < outputSz && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectIntNE(pkcs7->contentSz, 0);
+        ExpectNotNull(pkcs7->contentDynamic);
+
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    #endif /* !NO_PKCS7_STREAM */
+
         XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
@@ -27376,6 +27835,10 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     struct tm* tmpTime = &tmpTimeStorage;
 #endif
 #endif /* !NO_ASN && !NO_ASN_TIME */
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 
     XMEMSET(&hash, 0, sizeof(wc_HashAlg));
 
@@ -27394,6 +27857,26 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
 
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+#endif /* !NO_PKCS7_STREAM */
+
     /* Check that decoded signed attributes are correct */
 
     /* messageDigest should be first */
@@ -27488,9 +27971,36 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     }
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
                 SIG_VERIFY_E);
+
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret == WC_PKCS7_WANT_READ_E){
+            continue;
+        }
+        else if (ret < 0) {
+            break;
+        }
+    }
+    ExpectIntEQ(ret, SIG_VERIFY_E);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+
     /* Test success case with detached signature and valid content */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@@ -27502,6 +28012,30 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
     /* verify using pre-computed content digest only (no content) */
     {
         ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
@@ -27525,7 +28059,105 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
 #endif /* !NO_RSA */
+#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \
+        !defined(NO_FILESYSTEM)
+    {
+        XFILE signedBundle = XBADFILE;
+        int   signedBundleSz = 0;
+        int   chunkSz = 1;
+        int   i, rc = 0;
+        byte* buf = NULL;
+
+        ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b",
+            "rb")) != XBADFILE);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0);
+        ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0);
+        ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT,
+            DYNAMIC_TYPE_FILE));
+        if (buf != NULL) {
+            ExpectIntEQ(XFREAD(buf, 1, signedBundleSz, signedBundle),
+                signedBundleSz);
+        }
+        if (signedBundle != XBADFILE) {
+            XFCLOSE(signedBundle);
+            signedBundle = XBADFILE;
+        }
+
+        if (buf != NULL) {
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+            for (i = 0; i < signedBundleSz;) {
+                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                    chunkSz;
+                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz);
+                if (rc < 0 ) {
+                    if (rc == WC_PKCS7_WANT_READ_E) {
+                        i += sz;
+                        continue;
+                    }
+                    break;
+                }
+                else {
+                    break;
+                }
+            }
+            ExpectIntEQ(rc, PKCS7_SIGNEEDS_CHECK);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+
+        /* now try with malformed bundle */
+        if (buf != NULL) {
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+            buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1;
+            for (i = 0; i < signedBundleSz;) {
+                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                    chunkSz;
+                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz);
+                if (rc < 0 ) {
+                    if (rc == WC_PKCS7_WANT_READ_E) {
+                        i += sz;
+                        continue;
+                    }
+                    break;
+                }
+                else {
+                    break;
+                }
+            }
+            ExpectIntEQ(rc, ASN_PARSE_E);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+
+        if (buf != NULL)
+            XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
+    }
+#endif /* BER and stream */
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_VerifySignedData()_RSA */
@@ -27543,6 +28175,10 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     byte   data[] = "Test data to encode.";
     byte   badContent[] = "This is different content than was signed";
     wc_HashAlg hash;
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 #ifdef NO_SHA
     enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
 #else
@@ -27566,6 +28202,25 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
     /* Invalid content should error, use detached signature so we can
      * easily change content */
     outputSz = sizeof(output);
@@ -27583,6 +28238,33 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret == WC_PKCS7_WANT_READ_E){
+            continue;
+        }
+        else if (ret < 0) {
+            break;
+        }
+    }
+    ExpectIntEQ(ret, SIG_VERIFY_E);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+
     /* Test success case with detached signature and valid content */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@@ -27594,6 +28276,30 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
     /* verify using pre-computed content digest only (no content) */
     {
         /* calculate hash for content */
@@ -27620,6 +28326,27 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_VerifySignedData_ECC() */
@@ -27684,6 +28411,14 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
 {
     int ret = -1;
 
+    (void)cekSz;
+    (void)cek;
+    (void)outSz;
+    (void)keyIdSz;
+    (void)direction;
+    (void)orginKey; /* used with KAKRI */
+    (void)orginKeySz;
+
     if (out == NULL)
         return BAD_FUNC_ARG;
 
@@ -27715,15 +28450,6 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
             WOLFSSL_MSG("Unsupported key wrap algorithm in example");
             return BAD_KEYWRAP_ALG_E;
     };
-
-    (void)cekSz;
-    (void)cek;
-    (void)outSz;
-    (void)keyIdSz;
-    (void)direction;
-    (void)orginKey; /* used with KAKRI */
-    (void)orginKeySz;
-    return ret;
 }
 #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
 
@@ -27736,6 +28462,9 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     EXPECT_DECLS;
 #if defined(HAVE_PKCS7)
     PKCS7*      pkcs7 = NULL;
+#ifdef ASN_BER_TO_DER
+    int encodedSz = 0;
+#endif
 #ifdef ECC_TIMING_RESISTANT
     WC_RNG      rng;
 #endif
@@ -27936,6 +28665,87 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
     for (i = 0; i < testSz; i++) {
+    #ifdef ASN_BER_TO_DER
+        encodeSignedDataStream strm;
+
+        /* test setting stream mode, the first one using IO callbacks */
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
+                                    (word32)(testVectors + i)->certSz), 0);
+        if (pkcs7 != NULL) {
+        #ifdef ECC_TIMING_RESISTANT
+            pkcs7->rng = &rng;
+        #endif
+
+            if (i != 0)
+                pkcs7->content       = (byte*)(testVectors + i)->content;
+            pkcs7->contentSz     = (testVectors + i)->contentSz;
+            pkcs7->contentOID    = (testVectors + i)->contentOID;
+            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
+            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
+            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
+            pkcs7->privateKey    = (testVectors + i)->privateKey;
+            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
+        }
+
+        if (i == 0) {
+            XMEMSET(&strm, 0, sizeof(strm));
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+                StreamOutputCB, (void*)&strm), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
+        }
+        else {
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
+                (word32)sizeof(output));
+        }
+
+        switch ((testVectors + i)->encryptOID) {
+        #ifndef NO_DES3
+            case DES3b:
+            case DESb:
+                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                break;
+        #endif
+        #ifdef HAVE_AESCCM
+        #ifdef WOLFSSL_AES_128
+            case AES128CCMb:
+                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_192
+            case AES192CCMb:
+                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_256
+            case AES256CCMb:
+                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                break;
+        #endif
+        #endif
+            default:
+                ExpectIntGE(encodedSz, 0);
+        }
+
+        if (encodedSz > 0) {
+            if (i == 0) {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
+                    strm.out, (word32)encodedSz, decoded,
+                    (word32)sizeof(decoded));
+            }
+            else {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+                    (word32)encodedSz, decoded, (word32)sizeof(decoded));
+            }
+            ExpectIntGE(decodedSz, 0);
+            /* Verify the size of each buffer. */
+            ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    #endif
+
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
                                     (word32)(testVectors + i)->certSz), 0);
         if (pkcs7 != NULL) {
@@ -27953,6 +28763,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
             pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
         }
 
+    #ifdef ASN_BER_TO_DER
+        /* test without setting stream mode */
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
+    #endif
+
         ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
             (word32)sizeof(output)), 0);
 
@@ -27961,6 +28776,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
         ExpectIntGE(decodedSz, 0);
         /* Verify the size of each buffer. */
         ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
+
         /* Don't free the last time through the loop. */
         if (i < testSz - 1) {
             wc_PKCS7_Free(pkcs7);
@@ -28152,10 +28968,10 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
     byte        decoded[TWOK_BUF];
     word32      tmpWrd32 = 0;
     int         tmpInt = 0;
-    int         decodedSz;
+    int         decodedSz = 0;
     int         encryptedSz = 0;
-    int         testSz;
-    int         i;
+    int         testSz = 0;
+    int         i = 0;
     const byte data[] = { /* Hello World */
         0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
         0x72,0x6c,0x64
@@ -28341,7 +29157,10 @@ static int test_wc_PKCS7_Degenerate(void)
     XFILE  f = XBADFILE;
     byte   der[4096];
     word32 derSz = 0;
-
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
     ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
     ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
     if (f != XBADFILE)
@@ -28353,9 +29172,27 @@ static int test_wc_PKCS7_Degenerate(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 #ifndef NO_RSA
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
 #else
     ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
-#endif
+#endif /* NO_RSA */
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
@@ -28366,6 +29203,28 @@ static int test_wc_PKCS7_Degenerate(void)
     wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
         PKCS7_NO_SIGNER_E);
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret == WC_PKCS7_WANT_READ_E){
+            continue;
+        }
+        else
+            break;
+    }
+    ExpectIntEQ(ret, PKCS7_NO_SIGNER_E);
+    #endif /* !NO_PKCS7_STREAM */
+
     wc_PKCS7_Free(pkcs7);
 #endif
     return EXPECT_RESULT();
@@ -28582,6 +29441,10 @@ static int test_wc_PKCS7_BER(void)
     byte   decoded[2048];
 #endif
     word32 derSz = 0;
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 
     ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
     ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
@@ -28595,6 +29458,24 @@ static int test_wc_PKCS7_BER(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 #ifndef NO_RSA
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
 #else
     ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
 #endif
@@ -28654,7 +29535,6 @@ static int test_wc_PKCS7_signed_enveloped(void)
 #ifdef HAVE_AES_CBC
     PKCS7* inner = NULL;
 #endif
-    void*  pt = NULL;
     WC_RNG rng;
     unsigned char key[FOURK_BUF/2];
     unsigned char cert[FOURK_BUF/2];
@@ -28668,6 +29548,10 @@ static int test_wc_PKCS7_signed_enveloped(void)
     unsigned char decoded[FOURK_BUF];
     int decodedSz = FOURK_BUF;
 #endif
+#ifndef NO_PKCS7_STREAM
+    int z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 
     XMEMSET(&rng, 0, sizeof(WC_RNG));
 
@@ -28741,17 +29625,13 @@ static int test_wc_PKCS7_signed_enveloped(void)
         pkcs7->rng = &rng;
     }
 
-    /* Set no certs in bundle for this test. Hang on to the pointer though to
-     * free it later. */
+    /* Set no certs in bundle for this test. */
     if (pkcs7 != NULL) {
-        pt = (void*)pkcs7->certList;
-        pkcs7->certList = NULL; /* no certs in bundle */
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
     }
     ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
-    if (pkcs7 != NULL) {
-        /* restore pointer for PKCS7 free call */
-        pkcs7->certList = (Pkcs7Cert*)pt;
-    }
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
@@ -28767,7 +29647,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
         word32 idx = 0;
         byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
             WC_MAX_DIGEST_SIZE];
-        int  digestSz;
+        int  digestSz = 0;
 
         ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
         ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
@@ -28786,6 +29666,24 @@ static int test_wc_PKCS7_signed_enveloped(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
+
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < sigSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+#endif /* !NO_PKCS7_STREAM */
+
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
@@ -28814,6 +29712,43 @@ static int test_wc_PKCS7_signed_enveloped(void)
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
     ExpectNotNull(pkcs7->content);
 
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* create valid degenerate bundle */
+    sigSz = FOURK_BUF * 2;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    if (pkcs7 != NULL) {
+        pkcs7->content    = env;
+        pkcs7->contentSz  = envSz;
+        pkcs7->contentOID = DATA;
+        pkcs7->privateKey   = key;
+        pkcs7->privateKeySz = keySz;
+        pkcs7->encryptOID   = RSAk;
+        pkcs7->hashOID      = SHA256h;
+        pkcs7->rng = &rng;
+    }
+    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    wc_FreeRng(&rng);
+
+    /* check verify */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < sigSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+#endif /* !NO_PKCS7_STREAM */
+
 #ifdef HAVE_AES_CBC
     /* check decode */
     ExpectNotNull(inner = wc_PKCS7_New(NULL, 0));
@@ -28839,6 +29774,24 @@ static int test_wc_PKCS7_signed_enveloped(void)
     ExpectIntNE(pkcs7->singleCertSz, 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < decodedSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectNotNull(pkcs7->singleCert);
+    ExpectIntNE(pkcs7->singleCertSz, 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
 #endif
 #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
     return EXPECT_RESULT();
@@ -29064,7 +30017,9 @@ static int test_wc_SignatureGetSize_ecc(void)
     ExpectIntGT(wc_SignatureGetSize(sig_type, &ecc, key_len), 0);
 
     /* Test bad args */
+    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     sig_type = (enum wc_SignatureType) 100;
+    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
     ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
     sig_type = WC_SIGNATURE_TYPE_ECC;
     ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
@@ -29129,14 +30084,12 @@ static int test_wc_SignatureGetSize_rsa(void)
     ExpectIntGT(wc_SignatureGetSize(sig_type, &rsa_key, key_len), 0);
 
     /* Test bad args */
+    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     sig_type = (enum wc_SignatureType)100;
+    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
     ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
     sig_type = WC_SIGNATURE_TYPE_RSA;
-    #ifndef HAVE_USER_RSA
-        ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
-    #else
-        ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
-    #endif
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
     key_len = (word32)0;
     ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
 
@@ -29677,7 +30630,7 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void)
     const byte* p = NULL;
     byte* p2 = NULL;
     byte* reEncoded = NULL;
-    int reEncodedSz;
+    int reEncodedSz = 0;
 
     static const byte zeroDer[] = {
         0x02, 0x01, 0x00
@@ -29906,8 +30859,8 @@ static int test_wolfSSL_i2c_ASN1_INTEGER(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
     ASN1_INTEGER *a = NULL;
-    unsigned char *pp,*tpp;
-    int ret;
+    unsigned char *pp = NULL,*tpp = NULL;
+    int ret = 0;
 
     ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new());
 
@@ -31023,8 +31976,8 @@ static int test_wolfSSL_ASN1_TIME_diff_compare(void)
     ASN1_TIME* closeToTime = NULL;
     ASN1_TIME* toTime = NULL;
     ASN1_TIME* invalidTime = NULL;
-    int daysDiff;
-    int secsDiff;
+    int daysDiff = 0;
+    int secsDiff = 0;
 
     ExpectNotNull((fromTime = ASN1_TIME_new()));
     /* Feb 22, 2003, 21:15:15 */
@@ -31216,6 +32169,8 @@ static int test_wolfSSL_ASN1_TIME_to_tm(void)
     struct tm tm;
     time_t testTime = 1683926567; /* Fri May 12 09:22:47 PM UTC 2023 */
 
+    XMEMSET(&tm, 0, sizeof(struct tm));
+
     XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
     ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
     ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1);
@@ -31386,8 +32341,8 @@ static int test_wolfSSL_ASN1_TIME_print(void)
     BIO*  fixed = NULL;
     X509*  x509 = NULL;
     const unsigned char* der = client_cert_der_2048;
-    ASN1_TIME* notAfter;
-    ASN1_TIME* notBefore;
+    ASN1_TIME* notAfter = NULL;
+    ASN1_TIME* notBefore = NULL;
     unsigned char buf[25];
 
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
@@ -31623,7 +32578,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     EC_KEY *eckey = NULL;
     EVP_PKEY *key = NULL;
-    size_t len;
+    size_t len = 0;
     unsigned char *der = NULL;
     DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
     const unsigned char *in = ecc_clikey_der_256;
@@ -31795,15 +32750,15 @@ static int test_wolfSSL_X509_NAME(void)
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
      defined(OPENSSL_EXTRA))
     X509* x509 = NULL;
-    const unsigned char* c;
+    const unsigned char* c = NULL;
     unsigned char buf[4096];
-    int bytes;
+    int bytes = 0;
     XFILE f = XBADFILE;
     const X509_NAME* a = NULL;
     const X509_NAME* b = NULL;
     X509_NAME* d2i_name = NULL;
     int sz = 0;
-    unsigned char* tmp;
+    unsigned char* tmp = NULL;
     char file[] = "./certs/ca-cert.der";
 #ifndef OPENSSL_EXTRA_X509_SMALL
     byte empty[] = { /* CN=empty emailAddress= */
@@ -31830,7 +32785,7 @@ static int test_wolfSSL_X509_NAME(void)
         XFCLOSE(f);
 
     c = buf;
-    ExpectNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
+    ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));
 
     /* test cmp function */
     ExpectNotNull(a = X509_get_issuer_name(x509));
@@ -31947,7 +32902,7 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
      defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
      defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \
     !defined(NO_BIO) && !defined(NO_RSA)
-    int memSz;
+    int memSz = 0;
     byte* mem = NULL;
     BIO* bio = NULL;
     BIO* membio = NULL;
@@ -32110,7 +33065,7 @@ static int test_wolfSSL_X509_INFO_multiple_info(void)
      * to group objects together. */
     ExpectNotNull(concatBIO = BIO_new(BIO_s_mem()));
     for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) {
-        int fileLen;
+        int fileLen = 0;
         ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb"));
         ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0);
         if (EXPECT_SUCCESS()) {
@@ -32456,7 +33411,7 @@ static int test_wc_KeyPemToDer(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
-    int ret;
+    int ret = 0;
     const byte cert_buf[] = \
     "-----BEGIN PRIVATE KEY-----\n"
     "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMG5KgWxP002pA\n"
@@ -32754,7 +33709,7 @@ static int test_wc_CheckCertSigPubKey(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
     !defined(NO_RSA) && defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_ECC)
-    int ret;
+    int ret = 0;
     const char* ca_cert = "./certs/ca-cert.pem";
     byte* cert_buf = NULL;
     size_t cert_sz = 0;
@@ -32827,7 +33782,7 @@ static int test_wolfSSL_certs(void)
     ASN1_STRING* asn1_str = NULL;
     AUTHORITY_KEYID* akey = NULL;
     BASIC_CONSTRAINTS* bc = NULL;
-    int crit;
+    int crit = 0;
 
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
@@ -32837,16 +33792,16 @@ static int test_wolfSSL_certs(void)
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
     #endif
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
     #endif
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -32863,7 +33818,7 @@ static int test_wolfSSL_certs(void)
         WOLFSSL_FILETYPE_PEM));
     ExpectIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* with loading in a new cert the check on private key should now fail */
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33124,16 +34079,16 @@ static int test_wolfSSL_private_keys(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
     /* Have to load a cert before you can check the private key against that
      * certificates public key! */
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
     #endif
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -33146,7 +34101,7 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
                 (unsigned char*)client_key_der_2048,
                 sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* Should mismatch now that a different private key loaded */
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33154,7 +34109,7 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
                 (unsigned char*)server_key,
                 sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* After loading back in DER format of original key, should match */
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33164,7 +34119,7 @@ static int test_wolfSSL_private_keys(void)
                 (unsigned char*)client_key_der_2048,
                 sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* Should mismatch now that a different private key loaded */
     ExpectIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
@@ -33172,7 +34127,7 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
                 (unsigned char*)server_key,
                 sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* After loading back in DER format of original key, should match */
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
@@ -33226,7 +34181,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33259,7 +34214,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33270,7 +34225,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -33292,7 +34247,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33303,7 +34258,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -33339,7 +34294,7 @@ static int test_wolfSSL_PEM_read_PrivateKey(void)
     RSA* rsa = NULL;
     WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
     unsigned char* sig = NULL;
-    size_t sigLen;
+    size_t sigLen = 0;
     const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
     size_t tbsLen = sizeof(tbs);
 
@@ -33414,7 +34369,7 @@ static int test_wolfSSL_PEM_PrivateKey(void)
         const char* fname = "./certs/server-key.pem";
         const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";
 
-        size_t sz;
+        size_t sz = 0;
         byte* buf = NULL;
         EVP_PKEY* pkey2 = NULL;
         EVP_PKEY* pkey3 = NULL;
@@ -33663,8 +34618,7 @@ static int test_wolfSSL_PEM_PrivateKey(void)
     /* key is DES encrypted */
     #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
         !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \
-        !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && \
-        !defined(HAVE_USER_RSA) && !defined(NO_RSA)
+        !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     {
         XFILE f = XBADFILE;
         wc_pem_password_cb* passwd_cb = NULL;
@@ -33777,7 +34731,7 @@ static int test_wolfSSL_PEM_file_RSAKey(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
     defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     RSA* rsa = NULL;
     XFILE fp = XBADFILE;
 
@@ -33806,7 +34760,7 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_FILESYSTEM) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
     RSA* rsa = NULL;
     XFILE f = NULL;
@@ -33865,7 +34819,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
     defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     RSA* rsa = NULL;
     BIO* bio = NULL;
 
@@ -33940,7 +34894,7 @@ static int test_wolfSSL_PEM_bio_RSAPrivateKey(void)
     ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     ExpectNull(rsa_dup = RSAPublicKey_dup(NULL));
     /* Test duplicating empty key. */
     ExpectNotNull(rsa_dup = RSA_new());
@@ -34341,9 +35295,11 @@ static int test_wolfSSL_tmp_dh(void)
     BIO_free(bio);
     DSA_free(dsa);
     DH_free(dh);
+    dh = NULL;
 #if defined(WOLFSSL_DH_EXTRA) && \
     (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
     DH_free(dh2);
+    dh2 = NULL;
 #endif
     SSL_free(ssl);
     SSL_CTX_free(ctx);
@@ -34921,8 +35877,7 @@ static int test_wolfSSL_EVP_MD_hmac_signing(void)
 static int test_wolfSSL_EVP_MD_rsa_signing(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    defined(USE_CERT_BUFFERS_2048)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
     WOLFSSL_EVP_PKEY* privKey = NULL;
     WOLFSSL_EVP_PKEY* pubKey = NULL;
     WOLFSSL_EVP_PKEY_CTX* keyCtx = NULL;
@@ -35139,7 +36094,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile,
         WOLFSSL_FILETYPE_PEM));
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
     /* additional test of getting EVP_PKEY key size from X509
      * Do not run with user RSA because wolfSSL_RSA_size is not currently
      * allowed with user RSA */
@@ -35176,7 +36130,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
         pkey = NULL;
 #endif /* HAVE_ECC */
     }
-#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
 
     ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
     if (EXPECT_SUCCESS()) {
@@ -36584,12 +37537,14 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
     /* clean up keylog file */
     ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "w")) != XBADFILE);
     if (fp != XBADFILE) {
+        XFFLUSH(fp);
         XFCLOSE(fp);
         fp = XBADFILE;
     }
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
         &server_cbf, NULL), TEST_SUCCESS);
+    XSLEEP_MS(100);
 
     /* check if the keylog file exists */
 
@@ -36597,6 +37552,7 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
     int  found = 0;
 
     ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
+    XFFLUSH(fp); /* Just to make sure any buffers get flushed */
 
     while (EXPECT_SUCCESS() && XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
         if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) {
@@ -36963,8 +37919,8 @@ static int test_wolfSSL_X509_NID(void)
     /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
 
     /* convert cert from DER to internal WOLFSSL_X509 struct */
-    ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
-            sizeof_client_cert_der_2048));
+    ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048,
+            sizeof_client_cert_der_2048, HEAP_HINT));
 
     /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
 
@@ -37470,6 +38426,7 @@ static int test_wolfSSL_BN(void)
     ExpectIntLT(BN_cmp(a, c), 0);
     ExpectIntGT(BN_cmp(c, b), 0);
 
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
     ExpectIntEQ(BN_print_fp(XBADFILE, NULL), 0);
     ExpectIntEQ(BN_print_fp(XBADFILE, &emptyBN), 0);
     ExpectIntEQ(BN_print_fp(stderr, NULL), 0);
@@ -37477,6 +38434,7 @@ static int test_wolfSSL_BN(void)
     ExpectIntEQ(BN_print_fp(XBADFILE, a), 0);
 
     ExpectIntEQ(BN_print_fp(stderr, a), 1);
+#endif
 
     BN_clear(a);
 
@@ -39012,12 +39970,12 @@ static int test_wolfSSL_BIO(void)
     for (i = 0; i < 20; i++) {
         ExpectIntEQ((int)bufPt[i], i);
     }
-    ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), 0);
     ExpectIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
     for (i = 0; i < 8; i++) {
         ExpectIntEQ((int)bufPt[i], i);
     }
-    ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), 0);
     ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
 
     /* new pair */
@@ -39026,7 +39984,7 @@ static int test_wolfSSL_BIO(void)
     bio2 = NULL;
     ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
     ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
-    ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0);
 
     /* test wrap around... */
     ExpectIntEQ(BIO_reset(bio1), 0);
@@ -39074,7 +40032,7 @@ static int test_wolfSSL_BIO(void)
     /* test reset on data in bio1 write buffer */
     ExpectIntEQ(BIO_reset(bio1), 0);
     ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
-    ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0);
     ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
     ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
     ExpectNotNull(p);
@@ -39189,6 +40147,35 @@ static int test_wolfSSL_BIO(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_BIO_BIO_ring_read(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL)
+    BIO* bio1 = NULL;
+    BIO* bio2 = NULL;
+    byte data[50];
+    byte tmp[50];
+
+    XMEMSET(data, 42, sizeof(data));
+
+
+    ExpectIntEQ(BIO_new_bio_pair(&bio1, sizeof(data), &bio2, sizeof(data)),
+            SSL_SUCCESS);
+
+    ExpectIntEQ(BIO_write(bio1, data, 40), 40);
+    ExpectIntEQ(BIO_read(bio1, tmp, 20), -1);
+    ExpectIntEQ(BIO_read(bio2, tmp, 20), 20);
+    ExpectBufEQ(tmp, data, 20);
+    ExpectIntEQ(BIO_write(bio1, data, 20), 20);
+    ExpectIntEQ(BIO_read(bio2, tmp, 40), 40);
+    ExpectBufEQ(tmp, data, 40);
+
+    BIO_free(bio1);
+    BIO_free(bio2);
+#endif
+    return EXPECT_RESULT();
+}
+
 #endif /* !NO_BIO */
 
 
@@ -39583,9 +40570,9 @@ static int test_wolfSSL_X509_sign(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
-    int ret;
+    int ret = 0;
     char *cn = NULL;
-    word32 cnSz;
+    word32 cnSz = 0;
     X509_NAME *name = NULL;
     X509 *x509 = NULL;
     X509 *ca = NULL;
@@ -40452,8 +41439,8 @@ static int test_wolfSSL_PKCS8_d2i(void)
 
 #ifndef NO_FILESYSTEM
     unsigned char pkcs8_buffer[2048];
-    const unsigned char* p;
-    int bytes;
+    const unsigned char* p = NULL;
+    int bytes = 0;
     XFILE file = XBADFILE;
     WOLFSSL_EVP_PKEY* pkey = NULL;
 #ifndef NO_BIO
@@ -41167,7 +42154,7 @@ static int test_wolfSSL_SHA(void)
         unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
                                    "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
         unsigned char out[WC_SHA_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
         WOLFSSL_SHA_CTX sha;
 
         XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
@@ -41208,7 +42195,7 @@ static int test_wolfSSL_SHA(void)
             "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
             "\x15\xAD";
         unsigned char out[WC_SHA256_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
 
         XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
 #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
@@ -41235,7 +42222,7 @@ static int test_wolfSSL_SHA(void)
             "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
             "\xc8\x25\xa7";
         unsigned char out[WC_SHA384_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
 
         XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
 #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
@@ -41263,7 +42250,7 @@ static int test_wolfSSL_SHA(void)
             "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
             "\xa5\x4c\xa4\x9f";
         unsigned char out[WC_SHA512_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
 
         XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
 #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
@@ -42201,8 +43188,8 @@ static int test_wolfSSL_DES(void)
     const_DES_cblock myDes;
     DES_cblock iv;
     DES_key_schedule key;
-    word32 i;
-    DES_LONG dl;
+    word32 i = 0;
+    DES_LONG dl = 0;
     unsigned char msg[] = "hello wolfssl";
     unsigned char weakKey[][8] = {
         { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
@@ -43116,7 +44103,8 @@ static int test_wolfSSL_OBJ(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
     !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
-    defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
+    defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
     ASN1_OBJECT *obj = NULL;
     ASN1_OBJECT *obj2 = NULL;
     char buf[50];
@@ -45357,12 +46345,12 @@ static int test_wolfSSL_SESSION(void)
 #ifdef HAVE_EXT_CACHE
     unsigned char* sessDer = NULL;
     unsigned char* ptr     = NULL;
-    int sz;
+    int sz = 0;
 #endif
     const unsigned char context[] = "user app context";
     unsigned int contextSz = (unsigned int)sizeof(context);
 #endif
-    int ret, err;
+    int ret = 0, err = 0;
     SOCKET_T sockfd;
     tcp_ready ready;
     func_args server_args;
@@ -46010,7 +46998,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     {
         XFILE file = XBADFILE;
         const char* fname = "./certs/server-key.der";
-        size_t sz;
+        size_t sz = 0;
         byte* buf = NULL;
 
         ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
@@ -46039,7 +47027,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     {
         XFILE file = XBADFILE;
         const char* fname = "./certs/ecc-key.der";
-        size_t sz;
+        size_t sz = 0;
         byte* buf = NULL;
 
         ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
@@ -46069,8 +47057,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
 #endif
 
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     {
         RSA* rsa = NULL;
         /* Tests bad parameters */
@@ -46110,7 +47097,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
 #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
         RSA_free(rsa);
     }
-#endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
     SSL_CTX_free(ctx);
     ctx = NULL;
     BIO_free(bio);
@@ -46431,14 +47418,14 @@ static int test_wolfSSL_sk_DIST_POINT(void)
     X509* x509 = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt;
-    int bytes;
-    int i;
-    int j;
+    int bytes = 0;
+    int i = 0;
+    int j = 0;
     XFILE f = XBADFILE;
-    DIST_POINT* dp;
-    DIST_POINT_NAME* dpn;
-    GENERAL_NAME* gn;
-    ASN1_IA5STRING* uri;
+    DIST_POINT* dp = NULL;
+    DIST_POINT_NAME* dpn = NULL;
+    GENERAL_NAME* gn = NULL;
+    ASN1_IA5STRING* uri = NULL;
     STACK_OF(DIST_POINT)* dps = NULL;
     STACK_OF(GENERAL_NAME)* gns = NULL;
     const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der";
@@ -46930,6 +47917,7 @@ static int test_wolfSSL_PEM_read_DHparams(void)
         XFCLOSE(fp);
 
     DH_free(dh);
+    dh = NULL;
 #endif
     return EXPECT_RESULT();
 }
@@ -47059,7 +48047,7 @@ static int test_wolfSSL_OPENSSL_hexstr2buf(void)
     long len = 0;
     unsigned char* returnedBuf = NULL;
 
-    for (i = 0; i < NUM_CASES && EXPECT_SUCCESS(); ++i) {
+    for (i = 0; i < NUM_CASES && !EXPECT_FAIL(); ++i) {
         returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);
         if (returnedBuf == NULL) {
             ExpectIntEQ(expectedOutputs[i].ret, 0);
@@ -47144,22 +48132,22 @@ static int test_wolfSSL_make_cert(void)
     EXPECT_DECLS;
 #if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \
     defined(WOLFSSL_CERT_EXT)
-    int      ret;
+    int      ret = 0;
     Cert     cert;
     CertName name;
     RsaKey   key;
     WC_RNG   rng;
     byte     der[FOURK_BUF];
-    word32   idx;
+    word32   idx = 0;
     const byte mySerial[8] = {1,2,3,4,5,6,7,8};
 
 #ifdef OPENSSL_EXTRA
-    const unsigned char* pt;
-    int                  certSz;
+    const unsigned char* pt = NULL;
+    int                  certSz = 0;
     X509*                x509 = NULL;
-    X509_NAME*           x509name;
-    X509_NAME_ENTRY*     entry;
-    ASN1_STRING*         entryValue;
+    X509_NAME*           x509name = NULL;
+    X509_NAME_ENTRY*     entry = NULL;
+    ASN1_STRING*         entryValue = NULL;
 #endif
 
     XMEMSET(&name, 0, sizeof(CertName));
@@ -47688,7 +48676,9 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
 
     EVP_PKEY_free(pkey);
     DH_free(setDh);
+    setDh = NULL;
     DH_free(dh);
+    dh = NULL;
 #endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
@@ -47708,7 +48698,7 @@ static int test_wolfSSL_CTX_ctrl(void)
     byte buf[6000];
     char file[] = "./certs/dsaparams.pem";
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     BIO* bio = NULL;
     DSA* dsa = NULL;
     DH*  dh = NULL;
@@ -47748,7 +48738,6 @@ static int test_wolfSSL_CTX_ctrl(void)
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
     /* additional test of getting EVP_PKEY key size from X509
      * Do not run with user RSA because wolfSSL_RSA_size is not currently
      * allowed with user RSA */
@@ -47782,7 +48771,6 @@ static int test_wolfSSL_CTX_ctrl(void)
         EVP_PKEY_free(pkey);
 #endif /* HAVE_ECC */
     }
-#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
 
     /* Tests should fail with passed in NULL pointer */
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, NULL),
@@ -47860,6 +48848,7 @@ static int test_wolfSSL_CTX_ctrl(void)
     BIO_free(bio);
     DSA_free(dsa);
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif
 #ifdef HAVE_ECC
@@ -48106,6 +49095,7 @@ static int test_wolfSSL_EVP_PKEY_keygen(void)
 
         ASN1_INTEGER_free(asn1int);
         DH_free(dh);
+        dh = NULL;
         XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
         EVP_PKEY_free(pkey);
@@ -48194,6 +49184,7 @@ static int test_wolfSSL_EVP_PKEY_copy_parameters(void)
     ExpectIntEQ(BN_cmp(g1, g2), 0);
 
     DH_free(dh);
+    dh = NULL;
     EVP_PKEY_free(copy);
     EVP_PKEY_free(params);
 #endif
@@ -48939,7 +49930,9 @@ static int test_wolfSSL_EVP_PKEY_param_check(void)
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_free(pkey);
     DH_free(setDh);
+    setDh = NULL;
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif
     return EXPECT_RESULT();
@@ -49817,7 +50810,7 @@ static int test_wolfSSL_X509_get_ext_by_NID(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_RSA)
-    int rc;
+    int rc = 0;
     XFILE f = XBADFILE;
     WOLFSSL_X509* x509 = NULL;
     ASN1_OBJECT* obj = NULL;
@@ -49859,12 +50852,12 @@ static int test_wolfSSL_X509_get_ext_subj_alt_name(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_RSA)
-    int rc;
+    int rc = 0;
     XFILE f = XBADFILE;
     WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_X509_EXTENSION* ext;
-    WOLFSSL_ASN1_STRING* sanString;
-    byte* sanDer;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_STRING* sanString = NULL;
+    byte* sanDer = NULL;
 
     const byte expectedDer[] = {
         0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
@@ -49934,8 +50927,8 @@ static int test_wolfSSL_X509_EXTENSION_get_data(void)
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_X509_EXTENSION* ext;
-    WOLFSSL_ASN1_STRING* str;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
     XFILE file = XBADFILE;
 
     ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
@@ -49957,9 +50950,9 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_X509_EXTENSION* ext;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
     XFILE file = XBADFILE;
-    int crit;
+    int crit = 0;
 
     ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
@@ -49985,7 +50978,7 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         XFILE f = XBADFILE;
         WOLFSSL_X509* x509 = NULL;
         X509_EXTENSION * ext = NULL;
-        int loc;
+        int loc = 0;
         BIO *bio = NULL;
 
         ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE);
@@ -50017,9 +51010,9 @@ static int test_wolfSSL_X509V3_EXT_print(void)
     {
         X509 *x509 = NULL;
         BIO *bio = NULL;
-        X509_EXTENSION *ext;
-        unsigned int i;
-        unsigned int idx;
+        X509_EXTENSION *ext = NULL;
+        unsigned int i = 0;
+        unsigned int idx = 0;
         /* Some NIDs to test with */
         int nids[] = {
                 /* NID_key_usage, currently X509_get_ext returns this as a bit
@@ -50027,7 +51020,7 @@ static int test_wolfSSL_X509V3_EXT_print(void)
                 /* NID_ext_key_usage, */
                 NID_subject_alt_name,
         };
-        int* n;
+        int* n = NULL;
 
         ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
 
@@ -50277,7 +51270,7 @@ static int test_wolfSSL_i2d_PrivateKey(void)
             (const unsigned char*)server_key_der_2048;
         unsigned char buf[FOURK_BUF];
         unsigned char* pt = NULL;
-        int bufSz;
+        int bufSz = 0;
 
         ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
             (long)sizeof_server_key_der_2048));
@@ -50296,7 +51289,7 @@ static int test_wolfSSL_i2d_PrivateKey(void)
             (const unsigned char*)ecc_clikey_der_256;
         unsigned char buf[FOURK_BUF];
         unsigned char* pt = NULL;
-        int bufSz;
+        int bufSz = 0;
 
         ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
             (long)sizeof_ecc_clikey_der_256)));
@@ -50326,7 +51319,7 @@ static int test_wolfSSL_OCSP_id_get0_info(void)
     ASN1_OBJECT* pmd  = NULL;
     ASN1_STRING* keyHash = NULL;
     ASN1_INTEGER* serial = NULL;
-    ASN1_INTEGER* x509Int;
+    ASN1_INTEGER* x509Int = NULL;
 
     ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
@@ -51422,8 +52415,7 @@ static int test_wc_ecc_get_curve_id_from_params(void)
 static int test_wolfSSL_EVP_PKEY_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     WOLFSSL_RSA* rsa = NULL;
     WOLFSSL_EVP_PKEY* pkey = NULL;
     WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
@@ -51531,7 +52523,7 @@ static int test_wolfSSL_EVP_PKEY_encrypt(void)
 }
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
         #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
@@ -51559,7 +52551,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA)
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     WOLFSSL_RSA* rsa = NULL;
 #endif
@@ -51609,7 +52601,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     switch (keyType) {
         case EVP_PKEY_RSA:
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
         {
             ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
@@ -51646,7 +52638,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
     ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA)
         ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
@@ -51667,7 +52659,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     ExpectNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL));
     ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA)
         ExpectIntEQ(
@@ -51683,7 +52675,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
         WOLFSSL_FAILURE);
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA) {
     #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
@@ -51752,7 +52744,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_RSA), TEST_SUCCESS);
 #endif
@@ -52314,6 +53306,10 @@ static int test_wolfSSL_PKCS7_sign(void)
     EVP_PKEY* signKey = NULL;
     X509* caCert = NULL;
     X509_STORE* store = NULL;
+#ifndef NO_PKCS7_STREAM
+    int z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 
     /* read signer cert/key into BIO */
     ExpectNotNull(certBio = BIO_new_file(cert, "r"));
@@ -52360,6 +53356,23 @@ static int test_wolfSSL_PKCS7_sign(void)
         ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
         ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
 
+    #ifndef NO_PKCS7_STREAM
+        /* verify with wc_PKCS7_VerifySignedData streaming */
+        wc_PKCS7_Free(p7Ver);
+        p7Ver = NULL;
+        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
+        /* test for streaming */
+        ret = -1;
+        for (z = 0; z < outLen && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            }
+        }
+        ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
+
         /* compare the signer found to expected signer */
         ExpectIntNE(p7Ver->verifyCertSz, 0);
         tmpPtr = NULL;
@@ -52432,6 +53445,26 @@ static int test_wolfSSL_PKCS7_sign(void)
         wc_PKCS7_Free(p7Ver);
         p7Ver = NULL;
 
+    #ifndef NO_PKCS7_STREAM
+        /* verify with wc_PKCS7_VerifySignedData streaming */
+        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (p7Ver != NULL) {
+            p7Ver->content = data;
+            p7Ver->contentSz = sizeof(data);
+        }
+        /* test for streaming */
+        ret = -1;
+        for (z = 0; z < outLen && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        wc_PKCS7_Free(p7Ver);
+        p7Ver = NULL;
+    #endif /* !NO_PKCS7_STREAM */
+
         /* verify expected failure (NULL return) from d2i_PKCS7, it does not
          * yet support detached content */
         tmpPtr = out;
@@ -52470,6 +53503,28 @@ static int test_wolfSSL_PKCS7_sign(void)
         p7Ver = NULL;
 
         ExpectNotNull(out);
+
+    #ifndef NO_PKCS7_STREAM
+        /* verify with wc_PKCS7_VerifySignedData streaming */
+        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (p7Ver != NULL) {
+            p7Ver->content = data;
+            p7Ver->contentSz = sizeof(data);
+        }
+        /* test for streaming */
+        ret = -1;
+        for (z = 0; z < outLen && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectNotNull(out);
+        wc_PKCS7_Free(p7Ver);
+        p7Ver = NULL;
+    #endif /* !NO_PKCS7_STREAM */
+
         XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         PKCS7_free(p7);
         p7 = NULL;
@@ -53273,7 +54328,7 @@ static int test_tls13_apis(void)
 #endif
 #if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
             "P-256"
-#ifdef HAVE_PQC
+#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
             ":P256_KYBER_LEVEL1"
 #endif
 #endif
@@ -54508,7 +55563,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_RSA) && !defined(NO_BIO)
+    !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
     int i;
     char pem[][100] = {
         "./certs/crl/crl.pem",
@@ -54516,6 +55571,9 @@ static int test_wolfSSL_X509_load_crl_file(void)
         "./certs/crl/caEccCrl.pem",
         "./certs/crl/eccCliCRL.pem",
         "./certs/crl/eccSrvCRL.pem",
+    #ifdef WC_RSA_PSS
+        "./certs/crl/crl_rsapss.pem",
+    #endif
         ""
     };
     char der[][100] = {
@@ -54531,6 +55589,10 @@ static int test_wolfSSL_X509_load_crl_file(void)
 
     ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
         X509_FILETYPE_PEM), 1);
+#ifdef WC_RSA_PSS
+    ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem",
+        X509_FILETYPE_PEM), 1);
+#endif
     ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
         X509_FILETYPE_PEM), 1);
     if (store) {
@@ -54551,6 +55613,11 @@ static int test_wolfSSL_X509_load_crl_file(void)
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
             CRL_CERT_REVOKED);
+#ifdef WC_RSA_PSS
+        ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
+            "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM),
+            CRL_CERT_REVOKED);
+#endif
     }
     /* once feeing store */
     X509_STORE_free(store);
@@ -54669,8 +55736,8 @@ static int test_wolfSSL_d2i_X509_REQ(void)
     }
     {
 #ifdef OPENSSL_ALL
-        X509_ATTRIBUTE* attr;
-        ASN1_TYPE *at;
+        X509_ATTRIBUTE* attr = NULL;
+        ASN1_TYPE *at = NULL;
 #endif
         ExpectNotNull(bio = BIO_new_file(csrPopFile, "rb"));
         ExpectNotNull(d2i_X509_REQ_bio(bio, &req));
@@ -54708,8 +55775,8 @@ static int test_wolfSSL_d2i_X509_REQ(void)
     }
     {
 #ifdef OPENSSL_ALL
-        X509_ATTRIBUTE* attr;
-        ASN1_TYPE *at;
+        X509_ATTRIBUTE* attr = NULL;
+        ASN1_TYPE *at = NULL;
         STACK_OF(X509_EXTENSION) *exts = NULL;
 #endif
         ExpectNotNull(bio = BIO_new_file(csrExtFile, "rb"));
@@ -56538,11 +57605,11 @@ static int test_wolfSSL_X509_print(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
+   !defined(NO_RSA) && defined(XSNPRINTF)
     X509 *x509 = NULL;
     BIO *bio = NULL;
 #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
-    const X509_ALGOR *cert_sig_alg;
+    const X509_ALGOR *cert_sig_alg = NULL;
 #endif
 
     ExpectNotNull(x509 = X509_load_certificate_file(svrCertFile,
@@ -56645,17 +57712,16 @@ static int test_wolfSSL_BIO_get_len(void)
 static int test_wolfSSL_RSA(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    defined(WOLFSSL_KEY_GEN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RSA* rsa = NULL;
-    const BIGNUM *n;
-    const BIGNUM *e;
-    const BIGNUM *d;
-    const BIGNUM *p;
-    const BIGNUM *q;
-    const BIGNUM *dmp1;
-    const BIGNUM *dmq1;
-    const BIGNUM *iqmp;
+    const BIGNUM *n = NULL;
+    const BIGNUM *e = NULL;
+    const BIGNUM *d = NULL;
+    const BIGNUM *p = NULL;
+    const BIGNUM *q = NULL;
+    const BIGNUM *dmp1 = NULL;
+    const BIGNUM *dmq1 = NULL;
+    const BIGNUM *iqmp = NULL;
 
     ExpectNotNull(rsa = RSA_new());
     ExpectIntEQ(RSA_size(NULL), 0);
@@ -56791,7 +57857,7 @@ static int test_wolfSSL_RSA(void)
         const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
 
         XFILE f = XBADFILE;
-        int bytes;
+        int bytes = 0;
 
         /* test loading encrypted RSA private pem w/o password */
         ExpectTrue((f = XFOPEN(PrivKeyPemFile, "rb")) != XBADFILE);
@@ -56811,8 +57877,7 @@ static int test_wolfSSL_RSA(void)
 static int test_wolfSSL_RSA_DER(void)
 {
     EXPECT_DECLS;
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && defined(OPENSSL_EXTRA)
     RSA *rsa = NULL;
     int i;
     const unsigned char *buff = NULL;
@@ -56900,8 +57965,9 @@ static int test_wolfSSL_RSA_print(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-   !defined(HAVE_FAST_RSA) && !defined(NO_BIO) && defined(XFPRINTF)
+   !defined(NO_STDIO_FILESYSTEM) && \
+   !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
+   !defined(NO_BIO) && defined(XFPRINTF)
     BIO *bio = NULL;
     WOLFSSL_RSA* rsa = NULL;
 
@@ -57028,7 +58094,7 @@ static int test_wolfSSL_RSA_sign_sha3(void)
 static int test_wolfSSL_RSA_get0_key(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     const BIGNUM* n = NULL;
     const BIGNUM* e = NULL;
@@ -57080,7 +58146,7 @@ static int test_wolfSSL_RSA_get0_key(void)
 static int test_wolfSSL_RSA_meth(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     RSA_METHOD *rsa_meth = NULL;
 
@@ -57148,8 +58214,7 @@ static int test_wolfSSL_RSA_meth(void)
 static int test_wolfSSL_RSA_verify(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
-    !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
 #ifndef NO_BIO
     XFILE fp = XBADFILE;
     RSA *pKey = NULL;
@@ -57229,7 +58294,7 @@ static int test_wolfSSL_RSA_verify(void)
 static int test_wolfSSL_RSA_sign(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char hash[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57286,7 +58351,7 @@ static int test_wolfSSL_RSA_sign(void)
 static int test_wolfSSL_RSA_sign_ex(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     unsigned char hash[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57374,7 +58439,7 @@ static int test_wolfSSL_RSA_sign_ex(void)
 static int test_wolfSSL_RSA_public_decrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char msg[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57549,7 +58614,7 @@ static int test_wolfSSL_RSA_public_decrypt(void)
 static int test_wolfSSL_RSA_private_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char msg[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57709,7 +58774,7 @@ static int test_wolfSSL_RSA_private_encrypt(void)
 static int test_wolfSSL_RSA_public_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa = NULL;
     const unsigned char msg[2048/8] = { 0 };
     unsigned char encMsg[2048/8];
@@ -57738,7 +58803,7 @@ static int test_wolfSSL_RSA_public_encrypt(void)
 static int test_wolfSSL_RSA_private_decrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa = NULL;
     unsigned char msg[2048/8];
     const unsigned char encMsg[2048/8] = { 0 };
@@ -57903,8 +58968,7 @@ static int test_wolfSSL_RSA_To_Der(void)
 {
     EXPECT_DECLS;
 #ifdef WOLFSSL_TEST_STATIC_BUILD
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
-    defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa;
 #ifdef USE_CERT_BUFFERS_1024
     const unsigned char* privDer = client_key_der_1024;
@@ -57987,7 +59051,7 @@ static int test_wolfSSL_PEM_write_RSA_PUBKEY(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+    defined(WOLFSSL_KEY_GEN)
     RSA* rsa = NULL;
 
     ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0);
@@ -58002,7 +59066,7 @@ static int test_wolfSSL_PEM_write_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
+    (defined(WOLFSSL_PEM_TO_DER) || \
     defined(WOLFSSL_DER_TO_PEM)) && !defined(NO_FILESYSTEM)
     RSA* rsa = NULL;
 #ifdef USE_CERT_BUFFERS_1024
@@ -58048,8 +59112,7 @@ static int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
-    defined(WOLFSSL_DER_TO_PEM))
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
     RSA* rsa = NULL;
 #ifdef USE_CERT_BUFFERS_1024
     const unsigned char* privDer = client_key_der_1024;
@@ -58213,6 +59276,7 @@ static int test_wolfSSL_DH(void)
     ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
     ExpectIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0);
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */
 #endif /* OPENSSL_ALL */
@@ -58367,6 +59431,7 @@ static int test_wolfSSL_DH(void)
     ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
     DH_free(dh); /* decrease ref count */
     DH_free(dh); /* free WOLFSSL_DH */
+    dh = NULL;
     q = NULL;
 
     ExpectNull((dh = DH_new_by_nid(NID_sha1)));
@@ -58376,16 +59441,19 @@ static int test_wolfSSL_DH(void)
 #ifdef HAVE_FFDHE_2048
     ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe2048)));
     DH_free(dh);
+    dh = NULL;
     q = NULL;
 #endif
 #ifdef HAVE_FFDHE_3072
     ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe3072)));
     DH_free(dh);
+    dh = NULL;
     q = NULL;
 #endif
 #ifdef HAVE_FFDHE_4096
     ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe4096)));
     DH_free(dh);
+    dh = NULL;
     q = NULL;
 #endif
 #else
@@ -58585,6 +59653,7 @@ static int test_wolfSSL_DH_check(void)
     ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
     ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif /* !NO_DH  && !NO_DSA */
 #endif
@@ -58768,9 +59837,9 @@ static int test_wolfSSL_DH_get_2048_256(void)
         0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
         0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
     };
-    int pSz;
-    int qSz;
-    int gSz;
+    int pSz = 0;
+    int qSz = 0;
+    int gSz = 0;
     byte* pReturned = NULL;
     byte* qReturned = NULL;
     byte* gReturned = NULL;
@@ -59042,7 +60111,7 @@ static int test_wolfSSL_i2d_DHparams(void)
 #ifdef HAVE_FFDHE_3072
     const char* params2 = "./certs/dh3072.der";
 #endif
-    long len;
+    long len = 0;
     WOLFSSL_DH* dh = NULL;
 
     /* Test 2048 bit parameters */
@@ -59070,6 +60139,7 @@ static int test_wolfSSL_i2d_DHparams(void)
     ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
 
     DH_free(dh);
+    dh = NULL;
 
     *buf = 0;
 #endif
@@ -59099,6 +60169,7 @@ static int test_wolfSSL_i2d_DHparams(void)
     ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
 
     DH_free(dh);
+    dh = NULL;
 #endif
 
     dh = DH_new();
@@ -59106,6 +60177,7 @@ static int test_wolfSSL_i2d_DHparams(void)
     pt2 = buf;
     ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0);
     DH_free(dh);
+    dh = NULL;
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */
 #endif
@@ -59614,7 +60686,8 @@ static int test_wolfSSL_EC_POINT(void)
     /* check bn2hex */
     hexStr = BN_bn2hex(k);
     ExpectStrEQ(hexStr, kTest);
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
     BN_print_fp(stderr, k);
     fprintf(stderr, "\n");
 #endif
@@ -59622,7 +60695,8 @@ static int test_wolfSSL_EC_POINT(void)
 
     hexStr = BN_bn2hex(Gx);
     ExpectStrEQ(hexStr, kGx);
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
     BN_print_fp(stderr, Gx);
     fprintf(stderr, "\n");
 #endif
@@ -59630,7 +60704,8 @@ static int test_wolfSSL_EC_POINT(void)
 
     hexStr = BN_bn2hex(Gy);
     ExpectStrEQ(hexStr, kGy);
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
     BN_print_fp(stderr, Gy);
     fprintf(stderr, "\n");
 #endif
@@ -62372,7 +63447,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     char msg[] = "I hear you fa shizzle!";
     int  len   = (int) XSTRLEN(msg);
     char input[1024];
-    int  ret;
+    int  ret = 0;
     int  err = 0;
 
     if (!args)
@@ -65744,6 +66819,77 @@ static int test_extra_alerts_bad_psk(void)
 }
 #endif
 
+#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
+    && !defined(NO_PSK)
+static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl,
+        const char* hint, char* identity, unsigned int id_max_len,
+        unsigned char* key, unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)hint;
+    (void)key_max_len;
+
+    /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+    XSTRNCPY(identity, "Client_identity", id_max_len);
+
+    key[0] = 0x20;
+    return 1;
+}
+
+static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl,
+        const char* id, unsigned char* key, unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)id;
+    (void)key_max_len;
+    /* zero means error */
+    key[0] = 0x10;
+    return 1;
+}
+#endif
+
+static int test_tls13_bad_psk_binder(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
+    && !defined(NO_PSK)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_ALERT_HISTORY h;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
+
+    wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb);
+    wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb);
+
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+        WOLFSSL_ERROR_WANT_READ);
+
+    ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
+    ExpectIntEQ( wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+        BAD_BINDER);
+
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+        FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
+    ExpectIntEQ(h.last_rx.code, illegal_parameter);
+    ExpectIntEQ(h.last_rx.level, alert_fatal);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
 #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \
         defined(HAVE_IO_TESTS_DEPENDENCIES)
 static int test_harden_no_secure_renegotiation_io_cb(WOLFSSL *ssl, char *buf,
@@ -68191,6 +69337,81 @@ static int test_dtls_dropped_ccs(void)
 #endif
     return EXPECT_RESULT();
 }
+
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
+    && !defined(WOLFSSL_NO_TLS12)
+static int test_dtls_seq_num_downgrade_check_num(byte* ioBuf, int ioBufLen,
+        byte seq_num)
+{
+    EXPECT_DECLS;
+    DtlsRecordLayerHeader* dtlsRH;
+    byte sequence_number[8];
+
+    XMEMSET(&sequence_number, 0, sizeof(sequence_number));
+
+    ExpectIntGE(ioBufLen, sizeof(*dtlsRH));
+    dtlsRH = (DtlsRecordLayerHeader*)ioBuf;
+    ExpectIntEQ(dtlsRH->type, handshake);
+    ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR);
+    ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR);
+    sequence_number[7] = seq_num;
+    ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number,
+            sizeof(sequence_number)), 0);
+
+    return EXPECT_RESULT();
+}
+#endif
+
+/*
+ * Make sure that we send the correct sequence number after a HelloVerifyRequest
+ * and after a HelloRetryRequest. This is testing the server side as it is
+ * operating statelessly and should copy the sequence number of the ClientHello.
+ */
+static int test_dtls_seq_num_downgrade(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
+    && !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_2_client_method, wolfDTLS_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff,
+            test_ctx.s_len, 0), TEST_SUCCESS);
+    /* HVR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff,
+            test_ctx.c_len, 0), TEST_SUCCESS);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff,
+            test_ctx.s_len, 1), TEST_SUCCESS);
+    /* Server first flight */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff,
+            test_ctx.c_len, 1), TEST_SUCCESS);
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
 /**
  * Make sure we don't send RSA Signature Hash Algorithms in the
  * CertificateRequest when we don't have any such ciphers set.
@@ -68688,102 +69909,162 @@ static int test_tls13_pq_groups(void)
     return EXPECT_RESULT();
 }
 
-static int test_dtls13_early_data(void)
+static int test_tls13_early_data(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) && \
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
     defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET)
-    struct test_memio_ctx test_ctx;
-    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
-    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
-    WOLFSSL_SESSION *sess = NULL;
     int written = 0;
     int read = 0;
+    size_t i;
+    int splitEarlyData;
     char msg[] = "This is early data";
     char msg2[] = "This is client data";
     char msg3[] = "This is server data";
     char msg4[] = "This is server immediate data";
     char msgBuf[50];
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* tls_version;
+        int isUdp;
+    } params[] = {
+#ifdef WOLFSSL_TLS13
+        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+                "TLS 1.3", 0 },
+#endif
+#ifdef WOLFSSL_DTLS13
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
+                "DTLS 1.3", 1 },
+#endif
+    };
 
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
+        for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) {
+            struct test_memio_ctx test_ctx;
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            WOLFSSL_SESSION *sess = NULL;
 
-    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
 
-    /* Get a ticket so that we can do 0-RTT on the next connection */
-    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
-    ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
+            fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version);
 
-    wolfSSL_free(ssl_c);
-    ssl_c = NULL;
-    wolfSSL_free(ssl_s);
-    ssl_s = NULL;
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
-    ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                    &ssl_s, params[i].client_meth, params[i].server_meth), 0);
+
+            /* Get a ticket so that we can do 0-RTT on the next connection */
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+            /* Make sure we read the ticket */
+            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
+
+            wolfSSL_free(ssl_c);
+            ssl_c = NULL;
+            wolfSSL_free(ssl_s);
+            ssl_s = NULL;
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                    params[i].client_meth, params[i].server_meth), 0);
+            ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
+#ifdef WOLFSSL_DTLS13
+            if (params[i].isUdp) {
 #ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
-    ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS);
+                ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS);
 #else
-    /* Let's test this but we generally don't recommend turning off the
-     * cookie exchange */
-    ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
+                /* Let's test this but we generally don't recommend turning off the
+                 * cookie exchange */
+                ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
+#endif
+            }
 #endif
 
-    /* Test 0-RTT data */
-    ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
-            &written), sizeof(msg));
-    ExpectIntEQ(written, sizeof(msg));
-
-    ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-            &read), sizeof(msg));
-    ExpectIntEQ(read, sizeof(msg));
-    ExpectStrEQ(msg, msgBuf);
-
-    /* Test 0.5-RTT data */
-    ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
-
-    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
-
-    ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
-    ExpectStrEQ(msg4, msgBuf);
-
-    /* Complete handshake */
-    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
-    /* Use wolfSSL_is_init_finished to check if handshake is complete. Normally
-     * a user would loop until it is true but here we control both sides so we
-     * just assert the expected value. wolfSSL_read_early_data does not provide
-     * handshake status to us with non-blocking IO and we can't use
-     * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data
-     * parsing logic. */
-    ExpectFalse(wolfSSL_is_init_finished(ssl_s));
-    ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-            &read), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            /* Test 0-RTT data */
+            ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
+                    &written), sizeof(msg));
+            ExpectIntEQ(written, sizeof(msg));
 
-    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+            if (splitEarlyData) {
+                ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
+                        &written), sizeof(msg));
+                ExpectIntEQ(written, sizeof(msg));
+            }
 
-    ExpectTrue(wolfSSL_is_init_finished(ssl_s));
+            /* Read first 0-RTT data (if split otherwise entire data) */
+            ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                    &read), sizeof(msg));
+            ExpectIntEQ(read, sizeof(msg));
+            ExpectStrEQ(msg, msgBuf);
+
+            /* Test 0.5-RTT data */
+            ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
+
+            if (splitEarlyData) {
+                /* Read second 0-RTT data */
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                        &read), sizeof(msg));
+                ExpectIntEQ(read, sizeof(msg));
+                ExpectStrEQ(msg, msgBuf);
+            }
 
+            if (params[i].isUdp) {
+                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+
+                /* Read server 0.5-RTT data */
+                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
+                ExpectStrEQ(msg4, msgBuf);
+
+                /* Complete handshake */
+                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+                /* Use wolfSSL_is_init_finished to check if handshake is complete. Normally
+                 * a user would loop until it is true but here we control both sides so we
+                 * just assert the expected value. wolfSSL_read_early_data does not provide
+                 * handshake status to us with non-blocking IO and we can't use
+                 * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data
+                 * parsing logic. */
+                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                        &read), 0);
+                ExpectIntEQ(read, 0);
+                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
+
+                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
 
-    /* Test bi-directional write */
-    ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
-    ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
-    ExpectStrEQ(msg2, msgBuf);
-    ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
-    ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3));
-    ExpectStrEQ(msg3, msgBuf);
+                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                        &read), 0);
+                ExpectIntEQ(read, 0);
+                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
 
-    ExpectTrue(wolfSSL_session_reused(ssl_c));
-    ExpectTrue(wolfSSL_session_reused(ssl_s));
+                /* Read server 0.5-RTT data */
+                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
+                ExpectStrEQ(msg4, msgBuf);
+            }
 
-    wolfSSL_SESSION_free(sess);
-    wolfSSL_free(ssl_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_CTX_free(ctx_s);
+            /* Test bi-directional write */
+            ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
+            ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
+            ExpectStrEQ(msg2, msgBuf);
+            ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
+            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3));
+            ExpectStrEQ(msg3, msgBuf);
+
+            ExpectTrue(wolfSSL_session_reused(ssl_c));
+            ExpectTrue(wolfSSL_session_reused(ssl_s));
+
+            wolfSSL_SESSION_free(sess);
+            wolfSSL_free(ssl_c);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_CTX_free(ctx_s);
+        }
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -68884,6 +70165,624 @@ static int test_self_signed_stapling(void)
     return EXPECT_RESULT();
 }
 
+static int test_tls_multi_handshakes_one_record(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    RecordLayerHeader* rh = NULL;
+    byte   *len ;
+    int newRecIdx = RECORD_HEADER_SZ;
+    int idx = 0;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLS_client_method, wolfTLSv1_2_server_method), 0);
+
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+    /* Combine server handshake msgs into one record */
+    while (idx < test_ctx.c_len) {
+        word16 recLen;
+
+        rh = (RecordLayerHeader*)(test_ctx.c_buff + idx);
+        len = &rh->length[0];
+
+        ato16((const byte*)len, &recLen);
+        idx += RECORD_HEADER_SZ;
+
+        XMEMMOVE(test_ctx.c_buff + newRecIdx, test_ctx.c_buff + idx,
+                (size_t)recLen);
+
+        newRecIdx += recLen;
+        idx += recLen;
+    }
+    rh = (RecordLayerHeader*)(test_ctx.c_buff);
+    len = &rh->length[0];
+    c16toa(newRecIdx - RECORD_HEADER_SZ, len);
+    test_ctx.c_len = newRecIdx;
+
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+static int test_write_dup(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP)
+    size_t i, j;
+    char hiWorld[] = "dup message";
+    char readData[sizeof(hiWorld) + 5];
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* version_name;
+        int version;
+    } methods[] = {
+#ifndef WOLFSSL_NO_TLS12
+        {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2},
+#endif
+#ifdef WOLFSSL_TLS13
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3},
+#endif
+    };
+    struct {
+        const char* cipher;
+        int version;
+    } ciphers[] = {
+/* For simplicity the macros are copied from internal.h */
+/* TLS 1.2 */
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
+    #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
+        #ifndef NO_RSA
+            {"ECDHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2},
+        #endif
+    #endif
+    #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH)
+        {"DHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2},
+    #endif
+#endif
+#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(NO_TLS_DH)
+    #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+        {"DHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2},
+    #endif
+    #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+        {"DHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2},
+    #endif
+#endif
+#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \
+                                         && !defined(NO_TLS) && !defined(NO_AES)
+    #ifdef HAVE_AESGCM
+        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+            #ifndef NO_RSA
+                {"ECDHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2},
+            #endif
+        #endif
+        #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+            #ifndef NO_RSA
+                {"ECDHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2},
+            #endif
+        #endif
+    #endif
+#endif
+/* TLS 1.3 */
+#ifdef WOLFSSL_TLS13
+    #ifdef HAVE_AESGCM
+        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+            {"TLS13-AES128-GCM-SHA256", WOLFSSL_TLSV1_3},
+        #endif
+        #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+            {"TLS13-AES256-GCM-SHA384", WOLFSSL_TLSV1_3},
+        #endif
+    #endif
+    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+        #ifndef NO_SHA256
+            {"TLS13-CHACHA20-POLY1305-SHA256", WOLFSSL_TLSV1_3},
+        #endif
+    #endif
+    #ifdef HAVE_AESCCM
+        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+            {"TLS13-AES128-CCM-SHA256", WOLFSSL_TLSV1_3},
+        #endif
+    #endif
+#endif
+    };
+
+    for (i = 0; i < XELEM_CNT(methods); i++) {
+        for (j = 0; j < XELEM_CNT(ciphers) && !EXPECT_FAIL(); j++) {
+            struct test_memio_ctx test_ctx;
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            WOLFSSL *ssl_c2 = NULL;
+
+            if (methods[i].version != ciphers[j].version)
+                continue;
+
+            if (i == 0 && j == 0)
+                printf("\n");
+
+            printf("Testing %s with %s... ", methods[i].version_name,
+                    ciphers[j].cipher);
+
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+            test_ctx.c_ciphers = test_ctx.s_ciphers = ciphers[j].cipher;
+
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                    methods[i].client_meth, methods[i].server_meth), 0);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+            ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c));
+            ExpectIntEQ(wolfSSL_write(ssl_c, hiWorld, sizeof(hiWorld)),
+                    WRITE_DUP_WRITE_E);
+            ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)),
+                    sizeof(hiWorld));
+
+            ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)),
+                    sizeof(hiWorld));
+            ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)),
+                    sizeof(hiWorld));
+
+            ExpectIntEQ(wolfSSL_read(ssl_c2, readData, sizeof(readData)),
+                    WRITE_DUP_READ_E);
+            ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)),
+                    sizeof(hiWorld));
+
+            if (EXPECT_SUCCESS())
+                printf("ok\n");
+            else
+                printf("failed\n");
+
+            wolfSSL_free(ssl_c);
+            wolfSSL_free(ssl_c2);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_CTX_free(ctx_s);
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_read_write_hs(void)
+{
+
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL;
+    WOLFSSL *ssl_s = NULL, *ssl_c = NULL;
+    struct test_memio_ctx test_ctx;
+    uint8_t test_buffer[16];
+    unsigned int test;
+
+    /* test == 0 : client writes, server reads */
+    /* test == 1 : server writes, client reads */
+    for (test = 0; test < 2; test++) {
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s,  &ssl_c, &ssl_s,
+                                     wolfTLSv1_2_client_method,
+                                     wolfTLSv1_2_server_method), 0);
+        ExpectIntEQ(wolfSSL_set_group_messages(ssl_s), WOLFSSL_SUCCESS);
+        /* CH -> */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)),  -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* <- SH + SKE + SHD */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* -> CKE + CLIENT FINISHED */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* abide clang static analyzer */
+        if (ssl_s != NULL) {
+            /* disable group message to separate sending of ChangeCipherspec
+             * from Finished */
+            ssl_s->options.groupMessages = 0;
+        }
+        /* allow writing of CS, but not FINISHED */
+        test_ctx.c_len = TEST_MEMIO_BUF_SZ - 6;
+
+        /* <- CS */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_WRITE);
+
+        /* move CS message where the client can read it */
+        memmove(test_ctx.c_buff,
+                (test_ctx.c_buff + TEST_MEMIO_BUF_SZ - 6), 6);
+        test_ctx.c_len = 6;
+        /* read CS */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectIntEQ(test_ctx.c_len, 0);
+
+        if (test == 0) {
+            /* send SERVER FINISHED */
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+        } else {
+            /* send SERVER FINISHED + App Data */
+            ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), 5);
+        }
+
+        ExpectIntGT(test_ctx.c_len, 0);
+
+        /* Send and receive the data */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), 5);
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), 5);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)), 5);
+        }
+
+        ExpectBufEQ(test_buffer, "hello", 5);
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_CTX_free(ctx_s);
+        ssl_c = ssl_s = NULL;
+        ctx_c = ctx_s = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA)
+static const char* test_get_signature_nid_siglag;
+static int test_get_signature_nid_sig;
+static int test_get_signature_nid_hash;
+
+static int test_get_signature_nid_ssl_ready(WOLFSSL* ssl)
+{
+    EXPECT_DECLS;
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ALL"), WOLFSSL_SUCCESS);
+    if (!wolfSSL_is_server(ssl)) {
+        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
+            test_get_signature_nid_siglag), WOLFSSL_SUCCESS);
+    }
+    return EXPECT_RESULT();
+}
+
+static int test_get_signature_nid_on_hs_client(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
+{
+    EXPECT_DECLS;
+    int nid = 0;
+    (void)ctx;
+    if (XSTRSTR(wolfSSL_get_cipher(*ssl), "TLS_RSA_") == NULL) {
+        ExpectIntEQ(SSL_get_peer_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+        ExpectIntEQ(nid, test_get_signature_nid_sig);
+        ExpectIntEQ(SSL_get_peer_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+        ExpectIntEQ(nid, test_get_signature_nid_hash);
+    }
+    else /* No sigalg info on static ciphersuite */
+        return TEST_SUCCESS;
+    return EXPECT_RESULT();
+}
+
+static int test_get_signature_nid_on_hs_server(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
+{
+    EXPECT_DECLS;
+    int nid = 0;
+    (void)ctx;
+    ExpectIntEQ(SSL_get_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+    ExpectIntEQ(nid, test_get_signature_nid_sig);
+    ExpectIntEQ(SSL_get_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+    ExpectIntEQ(nid, test_get_signature_nid_hash);
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_get_signature_nid(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA)
+    test_ssl_cbf client_cbf;
+    test_ssl_cbf server_cbf;
+    size_t i;
+#define TGSN_TLS12_RSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, svrCertFile, svrKeyFile, \
+          caCertFile }
+#define TGSN_TLS12_ECDSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, eccCertFile, eccKeyFile, \
+          caEccCertFile }
+#define TGSN_TLS13_RSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, svrCertFile, svrKeyFile, \
+          caCertFile }
+#define TGSN_TLS13_ECDSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, eccCertFile, eccKeyFile, \
+          caEccCertFile }
+#define TGSN_TLS13_ED25519(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, edCertFile, edKeyFile, \
+            caEdCertFile }
+#define TGSN_TLS13_ED448(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, ed448CertFile, ed448KeyFile, \
+            caEd448CertFile }
+    struct {
+        const char* siglag;
+        int sig_nid;
+        int hash_nid;
+        int tls_ver;
+        const char* server_cert;
+        const char* server_key;
+        const char* client_ca;
+    } params[] = {
+#ifndef NO_RSA
+    #ifndef NO_SHA256
+        TGSN_TLS12_RSA("RSA+SHA256", NID_rsaEncryption, NID_sha256),
+        #ifdef WC_RSA_PSS
+        TGSN_TLS12_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256),
+        TGSN_TLS13_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256),
+        #endif
+    #endif
+    #ifdef WOLFSSL_SHA512
+        TGSN_TLS12_RSA("RSA+SHA512", NID_rsaEncryption, NID_sha512),
+        #ifdef WC_RSA_PSS
+        TGSN_TLS12_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512),
+        TGSN_TLS13_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512),
+        #endif
+    #endif
+#endif
+#ifdef HAVE_ECC
+    #ifndef NO_SHA256
+        TGSN_TLS12_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256),
+        TGSN_TLS13_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256),
+    #endif
+#endif
+#ifdef HAVE_ED25519
+        TGSN_TLS13_ED25519("ED25519", NID_ED25519, NID_sha512),
+#endif
+#ifdef HAVE_ED448
+        TGSN_TLS13_ED448("ED448", NID_ED448, NID_sha512),
+#endif
+    };
+
+    printf("\n");
+
+    for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) {
+
+        XMEMSET(&client_cbf, 0, sizeof(client_cbf));
+        XMEMSET(&server_cbf, 0, sizeof(server_cbf));
+
+        printf("Testing %s with %s...", tls_desc[params[i].tls_ver],
+                params[i].siglag);
+
+        switch (params[i].tls_ver) {
+#ifndef WOLFSSL_NO_TLS12
+            case WOLFSSL_TLSV1_2:
+                client_cbf.method = wolfTLSv1_2_client_method;
+                server_cbf.method = wolfTLSv1_2_server_method;
+                break;
+#endif
+#ifdef WOLFSSL_TLS13
+            case WOLFSSL_TLSV1_3:
+                client_cbf.method = wolfTLSv1_3_client_method;
+                server_cbf.method = wolfTLSv1_3_server_method;
+                break;
+#endif
+            default:
+                printf("skipping\n");
+                continue;
+        }
+
+        test_get_signature_nid_siglag = params[i].siglag;
+        test_get_signature_nid_sig = params[i].sig_nid;
+        test_get_signature_nid_hash = params[i].hash_nid;
+
+        client_cbf.ssl_ready = test_get_signature_nid_ssl_ready;
+        server_cbf.ssl_ready = test_get_signature_nid_ssl_ready;
+
+        client_cbf.on_handshake = test_get_signature_nid_on_hs_client;
+        server_cbf.on_handshake = test_get_signature_nid_on_hs_server;
+
+        server_cbf.certPemFile = params[i].server_cert;
+        server_cbf.keyPemFile = params[i].server_key;
+
+        client_cbf.caPemFile = params[i].client_ca;
+
+        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
+            &server_cbf, NULL), TEST_SUCCESS);
+        if (EXPECT_SUCCESS())
+            printf("passed\n");
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
+#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
+{
+#ifndef NO_MD5
+    enum wc_HashType hashType = WC_HASH_TYPE_MD5;
+#elif !defined(NO_SHA)
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
+#elif !defined(NO_SHA256)
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
+#else
+    #error "We need a digest to hash the Signer object"
+#endif
+    byte hashBuf[WC_MAX_DIGEST_SIZE];
+    wc_HashAlg hash;
+    size_t i;
+
+    AssertIntEQ(wc_HashInit(&hash, hashType), 0);
+    for (i = 0; i < CA_TABLE_SIZE; i++) {
+        Signer* cur;
+        for (cur = caTable[i]; cur != NULL; cur = cur->next)
+            AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)cur,
+                    sizeof(*cur)), 0);
+    }
+    AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
+    AssertIntEQ(wc_HashFree(&hash, hashType), 0);
+
+    return MakeWordFromHash(hashBuf);
+}
+
+static word32 test_tls_cert_store_unchanged_before_hashes[2];
+static size_t test_tls_cert_store_unchanged_before_hashes_idx;
+static word32 test_tls_cert_store_unchanged_after_hashes[2];
+static size_t test_tls_cert_store_unchanged_after_hashes_idx;
+
+static int test_tls_cert_store_unchanged_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+
+    ExpectIntNE(test_tls_cert_store_unchanged_before_hashes
+        [test_tls_cert_store_unchanged_before_hashes_idx++] =
+            test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0);
+
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
+            WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
+
+    return EXPECT_RESULT();
+}
+
+static int test_tls_cert_store_unchanged_ctx_cleanup(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    ExpectIntEQ(wolfSSL_CTX_UnloadIntermediateCerts(ctx), WOLFSSL_SUCCESS);
+    ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
+        [test_tls_cert_store_unchanged_after_hashes_idx++] =
+            test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0);
+
+    return EXPECT_RESULT();
+}
+
+static int test_tls_cert_store_unchanged_on_hs(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CERT_MANAGER* cm;
+
+    (void)ssl;
+    /* WARNING: this approach bypasses the reference counter check in
+     * wolfSSL_CTX_UnloadIntermediateCerts. It is not recommended as it may
+     * cause unexpected behaviour when other active connections try accessing
+     * the caTable. */
+    ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(*ctx));
+    ExpectIntEQ(wolfSSL_CertManagerUnloadIntermediateCerts(cm),
+            WOLFSSL_SUCCESS);
+    ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
+        [test_tls_cert_store_unchanged_after_hashes_idx++] =
+            test_tls_cert_store_unchanged_HashCaTable((*ctx)->cm->caTable), 0);
+
+    return EXPECT_RESULT();
+}
+
+static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX* ctx;
+
+    ExpectNotNull(ctx = wolfSSL_get_SSL_CTX(ssl));
+
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_tls_cert_store_unchanged(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+    test_ssl_cbf client_cbf;
+    test_ssl_cbf server_cbf;
+    int i;
+
+    for (i = 0; i < 2; i++) {
+        XMEMSET(&client_cbf, 0, sizeof(client_cbf));
+        XMEMSET(&server_cbf, 0, sizeof(server_cbf));
+
+        test_tls_cert_store_unchanged_before_hashes_idx = 0;
+        XMEMSET(test_tls_cert_store_unchanged_before_hashes, 0,
+                sizeof(test_tls_cert_store_unchanged_before_hashes));
+        test_tls_cert_store_unchanged_after_hashes_idx = 0;
+        XMEMSET(test_tls_cert_store_unchanged_after_hashes, 0,
+                sizeof(test_tls_cert_store_unchanged_after_hashes));
+
+        client_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
+        server_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
+
+        client_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
+        server_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
+
+        switch (i) {
+            case 0:
+                client_cbf.on_ctx_cleanup =
+                        test_tls_cert_store_unchanged_ctx_cleanup;
+                server_cbf.on_ctx_cleanup =
+                        test_tls_cert_store_unchanged_ctx_cleanup;
+                break;
+            case 1:
+                client_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
+                server_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
+                break;
+            default:
+                Fail(("Should not enter here"), ("Entered here"));
+        }
+
+
+        client_cbf.certPemFile = "certs/intermediate/client-chain.pem";
+        server_cbf.certPemFile = "certs/intermediate/server-chain.pem";
+
+        server_cbf.caPemFile = caCertFile;
+
+        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
+            &server_cbf, NULL), TEST_SUCCESS);
+
+        ExpectBufEQ(test_tls_cert_store_unchanged_before_hashes,
+                test_tls_cert_store_unchanged_after_hashes,
+                sizeof(test_tls_cert_store_unchanged_after_hashes));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
 /*----------------------------------------------------------------------------*
  | Main
  *----------------------------------------------------------------------------*/
@@ -69307,6 +71206,8 @@ TEST_CASE testCases[] = {
 
     TEST_DECL(test_wolfSSL_Init),
 
+    TEST_DECL(test_dual_alg_support),
+
     /*********************************
      * OpenSSL compatibility API tests
      *********************************/
@@ -69363,6 +71264,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey),
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_BIO),
+    TEST_DECL(test_wolfSSL_BIO_BIO_ring_read),
     TEST_DECL(test_wolfSSL_PEM_read_bio),
     TEST_DECL(test_wolfSSL_PEM_bio_RSAKey),
     TEST_DECL(test_wolfSSL_PEM_bio_DSAKey),
@@ -70155,6 +72057,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_extra_alerts_wrong_cs),
     TEST_DECL(test_extra_alerts_skip_hs),
     TEST_DECL(test_extra_alerts_bad_psk),
+    TEST_DECL(test_tls13_bad_psk_binder),
     /* Can't memory test as client/server Asserts. */
     TEST_DECL(test_harden_no_secure_renegotiation),
     TEST_DECL(test_override_alt_cert_chain),
@@ -70177,13 +72080,19 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_dtls_client_hello_timeout_downgrade),
     TEST_DECL(test_dtls_client_hello_timeout),
     TEST_DECL(test_dtls_dropped_ccs),
+    TEST_DECL(test_dtls_seq_num_downgrade),
     TEST_DECL(test_certreq_sighash_algos),
     TEST_DECL(test_revoked_loaded_int_cert),
     TEST_DECL(test_dtls_frag_ch),
     TEST_DECL(test_dtls13_frag_ch_pq),
     TEST_DECL(test_dtls_empty_keyshare_with_cookie),
     TEST_DECL(test_tls13_pq_groups),
-    TEST_DECL(test_dtls13_early_data),
+    TEST_DECL(test_tls13_early_data),
+    TEST_DECL(test_tls_multi_handshakes_one_record),
+    TEST_DECL(test_write_dup),
+    TEST_DECL(test_read_write_hs),
+    TEST_DECL(test_get_signature_nid),
+    TEST_DECL(test_tls_cert_store_unchanged),
     /* This test needs to stay at the end to clean up any caches allocated. */
     TEST_DECL(test_wolfSSL_Cleanup)
 };
diff --git a/extra/wolfssl/wolfssl/tests/srp.c b/extra/wolfssl/wolfssl/tests/srp.c
index ef6aaad6..a890f3cc 100644
--- a/extra/wolfssl/wolfssl/tests/srp.c
+++ b/extra/wolfssl/wolfssl/tests/srp.c
@@ -128,9 +128,11 @@ static void test_SrpInit(void)
     /* invalid params */
     AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
                                          SRP_CLIENT_SIDE));
+    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
     AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
                                          (SrpSide)255));
+    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
 
     /* success */
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
diff --git a/extra/wolfssl/wolfssl/tests/suites.c b/extra/wolfssl/wolfssl/tests/suites.c
index 76aa4131..e95ff933 100644
--- a/extra/wolfssl/wolfssl/tests/suites.c
+++ b/extra/wolfssl/wolfssl/tests/suites.c
@@ -1455,8 +1455,8 @@ exit:
 
     return args.return_code;
 #else
-    return NOT_COMPILED_IN;
     (void)argc;
     (void)argv;
+    return NOT_COMPILED_IN;
 #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
 }
diff --git a/extra/wolfssl/wolfssl/tests/test-dtls.conf b/extra/wolfssl/wolfssl/tests/test-dtls.conf
index 42f0f63c..bb055c36 100644
--- a/extra/wolfssl/wolfssl/tests/test-dtls.conf
+++ b/extra/wolfssl/wolfssl/tests/test-dtls.conf
@@ -55,6 +55,20 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
+# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-u
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
+# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-u
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
 # server TLSv1.2 PSK-CHACHA20-POLY1305
 -u
 -v 3
diff --git a/extra/wolfssl/wolfssl/tests/test.conf b/extra/wolfssl/wolfssl/tests/test.conf
index 099ef470..73d40f00 100644
--- a/extra/wolfssl/wolfssl/tests/test.conf
+++ b/extra/wolfssl/wolfssl/tests/test.conf
@@ -45,6 +45,18 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
+# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
+# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
 # server TLSv1.2 PSK-CHACHA20-POLY1305
 -v 3
 -s
diff --git a/extra/wolfssl/wolfssl/tests/unit.h b/extra/wolfssl/wolfssl/tests/unit.h
index 185fc22d..061e84d8 100644
--- a/extra/wolfssl/wolfssl/tests/unit.h
+++ b/extra/wolfssl/wolfssl/tests/unit.h
@@ -217,7 +217,8 @@
         int         _z = (int)(z);                                             \
         int         _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, _z) : -1;            \
         Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z),                  \
-                             ("\"%p\" " #er " \"%p\" for \"%d\"", _x, _y, _z));\
+                             ("\"%p\" " #er " \"%p\" for \"%d\"",              \
+                                (const void *)_x, (const void *)_y, _z));      \
     }                                                                          \
 } while(0)
 
diff --git a/extra/wolfssl/wolfssl/tests/utils.h b/extra/wolfssl/wolfssl/tests/utils.h
index 46b16e2c..cf57e336 100644
--- a/extra/wolfssl/wolfssl/tests/utils.h
+++ b/extra/wolfssl/wolfssl/tests/utils.h
@@ -111,6 +111,13 @@ cleanup:
         XFCLOSE(outFile);
     return ret;
 }
+
+#if defined(__MACH__) || defined(__FreeBSD__)
+int link_file(const char* in, const char* out)
+{
+    return link(in, out);
+}
+#endif
 #endif /* !NO_FILESYSTEM */
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
@@ -148,6 +155,12 @@ int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
 int test_memio_setup(struct test_memio_ctx *ctx,
     WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
     method_provider method_c, method_provider method_s);
+int test_memio_setup_ex(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s,
+    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
+    byte *serverKey, int serverKeySz);
+
 
 static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
     void *ctx)
@@ -266,18 +279,32 @@ int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
     return 0;
 }
 
-int test_memio_setup(struct test_memio_ctx *ctx,
+int test_memio_setup_ex(struct test_memio_ctx *ctx,
     WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
-    method_provider method_c, method_provider method_s)
+    method_provider method_c, method_provider method_s,
+    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
+    byte *serverKey, int serverKeySz)
 {
     int ret;
+    (void)caCert;
+    (void)caCertSz;
+    (void)serverCert;
+    (void)serverCertSz;
+    (void)serverKey;
+    (void)serverKeySz;
 
     if (ctx_c != NULL && *ctx_c == NULL) {
         *ctx_c = wolfSSL_CTX_new(method_c());
         if (*ctx_c == NULL)
             return -1;
 #ifndef NO_CERTS
-        ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
+        if (caCert == NULL) {
+            ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
+        }
+        else {
+            ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz,
+                                                 WOLFSSL_FILETYPE_ASN1);
+        }
         if (ret != WOLFSSL_SUCCESS)
             return -1;
 #endif /* NO_CERTS */
@@ -295,15 +322,28 @@ int test_memio_setup(struct test_memio_ctx *ctx,
         if (*ctx_s == NULL)
             return -1;
 #ifndef NO_CERTS
-        ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
-            WOLFSSL_FILETYPE_PEM);
+        if (serverKey == NULL) {
+            ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
+                WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
+                (long)serverKeySz, WOLFSSL_FILETYPE_ASN1);
+        }
         if (ret != WOLFSSL_SUCCESS)
             return- -1;
-        ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
-                                               WOLFSSL_FILETYPE_PEM);
+
+        if (serverCert == NULL) {
+            ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
+                                                   WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
+                serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1);
+        }
         if (ret != WOLFSSL_SUCCESS)
             return -1;
-#endif
+#endif /* NO_CERTS */
         wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
         wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
         if (ctx->s_ciphers != NULL) {
@@ -333,6 +373,14 @@ int test_memio_setup(struct test_memio_ctx *ctx,
 
     return 0;
 }
+
+int test_memio_setup(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s)
+{
+    return test_memio_setup_ex(ctx, ctx_c, ctx_s, ssl_c, ssl_s, method_c,
+                               method_s, NULL, 0, NULL, 0, NULL, 0);
+}
 #endif
 
 #if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
@@ -383,3 +431,9 @@ void join_thread(THREAD_TYPE thread)
     THREAD_CHECK_RET(wolfSSL_JoinThread(thread));
 }
 #endif /* SINGLE_THREADED */
+
+/* These correspond to WOLFSSL_SSLV3...WOLFSSL_DTLSV1_3 */
+const char* tls_desc[] = {
+    "SSLv3", "TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3",
+    "DTLSv1.0", "DTLSv1.2", "DTLSv1.3"
+};
diff --git a/extra/wolfssl/wolfssl/testsuite/testsuite.c b/extra/wolfssl/wolfssl/testsuite/testsuite.c
index 753077aa..70aecb88 100644
--- a/extra/wolfssl/wolfssl/testsuite/testsuite.c
+++ b/extra/wolfssl/wolfssl/testsuite/testsuite.c
@@ -327,7 +327,7 @@ static int test_crl_monitor(void)
         if (i % 2 == 0) {
             /* succeed on even rounds */
             sprintf(buf, "%s/%s", tmpDir, "crl.pem");
-            if (copy_file("certs/crl/crl.pem", buf) != 0) {
+            if (STAGE_FILE("certs/crl/crl.pem", buf) != 0) {
                 fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
                 goto cleanup;
             }
@@ -350,7 +350,7 @@ static int test_crl_monitor(void)
         else {
             /* fail on odd rounds */
             sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
-            if (copy_file("certs/crl/crl.revoked", buf) != 0) {
+            if (STAGE_FILE("certs/crl/crl.revoked", buf) != 0) {
                 fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
                 goto cleanup;
             }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c b/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c
index 49803d6d..2f51aeff 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c
@@ -55,7 +55,6 @@
  *
  */
 
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -68,6 +67,8 @@
 /* Macro to disable benchmark */
 #ifndef NO_CRYPT_BENCHMARK
 
+#define WC_ALLOC_DO_ON_FAILURE() do { printf("out of memory at benchmark.c L %d\n", __LINE__); ret = MEMORY_E; goto exit; } while (0)
+
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/wolfmath.h>
@@ -77,6 +78,11 @@
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/version.h>
 
+#ifdef WOLFSSL_LINUXKM
+    /* remap current_time() -- collides with a function in kernel linux/fs.h */
+    #define current_time benchmark_current_time
+#endif /* WOLFSSL_LINUXKM */
+
 #ifdef HAVE_CHACHA
     #include <wolfssl/wolfcrypt/chacha.h>
 #endif
@@ -172,12 +178,16 @@
     #include <wolfssl/wolfcrypt/lms.h>
     #ifdef HAVE_LIBLMS
         #include <wolfssl/wolfcrypt/ext_lms.h>
+    #else
+        #include <wolfssl/wolfcrypt/wc_lms.h>
     #endif
 #endif
 #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
     #include <wolfssl/wolfcrypt/xmss.h>
     #ifdef HAVE_LIBXMSS
         #include <wolfssl/wolfcrypt/ext_xmss.h>
+    #else
+        #include <wolfssl/wolfcrypt/wc_xmss.h>
     #endif
 #endif
 #ifdef WOLFCRYPT_HAVE_ECCSI
@@ -222,7 +232,6 @@
     #include "wolfcrypt/benchmark/benchmark.h"
 #endif
 
-
 /* define the max length for each string of metric reported */
 #ifndef WC_BENCH_MAX_LINE_LEN
 #define WC_BENCH_MAX_LINE_LEN 150
@@ -465,7 +474,7 @@
         #include <stdlib.h>  /* we're using malloc / free direct here */
     #endif
 
-    #ifndef STRING_USER
+    #if !defined(STRING_USER) && !defined(NO_STDIO_FILESYSTEM)
         #include <string.h>
         #include <stdio.h>
     #endif
@@ -662,7 +671,21 @@
 
 /* Post-Quantum Stateful Hash-Based sig algorithms. */
 #define BENCH_LMS_HSS                   0x00000001
-#define BENCH_XMSS_XMSSMT               0x00000002
+#define BENCH_XMSS_XMSSMT_SHA256        0x00000002
+#define BENCH_XMSS_XMSSMT_SHA512        0x00000004
+#define BENCH_XMSS_XMSSMT_SHAKE128      0x00000008
+#define BENCH_XMSS_XMSSMT_SHAKE256      0x00000010
+#ifndef NO_SHA256
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHA256
+#elif defined(WOLFSSL_SHA512)
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHA512
+#elif defined(WOLFSSL_SHAKE128)
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHAKE128
+#elif defined(WOLFSSL_SHAKE256)
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHAKE256
+#else
+#define BENCH_XMSS_XMSSMT               0x00000000
+#endif
 
 /* Other */
 #define BENCH_RNG                0x00000001
@@ -987,7 +1010,23 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = {
     { "-lms_hss", BENCH_LMS_HSS},
 #endif
 #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
-    { "-xmss_xmssmt", BENCH_XMSS_XMSSMT},
+    { "-xmss_xmssmt",          BENCH_XMSS_XMSSMT},
+#ifdef WC_XMSS_SHA256
+    { "-xmss_xmssmt_sha256",   BENCH_XMSS_XMSSMT_SHA256},
+#endif
+#ifdef WC_XMSS_SHA512
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+    { "-xmss_xmssmt_sha512",   BENCH_XMSS_XMSSMT_SHA512},
+#endif
+#endif
+#ifdef WC_XMSS_SHAKE128
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+    { "-xmss_xmssmt_shake128", BENCH_XMSS_XMSSMT_SHAKE128},
+#endif
+#endif
+#ifdef WC_XMSS_SHAKE256
+    { "-xmss_xmssmt_shake256", BENCH_XMSS_XMSSMT_SHAKE256},
+#endif
 #endif
     { NULL, 0}
 };
@@ -1439,7 +1478,7 @@ static const char* bench_result_words3[][5] = {
                 ESP_LOGI(TAG, "expected_diff       = %llu", expected_diff);
                 ESP_LOGI(TAG, "tickBeginDiff       = %lu", tickBeginDiff);
 
-                ESP_LOGW(TAG, "");
+                ESP_LOGW(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
             }
             #endif
         }
@@ -1841,21 +1880,33 @@ static const char* bench_result_words2[][5] = {
 
 /* use kB instead of mB for embedded benchmarking */
 #ifdef BENCH_EMBEDDED
+    #ifndef BENCH_NTIMES
+    #define BENCH_NTIMES 2
+    #endif
+    #ifndef BENCH_AGREETIMES
+    #define BENCH_AGREETIMES 2
+    #endif
     enum BenchmarkBounds {
         scryptCnt  = 1,
-        ntimes     = 2,
+        ntimes     = BENCH_NTIMES,
         genTimes   = BENCH_MAX_PENDING,
-        agreeTimes = 2
+        agreeTimes = BENCH_AGREETIMES
     };
     /* how many kB to test (en/de)cryption */
     #define NUM_BLOCKS 25
     #define BENCH_SIZE (1024uL)
 #else
+    #ifndef BENCH_NTIMES
+    #define BENCH_NTIMES 100
+    #endif
+    #ifndef BENCH_AGREETIMES
+    #define BENCH_AGREETIMES 100
+    #endif
     enum BenchmarkBounds {
         scryptCnt  = 10,
-        ntimes     = 100,
+        ntimes     = BENCH_NTIMES,
         genTimes   = BENCH_MAX_PENDING, /* must be at least BENCH_MAX_PENDING */
-        agreeTimes = 100
+        agreeTimes = BENCH_AGREETIMES
     };
     /* how many megs to test (en/de)cryption */
     #define NUM_BLOCKS 5
@@ -3497,9 +3548,29 @@ static void* benchmarks_do(void* args)
 #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
 #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
-    if (bench_all || (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT)) {
-        bench_xmss();
+    if (bench_all) {
+        bench_pq_hash_sig_algs |= BENCH_XMSS_XMSSMT;
+    }
+#ifndef NO_SHA256
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHA256) {
+        bench_xmss(WC_HASH_TYPE_SHA256);
+    }
+#endif
+#ifdef WOLFSSL_SHA512
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHA512) {
+        bench_xmss(WC_HASH_TYPE_SHA512);
+    }
+#endif
+#ifdef WOLFSSL_SHAKE128
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHAKE128) {
+        bench_xmss(WC_HASH_TYPE_SHAKE128);
     }
+#endif
+#ifdef WOLFSSL_SHAKE256
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHAKE256) {
+        bench_xmss(WC_HASH_TYPE_SHAKE256);
+    }
+#endif
 #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */
 
 #ifdef HAVE_ECC
@@ -4014,22 +4085,23 @@ static void bench_aescbc_internal(int useDeviceID,
                                   const char* decLabel)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                                 useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesSetKey(&enc[i], key, keySz, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, iv, AES_ENCRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4043,12 +4115,12 @@ static void bench_aescbc_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesCbcEncrypt(&enc[i], bench_plain, bench_cipher,
+                    ret = wc_AesCbcEncrypt(enc[i], bench_plain, bench_cipher,
                         bench_size);
 
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_enc;
                     }
@@ -4077,7 +4149,7 @@ exit_aes_enc:
 #ifdef HAVE_AES_DECRYPT
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        ret = wc_AesSetKey(&enc[i], key, keySz, iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, iv, AES_DECRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4093,12 +4165,12 @@ exit_aes_enc:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesCbcDecrypt(&enc[i], bench_cipher, bench_plain,
+                    ret = wc_AesCbcDecrypt(enc[i], bench_cipher, bench_plain,
                         bench_size);
 
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_dec;
                     }
@@ -4125,8 +4197,11 @@ exit_aes_dec:
     (void)decLabel;
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 
@@ -4165,42 +4240,38 @@ static void bench_aesgcm_internal(int useDeviceID,
                                   const char* encLabel, const char* decLabel)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #ifdef HAVE_AES_DECRYPT
-    Aes    dec[BENCH_MAX_PENDING+1];
+    WC_DECLARE_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #endif
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
-
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesgcm_internal malloc failed\n");
-        goto exit;
-    }
-#endif
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_additional)
-#endif
-        XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_tag)
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
+#ifdef HAVE_AES_DECRYPT
+    WC_CALLOC_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
 #endif
-        XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
+
+    XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
+    XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&enc[i], key, keySz);
+        ret = wc_AesGcmSetKey(enc[i], key, keySz);
         if (ret != 0) {
             printf("AesGcmSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4215,13 +4286,13 @@ static void bench_aesgcm_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmEncrypt(&enc[i], bench_cipher,
+                    ret = wc_AesGcmEncrypt(enc[i], bench_cipher,
                         bench_plain, bench_size,
                         iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
                         bench_additional, aesAuthAddSz);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm;
                     }
@@ -4244,19 +4315,18 @@ exit_aes_gcm:
 #endif
 
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(dec, 0, sizeof(dec));
 
     RESET_MULTI_VALUE_STATS_VARS();
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&dec[i], HEAP_HINT,
+        if ((ret = wc_AesInit(dec[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&dec[i], key, keySz);
+        ret = wc_AesGcmSetKey(dec[i], key, keySz);
         if (ret != 0) {
             printf("AesGcmSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4270,13 +4340,13 @@ exit_aes_gcm:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dec[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmDecrypt(&dec[i], bench_plain,
+                    ret = wc_AesGcmDecrypt(dec[i], bench_plain,
                         bench_cipher, bench_size,
                         iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
                         bench_additional, aesAuthAddSz);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(dec[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm_dec;
                     }
@@ -4307,12 +4377,18 @@ exit:
         printf("bench_aesgcm failed: %d\n", ret);
     }
 #ifdef HAVE_AES_DECRYPT
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&dec[i]);
+    if (WC_ARRAY_OK(dec)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(dec[i]);
+        }
+        WC_FREE_ARRAY(dec, BENCH_MAX_PENDING, HEAP_HINT);
     }
 #endif
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 
     WC_FREE_VAR(bench_additional, HEAP_HINT);
@@ -4325,45 +4401,40 @@ static void bench_aesgcm_stream_internal(int useDeviceID,
     const char* encLabel, const char* decLabel)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #ifdef HAVE_AES_DECRYPT
-    Aes    dec[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #endif
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesgcm_internal malloc failed\n");
-        goto exit;
-    }
-#endif
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
+
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(dec, 0, sizeof(dec));
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_additional)
-#endif
-        XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_tag)
+    WC_CALLOC_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
 #endif
-        XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
+
+    XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
+    XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&enc[i], key, keySz);
+        ret = wc_AesGcmSetKey(enc[i], key, keySz);
         if (ret != 0) {
             printf("AesGcmSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4378,19 +4449,19 @@ static void bench_aesgcm_stream_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmEncryptInit(&enc[i], NULL, 0, iv, ivSz);
+                    ret = wc_AesGcmEncryptInit(enc[i], NULL, 0, iv, ivSz);
                     if (ret == 0) {
-                        ret = wc_AesGcmEncryptUpdate(&enc[i], bench_cipher,
+                        ret = wc_AesGcmEncryptUpdate(enc[i], bench_cipher,
                             bench_plain, bench_size, bench_additional,
                             aesAuthAddSz);
                     }
                     if (ret == 0) {
-                        ret = wc_AesGcmEncryptFinal(&enc[i], bench_tag,
+                        ret = wc_AesGcmEncryptFinal(enc[i], bench_tag,
                             AES_AUTH_TAG_SZ);
                     }
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm;
                     }
@@ -4415,13 +4486,13 @@ exit_aes_gcm:
 #ifdef HAVE_AES_DECRYPT
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&dec[i], HEAP_HINT,
+        if ((ret = wc_AesInit(dec[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&dec[i], key, keySz);
+        ret = wc_AesGcmSetKey(dec[i], key, keySz);
         if (ret != 0) {
             printf("AesGcmSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4437,19 +4508,19 @@ exit_aes_gcm:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dec[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmDecryptInit(&enc[i], NULL, 0, iv, ivSz);
+                    ret = wc_AesGcmDecryptInit(enc[i], NULL, 0, iv, ivSz);
                     if (ret == 0) {
-                        ret = wc_AesGcmDecryptUpdate(&enc[i], bench_plain,
+                        ret = wc_AesGcmDecryptUpdate(enc[i], bench_plain,
                             bench_cipher, bench_size, bench_additional,
                             aesAuthAddSz);
                     }
                     if (ret == 0) {
-                        ret = wc_AesGcmDecryptFinal(&enc[i], bench_tag,
+                        ret = wc_AesGcmDecryptFinal(enc[i], bench_tag,
                             AES_AUTH_TAG_SZ);
                     }
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(dec[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm_dec;
                     }
@@ -4480,12 +4551,18 @@ exit:
         printf("bench_aesgcm failed: %d\n", ret);
     }
 #ifdef HAVE_AES_DECRYPT
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&dec[i]);
+    if (WC_ARRAY_OK(dec)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(dec[i]);
+        }
+        WC_FREE_ARRAY(dec, BENCH_MAX_PENDING, HEAP_HINT);
     }
 #endif
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 
     WC_FREE_VAR(bench_additional, HEAP_HINT);
@@ -4607,7 +4684,8 @@ static void bench_aesecb_internal(int useDeviceID,
                                   const char* encLabel, const char* decLabel)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 #ifdef HAVE_FIPS
@@ -4616,18 +4694,18 @@ static void bench_aesecb_internal(int useDeviceID,
     const int benchSz = (int)bench_size;
 #endif
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                                 useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesSetKey(&enc[i], key, keySz, bench_iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, bench_iv, AES_ENCRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4644,16 +4722,16 @@ static void bench_aesecb_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
-                                      &times, numBlocks, &pending)) {
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
+                                      &times, outer_loop_limit, &pending)) {
                 #ifdef HAVE_FIPS
-                    wc_AesEncryptDirect(&enc[i], bench_cipher, bench_plain);
+                    wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
                 #else
-                    wc_AesEcbEncrypt(&enc[i], bench_cipher, bench_plain,
+                    wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain,
                         benchSz);
                 #endif
                     ret = 0;
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_enc;
                     }
@@ -4678,7 +4756,7 @@ exit_aes_enc:
 #ifdef HAVE_AES_DECRYPT
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        ret = wc_AesSetKey(&enc[i], key, keySz, bench_iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, bench_iv, AES_DECRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4695,16 +4773,16 @@ exit_aes_enc:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
-                                      &times, numBlocks, &pending)) {
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
+                                      &times, outer_loop_limit, &pending)) {
                 #ifdef HAVE_FIPS
-                    wc_AesDecryptDirect(&enc[i], bench_plain, bench_cipher);
+                    wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
                 #else
-                    wc_AesEcbDecrypt(&enc[i], bench_plain, bench_cipher,
+                    wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher,
                         benchSz);
                 #endif
                     ret = 0;
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_dec;
                     }
@@ -4730,8 +4808,11 @@ exit_aes_dec:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 
@@ -4764,14 +4845,14 @@ static void bench_aescfb_internal(const byte* key,
 
     ret = wc_AesInit(&enc, HEAP_HINT, INVALID_DEVID);
     if (ret != 0) {
-        printf("AesInit failed, ret = %d\n", ret);
+        printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
         return;
     }
 
     ret = wc_AesSetKey(&enc, key, keySz, iv, AES_ENCRYPTION);
     if (ret != 0) {
         printf("AesSetKey failed, ret = %d\n", ret);
-        return;
+        goto out;
     }
 
     bench_stats_start(&count, &start);
@@ -4780,7 +4861,7 @@ static void bench_aescfb_internal(const byte* key,
             if((ret = wc_AesCfbEncrypt(&enc, bench_plain, bench_cipher,
                             bench_size)) != 0) {
                 printf("wc_AesCfbEncrypt failed, ret = %d\n", ret);
-                return;
+                goto out;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -4795,6 +4876,11 @@ static void bench_aescfb_internal(const byte* key,
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+out:
+
+    wc_AesFree(&enc);
+    return;
 }
 
 void bench_aescfb(void)
@@ -4824,7 +4910,7 @@ static void bench_aesofb_internal(const byte* key,
 
     ret = wc_AesInit(&enc, NULL, INVALID_DEVID);
     if (ret != 0) {
-        printf("AesInit failed, ret = %d\n", ret);
+        printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
         return;
     }
 
@@ -4877,37 +4963,39 @@ void bench_aesofb(void)
 #ifdef WOLFSSL_AES_XTS
 void bench_aesxts(void)
 {
-    XtsAes aes;
+    WC_DECLARE_VAR(aes, XtsAes, 1, HEAP_HINT);
     double start;
     int    i, count, ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    static unsigned char k1[] = {
+    static const unsigned char k1[] = {
         0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
         0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
         0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
         0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
     };
 
-    static unsigned char i1[] = {
+    static const unsigned char i1[] = {
         0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
         0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
     };
 
-    ret = wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION,
+    WC_ALLOC_VAR(aes, XtsAes, 1, HEAP_HINT);
+
+    ret = wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
             HEAP_HINT, devId);
     if (ret != 0) {
         printf("wc_AesXtsSetKey failed, ret = %d\n", ret);
-        return;
+        goto exit;
     }
 
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            if ((ret = wc_AesXtsEncrypt(&aes, bench_cipher, bench_plain,
+            if ((ret = wc_AesXtsEncrypt(aes, bench_cipher, bench_plain,
                             bench_size, i1, sizeof(i1))) != 0) {
                 printf("wc_AesXtsEncrypt failed, ret = %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -4922,14 +5010,14 @@ void bench_aesxts(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
-    wc_AesXtsFree(&aes);
+    wc_AesXtsFree(aes);
 
     /* decryption benchmark */
-    ret = wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION,
+    ret = wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
             HEAP_HINT, devId);
     if (ret != 0) {
         printf("wc_AesXtsSetKey failed, ret = %d\n", ret);
-        return;
+        goto exit;
     }
 
     RESET_MULTI_VALUE_STATS_VARS();
@@ -4937,10 +5025,10 @@ void bench_aesxts(void)
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            if ((ret = wc_AesXtsDecrypt(&aes, bench_plain, bench_cipher,
+            if ((ret = wc_AesXtsDecrypt(aes, bench_plain, bench_cipher,
                             bench_size, i1, sizeof(i1))) != 0) {
                 printf("wc_AesXtsDecrypt failed, ret = %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -4955,7 +5043,11 @@ void bench_aesxts(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
-    wc_AesXtsFree(&aes);
+
+exit:
+
+    wc_AesXtsFree(aes);
+    WC_FREE_VAR(aes, HEAP_HINT);
 }
 #endif /* WOLFSSL_AES_XTS */
 
@@ -5024,6 +5116,7 @@ void bench_aesctr(int useDeviceID)
 void bench_aesccm(int useDeviceID)
 {
     Aes    enc;
+    int    enc_inited = 0;
     double start;
     int    ret, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
@@ -5031,18 +5124,15 @@ void bench_aesccm(int useDeviceID)
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesccm malloc failed\n");
-        goto exit;
-    }
-#endif
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
     XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
     XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
 
     if ((ret = wc_AesInit(&enc, HEAP_HINT,
-        useDeviceID ? devId : INVALID_DEVID)) != 0) {
+        useDeviceID ? devId : INVALID_DEVID)) != 0)
+    {
         printf("wc_AesInit failed, ret = %d\n", ret);
         goto exit;
     }
@@ -5051,6 +5141,7 @@ void bench_aesccm(int useDeviceID)
         printf("wc_AesCcmSetKey failed, ret = %d\n", ret);
         goto exit;
     }
+    enc_inited = 1;
 
     bench_stats_start(&count, &start);
     do {
@@ -5106,6 +5197,9 @@ void bench_aesccm(int useDeviceID)
 
   exit:
 
+    if (enc_inited)
+        wc_AesFree(&enc);
+
     WC_FREE_VAR(bench_additional, HEAP_HINT);
     WC_FREE_VAR(bench_tag, HEAP_HINT);
 }
@@ -5372,17 +5466,14 @@ void bench_sm4_gcm(void)
 
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesgcm_internal malloc failed\n");
-        return;
-    }
-#endif
+
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
     ret = wc_Sm4GcmSetKey(&sm4, bench_key, SM4_KEY_SIZE);
     if (ret != 0) {
         printf("Sm4GcmSetKey failed, ret = %d\n", ret);
-        return;
+        goto exit;
     }
 
     bench_stats_start(&count, &start);
@@ -5393,7 +5484,7 @@ void bench_sm4_gcm(void)
                 bench_additional, aesAuthAddSz);
             if (ret < 0) {
                 printf("Sm4GcmEncrypt failed: %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -5419,7 +5510,7 @@ void bench_sm4_gcm(void)
                 bench_additional, aesAuthAddSz);
             if (ret < 0) {
                 printf("Sm4GcmDecrypt failed: %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -5434,6 +5525,11 @@ void bench_sm4_gcm(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(bench_additional, HEAP_HINT);
+    WC_FREE_VAR(bench_tag, HEAP_HINT);
 }
 #endif
 
@@ -5448,12 +5544,8 @@ void bench_sm4_ccm()
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesccm malloc failed\n");
-        goto exit;
-    }
-#endif
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
     XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
     XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
@@ -5523,22 +5615,23 @@ void bench_sm4_ccm()
 void bench_des(int useDeviceID)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Des3   enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Des3, BENCH_MAX_PENDING,
+                     sizeof(Des3), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Des3, BENCH_MAX_PENDING,
+                     sizeof(Des3), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_Des3Init(&enc[i], HEAP_HINT,
+        if ((ret = wc_Des3Init(enc[i], HEAP_HINT,
                                 useDeviceID ? devId : INVALID_DEVID)) != 0) {
             printf("Des3Init failed, ret = %d\n", ret);
             goto exit;
         }
 
-        ret = wc_Des3_SetKey(&enc[i], bench_key, bench_iv, DES_ENCRYPTION);
+        ret = wc_Des3_SetKey(enc[i], bench_key, bench_iv, DES_ENCRYPTION);
         if (ret != 0) {
             printf("Des3_SetKey failed, ret = %d\n", ret);
             goto exit;
@@ -5552,12 +5645,12 @@ void bench_des(int useDeviceID)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_Des3_CbcEncrypt(&enc[i],
+                    ret = wc_Des3_CbcEncrypt(enc[i],
                                              bench_cipher,
                                              bench_plain, bench_size);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_3des;
                     }
@@ -5580,8 +5673,11 @@ exit_3des:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Des3Free(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Des3Free(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 #endif /* !NO_DES3 */
@@ -5591,22 +5687,23 @@ exit:
 void bench_arc4(int useDeviceID)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Arc4   enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Arc4, BENCH_MAX_PENDING,
+                     sizeof(Arc4), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Arc4, BENCH_MAX_PENDING,
+                     sizeof(Arc4), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_Arc4Init(&enc[i], HEAP_HINT,
+        if ((ret = wc_Arc4Init(enc[i], HEAP_HINT,
                             useDeviceID ? devId : INVALID_DEVID)) != 0) {
             printf("Arc4Init failed, ret = %d\n", ret);
             goto exit;
         }
 
-        ret = wc_Arc4SetKey(&enc[i], bench_key, 16);
+        ret = wc_Arc4SetKey(enc[i], bench_key, 16);
         if (ret != 0) {
             printf("Arc4SetKey failed, ret = %d\n", ret);
             goto exit;
@@ -5620,11 +5717,11 @@ void bench_arc4(int useDeviceID)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_Arc4Process(&enc[i], bench_cipher, bench_plain,
+                    ret = wc_Arc4Process(enc[i], bench_cipher, bench_plain,
                                          bench_size);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_arc4;
                     }
@@ -5647,8 +5744,11 @@ exit_arc4:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Arc4Free(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Arc4Free(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 #endif /* !NO_RC4 */
@@ -5657,19 +5757,29 @@ exit:
 #ifdef HAVE_CHACHA
 void bench_chacha(void)
 {
-    ChaCha enc;
+    WC_DECLARE_VAR(enc, ChaCha, 1, HEAP_HINT);
     double start;
-    int    i, count;
+    int    ret, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    XMEMSET(&enc, 0, sizeof(enc));
-    wc_Chacha_SetKey(&enc, bench_key, 16);
+    WC_ALLOC_VAR(enc, ChaCha, 1, HEAP_HINT);
+
+    XMEMSET(enc, 0, sizeof(ChaCha));
+    wc_Chacha_SetKey(enc, bench_key, 16);
 
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            wc_Chacha_SetIV(&enc, bench_iv, 0);
-            wc_Chacha_Process(&enc, bench_cipher, bench_plain, bench_size);
+            ret = wc_Chacha_SetIV(enc, bench_iv, 0);
+            if (ret < 0) {
+                printf("wc_Chacha_SetIV error: %d\n", ret);
+                goto exit;
+            }
+            ret = wc_Chacha_Process(enc, bench_cipher, bench_plain, bench_size);
+            if (ret < 0) {
+                printf("wc_Chacha_Process error: %d\n", ret);
+                goto exit;
+            }
             RECORD_MULTI_VALUE_STATS();
         }
         count += i;
@@ -5683,6 +5793,9 @@ void bench_chacha(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+    WC_FREE_VAR(enc, HEAP_HINT);
 }
 #endif /* HAVE_CHACHA*/
 
@@ -5693,8 +5806,9 @@ void bench_chacha20_poly1305_aead(void)
     int    ret = 0, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
-    XMEMSET(authTag, 0, sizeof(authTag));
+    WC_DECLARE_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT);
+    XMEMSET(authTag, 0, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE);
 
     bench_stats_start(&count, &start);
     do {
@@ -5703,7 +5817,7 @@ void bench_chacha20_poly1305_aead(void)
                 bench_plain, bench_size, bench_cipher, authTag);
             if (ret < 0) {
                 printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -5718,6 +5832,10 @@ void bench_chacha20_poly1305_aead(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(authTag, HEAP_HINT);
 }
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 
@@ -5725,30 +5843,30 @@ void bench_chacha20_poly1305_aead(void)
 #ifndef NO_MD5
 void bench_md5(int useDeviceID)
 {
-    wc_Md5 hash[BENCH_MAX_PENDING];
-    double start;
+    WC_DECLARE_ARRAY(hash, wc_Md5, BENCH_MAX_PENDING,
+                     sizeof(wc_Md5), HEAP_HINT);
+    double start = 0;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
-
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_MD5_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_MD5_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Md5, BENCH_MAX_PENDING,
+                     sizeof(wc_Md5), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_MD5_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitMd5_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitMd5_ex(hash[i], HEAP_HINT,
                         useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitMd5_ex failed, ret = %d\n", ret);
                 goto exit;
             }
         #ifdef WOLFSSL_PIC32MZ_HASH
-            wc_Md5SizeSet(&hash[i], numBlocks * bench_size);
+            wc_Md5SizeSet(hash[i], numBlocks * bench_size);
         #endif
         }
 
@@ -5759,12 +5877,12 @@ void bench_md5(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Md5Update(&hash[i], bench_plain,
+                        ret = wc_Md5Update(hash[i], bench_plain,
                                            bench_size);
                         if (!bench_async_handle(&ret,
-                                                BENCH_ASYNC_GET_DEV(&hash[i]),
+                                                BENCH_ASYNC_GET_DEV(hash[i]),
                                                 0, &times, &pending)) {
                             goto exit_md5;
                         }
@@ -5779,11 +5897,11 @@ void bench_md5(int useDeviceID)
                 bench_async_poll(&pending);
 
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Md5Final(&hash[i], digest[i]);
+                        ret = wc_Md5Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_md5;
                         }
@@ -5800,11 +5918,11 @@ void bench_md5(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitMd5_ex(hash, HEAP_HINT, INVALID_DEVID);
+                ret = wc_InitMd5_ex(hash[0], HEAP_HINT, INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Md5Update(hash, bench_plain, bench_size);
+                    ret = wc_Md5Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Md5Final(hash, digest[0]);
+                    ret = wc_Md5Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_md5;
                 RECORD_MULTI_VALUE_STATS();
@@ -5825,11 +5943,14 @@ exit_md5:
 exit:
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Md5Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Md5Free(hash[i]);
+        }
     }
 #endif
 
+    WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* !NO_MD5 */
@@ -5838,29 +5959,30 @@ exit:
 #ifndef NO_SHA
 void bench_sha(int useDeviceID)
 {
-    wc_Sha hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha failed, ret = %d\n", ret);
                 goto exit;
             }
         #ifdef WOLFSSL_PIC32MZ_HASH
-            wc_ShaSizeSet(&hash[i], numBlocks * bench_size);
+            wc_ShaSizeSet(hash[i], numBlocks * bench_size);
         #endif
         }
 
@@ -5871,12 +5993,12 @@ void bench_sha(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_ShaUpdate(&hash[i], bench_plain,
+                        ret = wc_ShaUpdate(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha;
                         }
@@ -5891,11 +6013,11 @@ void bench_sha(int useDeviceID)
                 bench_async_poll(&pending);
 
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_ShaFinal(&hash[i], digest[i]);
+                        ret = wc_ShaFinal(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha;
                         }
@@ -5912,12 +6034,12 @@ void bench_sha(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha_ex(hash, HEAP_HINT,
+                ret = wc_InitSha_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_ShaUpdate(hash, bench_plain, bench_size);
+                    ret = wc_ShaUpdate(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_ShaFinal(hash, digest[0]);
+                    ret = wc_ShaFinal(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha;
                 RECORD_MULTI_VALUE_STATS();
@@ -5937,10 +6059,12 @@ exit_sha:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ShaFree(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_ShaFree(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* NO_SHA */
@@ -5949,22 +6073,23 @@ exit:
 #ifdef WOLFSSL_SHA224
 void bench_sha224(int useDeviceID)
 {
-    wc_Sha224 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha224), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA224_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA224_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha224), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA224_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha224_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha224_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha224_ex failed, ret = %d\n", ret);
@@ -5979,12 +6104,12 @@ void bench_sha224(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha224Update(&hash[i], bench_plain,
+                        ret = wc_Sha224Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha224;
                         }
@@ -5998,11 +6123,11 @@ void bench_sha224(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha224Final(&hash[i], digest[i]);
+                        ret = wc_Sha224Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha224;
                         }
@@ -6019,12 +6144,12 @@ void bench_sha224(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha224_ex(hash, HEAP_HINT,
+                ret = wc_InitSha224_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha224Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha224Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha224Final(hash, digest[0]);
+                    ret = wc_Sha224Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha224;
             } /* for times */
@@ -6044,10 +6169,12 @@ exit_sha224:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha224Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha224Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -6056,29 +6183,30 @@ exit:
 #ifndef NO_SHA256
 void bench_sha256(int useDeviceID)
 {
-    wc_Sha256 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha256), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA256_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA256_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha256), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA256_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha256_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha256_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId: INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha256_ex failed, ret = %d\n", ret);
                 goto exit;
             }
         #ifdef WOLFSSL_PIC32MZ_HASH
-            wc_Sha256SizeSet(&hash[i], numBlocks * bench_size);
+            wc_Sha256SizeSet(hash[i], numBlocks * bench_size);
         #endif
         }
 
@@ -6089,12 +6217,12 @@ void bench_sha256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha256Update(&hash[i], bench_plain,
+                        ret = wc_Sha256Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha256;
                         }
@@ -6108,11 +6236,11 @@ void bench_sha256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha256Final(&hash[i], digest[i]);
+                        ret = wc_Sha256Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha256;
                         }
@@ -6129,12 +6257,12 @@ void bench_sha256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha256_ex(hash, HEAP_HINT,
+                ret = wc_InitSha256_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId: INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha256Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha256Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha256Final(hash, digest[0]);
+                    ret = wc_Sha256Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha256;
                 RECORD_MULTI_VALUE_STATS();
@@ -6153,10 +6281,12 @@ exit_sha256:
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 exit:
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha256Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha256Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -6164,22 +6294,23 @@ exit:
 #ifdef WOLFSSL_SHA384
 void bench_sha384(int useDeviceID)
 {
-    wc_Sha384 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha384, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha384), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA384_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA384_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha384, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha384), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA384_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha384_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha384_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha384_ex failed, ret = %d\n", ret);
@@ -6194,12 +6325,12 @@ void bench_sha384(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha384Update(&hash[i], bench_plain,
+                        ret = wc_Sha384Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha384;
                         }
@@ -6213,11 +6344,11 @@ void bench_sha384(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha384Final(&hash[i], digest[i]);
+                        ret = wc_Sha384Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha384;
                         }
@@ -6234,12 +6365,12 @@ void bench_sha384(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha384_ex(hash, HEAP_HINT,
+                ret = wc_InitSha384_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha384Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha384Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha384Final(hash, digest[0]);
+                    ret = wc_Sha384Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha384;
                 RECORD_MULTI_VALUE_STATS();
@@ -6260,10 +6391,12 @@ exit_sha384:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha384Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha384Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -6271,22 +6404,23 @@ exit:
 #ifdef WOLFSSL_SHA512
 void bench_sha512(int useDeviceID)
 {
-    wc_Sha512 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha512, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA512_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA512_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha512, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA512_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha512_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha512_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha512_ex failed, ret = %d\n", ret);
@@ -6301,12 +6435,12 @@ void bench_sha512(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512Update(&hash[i], bench_plain,
+                        ret = wc_Sha512Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512;
                         }
@@ -6320,11 +6454,11 @@ void bench_sha512(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512Final(&hash[i], digest[i]);
+                        ret = wc_Sha512Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512;
                         }
@@ -6341,12 +6475,12 @@ void bench_sha512(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha512_ex(hash, HEAP_HINT,
+                ret = wc_InitSha512_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha512Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha512Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha512Final(hash, digest[0]);
+                    ret = wc_Sha512Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha512;
                 RECORD_MULTI_VALUE_STATS();
@@ -6367,10 +6501,12 @@ exit_sha512:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha512Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha512Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 
@@ -6378,22 +6514,23 @@ exit:
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
 void bench_sha512_224(int useDeviceID)
 {
-    wc_Sha512_224 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha512_224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_224), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
-   WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
+    WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA512_224_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA512_224_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha512_224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_224), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA512_224_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha512_224_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha512_224_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha512_224_ex failed, ret = %d\n", ret);
@@ -6408,12 +6545,12 @@ void bench_sha512_224(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_224Update(&hash[i], bench_plain,
+                        ret = wc_Sha512_224Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_224;
                         }
@@ -6427,11 +6564,11 @@ void bench_sha512_224(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_224Final(&hash[i], digest[i]);
+                        ret = wc_Sha512_224Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_224;
                         }
@@ -6448,12 +6585,12 @@ void bench_sha512_224(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha512_224_ex(hash, HEAP_HINT,
+                ret = wc_InitSha512_224_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha512_224Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha512_224Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha512_224Final(hash, digest[0]);
+                    ret = wc_Sha512_224Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha512_224;
                 RECORD_MULTI_VALUE_STATS();
@@ -6474,10 +6611,12 @@ exit_sha512_224:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha512_224Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha512_224Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA512_224 && !FIPS ... */
@@ -6486,22 +6625,23 @@ exit:
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
 void bench_sha512_256(int useDeviceID)
 {
-    wc_Sha512_256 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha512_256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_256), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA512_256_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA512_256_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha512_256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_256), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA512_256_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha512_256_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha512_256_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha512_256_ex failed, ret = %d\n", ret);
@@ -6516,12 +6656,12 @@ void bench_sha512_256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_256Update(&hash[i], bench_plain,
+                        ret = wc_Sha512_256Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_256;
                         }
@@ -6535,11 +6675,11 @@ void bench_sha512_256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_256Final(&hash[i], digest[i]);
+                        ret = wc_Sha512_256Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_256;
                         }
@@ -6556,12 +6696,12 @@ void bench_sha512_256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha512_256_ex(hash, HEAP_HINT,
+                ret = wc_InitSha512_256_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha512_256Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha512_256Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha512_256Final(hash, digest[0]);
+                    ret = wc_Sha512_256Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha512_256;
                 RECORD_MULTI_VALUE_STATS();
@@ -6582,10 +6722,12 @@ exit_sha512_256:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha512_256Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha512_256Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA512_256 && !FIPS ... */
@@ -6597,22 +6739,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_224
 void bench_sha3_224(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_224_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_224_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_224_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_224(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_224(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_224 failed, ret = %d\n", ret);
@@ -6627,12 +6770,12 @@ void bench_sha3_224(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_224_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_224_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_224;
                         }
@@ -6646,11 +6789,11 @@ void bench_sha3_224(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_224_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_224_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_224;
                         }
@@ -6667,12 +6810,12 @@ void bench_sha3_224(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_224(hash, HEAP_HINT,
+                ret = wc_InitSha3_224(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_224_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_224_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_224_Final(hash, digest[0]);
+                    ret = wc_Sha3_224_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_224;
                 RECORD_MULTI_VALUE_STATS();
@@ -6693,10 +6836,12 @@ exit_sha3_224:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_224_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_224_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_224 */
@@ -6704,22 +6849,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_256
 void bench_sha3_256(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
     int    ret = 0, i, count = 0, times, pending = 0;
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_256_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_256_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_256_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_256(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_256(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_256 failed, ret = %d\n", ret);
@@ -6734,12 +6880,12 @@ void bench_sha3_256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_256_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_256_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_256;
                         }
@@ -6753,11 +6899,11 @@ void bench_sha3_256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_256_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_256_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_256;
                         }
@@ -6774,12 +6920,12 @@ void bench_sha3_256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_256(hash, HEAP_HINT,
+                ret = wc_InitSha3_256(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_256_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_256_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_256_Final(hash, digest[0]);
+                    ret = wc_Sha3_256_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_256;
                 RECORD_MULTI_VALUE_STATS();
@@ -6800,10 +6946,12 @@ exit_sha3_256:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_256_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_256_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_256 */
@@ -6811,22 +6959,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_384
 void bench_sha3_384(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_384_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_384_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_384_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_384(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_384(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_384 failed, ret = %d\n", ret);
@@ -6841,12 +6990,12 @@ void bench_sha3_384(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_384_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_384_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_384;
                         }
@@ -6860,11 +7009,11 @@ void bench_sha3_384(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_384_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_384_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_384;
                         }
@@ -6881,12 +7030,12 @@ void bench_sha3_384(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_384(hash, HEAP_HINT,
+                ret = wc_InitSha3_384(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_384_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_384_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_384_Final(hash, digest[0]);
+                    ret = wc_Sha3_384_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_384;
                 RECORD_MULTI_VALUE_STATS();
@@ -6907,10 +7056,12 @@ exit_sha3_384:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_384_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_384_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_384 */
@@ -6918,22 +7069,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_512
 void bench_sha3_512(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_512_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_512_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_512_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_512(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_512(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_512 failed, ret = %d\n", ret);
@@ -6948,12 +7100,12 @@ void bench_sha3_512(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_512_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_512_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_512;
                         }
@@ -6967,11 +7119,11 @@ void bench_sha3_512(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_512_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_512_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_512;
                         }
@@ -6988,12 +7140,12 @@ void bench_sha3_512(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_512(hash, HEAP_HINT,
+                ret = wc_InitSha3_512(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_512_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_512_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_512_Final(hash, digest[0]);
+                    ret = wc_Sha3_512_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_512;
                 RECORD_MULTI_VALUE_STATS();
@@ -7014,10 +7166,12 @@ exit_sha3_512:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_512_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_512_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_512 */
@@ -7025,22 +7179,23 @@ exit:
 #ifdef WOLFSSL_SHAKE128
 void bench_shake128(int useDeviceID)
 {
-    wc_Shake hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_128_BLOCK_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_128_BLOCK_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_128_BLOCK_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitShake128(&hash[i], HEAP_HINT,
+            ret = wc_InitShake128(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitShake128 failed, ret = %d\n", ret);
@@ -7055,12 +7210,12 @@ void bench_shake128(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake128_Update(&hash[i], bench_plain,
+                        ret = wc_Shake128_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake128;
                         }
@@ -7074,12 +7229,12 @@ void bench_shake128(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake128_Final(&hash[i], digest[i],
+                        ret = wc_Shake128_Final(hash[i], digest[i],
                             WC_SHA3_128_BLOCK_SIZE);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake128;
                         }
@@ -7096,12 +7251,12 @@ void bench_shake128(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitShake128(hash, HEAP_HINT,
+                ret = wc_InitShake128(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Shake128_Update(hash, bench_plain, bench_size);
+                    ret = wc_Shake128_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Shake128_Final(hash, digest[0],
+                    ret = wc_Shake128_Final(hash[0], digest[0],
                         WC_SHA3_128_BLOCK_SIZE);
                 if (ret != 0)
                     goto exit_shake128;
@@ -7123,10 +7278,12 @@ exit_shake128:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Shake128_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Shake128_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_SHAKE128 */
@@ -7134,22 +7291,23 @@ exit:
 #ifdef WOLFSSL_SHAKE256
 void bench_shake256(int useDeviceID)
 {
-    wc_Shake hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_256_BLOCK_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_256_BLOCK_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_256_BLOCK_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitShake256(&hash[i], HEAP_HINT,
+            ret = wc_InitShake256(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitShake256 failed, ret = %d\n", ret);
@@ -7164,12 +7322,12 @@ void bench_shake256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake256_Update(&hash[i], bench_plain,
+                        ret = wc_Shake256_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake256;
                         }
@@ -7183,12 +7341,12 @@ void bench_shake256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake256_Final(&hash[i], digest[i],
+                        ret = wc_Shake256_Final(hash[i], digest[i],
                             WC_SHA3_256_BLOCK_SIZE);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake256;
                         }
@@ -7205,12 +7363,12 @@ void bench_shake256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitShake256(hash, HEAP_HINT,
+                ret = wc_InitShake256(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Shake256_Update(hash, bench_plain, bench_size);
+                    ret = wc_Shake256_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Shake256_Final(hash, digest[0],
+                    ret = wc_Shake256_Final(hash[0], digest[0],
                         WC_SHA3_256_BLOCK_SIZE);
                 if (ret != 0)
                     goto exit_shake256;
@@ -7232,10 +7390,12 @@ exit_shake256:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Shake256_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Shake256_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_SHAKE256 */
@@ -7244,22 +7404,23 @@ exit:
 #ifdef WOLFSSL_SM3
 void bench_sm3(int useDeviceID)
 {
-    wc_Sm3 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sm3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sm3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE,
         HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE,
-        HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sm3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sm3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE,
+        HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSm3(&hash[i], HEAP_HINT,
+            ret = wc_InitSm3(hash[i], HEAP_HINT,
                 useDeviceID ? devId: INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSm3 failed, ret = %d\n", ret);
@@ -7274,12 +7435,12 @@ void bench_sm3(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                               0, &times, numBlocks, &pending)) {
-                        ret = wc_Sm3Update(&hash[i], bench_plain,
+                        ret = wc_Sm3Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0, &times, &pending)) {
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0, &times, &pending)) {
                             goto exit_sm3;
                         }
                     }
@@ -7292,11 +7453,11 @@ void bench_sm3(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                               0, &times, numBlocks, &pending)) {
-                        ret = wc_Sm3Final(&hash[i], digest[i]);
+                        ret = wc_Sm3Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0, &times, &pending)) {
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0, &times, &pending)) {
                             goto exit_sm3;
                         }
                     }
@@ -7337,10 +7498,12 @@ exit_sm3:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sm3Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sm3Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -7699,14 +7862,15 @@ exit:
 static void bench_hmac(int useDeviceID, int type, int digestSz,
                        const byte* key, word32 keySz, const char* label)
 {
-    Hmac   hmac[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hmac, Hmac, BENCH_MAX_PENDING,
+                     sizeof(Hmac), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_MAX_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
                   WC_MAX_DIGEST_SIZE, HEAP_HINT);
 #else
     byte digest[BENCH_MAX_PENDING][WC_MAX_DIGEST_SIZE];
@@ -7714,19 +7878,19 @@ static void bench_hmac(int useDeviceID, int type, int digestSz,
 
     (void)digestSz;
 
-    /* clear for done cleanup */
-    XMEMSET(hmac, 0, sizeof(hmac));
+    WC_CALLOC_ARRAY(hmac, Hmac, BENCH_MAX_PENDING,
+                     sizeof(Hmac), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        ret = wc_HmacInit(&hmac[i], HEAP_HINT,
+        ret = wc_HmacInit(hmac[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
         if (ret != 0) {
             printf("wc_HmacInit failed for %s, ret = %d\n", label, ret);
             goto exit;
         }
 
-        ret = wc_HmacSetKey(&hmac[i], type, key, keySz);
+        ret = wc_HmacSetKey(hmac[i], type, key, keySz);
         if (ret != 0) {
             printf("wc_HmacSetKey failed for %s, ret = %d\n", label, ret);
             goto exit;
@@ -7741,11 +7905,11 @@ static void bench_hmac(int useDeviceID, int type, int digestSz,
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
                 if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(&hmac[i]), 0,
+                                      BENCH_ASYNC_GET_DEV(hmac[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_HmacUpdate(&hmac[i], bench_plain, bench_size);
+                    ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size);
                     if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&hmac[i]),
+                                            BENCH_ASYNC_GET_DEV(hmac[i]),
                                             0, &times, &pending)) {
                         goto exit_hmac;
                     }
@@ -7760,11 +7924,11 @@ static void bench_hmac(int useDeviceID, int type, int digestSz,
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
                 if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(&hmac[i]), 0,
+                                      BENCH_ASYNC_GET_DEV(hmac[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_HmacFinal(&hmac[i], digest[i]);
+                    ret = wc_HmacFinal(hmac[i], digest[i]);
                     if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&hmac[i]),
+                                            BENCH_ASYNC_GET_DEV(hmac[i]),
                                             0, &times, &pending)) {
                         goto exit_hmac;
                     }
@@ -7787,9 +7951,10 @@ exit_hmac:
 exit:
 
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_HmacFree(&hmac[i]);
+        wc_HmacFree(hmac[i]);
     }
 
+    WC_FREE_ARRAY(hmac, BENCH_MAX_PENDING, HEAP_HINT);
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 #endif
@@ -8089,28 +8254,16 @@ void bench_srtpkdf(void)
 #if defined(WOLFSSL_KEY_GEN)
 static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
 {
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey *genKey;
-#else
-    RsaKey genKey[BENCH_MAX_PENDING];
-#endif
-    double start;
+    WC_DECLARE_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
+    double start = 0;
     int    ret = 0, i, count = 0, times, pending = 0;
     const long rsa_e_val = WC_RSA_EXPONENT;
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-#ifdef WOLFSSL_SMALL_STACK
-    genKey = (RsaKey *)XMALLOC(sizeof(*genKey) * BENCH_MAX_PENDING,
-                               HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey == NULL) {
-        printf("bench_rsaKeyGen_helper malloc failed\n");
-        return;
-    }
-#endif
-
-    /* clear for done cleanup */
-    XMEMSET(genKey, 0, sizeof(*genKey) * BENCH_MAX_PENDING);
+    WC_CALLOC_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
 
     bench_stats_start(&count, &start);
     do {
@@ -8119,19 +8272,18 @@ static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
             bench_async_poll(&pending);
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]),
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]),
                                       0, &times, genTimes, &pending)) {
-
-                    wc_FreeRsaKey(&genKey[i]);
-                    ret = wc_InitRsaKey_ex(&genKey[i], HEAP_HINT, devId);
+                    wc_FreeRsaKey(genKey[i]);
+                    ret = wc_InitRsaKey_ex(genKey[i], HEAP_HINT, devId);
                     if (ret < 0) {
                         goto exit;
                     }
 
-                    ret = wc_MakeRsaKey(&genKey[i], (int)keySz, rsa_e_val,
+                    ret = wc_MakeRsaKey(genKey[i], (int)keySz, rsa_e_val,
                                         &gRng);
                     if (!bench_async_handle(&ret,
-                        BENCH_ASYNC_GET_DEV(&genKey[i]), 0,
+                        BENCH_ASYNC_GET_DEV(genKey[i]), 0,
                                             &times, &pending)) {
                         goto exit;
                     }
@@ -8155,12 +8307,10 @@ exit:
 
     /* cleanup */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeRsaKey(&genKey[i]);
+        wc_FreeRsaKey(genKey[i]);
     }
 
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
+    WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
 }
 
 void bench_rsaKeyGen(int useDeviceID)
@@ -8291,7 +8441,11 @@ static const unsigned char rsa_3072_sig[] = {
 #endif
 #endif /* WOLFSSL_RSA_VERIFY_INLINE || WOLFSSL_RSA_PUBLIC_ONLY */
 
-static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
+static void bench_rsa_helper(int useDeviceID,
+                             WC_ARRAY_ARG(rsaKey,
+                                          RsaKey,
+                                          BENCH_MAX_PENDING,
+                                          sizeof(RsaKey)),
                              word32 rsaKeySz)
 {
     int         ret = 0, i, times, count = 0, pending = 0;
@@ -8306,41 +8460,38 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     WC_DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
 #endif
-    WC_DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING,
+    WC_DECLARE_HEAP_ARRAY(enc, byte, BENCH_MAX_PENDING,
                                  rsaKeySz, HEAP_HINT);
 
-    #if (  !defined(WOLFSSL_RSA_VERIFY_INLINE) \
-        && !defined(WOLFSSL_RSA_PUBLIC_ONLY)   )
-        WC_DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING,
-                                     rsaKeySz, HEAP_HINT);
-    #else
-        byte* out[BENCH_MAX_PENDING];
-    #endif
+#if (!defined(WOLFSSL_RSA_VERIFY_INLINE) && \
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+    WC_DECLARE_HEAP_ARRAY(out, byte, BENCH_MAX_PENDING,
+                                    rsaKeySz, HEAP_HINT);
+#else
+    byte* out[BENCH_MAX_PENDING];
+#endif
+
+    XMEMSET(out, 0, sizeof(out));
 
-    WC_DECLARE_ARRAY_DYNAMIC_EXE(enc, byte, BENCH_MAX_PENDING,
+    WC_ALLOC_HEAP_ARRAY(enc, byte, BENCH_MAX_PENDING,
                                  rsaKeySz, HEAP_HINT);
 
-    #if (  !defined(WOLFSSL_RSA_VERIFY_INLINE) \
-        && !defined(WOLFSSL_RSA_PUBLIC_ONLY)   )
-        WC_DECLARE_ARRAY_DYNAMIC_EXE(out, byte, BENCH_MAX_PENDING,
-                                     rsaKeySz, HEAP_HINT);
-        if (out[0] == NULL) {
-            ret = MEMORY_E;
-            goto exit;
-        }
-    #endif
-    if (enc[0] == NULL) {
+#if (!defined(WOLFSSL_RSA_VERIFY_INLINE) && \
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+    WC_ALLOC_HEAP_ARRAY(out, byte, BENCH_MAX_PENDING,
+                                    rsaKeySz, HEAP_HINT);
+    if (out[0] == NULL) {
         ret = MEMORY_E;
         goto exit;
     }
-
-#ifndef WOLFSSL_RSA_VERIFY_ONLY
-    #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (message == NULL) {
+#endif
+    if (enc[0] == NULL) {
         ret = MEMORY_E;
         goto exit;
     }
-    #endif
+
+#ifndef WOLFSSL_RSA_VERIFY_ONLY
+    WC_ALLOC_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
     XMEMCPY(message, messageStr, len);
 #endif
 
@@ -8355,14 +8506,14 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                         ret = wc_RsaPublicEncrypt(message, (word32)len, enc[i],
-                                                  rsaKeySz/8, &rsaKey[i],
+                                                  rsaKeySz/8, rsaKey[i],
                                                   GLOBAL_RNG);
                         if (!bench_async_handle(&ret,
                                                 BENCH_ASYNC_GET_DEV(
-                                                &rsaKey[i]), 1, &times,
+                                                rsaKey[i]), 1, &times,
                                                 &pending)) {
                             goto exit_rsa_verify;
                         }
@@ -8404,12 +8555,12 @@ exit_rsa_verify:
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                         ret = wc_RsaPrivateDecrypt(enc[i], idx, out[i],
-                                                   rsaKeySz/8, &rsaKey[i]);
+                                                   rsaKeySz/8, rsaKey[i]);
                         if (!bench_async_handle(&ret,
-                                           BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                           BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                                 1, &times, &pending)) {
                             goto exit_rsa_pub;
                         }
@@ -8443,12 +8594,12 @@ exit_rsa_pub:
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                         ret = wc_RsaSSL_Sign(message, len, enc[i],
-                                            rsaKeySz/8, &rsaKey[i], GLOBAL_RNG);
+                                            rsaKeySz/8, rsaKey[i], GLOBAL_RNG);
                         if (!bench_async_handle(&ret,
-                                           BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                           BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                            1, &times, &pending)) {
                             goto exit_rsa_sign;
                         }
@@ -8489,18 +8640,18 @@ exit_rsa_sign:
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                     #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
                         !defined(WOLFSSL_RSA_PUBLIC_ONLY)
                         ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
-                                                      rsaKeySz/8, &rsaKey[i]);
+                                                      rsaKeySz/8, rsaKey[i]);
                     #elif defined(USE_CERT_BUFFERS_2048)
                         XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig));
                         idx = sizeof(rsa_2048_sig);
                         out[i] = NULL;
                         ret = wc_RsaSSL_VerifyInline(enc[i], idx,
-                                                     &out[i], &rsaKey[i]);
+                                                     &out[i], rsaKey[i]);
                         if (ret > 0) {
                             ret = 0;
                         }
@@ -8510,12 +8661,12 @@ exit_rsa_sign:
                         idx = sizeof(rsa_3072_sig);
                         out[i] = NULL;
                         ret = wc_RsaSSL_VerifyInline(enc[i], idx,
-                                                     &out[i], &rsaKey[i]);
+                                                     &out[i], rsaKey[i]);
                         if (ret > 0)
                             ret = 0;
                     #endif
                         if (!bench_async_handle(&ret,
-                                              BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                              BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                               1, &times, &pending)) {
                             goto exit_rsa_verifyinline;
                         }
@@ -8540,9 +8691,9 @@ exit_rsa_verifyinline:
 
 exit:
 
-    WC_FREE_ARRAY_DYNAMIC(enc, BENCH_MAX_PENDING, HEAP_HINT);
+    WC_FREE_HEAP_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
 #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
-    WC_FREE_ARRAY_DYNAMIC(out, BENCH_MAX_PENDING, HEAP_HINT);
+    WC_FREE_HEAP_ARRAY(out, BENCH_MAX_PENDING, HEAP_HINT);
 #endif
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     WC_FREE_VAR(message, HEAP_HINT);
@@ -8552,11 +8703,8 @@ exit:
 void bench_rsa(int useDeviceID)
 {
     int         i;
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey      *rsaKey;
-#else
-    RsaKey      rsaKey[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
     int         ret = 0;
     word32      rsaKeySz = 0;
     const byte* tmp;
@@ -8565,14 +8713,8 @@ void bench_rsa(int useDeviceID)
     word32      idx;
 #endif
 
-#ifdef WOLFSSL_SMALL_STACK
-    rsaKey = (RsaKey *)XMALLOC(sizeof(*rsaKey) * BENCH_MAX_PENDING,
-                               HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (rsaKey == NULL) {
-        printf("bench_rsa malloc failed\n");
-        return;
-    }
-#endif
+    WC_CALLOC_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
 
 #ifdef USE_CERT_BUFFERS_1024
     tmp = rsa_key_der_1024;
@@ -8594,23 +8736,20 @@ void bench_rsa(int useDeviceID)
     #error "need a cert buffer size"
 #endif /* USE_CERT_BUFFERS */
 
-    /* clear for done cleanup */
-    XMEMSET(rsaKey, 0, sizeof(*rsaKey) * BENCH_MAX_PENDING);
-
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an async context for each key */
-        ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT,
+        ret = wc_InitRsaKey_ex(rsaKey[i], HEAP_HINT,
             useDeviceID ? devId : INVALID_DEVID);
         if (ret < 0) {
-            goto exit_bench_rsa;
+            goto exit;
         }
 
 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     #ifdef WC_RSA_BLINDING
-        ret = wc_RsaSetRNG(&rsaKey[i], &gRng);
+        ret = wc_RsaSetRNG(rsaKey[i], &gRng);
         if (ret != 0)
-            goto exit_bench_rsa;
+            goto exit;
     #endif
 #endif
 
@@ -8618,9 +8757,9 @@ void bench_rsa(int useDeviceID)
         /* decode the private key */
         idx = 0;
         if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx,
-                                          &rsaKey[i], (word32)bytes)) != 0) {
+                                          rsaKey[i], (word32)bytes)) != 0) {
             printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
-            goto exit_bench_rsa;
+            goto exit;
         }
 #elif defined(WOLFSSL_PUBLIC_MP)
         /* get offset to public portion of the RSA key */
@@ -8629,15 +8768,15 @@ void bench_rsa(int useDeviceID)
     #elif defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_3072)
         bytes = 12;
     #endif
-        ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[bytes], rsaKeySz/8);
+        ret = mp_read_unsigned_bin(&rsaKey[i]->n, &tmp[bytes], rsaKeySz/8);
         if (ret != 0) {
             printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
-            goto exit_bench_rsa;
+            goto exit;
         }
-        ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT);
+        ret = mp_set_int(&rsaKey[i]->e, WC_RSA_EXPONENT);
         if (ret != 0) {
             printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
-            goto exit_bench_rsa;
+            goto exit;
         }
 #else
         /* Note: To benchmark public only define WOLFSSL_PUBLIC_MP */
@@ -8652,15 +8791,14 @@ void bench_rsa(int useDeviceID)
     (void)bytes;
     (void)tmp;
 
-exit_bench_rsa:
+exit:
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeRsaKey(&rsaKey[i]);
+    if (WC_ARRAY_OK(rsaKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_FreeRsaKey(rsaKey[i]);
+        }
+        WC_FREE_ARRAY(rsaKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(rsaKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 }
 
 
@@ -8669,27 +8807,17 @@ exit_bench_rsa:
 void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
 {
     int     ret = 0, i, pending = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey *rsaKey;
-#else
-    RsaKey  rsaKey[BENCH_MAX_PENDING];
-#endif
-    int     isPending[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
+    int isPending[BENCH_MAX_PENDING];
     long    exp = 65537L;
 
-#ifdef WOLFSSL_SMALL_STACK
-    rsaKey = (RsaKey *)XMALLOC(sizeof(*rsaKey) * BENCH_MAX_PENDING,
-                               HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (rsaKey == NULL) {
-        printf("bench_rsa_key malloc failed\n");
-        return;
-    }
-#endif
-
     /* clear for done cleanup */
-    XMEMSET(rsaKey, 0, sizeof(*rsaKey) * BENCH_MAX_PENDING);
     XMEMSET(isPending, 0, sizeof(isPending));
 
+    WC_CALLOC_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
+
     /* init keys */
     do {
         pending = 0;
@@ -8697,42 +8825,41 @@ void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
             if (!isPending[i]) { /* if making the key is pending then just call
                                   * wc_MakeRsaKey again */
                 /* setup an async context for each key */
-                if (wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT,
+                if (wc_InitRsaKey_ex(rsaKey[i], HEAP_HINT,
                         useDeviceID ? devId : INVALID_DEVID) < 0) {
-                    goto exit_bench_rsa_key;
+                    goto exit;
                 }
 
             #ifdef WC_RSA_BLINDING
-                ret = wc_RsaSetRNG(&rsaKey[i], &gRng);
+                ret = wc_RsaSetRNG(rsaKey[i], &gRng);
                 if (ret != 0)
-                    goto exit_bench_rsa_key;
+                    goto exit;
             #endif
             }
 
             /* create the RSA key */
-            ret = wc_MakeRsaKey(&rsaKey[i], (int)rsaKeySz, exp, &gRng);
+            ret = wc_MakeRsaKey(rsaKey[i], (int)rsaKeySz, exp, &gRng);
             if (ret == WC_PENDING_E) {
                 isPending[i] = 1;
                 pending      = 1;
             }
             else if (ret != 0) {
                 printf("wc_MakeRsaKey failed! %d\n", ret);
-                goto exit_bench_rsa_key;
+                goto exit;
             }
         } /* for i */
     } while (pending > 0);
 
     bench_rsa_helper(useDeviceID, rsaKey, rsaKeySz);
-exit_bench_rsa_key:
+exit:
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeRsaKey(&rsaKey[i]);
+    if (WC_ARRAY_OK(rsaKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_FreeRsaKey(rsaKey[i]);
+        }
+        WC_FREE_ARRAY(rsaKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(rsaKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 }
 #endif /* WOLFSSL_KEY_GEN */
 #endif /* !NO_RSA */
@@ -8768,11 +8895,8 @@ void bench_dh(int useDeviceID)
     int    count = 0, times, pending = 0;
     const byte* tmp = NULL;
     double start = 0.0F;
-#ifdef WOLFSSL_SMALL_STACK
-    DhKey *dhKey = NULL;
-#else
-    DhKey  dhKey[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(dhKey, DhKey, BENCH_MAX_PENDING,
+                     sizeof(DhKey), HEAP_HINT);
     int    dhKeySz = BENCH_DH_KEY_SIZE * 8; /* used in printf */
     const char**desc = bench_desc_words[lng_index];
 #ifndef NO_ASN
@@ -8804,28 +8928,22 @@ void bench_dh(int useDeviceID)
     WC_DECLARE_VAR(priv2, byte,
                      BENCH_DH_PRIV_SIZE, HEAP_HINT);
 
-    WC_INIT_ARRAY(pub, byte,
+    /* old scan-build misfires -Wmaybe-uninitialized on these. */
+    XMEMSET(pub, 0, sizeof(pub));
+    XMEMSET(agree, 0, sizeof(agree));
+    XMEMSET(priv, 0, sizeof(priv));
+
+    WC_CALLOC_ARRAY(dhKey, DhKey, BENCH_MAX_PENDING,
+                     sizeof(DhKey), HEAP_HINT);
+    WC_ALLOC_ARRAY(pub, byte,
                   BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(agree, byte,
+    WC_ALLOC_ARRAY(agree, byte,
                   BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(priv, byte,
+    WC_ALLOC_ARRAY(priv, byte,
                   BENCH_MAX_PENDING, BENCH_DH_PRIV_SIZE, HEAP_HINT);
 
-#ifdef WOLFSSL_SMALL_STACK
-    dhKey = (DhKey *)XMALLOC(sizeof(DhKey) * BENCH_MAX_PENDING, HEAP_HINT,
-                             DYNAMIC_TYPE_TMP_BUFFER);
-    if (! dhKey) {
-        ret = MEMORY_E;
-        goto exit;
-    }
-#endif
-
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (pub[0] == NULL || pub2 == NULL || agree[0] == NULL || priv[0] == NULL || priv2 == NULL) {
-        ret = MEMORY_E;
-        goto exit;
-    }
-#endif
+    WC_ALLOC_VAR(pub2, byte, BENCH_DH_KEY_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(priv2, byte, BENCH_DH_PRIV_SIZE, HEAP_HINT);
 
     (void)tmp;
 
@@ -8884,18 +9002,10 @@ void bench_dh(int useDeviceID)
     }
 #endif
 
-    /* clear for done cleanup */
-    XMEMSET(dhKey, 0, sizeof(DhKey) * BENCH_MAX_PENDING);
-#if 0
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        XMEMSET(dhKey[i], 0, sizeof(DhKey));
-    }
-#endif
-
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an async context for each key */
-        ret = wc_InitDhKey_ex(&dhKey[i], HEAP_HINT,
+        ret = wc_InitDhKey_ex(dhKey[i], HEAP_HINT,
                         useDeviceID ? devId : INVALID_DEVID);
         if (ret != 0)
             goto exit;
@@ -8903,22 +9013,22 @@ void bench_dh(int useDeviceID)
         /* setup key */
         if (!use_ffdhe) {
     #ifdef NO_ASN
-            ret = wc_DhSetKey(&dhKey[i], dh_p,
+            ret = wc_DhSetKey(dhKey[i], dh_p,
                               sizeof(dh_p), dh_g, sizeof(dh_g));
     #else
             idx = 0;
-            ret = wc_DhKeyDecode(tmp, &idx, &dhKey[i], (word32)bytes);
+            ret = wc_DhKeyDecode(tmp, &idx, dhKey[i], (word32)bytes);
     #endif
         }
     #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)
     #ifdef HAVE_PUBLIC_FFDHE
         else if (params != NULL) {
-            ret = wc_DhSetKey(&dhKey[i], params->p, params->p_len,
+            ret = wc_DhSetKey(dhKey[i], params->p, params->p_len,
                               params->g, params->g_len);
         }
     #else
         else if (paramName != 0) {
-            ret = wc_DhSetNamedKey(&dhKey[i], paramName);
+            ret = wc_DhSetNamedKey(dhKey[i], paramName);
         }
     #endif
     #endif
@@ -8938,15 +9048,15 @@ void bench_dh(int useDeviceID)
             bench_async_poll(&pending);
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]),
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dhKey[i]),
                                       0, &times, genTimes, &pending)) {
                     privSz[i] = BENCH_DH_PRIV_SIZE;
                     pubSz[i] = BENCH_DH_KEY_SIZE;
-                    ret = wc_DhGenerateKeyPair(&dhKey[i], &gRng,
+                    ret = wc_DhGenerateKeyPair(dhKey[i], &gRng,
                                                priv[i], &privSz[i],
                                                pub[i], &pubSz[i]);
                     if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&dhKey[i]),
+                                            BENCH_ASYNC_GET_DEV(dhKey[i]),
                                             0, &times, &pending)) {
                         goto exit_dh_gen;
                     }
@@ -8977,11 +9087,11 @@ exit_dh_gen:
 
     /* Generate key to use as other public */
     PRIVATE_KEY_UNLOCK();
-    ret = wc_DhGenerateKeyPair(&dhKey[0], &gRng,
+    ret = wc_DhGenerateKeyPair(dhKey[0], &gRng,
                                priv2, &privSz2, pub2, &pubSz2);
     PRIVATE_KEY_LOCK();
 #ifdef WOLFSSL_ASYNC_CRYPT
-    ret = wc_AsyncWait(ret, &dhKey[0].asyncDev, WC_ASYNC_FLAG_NONE);
+    ret = wc_AsyncWait(ret, &dhKey[0]->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 
     /* Key Agree */
@@ -8993,12 +9103,12 @@ exit_dh_gen:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]),
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dhKey[i]),
                                       0, &times, agreeTimes, &pending)) {
-                    ret = wc_DhAgree(&dhKey[i], agree[i], &agreeSz[i], priv[i],
+                    ret = wc_DhAgree(dhKey[i], agree[i], &agreeSz[i], priv[i],
                                      privSz[i], pub2, pubSz2);
                     if (!bench_async_handle(&ret,
-                        BENCH_ASYNC_GET_DEV(&dhKey[i]), 0, &times, &pending)) {
+                        BENCH_ASYNC_GET_DEV(dhKey[i]), 0, &times, &pending)) {
                         goto exit;
                     }
                 }
@@ -9022,19 +9132,12 @@ exit:
 #endif
 
     /* cleanup */
-#ifdef WOLFSSL_SMALL_STACK
-    if (dhKey) {
+    if (WC_ARRAY_OK(dhKey)) {
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            wc_FreeDhKey(&dhKey[i]);
+            wc_FreeDhKey(dhKey[i]);
         }
-        XFREE(dhKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        WC_FREE_ARRAY(dhKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-#else
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeDhKey(&dhKey[i]);
-    }
-#endif
-
     WC_FREE_ARRAY(pub, BENCH_MAX_PENDING, HEAP_HINT);
     WC_FREE_VAR(pub2, HEAP_HINT);
     WC_FREE_ARRAY(priv, BENCH_MAX_PENDING, HEAP_HINT);
@@ -9347,7 +9450,7 @@ static const byte lms_pub_L4_H5_W8[60] =
     0x74,0x24,0x12,0xC8
 };
 
-static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
+static int lms_write_key_mem(const byte* priv, word32 privSz, void* context)
 {
    /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
     * BE USED FOR TESTING PURPOSES! Production applications should
@@ -9356,15 +9459,128 @@ static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
     return WC_LMS_RC_SAVED_TO_NV_MEMORY;
 }
 
-static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
+static int lms_read_key_mem(byte* priv, word32 privSz, void* context)
 {
    /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
     * BE USED FOR TESTING PURPOSES! */
     XMEMCPY(priv, context, privSz);
     return WC_LMS_RC_READ_TO_MEMORY;
 }
+static byte lms_priv[HSS_MAX_PRIVATE_KEY_LEN];
+
+static void bench_lms_keygen(int parm, byte* pub)
+{
+    WC_RNG      rng;
+    LmsKey      key;
+    int         ret;
+    word32      pubLen = HSS_MAX_PUBLIC_KEY_LEN;
+    int         times = 0;
+    int         count = 0;
+    double      start = 0.0F;
+    int         levels;
+    int         height;
+    int         winternitz;
+    const char* str = wc_LmsKey_ParmToStr(parm);
+    DECLARE_MULTI_VALUE_STATS_VARS()
+
+#ifndef HAVE_FIPS
+    ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
+#else
+    ret = wc_InitRng(&rng);
+#endif
+    if (ret != 0) {
+        fprintf(stderr, "error: wc_InitRng failed: %d\n", ret);
+        return;
+    }
+
+    ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID);
+    if (ret) {
+        printf("wc_LmsKey_Init failed: %d\n", ret);
+        wc_FreeRng(&rng);
+        return;
+    }
+
+    count = 0;
+    bench_stats_start(&count, &start);
+
+    do {
+        /* LMS is stateful. Async queuing not practical. */
+        for (times = 0; times < 1; ++times) {
+
+            wc_LmsKey_Free(&key);
+
+            ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID);
+            if (ret) {
+                printf("wc_LmsKey_Init failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetLmsParm(&key, parm);
+            if (ret) {
+                printf("wc_LmsKey_SetLmsParm failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_GetParameters failed: %d\n",
+                    ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n",
+                    ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n",
+                    ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_MakeKey(&key, &rng);
+            if (ret) {
+                printf("wc_LmsKey_MakeKey failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            RECORD_MULTI_VALUE_STATS();
+        }
+
+        count += times;
+    } while (bench_stats_check(start)
+#ifdef MULTI_VALUE_STATISTICS
+       || runs < minimum_runs
+#endif
+       );
+
+    bench_stats_asym_finish(str, levels * height, "keygen", 0,
+                            count, start, ret);
+#ifdef MULTI_VALUE_STATISTICS
+    bench_multi_value_stats(max, min, sum, squareSum, runs);
+#endif
+
+    ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen);
+    if (ret) {
+        fprintf(stderr, "error: wc_LmsKey_ExportPubRaw failed: %d\n", ret);
+    }
+
+exit_lms_keygen:
+    wc_LmsKey_Free(&key);
+    wc_FreeRng(&rng);
+}
 
-static void bench_lms_sign_verify(enum wc_LmsParm parm)
+static void bench_lms_sign_verify(int parm, byte* pub)
 {
     LmsKey       key;
     int          ret = 0;
@@ -9377,8 +9593,8 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
     int          times = 0;
     int          count = 0;
     double       start = 0.0F;
-    byte         priv[HSS_MAX_PRIVATE_KEY_LEN];
     const char * str = wc_LmsKey_ParmToStr(parm);
+    DECLARE_MULTI_VALUE_STATS_VARS()
 
     ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID);
     if (ret) {
@@ -9394,33 +9610,33 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
 
     switch (parm) {
     case WC_LMS_PARM_L2_H10_W2:
-        XMEMCPY(priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2));
-        XMEMCPY(key.pub, lms_pub_L2_H10_W2, sizeof(lms_pub_L2_H10_W2));
+        XMEMCPY(lms_priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2));
+        XMEMCPY(key.pub, lms_pub_L2_H10_W2, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L2_H10_W4:
-        XMEMCPY(priv, lms_priv_L2_H10_W4, sizeof(lms_priv_L2_H10_W4));
-        XMEMCPY(key.pub, lms_pub_L2_H10_W4, sizeof(lms_pub_L2_H10_W4));
+        XMEMCPY(lms_priv, lms_priv_L2_H10_W4, sizeof(lms_priv_L2_H10_W4));
+        XMEMCPY(key.pub, lms_pub_L2_H10_W4, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L3_H5_W4:
-        XMEMCPY(priv, lms_priv_L3_H5_W4, sizeof(lms_priv_L3_H5_W4));
-        XMEMCPY(key.pub, lms_pub_L3_H5_W4, sizeof(lms_pub_L3_H5_W4));
+        XMEMCPY(lms_priv, lms_priv_L3_H5_W4, sizeof(lms_priv_L3_H5_W4));
+        XMEMCPY(key.pub, lms_pub_L3_H5_W4, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L3_H5_W8:
-        XMEMCPY(priv, lms_priv_L3_H5_W8, sizeof(lms_priv_L3_H5_W8));
-        XMEMCPY(key.pub, lms_pub_L3_H5_W8, sizeof(lms_pub_L3_H5_W8));
+        XMEMCPY(lms_priv, lms_priv_L3_H5_W8, sizeof(lms_priv_L3_H5_W8));
+        XMEMCPY(key.pub, lms_pub_L3_H5_W8, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L3_H10_W4:
-        XMEMCPY(priv, lms_priv_L3_H10_W4, sizeof(lms_priv_L3_H10_W4));
-        XMEMCPY(key.pub, lms_pub_L3_H10_W4, sizeof(lms_pub_L3_H10_W4));
+        XMEMCPY(lms_priv, lms_priv_L3_H10_W4, sizeof(lms_priv_L3_H10_W4));
+        XMEMCPY(key.pub, lms_pub_L3_H10_W4, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L4_H5_W8:
-        XMEMCPY(priv, lms_priv_L4_H5_W8, sizeof(lms_priv_L4_H5_W8));
-        XMEMCPY(key.pub, lms_pub_L4_H5_W8, sizeof(lms_pub_L4_H5_W8));
+        XMEMCPY(lms_priv, lms_priv_L4_H5_W8, sizeof(lms_priv_L4_H5_W8));
+        XMEMCPY(key.pub, lms_pub_L4_H5_W8, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_NONE:
@@ -9428,9 +9644,9 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
     case WC_LMS_PARM_L1_H15_W4:
     case WC_LMS_PARM_L2_H10_W8:
     case WC_LMS_PARM_L3_H5_W2:
-        printf("bench_lms_sign_verify: unsupported benchmark option: %d\n",
-               parm);
-        goto exit_lms_sign_verify;
+    default:
+        XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN);
+        break;
     }
 
     ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
@@ -9445,7 +9661,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
         goto exit_lms_sign_verify;
     }
 
-    ret = wc_LmsKey_SetContext(&key, (void *) priv);
+    ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
     if (ret) {
         fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", ret);
         goto exit_lms_sign_verify;
@@ -9454,35 +9670,68 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
     /* Even with saved priv/pub keys, we must still reload the private
      * key before using it. Reloading the private key is the bottleneck
      * for larger heights. Only print load time in debug builds. */
-#if defined(DEBUG_WOLFSSL)
+    count = 0;
     bench_stats_start(&count, &start);
-#endif /* if defined DEBUG_WOLFSSL*/
 
+#ifndef WOLFSSL_WC_LMS_SMALL
+    do {
+    #ifdef WOLFSSL_WC_LMS
+        key.priv.inited = 0;
+        key.state = WC_LMS_STATE_PARMSET;
+    #endif
+        ret = wc_LmsKey_Reload(&key);
+        if (ret) {
+            printf("wc_LmsKey_Reload failed: %d\n", ret);
+            goto exit_lms_sign_verify;
+        }
+        RECORD_MULTI_VALUE_STATS();
+
+        count++;
+
+        ret = wc_LmsKey_GetSigLen(&key, &sigSz);
+        if (ret) {
+            printf("wc_LmsKey_GetSigLen failed: %d\n", ret);
+            goto exit_lms_sign_verify;
+        }
+
+        ret = wc_LmsKey_GetPrivLen(&key, &privLen);
+        if (ret) {
+            printf("wc_LmsKey_GetPrivLen failed: %d\n", ret);
+            goto exit_lms_sign_verify;
+        }
+    #ifdef HAVE_LIBLMS
+        break;
+    #endif
+    } while (bench_stats_check(start)
+#ifdef MULTI_VALUE_STATISTICS
+       || runs < minimum_runs
+#endif
+       );
+
+    bench_stats_asym_finish(str, (int)privLen, "load", 0,
+                            count, start, ret);
+#ifdef MULTI_VALUE_STATISTICS
+    bench_multi_value_stats(max, min, sum, squareSum, runs);
+#endif
+
+    RESET_MULTI_VALUE_STATS_VARS();
+#else
     ret = wc_LmsKey_Reload(&key);
     if (ret) {
         printf("wc_LmsKey_Reload failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
-
-    count +=1;
-
     ret = wc_LmsKey_GetSigLen(&key, &sigSz);
     if (ret) {
         printf("wc_LmsKey_GetSigLen failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
-
     ret = wc_LmsKey_GetPrivLen(&key, &privLen);
     if (ret) {
         printf("wc_LmsKey_GetPrivLen failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
-
-#if defined(DEBUG_WOLFSSL)
-    bench_stats_check(start);
-    bench_stats_asym_finish(str, (int)privLen, "load", 0,
-                            count, start, ret);
-#endif /* if defined DEBUG_WOLFSSL*/
+#endif
 
     loaded = 1;
 
@@ -9497,22 +9746,29 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
 
     do {
         /* LMS is stateful. Async queuing not practical. */
-        for (times = 0; times < ntimes; ++times) {
-
+#ifndef WOLFSSL_WC_LMS_SMALL
+        for (times = 0; times < ntimes; ++times)
+#else
+        for (times = 0; times < 1; ++times)
+#endif
+        {
             ret = wc_LmsKey_Sign(&key, sig, &sigSz, (byte *) msg, msgSz);
             if (ret) {
                 printf("wc_LmsKey_Sign failed: %d\n", ret);
                 goto exit_lms_sign_verify;
             }
             RECORD_MULTI_VALUE_STATS();
+            if (!wc_LmsKey_SigsLeft(&key)) {
+                break;
+            }
         }
 
         count += times;
-    } while (bench_stats_check(start)
+    } while (wc_LmsKey_SigsLeft(&key) && (bench_stats_check(start)
 #ifdef MULTI_VALUE_STATISTICS
        || runs < minimum_runs
 #endif
-       );
+       ));
 
     bench_stats_asym_finish(str, (int)sigSz, "sign", 0,
                             count, start, ret);
@@ -9552,25 +9808,62 @@ exit_lms_sign_verify:
 
     if (loaded) {
         wc_LmsKey_Free(&key);
-        loaded = 0;
-    }
-
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sig = NULL;
     }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return;
 }
 
 void bench_lms(void)
 {
-    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2);
-    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W4);
-    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4);
-    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W8);
-    bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4);
-    bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8);
+    byte pub[HSS_MAX_PUBLIC_KEY_LEN];
+
+#ifdef BENCH_LMS_SLOW_KEYGEN
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
+    bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_L1_H15_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_L2_H10_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_L2_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#ifdef BENCH_LMS_SLOW_KEYGEN
+    bench_lms_keygen(WC_LMS_PARM_L2_H10_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W8, pub);
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
+    bench_lms_keygen(WC_LMS_PARM_L3_H5_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4, pub);
+    bench_lms_keygen(WC_LMS_PARM_L3_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W8, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_L3_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4, pub);
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
+    bench_lms_keygen(WC_LMS_PARM_L4_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8, pub);
+#endif
+
+#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
+    bench_lms_keygen(0x100, pub);
+    bench_lms_sign_verify(0x100, pub);
+#endif
+
     return;
 }
 
@@ -9640,11 +9933,17 @@ static void bench_xmss_sign_verify(const char * params)
     }
 
     ret = wc_XmssKey_GetPubLen(&key, &pkSz);
+    if (ret != 0) {
+        fprintf(stderr, "wc_XmssKey_GetPubLen failed: %d\n", ret);
+        goto exit_xmss_sign_verify;
+    }
+#ifndef WOLFSSL_WC_XMSS
     if (pkSz != XMSS_SHA256_PUBLEN) {
-        fprintf(stderr, "error: xmss pub len: got %d, expected %d\n", pkSz,
+        fprintf(stderr, "error: xmss pub len: got %u, expected %d\n", pkSz,
                 XMSS_SHA256_PUBLEN);
         goto exit_xmss_sign_verify;
     }
+#endif
 
     ret = wc_XmssKey_GetPrivLen(&key, &skSz);
     if (ret != 0 || skSz <= 0) {
@@ -9684,7 +9983,7 @@ static void bench_xmss_sign_verify(const char * params)
         goto exit_xmss_sign_verify;
     }
 
-    ret = wc_XmssKey_SetContext(&key, (void *) sk);
+    ret = wc_XmssKey_SetContext(&key, (void *)sk);
     if (ret != 0) {
         fprintf(stderr, "error: wc_XmssKey_SetContext failed: %d\n", ret);
         goto exit_xmss_sign_verify;
@@ -9697,25 +9996,21 @@ static void bench_xmss_sign_verify(const char * params)
     fprintf(stderr, "sigSz:  %d\n", sigSz);
 #endif
 
-    /* Making the private key is the bottleneck
-     * for larger heights. Only print load time in debug builds. */
-#if defined(DEBUG_WOLFSSL)
+    /* Making the private key is the bottleneck for larger heights. */
+    count = 0;
     bench_stats_start(&count, &start);
-#endif /* if defined DEBUG_WOLFSSL*/
 
     ret = wc_XmssKey_MakeKey(&key, &rng);
     if (ret != 0) {
         printf("wc_XmssKey_MakeKey failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
+    /* Can only do one at a time - state changes after make key. */
 
     count +=1;
 
-#if defined(DEBUG_WOLFSSL)
     bench_stats_check(start);
-    bench_stats_asym_finish(params, (int)skSz, "load", 0,
-                            count, start, ret);
-#endif /* if defined DEBUG_WOLFSSL*/
+    bench_stats_asym_finish(params, (int)skSz, "gen", 0, count, start, ret);
 
     freeKey = 1;
 
@@ -9724,20 +10019,24 @@ static void bench_xmss_sign_verify(const char * params)
 
     do {
         /* XMSS is stateful. Async queuing not practical. */
-        for (times = 0; times < ntimes; ++times) {
-
+#ifndef WOLFSSL_WC_XMSS_SMALL
+        for (times = 0; times < ntimes; ++times)
+#else
+        for (times = 0; times < 1; ++times)
+#endif
+        {
+            if (!wc_XmssKey_SigsLeft(&key))
+                break;
             ret = wc_XmssKey_Sign(&key, sig, &sigSz, (byte *) msg, msgSz);
             if (ret) {
                 printf("wc_XmssKey_Sign failed: %d\n", ret);
                 goto exit_xmss_sign_verify;
             }
         }
-
         count += times;
-    } while (bench_stats_check(start));
+    } while (wc_XmssKey_SigsLeft(&key) && bench_stats_check(start));
 
-    bench_stats_asym_finish(params, (int)sigSz, "sign", 0,
-                            count, start, ret);
+    bench_stats_asym_finish(params, (int)sigSz, "sign", 0, count, start, ret);
 
     count = 0;
     bench_stats_start(&count, &start);
@@ -9751,13 +10050,11 @@ static void bench_xmss_sign_verify(const char * params)
                 goto exit_xmss_sign_verify;
             }
         }
-
         count += times;
     } while (bench_stats_check(start));
 
 exit_xmss_sign_verify:
-    bench_stats_asym_finish(params, (int)sigSz, "verify", 0,
-                            count, start, ret);
+    bench_stats_asym_finish(params, (int)sigSz, "verify", 0, count, start, ret);
 
     /* Cleanup everything. */
     if (sig != NULL) {
@@ -9783,7 +10080,7 @@ exit_xmss_sign_verify:
     return;
 }
 
-void bench_xmss(void)
+void bench_xmss(int hash)
 {
     /* All NIST SP 800-208 approved SHA256 XMSS/XMSS^MT parameter
      * sets.
@@ -9799,18 +10096,287 @@ void bench_xmss(void)
      *
      * h is the total height of the hyper tree, and d the number of
      * trees.
-     * */
-                                                       /* h/d    h   d */
-    bench_xmss_sign_verify("XMSS-SHA2_10_256");        /*  10   10   1 */
- /* bench_xmss_sign_verify("XMSS-SHA2_16_256"); */     /*  16   16   1 */
- /* bench_xmss_sign_verify("XMSS-SHA2_20_256"); */     /*  20   20   1 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_20/2_256");    /*  10   20   2 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_20/4_256");    /*   5   20   4 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_40/4_256");    /*  10   40   4 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_40/8_256");    /*   5   40   8 */
- /* bench_xmss_sign_verify("XMSSMT-SHA2_60/3_256"); */ /*  20   60   3 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_60/6_256");    /*  10   60   6 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_60/12_256");   /*   5   60  12 */
+     */
+                                                            /* h/d    h   d */
+#ifdef WC_XMSS_SHA256
+    if (hash == WC_HASH_TYPE_SHA256) {
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHA2_10_256");         /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_16_256");         /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_20_256");         /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHA2_10_192");         /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_16_192");         /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_20_192");         /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 192 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/2_256");     /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/4_256");     /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/2_256");     /*  20   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/4_256");     /*  10   40   4 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/8_256");     /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/3_256");     /*  20   60   3 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/6_256");     /*  10   60   6 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/12_256");    /*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/2_192");     /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/4_192");     /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/2_192");     /*  20   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/4_192");     /*  10   40   4 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/8_192");     /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/3_192");     /*  20   60   3 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/6_192");     /*  10   60   6 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/12_192");    /*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 192 */
+    }
+#endif
+#ifdef WC_XMSS_SHA512
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+    if (hash == WC_HASH_TYPE_SHA512) {
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHA2_10_512");         /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_16_512");         /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_20_512");         /*  20   20   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/2_512");     /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/4_512");     /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/2_512");     /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/4_512");     /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/8_512");     /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/3_512");     /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/6_512");     /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/12_512");    /*   5   60  12 */
+#endif
+    }
+#endif /* HASH_SIZE 512 */
+#endif
+#ifdef WC_XMSS_SHAKE128
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+    if (hash == WC_HASH_TYPE_SHAKE128) {
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE_10_256");        /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_16_256");        /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_20_256");        /*  20   20   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/2_256");    /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/4_256");    /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/2_256");    /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/4_256");    /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/8_256");    /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/3_256");    /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/6_256");    /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/12_256");   /*   5   60  12 */
+#endif
+    }
+#endif /* HASH_SIZE 256 */
+#endif
+#ifdef WC_XMSS_SHAKE256
+    if (hash == WC_HASH_TYPE_SHAKE256) {
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE_10_512");        /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_16_512");        /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_20_512");        /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 512 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE256_10_256");     /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_16_256");     /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_20_256");     /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE256_10_192");     /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_16_192");     /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_20_192");     /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 192 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/2_512");    /*  10   20   2 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/4_512");    /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/2_512");    /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/4_512");    /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/8_512");    /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/3_512");    /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/6_512");    /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/12_512");   /*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 512 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/2_256"); /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/4_256"); /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/2_256"); /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/4_256"); /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/8_256"); /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/3_256"); /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/6_256"); /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/12_256");/*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/2_192"); /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/4_192"); /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/2_192"); /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/4_192"); /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/8_192"); /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/3_192"); /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/6_192"); /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/12_192");/*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 192 */
+    }
+#endif
     return;
 }
 #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */
@@ -9849,34 +10415,22 @@ void bench_ecc_curve(int curveId)
 
 void bench_eccMakeKey(int useDeviceID, int curveId)
 {
-    int ret = 0, i, times, count, pending = 0;
+    int ret = 0, i, times, count = 0, pending = 0;
     int deviceID;
-    int keySize;
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key *genKey;
-#else
-    ecc_key genKey[BENCH_MAX_PENDING];
-#endif
+    int keySize = 0;
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
     char name[BENCH_ECC_NAME_SZ];
-    double start;
+    double start = 0;
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-#ifdef WOLFSSL_SMALL_STACK
-    genKey = (ecc_key *)XMALLOC(sizeof(*genKey) * BENCH_MAX_PENDING,
-                                HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey == NULL) {
-        printf("bench_eccMakeKey malloc failed\n");
-        return;
-    }
-#endif
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 
     deviceID = useDeviceID ? devId : INVALID_DEVID;
     keySize = wc_ecc_get_curve_size_from_id(curveId);
 
-    /* clear for done cleanup */
-    XMEMSET(genKey, 0, sizeof(*genKey) * BENCH_MAX_PENDING);
-
     /* ECC Make Key */
     bench_stats_start(&count, &start);
     do {
@@ -9886,19 +10440,19 @@ void bench_eccMakeKey(int useDeviceID, int curveId)
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
                 if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(&genKey[i]), 0,
+                                      BENCH_ASYNC_GET_DEV(genKey[i]), 0,
                                       &times, agreeTimes, &pending)) {
 
-                    wc_ecc_free(&genKey[i]);
-                    ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID);
+                    wc_ecc_free(genKey[i]);
+                    ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID);
                     if (ret < 0) {
                         goto exit;
                     }
 
-                    ret = wc_ecc_make_key_ex(&gRng, keySize, &genKey[i],
+                    ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i],
                             curveId);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 0, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 0, &times,
                                 &pending)) {
                         goto exit;
                     }
@@ -9923,13 +10477,12 @@ exit:
 #endif
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_ecc_free(genKey[i]);
+        }
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 }
 
 
@@ -9939,22 +10492,16 @@ void bench_ecc(int useDeviceID, int curveId)
     int deviceID;
     int  keySize;
     char name[BENCH_ECC_NAME_SZ];
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key *genKey;
-#else
-    ecc_key genKey[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #ifdef HAVE_ECC_DHE
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key *genKey2;
-#else
-    ecc_key genKey2[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #endif
 
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
     #ifdef HAVE_ECC_VERIFY
-        int    verify[BENCH_MAX_PENDING];
+        int verify[BENCH_MAX_PENDING];
     #endif
 #endif
 
@@ -9975,61 +10522,48 @@ void bench_ecc(int useDeviceID, int curveId)
                      BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 
-#ifdef WOLFSSL_SMALL_STACK
-    genKey = (ecc_key *)XMALLOC(sizeof(*genKey) * BENCH_MAX_PENDING,
-                                HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey == NULL) {
-        printf("bench_eccMakeKey malloc failed\n");
-        return;
-    }
-#ifdef HAVE_ECC_DHE
-    genKey2 = (ecc_key *)XMALLOC(sizeof(*genKey2) * BENCH_MAX_PENDING,
-                                 HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey2 == NULL) {
-        XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        printf("bench_eccMakeKey malloc failed\n");
-        return;
-    }
-#endif
-#endif
+    /* old scan-build misfires -Wmaybe-uninitialized on these. */
+    XMEMSET(sig, 0, sizeof(sig));
+    XMEMSET(digest, 0, sizeof(digest));
+    XMEMSET(shared, 0, sizeof(shared));
+
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 
 #ifdef HAVE_ECC_DHE
-    WC_INIT_ARRAY(shared, byte,
+    WC_CALLOC_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
+    WC_ALLOC_ARRAY(shared, byte,
                   BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
-    WC_INIT_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
     deviceID = useDeviceID ? devId : INVALID_DEVID;
 
-    /* clear for done cleanup */
-    XMEMSET(genKey, 0, sizeof(*genKey) * BENCH_MAX_PENDING);
-#ifdef HAVE_ECC_DHE
-    XMEMSET(genKey2, 0, sizeof(*genKey2) * BENCH_MAX_PENDING);
-#endif
     keySize = wc_ecc_get_curve_size_from_id(curveId);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an context for each key */
-        if ((ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        ret = wc_ecc_make_key_ex(&gRng, keySize, &genKey[i], curveId);
+        ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], curveId);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        ret = wc_AsyncWait(ret, &genKey[i].asyncDev, WC_ASYNC_FLAG_NONE);
+        ret = wc_AsyncWait(ret, &genKey[i]->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret < 0) {
             goto exit;
         }
 
     #ifdef HAVE_ECC_DHE
-        if ((ret = wc_ecc_init_ex(&genKey2[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        if ((ret = wc_ecc_make_key_ex(&gRng, keySize, &genKey2[i],
+        if ((ret = wc_ecc_make_key_ex(&gRng, keySize, genKey2[i],
                     curveId)) > 0) {
             goto exit;
         }
@@ -10041,7 +10575,7 @@ void bench_ecc(int useDeviceID, int curveId)
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        (void)wc_ecc_set_rng(&genKey[i], &gRng);
+        (void)wc_ecc_set_rng(genKey[i], &gRng);
     }
 #endif
 
@@ -10054,13 +10588,13 @@ void bench_ecc(int useDeviceID, int curveId)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                                       &times, agreeTimes, &pending)) {
                     x[i] = (word32)keySize;
-                    ret = wc_ecc_shared_secret(&genKey[i], &genKey2[i],
+                    ret = wc_ecc_shared_secret(genKey[i], genKey2[i],
                             shared[i], &x[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdhe;
                     }
@@ -10111,18 +10645,18 @@ exit_ecdhe:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                                       &times, agreeTimes, &pending)) {
 
-                    if (genKey[i].state == 0) {
+                    if (genKey[i]->state == 0) {
                         x[i] = ECC_MAX_SIG_SIZE;
                     }
 
                     ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i],
-                                           &x[i], GLOBAL_RNG, &genKey[i]);
+                                           &x[i], GLOBAL_RNG, genKey[i]);
 
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdsa_sign;
                     }
@@ -10163,18 +10697,18 @@ exit_ecdsa_sign:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                                       &times, agreeTimes, &pending)) {
-                    if (genKey[i].state == 0) {
+                    if (genKey[i]->state == 0) {
                         verify[i] = 0;
                     }
 
                     ret = wc_ecc_verify_hash(sig[i], x[i], digest[i],
                                              (word32)keySize, &verify[i],
-                                             &genKey[i]);
+                                             genKey[i]);
 
                     if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&genKey[i]),
+                                            BENCH_ASYNC_GET_DEV(genKey[i]),
                                                                 1, &times,
                                                                 &pending)) {
                         goto exit_ecdsa_verify;
@@ -10205,19 +10739,18 @@ exit_ecdsa_verify:
 exit:
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
-    #ifdef HAVE_ECC_DHE
-        wc_ecc_free(&genKey2[i]);
-    #endif
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey[i]);
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #ifdef HAVE_ECC_DHE
-    XFREE(genKey2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (WC_ARRAY_OK(genKey2)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey2[i]);
+        WC_FREE_ARRAY(genKey2, BENCH_MAX_PENDING, HEAP_HINT);
+    }
     #endif
-#endif
 
 #ifdef HAVE_ECC_DHE
     WC_FREE_ARRAY(shared, BENCH_MAX_PENDING, HEAP_HINT);
@@ -10350,6 +10883,9 @@ exit_enc:
 
     RESET_MULTI_VALUE_STATS_VARS();
 
+    if (ret != 0)
+        goto exit;
+
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < ntimes; i++) {
@@ -10404,7 +10940,8 @@ static void bench_sm2_MakeKey(int useDeviceID)
     int ret = 0, i, times, count, pending = 0;
     int deviceID;
     int keySize;
-    ecc_key genKey[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
     char name[BENCH_ECC_NAME_SZ];
     double start;
     const char**desc = bench_desc_words[lng_index];
@@ -10413,8 +10950,8 @@ static void bench_sm2_MakeKey(int useDeviceID)
     deviceID = useDeviceID ? devId : INVALID_DEVID;
     keySize = wc_ecc_get_curve_size_from_id(ECC_SM2P256V1);
 
-    /* clear for done cleanup */
-    XMEMSET(&genKey, 0, sizeof(genKey));
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 
     /* ECC Make Key */
     bench_stats_start(&count, &start);
@@ -10424,19 +10961,19 @@ static void bench_sm2_MakeKey(int useDeviceID)
             bench_async_poll(&pending);
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 0,
                             &times, agreeTimes, &pending)) {
 
-                    wc_ecc_free(&genKey[i]);
-                    ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID);
+                    wc_ecc_free(genKey[i]);
+                    ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID);
                     if (ret < 0) {
                         goto exit;
                     }
 
-                    ret = wc_ecc_sm2_make_key(&gRng, &genKey[i],
+                    ret = wc_ecc_sm2_make_key(&gRng, genKey[i],
                         WC_ECC_FLAG_NONE);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 0, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 0, &times,
                                 &pending)) {
                         goto exit;
                     }
@@ -10461,8 +10998,11 @@ exit:
 #endif
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_ecc_free(genKey[i]);
+        }
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 
@@ -10473,13 +11013,15 @@ void bench_sm2(int useDeviceID)
     int deviceID;
     int  keySize;
     char name[BENCH_ECC_NAME_SZ];
-    ecc_key genKey[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #ifdef HAVE_ECC_DHE
-    ecc_key genKey2[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #endif
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
 #ifdef HAVE_ECC_VERIFY
-    int    verify[BENCH_MAX_PENDING];
+    int verify[BENCH_MAX_PENDING];
 #endif
 #endif
     word32 x[BENCH_MAX_PENDING];
@@ -10496,20 +11038,21 @@ void bench_sm2(int useDeviceID)
 #endif
 
 #ifdef HAVE_ECC_DHE
-    WC_INIT_ARRAY(shared, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_ARRAY(shared, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
-    WC_INIT_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
     deviceID = useDeviceID ? devId : INVALID_DEVID;
 
     bench_sm2_MakeKey(useDeviceID);
 
-    /* clear for done cleanup */
-    XMEMSET(&genKey, 0, sizeof(genKey));
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #ifdef HAVE_ECC_DHE
-    XMEMSET(&genKey2, 0, sizeof(genKey2));
+    WC_CALLOC_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #endif
 
     keySize = wc_ecc_get_curve_size_from_id(ECC_SM2P256V1);
@@ -10517,22 +11060,22 @@ void bench_sm2(int useDeviceID)
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an context for each key */
-        if ((ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        ret = wc_ecc_sm2_make_key(&gRng, &genKey[i], WC_ECC_FLAG_NONE);
+        ret = wc_ecc_sm2_make_key(&gRng, genKey[i], WC_ECC_FLAG_NONE);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        ret = wc_AsyncWait(ret, &genKey[i].asyncDev, WC_ASYNC_FLAG_NONE);
+        ret = wc_AsyncWait(ret, genKey[i].asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret < 0) {
             goto exit;
         }
 
     #ifdef HAVE_ECC_DHE
-        if ((ret = wc_ecc_init_ex(&genKey2[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        if ((ret = wc_ecc_sm2_make_key(&gRng, &genKey2[i],
+        if ((ret = wc_ecc_sm2_make_key(&gRng, genKey2[i],
                 WC_ECC_FLAG_NONE)) > 0) {
             goto exit;
         }
@@ -10544,7 +11087,7 @@ void bench_sm2(int useDeviceID)
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        (void)wc_ecc_set_rng(&genKey[i], &gRng);
+        (void)wc_ecc_set_rng(genKey[i], &gRng);
     }
 #endif
 
@@ -10557,13 +11100,13 @@ void bench_sm2(int useDeviceID)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                             &times, agreeTimes, &pending)) {
                     x[i] = (word32)keySize;
-                    ret = wc_ecc_sm2_shared_secret(&genKey[i], &genKey2[i],
+                    ret = wc_ecc_sm2_shared_secret(genKey[i], genKey2[i],
                             shared[i], &x[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdhe;
                     }
@@ -10613,14 +11156,14 @@ exit_ecdhe:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                             &times, agreeTimes, &pending)) {
-                    if (genKey[i].state == 0)
+                    if (genKey[i]->state == 0)
                         x[i] = ECC_MAX_SIG_SIZE;
                     ret = wc_ecc_sm2_sign_hash(digest[i], (word32)keySize,
-                            sig[i], &x[i], &gRng, &genKey[i]);
+                            sig[i], &x[i], &gRng, genKey[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdsa_sign;
                     }
@@ -10659,14 +11202,14 @@ exit_ecdsa_sign:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                             &times, agreeTimes, &pending)) {
-                    if (genKey[i].state == 0)
+                    if (genKey[i]->state == 0)
                         verify[i] = 0;
                     ret = wc_ecc_sm2_verify_hash(sig[i], x[i], digest[i],
-                                       (word32)keySize, &verify[i], &genKey[i]);
+                                       (word32)keySize, &verify[i], genKey[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdsa_verify;
                     }
@@ -10697,12 +11240,18 @@ exit_ecdsa_verify:
 exit:
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey[i]);
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
+    }
     #ifdef HAVE_ECC_DHE
-        wc_ecc_free(&genKey2[i]);
-    #endif
+    if (WC_ARRAY_OK(genKey2)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey2[i]);
+        WC_FREE_ARRAY(genKey2, BENCH_MAX_PENDING, HEAP_HINT);
     }
+    #endif
 
 #ifdef HAVE_ECC_DHE
     WC_FREE_ARRAY(shared, BENCH_MAX_PENDING, HEAP_HINT);
@@ -10712,6 +11261,7 @@ exit:
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 #endif
 
+
     (void)useDeviceID;
     (void)pending;
     (void)x;
@@ -11071,11 +11621,10 @@ void bench_ed448KeyGen(void)
 #endif
 }
 
-
 void bench_ed448KeySign(void)
 {
     int    ret;
-    ed448_key genKey;
+    WC_DECLARE_VAR(genKey, ed448_key, 1, HEAP_HINT);
 #ifdef HAVE_ED448_SIGN
     double start;
     int    i, count;
@@ -11086,12 +11635,14 @@ void bench_ed448KeySign(void)
     DECLARE_MULTI_VALUE_STATS_VARS()
 #endif
 
-    wc_ed448_init(&genKey);
+    WC_ALLOC_VAR(genKey, ed448_key, 1, HEAP_HINT);
+
+    wc_ed448_init(genKey);
 
-    ret = wc_ed448_make_key(&gRng, ED448_KEY_SIZE, &genKey);
+    ret = wc_ed448_make_key(&gRng, ED448_KEY_SIZE, genKey);
     if (ret != 0) {
         printf("ed448_make_key failed\n");
-        return;
+        goto exit;
     }
 
 #ifdef HAVE_ED448_SIGN
@@ -11103,11 +11654,11 @@ void bench_ed448KeySign(void)
     do {
         for (i = 0; i < agreeTimes; i++) {
             x = sizeof(sig);
-            ret = wc_ed448_sign_msg(msg, sizeof(msg), sig, &x, &genKey,
+            ret = wc_ed448_sign_msg(msg, sizeof(msg), sig, &x, genKey,
                                     NULL, 0);
             if (ret != 0) {
                 printf("ed448_sign_msg failed\n");
-                goto exit_ed_sign;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11118,7 +11669,6 @@ void bench_ed448KeySign(void)
 #endif
        );
 
-exit_ed_sign:
     bench_stats_asym_finish("ED", 448, desc[4], 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -11132,10 +11682,10 @@ exit_ed_sign:
         for (i = 0; i < agreeTimes; i++) {
             int verify = 0;
             ret = wc_ed448_verify_msg(sig, x, msg, sizeof(msg), &verify,
-                                      &genKey, NULL, 0);
+                                      genKey, NULL, 0);
             if (ret != 0 || verify != 1) {
                 printf("ed448_verify_msg failed\n");
-                goto exit_ed_verify;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11146,7 +11696,6 @@ exit_ed_sign:
 #endif
        );
 
-exit_ed_verify:
     bench_stats_asym_finish("ED", 448, desc[5], 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -11154,7 +11703,10 @@ exit_ed_verify:
 #endif /* HAVE_ED448_VERIFY */
 #endif /* HAVE_ED448_SIGN */
 
-    wc_ed448_free(&genKey);
+exit:
+
+    wc_ed448_free(genKey);
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 #endif /* HAVE_ED448 */
 
@@ -11162,24 +11714,26 @@ exit_ed_verify:
 #ifdef WOLFCRYPT_ECCSI_KMS
 void bench_eccsiKeyGen(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
     int    ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+
     /* Key Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-            ret = wc_MakeEccsiKey(&genKey, &gRng);
+            wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+            ret = wc_MakeEccsiKey(genKey, &gRng);
+            wc_FreeEccsiKey(genKey);
             if (ret != 0) {
                 printf("wc_MakeEccsiKey failed: %d\n", ret);
-                break;
+                goto exit;
             }
-            wc_FreeEccsiKey(&genKey);
             RECORD_MULTI_VALUE_STATS();
         }
         count += i;
@@ -11193,34 +11747,41 @@ void bench_eccsiKeyGen(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 
 void bench_eccsiPairGen(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
-    mp_int ssk;
+    WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT);
     ecc_point* pvt;
     static const byte id[] = { 0x01, 0x23, 0x34, 0x45 };
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    (void)mp_init(&ssk);
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT);
+
+    (void)mp_init(ssk);
     pvt = wc_ecc_new_point();
-    wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-    (void)wc_MakeEccsiKey(&genKey, &gRng);
+    wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+    (void)wc_MakeEccsiKey(genKey, &gRng);
 
     /* RSK Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeEccsiPair(&genKey, &gRng, WC_HASH_TYPE_SHA256, id,
-                                   sizeof(id), &ssk, pvt);
+            ret = wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id,
+                                   sizeof(id), ssk, pvt);
             if (ret != 0) {
                 printf("wc_MakeEccsiPair failed: %d\n", ret);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11236,43 +11797,51 @@ void bench_eccsiPairGen(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeEccsiKey(&genKey);
+    wc_FreeEccsiKey(genKey);
     wc_ecc_del_point(pvt);
-    mp_free(&ssk);
+    mp_free(ssk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
+    WC_FREE_VAR(ssk, HEAP_HINT);
 }
 #endif
 
 #ifdef WOLFCRYPT_ECCSI_CLIENT
 void bench_eccsiValidate(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
-    mp_int ssk;
+    WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT);
     ecc_point* pvt;
     static const byte id[] = { 0x01, 0x23, 0x34, 0x45 };
     int valid;
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    (void)mp_init(&ssk);
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT);
+
+    (void)mp_init(ssk);
     pvt = wc_ecc_new_point();
-    wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-    (void)wc_MakeEccsiKey(&genKey, &gRng);
-    (void)wc_MakeEccsiPair(&genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
-                           &ssk, pvt);
+    wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+    (void)wc_MakeEccsiKey(genKey, &gRng);
+    (void)wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
+                           ssk, pvt);
 
     /* Validation of RSK */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_ValidateEccsiPair(&genKey, WC_HASH_TYPE_SHA256, id,
-                                       sizeof(id), &ssk, pvt, &valid);
+            ret = wc_ValidateEccsiPair(genKey, WC_HASH_TYPE_SHA256, id,
+                                       sizeof(id), ssk, pvt, &valid);
             if (ret != 0 || !valid) {
                 printf("wc_ValidateEccsiPair failed: %d (valid=%d))\n", ret,
                        valid);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11288,18 +11857,23 @@ void bench_eccsiValidate(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeEccsiKey(&genKey);
+    wc_FreeEccsiKey(genKey);
     wc_ecc_del_point(pvt);
-    mp_free(&ssk);
+    mp_free(ssk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
+    WC_FREE_VAR(ssk, HEAP_HINT);
 }
 
 void bench_eccsi(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
-    mp_int ssk;
+    WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT);
     ecc_point* pvt;
     static const byte id[] = { 0x01, 0x23, 0x34, 0x45 };
     static const byte msg[] = { 0x01, 0x23, 0x34, 0x45 };
@@ -11311,22 +11885,25 @@ void bench_eccsi(void)
     int verified;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    (void)mp_init(&ssk);
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT);
+
+    (void)mp_init(ssk);
     pvt = wc_ecc_new_point();
-    (void)wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-    (void)wc_MakeEccsiKey(&genKey, &gRng);
-    (void)wc_MakeEccsiPair(&genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
-                           &ssk, pvt);
-    (void)wc_HashEccsiId(&genKey, WC_HASH_TYPE_SHA256, id, sizeof(id), pvt,
+    (void)wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+    (void)wc_MakeEccsiKey(genKey, &gRng);
+    (void)wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
+                           ssk, pvt);
+    (void)wc_HashEccsiId(genKey, WC_HASH_TYPE_SHA256, id, sizeof(id), pvt,
                          hash, &hashSz);
-    (void)wc_SetEccsiHash(&genKey, hash, hashSz);
-    (void)wc_SetEccsiPair(&genKey, &ssk, pvt);
+    (void)wc_SetEccsiHash(genKey, hash, hashSz);
+    (void)wc_SetEccsiPair(genKey, ssk, pvt);
 
     /* Encapsulate */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_SignEccsiHash(&genKey, &gRng, WC_HASH_TYPE_SHA256, msg,
+            ret = wc_SignEccsiHash(genKey, &gRng, WC_HASH_TYPE_SHA256, msg,
                                    sizeof(msg), sig, &sigSz);
             if (ret != 0) {
                 printf("wc_SignEccsiHash failed: %d\n", ret);
@@ -11352,13 +11929,13 @@ void bench_eccsi(void)
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_VerifyEccsiHash(&genKey, WC_HASH_TYPE_SHA256, msg,
+            ret = wc_VerifyEccsiHash(genKey, WC_HASH_TYPE_SHA256, msg,
                                      sizeof(msg), sig, sigSz, &verified);
 
             if (ret != 0 || !verified) {
                 printf("wc_VerifyEccsiHash failed: %d (verified: %d)\n", ret,
                        verified);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11374,8 +11951,13 @@ void bench_eccsi(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeEccsiKey(&genKey);
+    wc_FreeEccsiKey(genKey);
     wc_ecc_del_point(pvt);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
+    WC_FREE_VAR(ssk, HEAP_HINT);
 }
 #endif /* WOLFCRYPT_ECCSI_CLIENT */
 #endif /* WOLFCRYPT_HAVE_ECCSI */
@@ -11384,24 +11966,26 @@ void bench_eccsi(void)
 #ifdef WOLFCRYPT_SAKKE_KMS
 void bench_sakkeKeyGen(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
     int    ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     /* Key Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-            ret = wc_MakeSakkeKey(&genKey, &gRng);
+            wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+            ret = wc_MakeSakkeKey(genKey, &gRng);
             if (ret != 0) {
                 printf("wc_MakeSakkeKey failed: %d\n", ret);
-                break;
+                goto exit;
             }
-            wc_FreeSakkeKey(&genKey);
+            wc_FreeSakkeKey(genKey);
             RECORD_MULTI_VALUE_STATS();
         }
         count += i;
@@ -11415,11 +11999,15 @@ void bench_sakkeKeyGen(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 
 void bench_sakkeRskGen(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
@@ -11428,18 +12016,20 @@ void bench_sakkeRskGen(void)
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     rsk = wc_ecc_new_point();
-    wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    (void)wc_MakeSakkeKey(&genKey, &gRng);
+    wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+    (void)wc_MakeSakkeKey(genKey, &gRng);
 
     /* RSK Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeSakkeRsk(&genKey, id, sizeof(id), rsk);
+            ret = wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk);
             if (ret != 0) {
                 printf("wc_MakeSakkeRsk failed: %d\n", ret);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11455,15 +12045,19 @@ void bench_sakkeRskGen(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeSakkeKey(&genKey);
+    wc_FreeSakkeKey(genKey);
     wc_ecc_del_point(rsk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 #endif
 
 #ifdef WOLFCRYPT_SAKKE_CLIENT
 void bench_sakkeValidate(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
@@ -11473,21 +12067,23 @@ void bench_sakkeValidate(void)
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     rsk = wc_ecc_new_point();
-    (void)wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    (void)wc_MakeSakkeKey(&genKey, &gRng);
-    (void)wc_MakeSakkeRsk(&genKey, id, sizeof(id), rsk);
-    (void)wc_ValidateSakkeRsk(&genKey, id, sizeof(id), rsk, &valid);
+    (void)wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+    (void)wc_MakeSakkeKey(genKey, &gRng);
+    (void)wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk);
+    (void)wc_ValidateSakkeRsk(genKey, id, sizeof(id), rsk, &valid);
 
     /* Validation of RSK */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_ValidateSakkeRsk(&genKey, id, sizeof(id), rsk, &valid);
+            ret = wc_ValidateSakkeRsk(genKey, id, sizeof(id), rsk, &valid);
             if (ret != 0 || !valid) {
                 printf("wc_ValidateSakkeRsk failed: %d (valid=%d))\n", ret,
                        valid);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11503,13 +12099,17 @@ void bench_sakkeValidate(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeSakkeKey(&genKey);
+    wc_FreeSakkeKey(genKey);
     wc_ecc_del_point(rsk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 
 void bench_sakke(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
@@ -11527,20 +12127,22 @@ void bench_sakke(void)
     word32 iTableLen = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     XMEMCPY(ssv, ssv_init, sizeof ssv);
 
     rsk = wc_ecc_new_point();
-    (void)wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    (void)wc_MakeSakkeKey(&genKey, &gRng);
-    (void)wc_MakeSakkeRsk(&genKey, id, sizeof(id), rsk);
-    (void)wc_SetSakkeRsk(&genKey, rsk, NULL, 0);
-    (void)wc_SetSakkeIdentity(&genKey, id, sizeof(id));
+    (void)wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+    (void)wc_MakeSakkeKey(genKey, &gRng);
+    (void)wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk);
+    (void)wc_SetSakkeRsk(genKey, rsk, NULL, 0);
+    (void)wc_SetSakkeIdentity(genKey, id, sizeof(id));
 
     /* Encapsulate */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeSakkeEncapsulatedSSV(&genKey,
+            ret = wc_MakeSakkeEncapsulatedSSV(genKey,
                                               WC_HASH_TYPE_SHA256,
                                               ssv, sizeof(ssv), auth, &authSz);
             if (ret != 0) {
@@ -11569,7 +12171,7 @@ void bench_sakke(void)
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11592,19 +12194,21 @@ void bench_sakke(void)
 #endif
 
     /* Calculate Point I and generate table. */
-    (void)wc_MakeSakkePointI(&genKey, id, sizeof(id));
+    (void)wc_MakeSakkePointI(genKey, id, sizeof(id));
     iTableLen = 0;
-    (void)wc_GenerateSakkePointITable(&genKey, NULL, &iTableLen);
+    (void)wc_GenerateSakkePointITable(genKey, NULL, &iTableLen);
     if (iTableLen != 0) {
         iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        (void)wc_GenerateSakkePointITable(&genKey, iTable, &iTableLen);
+        if (iTable == NULL)
+            WC_ALLOC_DO_ON_FAILURE();
+        (void)wc_GenerateSakkePointITable(genKey, iTable, &iTableLen);
     }
 
     /* Encapsulate with Point I table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeSakkeEncapsulatedSSV(&genKey,
+            ret = wc_MakeSakkeEncapsulatedSSV(genKey,
                                               WC_HASH_TYPE_SHA256, ssv,
                                               sizeof(ssv), auth, &authSz);
             if (ret != 0) {
@@ -11628,14 +12232,14 @@ void bench_sakke(void)
 
     RESET_MULTI_VALUE_STATS_VARS();
 
-    (void)wc_SetSakkeRsk(&genKey, rsk, table, len);
+    (void)wc_SetSakkeRsk(genKey, rsk, table, len);
 
     /* Derive with Point I table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11660,19 +12264,21 @@ void bench_sakke(void)
     RESET_MULTI_VALUE_STATS_VARS();
 
     len = 0;
-    (void)wc_GenerateSakkeRskTable(&genKey, rsk, NULL, &len);
+    (void)wc_GenerateSakkeRskTable(genKey, rsk, NULL, &len);
     if (len > 0) {
         table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        (void)wc_GenerateSakkeRskTable(&genKey, rsk, table, &len);
+        if (table == NULL)
+            WC_ALLOC_DO_ON_FAILURE();
+        (void)wc_GenerateSakkeRskTable(genKey, rsk, table, &len);
     }
-    (void)wc_SetSakkeRsk(&genKey, rsk, table, len);
+    (void)wc_SetSakkeRsk(genKey, rsk, table, len);
 
     /* Derive with Point I table and RSK table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11696,13 +12302,13 @@ void bench_sakke(void)
 
     RESET_MULTI_VALUE_STATS_VARS();
 
-    wc_ClearSakkePointITable(&genKey);
+    wc_ClearSakkePointITable(genKey);
     /* Derive with RSK table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11724,8 +12330,18 @@ void bench_sakke(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeSakkeKey(&genKey);
+    wc_FreeSakkeKey(genKey);
     wc_ecc_del_point(rsk);
+
+exit:
+
+    if (iTable)
+        XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (table)
+        XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 #endif /* WOLFCRYPT_SAKKE_CLIENT */
 #endif /* WOLFCRYPT_HAVE_SAKKE */
@@ -11788,7 +12404,7 @@ void bench_falconKeySign(byte level)
                     x = FALCON_LEVEL5_SIG_SIZE;
                 }
 
-                ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_falcon_sign_msg failed\n");
                 }
@@ -11909,7 +12525,7 @@ void bench_dilithiumKeySign(byte level)
                     x = DILITHIUM_LEVEL5_SIG_SIZE;
                 }
 
-                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_dilithium_sign_msg failed\n");
                 }
@@ -12055,7 +12671,7 @@ void bench_sphincsKeySign(byte level, byte optim)
                     x = SPHINCS_SMALL_LEVEL5_SIG_SIZE;
                 }
 
-                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_sphincs_sign_msg failed\n");
                 }
@@ -12936,7 +13552,9 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
             /* Both bench_pq_asym_opt and bench_pq_asym_opt2 are looking for
              * -pq, so we need to do a special case for -pq since optMatched
              * was set to 1 just above. */
-            if (string_matches(argv[1], bench_pq_asym_opt[0].str)) {
+            if ((bench_pq_asym_opt[0].str != NULL) &&
+                string_matches(argv[1], bench_pq_asym_opt[0].str))
+            {
                 bench_pq_asym_algs2 |= bench_pq_asym_opt2[0].val;
                 bench_all = 0;
                 optMatched = 1;
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h b/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h
index cefef7ca..b814a947 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h
+++ b/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h
@@ -103,7 +103,7 @@ void bench_rsa_key(int useDeviceID, word32 keySz);
 void bench_dh(int useDeviceID);
 void bench_kyber(int type);
 void bench_lms(void);
-void bench_xmss(void);
+void bench_xmss(int hash);
 void bench_ecc_curve(int curveId);
 void bench_eccMakeKey(int useDeviceID, int curveId);
 void bench_ecc(int useDeviceID, int curveId);
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c b/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c
index d4e44d73..e9716bcd 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c
@@ -527,10 +527,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #endif /* HAVE_AES_DECRYPT */
 
 #elif defined(WOLFSSL_ESP32_CRYPT) && \
-    !defined(NO_WOLFSSL_ESP32_CRYPT_AES)
+     !defined(NO_WOLFSSL_ESP32_CRYPT_AES)
     #include <esp_log.h>
     #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-    const char* TAG = "aes";
+    #define TAG "aes"
 
     /* We'll use SW for fallback:
      *   unsupported key lengths. (e.g. ESP32-S3)
@@ -968,6 +968,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 
 
 
+#if defined(WC_AES_BITSLICED) && !defined(HAVE_AES_ECB)
+    #error "When WC_AES_BITSLICED is defined, HAVE_AES_ECB is needed."
+#endif
+
 #ifdef NEED_AES_TABLES
 
 #ifndef WC_AES_BITSLICED
@@ -2889,7 +2893,7 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd(void)
     }
     return x;
 }
-#endif
+#endif /* !WOLFSSL_AES_SMALL_TABLES */
 
 /* load Td Table4 into cache by cache line stride */
 static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd4(void)
@@ -2906,7 +2910,7 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd4(void)
     return 0;
 #endif
 }
-#endif
+#endif /* !WC_NO_CACHE_RESISTANT */
 
 /* Decrypt a block using AES.
  *
@@ -3161,7 +3165,7 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 }
 #endif
 
-#else
+#else /* WC_AES_BITSLICED */
 
 /* http://cs-www.cs.yale.edu/homes/peralta/CircuitStuff/Sinv.txt */
 static void bs_inv_sub_bytes(bs_word u[8])
@@ -3501,7 +3505,7 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 }
 #endif
 
-#endif
+#endif /* !WC_AES_BITSLICED */
 
 #if !defined(WC_AES_BITSLICED) || defined(WOLFSSL_AES_DIRECT)
 /* Software AES - ECB Decrypt */
@@ -6383,7 +6387,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 #endif
         return BAD_FUNC_ARG;
     }
-
 #ifdef OPENSSL_EXTRA
     XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH));
     aes->gcm.aadLen = 0;
@@ -8963,10 +8966,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #ifdef WOLFSSL_AESGCM_STREAM
 
-#if defined(WC_AES_C_DYNAMIC_FALLBACK) && defined(WOLFSSL_AESNI)
-    #error "AES-GCM streaming with AESNI is incompatible with WC_AES_C_DYNAMIC_FALLBACK."
-#endif
-
 /* Initialize the AES GCM cipher with an IV. C implementation.
  *
  * @param [in, out] aes   AES object.
@@ -8978,10 +8977,6 @@ static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz
     ALIGN32 byte counter[AES_BLOCK_SIZE];
     int ret;
 
-#ifdef WOLFSSL_AESNI
-    aes->use_aesni = 0;
-#endif
-
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
@@ -9208,6 +9203,7 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
     ASSERT_SAVED_VECTOR_REGISTERS();
 
     /* Reset state fields. */
+    aes->over = 0;
     aes->aSz = 0;
     aes->cSz = 0;
     /* Set tag to all zeros as initial value. */
@@ -9235,8 +9231,6 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
             aes->gcm.H, AES_COUNTER(aes), AES_INITCTR(aes));
     }
 
-    aes->use_aesni = 1;
-
     return 0;
 }
 
@@ -9862,11 +9856,12 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 
         if (iv != NULL) {
             /* Initialize with the IV. */
-            VECTOR_REGISTERS_PUSH;
 
         #ifdef WOLFSSL_AESNI
             if (aes->use_aesni) {
+                SAVE_VECTOR_REGISTERS(return _svr_ret;);
                 ret = AesGcmInit_aesni(aes, iv, ivSz);
+                RESTORE_VECTOR_REGISTERS();
             }
             else
         #endif
@@ -9874,8 +9869,6 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
                 ret = AesGcmInit_C(aes, iv, ivSz);
             }
 
-            VECTOR_REGISTERS_POP;
-
             if (ret == 0)
                 aes->nonceSet = 1;
         }
@@ -9989,11 +9982,12 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
 
     if (ret == 0) {
         /* Encrypt with AAD and/or plaintext. */
-        VECTOR_REGISTERS_PUSH;
 
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
@@ -10006,8 +10000,6 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
                 GHASH_UPDATE(aes, authIn, authInSz, out, sz);
             }
         }
-
-        VECTOR_REGISTERS_POP;
     }
 
     return ret;
@@ -10044,17 +10036,17 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
 
     if (ret == 0) {
         /* Calculate authentication tag. */
-        VECTOR_REGISTERS_PUSH;
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmEncryptFinal_aesni(aes, authTag, authTagSz);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
         {
             ret = AesGcmFinal_C(aes, authTag, authTagSz);
         }
-        VECTOR_REGISTERS_POP;
     }
 
     if ((ret == 0) && aes->ctrSet) {
@@ -10127,10 +10119,11 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
 
     if (ret == 0) {
         /* Decrypt with AAD and/or cipher text. */
-        VECTOR_REGISTERS_PUSH;
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmDecryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
@@ -10141,7 +10134,6 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
             /* Decrypt the cipher text. */
             ret = AesGcmCryptUpdate_C(aes, out, in, sz);
         }
-        VECTOR_REGISTERS_POP;
     }
 
     return ret;
@@ -10178,10 +10170,11 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
 
     if (ret == 0) {
         /* Calculate authentication tag and compare with one passed in.. */
-        VECTOR_REGISTERS_PUSH;
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmDecryptFinal_aesni(aes, authTag, authTagSz);
+            RESTORE_VECTOR_REGISTERS();
         }
         else
     #endif
@@ -10196,7 +10189,6 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
                 }
             }
         }
-        VECTOR_REGISTERS_POP;
     }
 
     return ret;
@@ -11103,6 +11095,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
         return BAD_FUNC_ARG;
 
     aes->heap = heap;
+    aes->rounds = 0;
+
+#ifdef WOLFSSL_AESNI
+    /* clear here for the benefit of wc_AesGcmInit(). */
+    aes->use_aesni = 0;
+#endif
 
 #ifdef WOLF_CRYPTO_CB
     aes->devId = devId;
@@ -11410,7 +11408,7 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
     else
 #endif
     {
-#ifndef WOLFSSL_ARMASM
+#ifdef NEED_AES_TABLES
         AesEncryptBlocks_C(aes, in, out, sz);
 #else
         word32 i;
@@ -11461,7 +11459,7 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
     else
 #endif
     {
-#ifndef WOLFSSL_ARMASM
+#ifdef NEED_AES_TABLES
         AesDecryptBlocks_C(aes, in, out, sz);
 #else
         word32 i;
@@ -12249,9 +12247,17 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
 
 #ifdef WOLFSSL_AES_XTS
 
-/* Galios Field to use */
+/* Galois Field to use */
 #define GF_XTS 0x87
 
+/* Set up keys for encryption and/or decryption.
+ *
+ * aes   buffer holding aes subkeys
+ * heap  heap hint to use for memory. Can be NULL
+ * devId id to use with async crypto. Can be 0
+ *
+ * return 0 on success
+ */
 int wc_AesXtsInit(XtsAes* aes, void* heap, int devId)
 {
     int    ret = 0;
@@ -12264,22 +12270,28 @@ int wc_AesXtsInit(XtsAes* aes, void* heap, int devId)
         return ret;
     }
     if ((ret = wc_AesInit(&aes->aes, heap, devId)) != 0) {
+        (void)wc_AesFree(&aes->tweak);
         return ret;
     }
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    if ((ret = wc_AesInit(&aes->aes_decrypt, heap, devId)) != 0) {
+        (void)wc_AesFree(&aes->tweak);
+        (void)wc_AesFree(&aes->aes);
+        return ret;
+    }
+#endif
 
     return 0;
 }
 
-/* This is to help with setting keys to correct encrypt or decrypt type.
+/* Set up keys for encryption and/or decryption.
  *
- * tweak AES key for tweak in XTS
- * aes   AES key for encrypt/decrypt process
- * key   buffer holding aes key | tweak key
+ * aes   buffer holding aes subkeys
+ * key   AES key for encrypt/decrypt and tweak process (concatenated)
  * len   length of key buffer in bytes. Should be twice that of key size. i.e.
  *       32 for a 16 byte key.
- * dir   direction, either AES_ENCRYPTION or AES_DECRYPTION
- * heap  heap hint to use for memory. Can be NULL
- * devId id to use with async crypto. Can be 0
+ * dir   direction: AES_ENCRYPTION, AES_DECRYPTION, or
+ *       AES_ENCRYPTION_AND_DECRYPTION
  *
  * return 0 on success
  */
@@ -12292,27 +12304,85 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
         return BAD_FUNC_ARG;
     }
 
+    if ((dir != AES_ENCRYPTION) && (dir != AES_DECRYPTION)
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        && (dir != AES_ENCRYPTION_AND_DECRYPTION)
+#endif
+        )
+    {
+        return BAD_FUNC_ARG;
+    }
+
     keySz = len/2;
-    if (keySz != 16 && keySz != 32) {
+    if (keySz != AES_128_KEY_SIZE && keySz != AES_256_KEY_SIZE) {
         WOLFSSL_MSG("Unsupported key size");
         return WC_KEY_SIZE_E;
     }
 
-    if ((ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, dir)) == 0) {
+#ifdef HAVE_FIPS
+    if (XMEMCMP(key, key + keySz, keySz) == 0) {
+        WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
+    if (dir == AES_ENCRYPTION
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        || dir == AES_ENCRYPTION_AND_DECRYPTION
+#endif
+        )
+    {
+        ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, AES_ENCRYPTION);
+    }
+
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    if ((ret == 0) && ((dir == AES_DECRYPTION)
+                       || (dir == AES_ENCRYPTION_AND_DECRYPTION)))
+        ret = wc_AesSetKey(&aes->aes_decrypt, key, keySz, NULL, AES_DECRYPTION);
+#else
+    if (dir == AES_DECRYPTION)
+        ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, AES_DECRYPTION);
+#endif
+
+    if (ret == 0)
         ret = wc_AesSetKey(&aes->tweak, key + keySz, keySz, NULL,
                 AES_ENCRYPTION);
-        if (ret != 0) {
-            wc_AesFree(&aes->aes);
-        }
+
 #ifdef WOLFSSL_AESNI
+    if (ret == 0) {
+        /* With WC_AES_C_DYNAMIC_FALLBACK, the main and tweak keys could have
+         * conflicting _aesni status, but the AES-XTS asm implementations need
+         * them to all be AESNI.  If any aren't, disable AESNI on all.
+         */
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        if ((((dir == AES_ENCRYPTION) ||
+              (dir == AES_ENCRYPTION_AND_DECRYPTION))
+             && (aes->aes.use_aesni != aes->tweak.use_aesni))
+            ||
+            (((dir == AES_DECRYPTION) ||
+              (dir == AES_ENCRYPTION_AND_DECRYPTION))
+             && (aes->aes_decrypt.use_aesni != aes->tweak.use_aesni)))
+        {
+        #ifdef WC_AES_C_DYNAMIC_FALLBACK
+            aes->aes.use_aesni = 0;
+            aes->aes_decrypt.use_aesni = 0;
+            aes->tweak.use_aesni = 0;
+        #else
+            ret = SYSLIB_FAILED_E;
+        #endif
+        }
+    #else /* !WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS */
         if (aes->aes.use_aesni != aes->tweak.use_aesni) {
-            if (aes->aes.use_aesni)
-                aes->aes.use_aesni = 0;
-            else
-                aes->tweak.use_aesni = 0;
+        #ifdef WC_AES_C_DYNAMIC_FALLBACK
+            aes->aes.use_aesni = 0;
+            aes->tweak.use_aesni = 0;
+        #else
+            ret = SYSLIB_FAILED_E;
+        #endif
         }
-#endif
+    #endif /* !WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS */
     }
+#endif /* WOLFSSL_AESNI */
 
     return ret;
 }
@@ -12355,6 +12425,9 @@ int wc_AesXtsFree(XtsAes* aes)
 {
     if (aes != NULL) {
         wc_AesFree(&aes->aes);
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        wc_AesFree(&aes->aes_decrypt);
+#endif
         wc_AesFree(&aes->tweak);
     }
 
@@ -12614,10 +12687,19 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 {
     int ret;
 
+    Aes *aes;
+
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
+    aes = &xaes->aes;
+
+    if (aes->keylen == 0) {
+        WOLFSSL_MSG("wc_AesXtsEncrypt called with unset encryption key.");
+        return BAD_FUNC_ARG;
+    }
+
     if (iSz < AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
@@ -12630,28 +12712,33 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
     {
 #ifdef WOLFSSL_AESNI
 #ifdef WC_AES_C_DYNAMIC_FALLBACK
-        int orig_use_aesni = xaes->aes.use_aesni;
+        int orig_use_aesni = aes->use_aesni;
 #endif
-        if (xaes->aes.use_aesni && ((ret = SAVE_VECTOR_REGISTERS2()) != 0)) {
+
+        if (aes->use_aesni && ((ret = SAVE_VECTOR_REGISTERS2()) != 0)) {
 #ifdef WC_AES_C_DYNAMIC_FALLBACK
-            xaes->aes.use_aesni = 0;
+            aes->use_aesni = 0;
             xaes->tweak.use_aesni = 0;
 #else
             return ret;
 #endif
         }
-        if (xaes->aes.use_aesni) {
+        if (aes->use_aesni) {
 #if defined(HAVE_INTEL_AVX1)
             if (IS_INTEL_AVX1(intel_flags)) {
-                AES_XTS_encrypt_avx1(in, out, sz, i, (const byte*)xaes->aes.key,
-                                     (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_encrypt_avx1(in, out, sz, i,
+                                     (const byte*)aes->key,
+                                     (const byte*)xaes->tweak.key,
+                                     (int)aes->rounds);
                 ret = 0;
             }
             else
 #endif
             {
-                AES_XTS_encrypt_aesni(in, out, sz, i, (const byte*)xaes->aes.key,
-                                      (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_encrypt_aesni(in, out, sz, i,
+                                      (const byte*)aes->key,
+                                      (const byte*)xaes->tweak.key,
+                                      (int)aes->rounds);
                 ret = 0;
             }
         }
@@ -12662,11 +12749,11 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         }
 
 #ifdef WOLFSSL_AESNI
-        if (xaes->aes.use_aesni)
+        if (aes->use_aesni)
             RESTORE_VECTOR_REGISTERS();
 #ifdef WC_AES_C_DYNAMIC_FALLBACK
         else if (orig_use_aesni) {
-            xaes->aes.use_aesni = orig_use_aesni;
+            aes->use_aesni = orig_use_aesni;
             xaes->tweak.use_aesni = orig_use_aesni;
         }
 #endif
@@ -12676,7 +12763,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
     return ret;
 }
 
-/* Same process as encryption but Aes key is AES_DECRYPTION type.
+/* Same process as encryption but use aes_decrypt key.
  *
  * xaes  AES keys to use for block encrypt/decrypt
  * out   output buffer to hold plain text
@@ -12692,7 +12779,11 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 {
     int ret = 0;
     word32 blocks = (sz / AES_BLOCK_SIZE);
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    Aes *aes = &xaes->aes_decrypt;
+#else
     Aes *aes = &xaes->aes;
+#endif
     Aes *tweak = &xaes->tweak;
     word32 j;
     byte carry = 0;
@@ -12820,11 +12911,23 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i, word32 iSz)
 {
     int ret;
+    Aes *aes;
 
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    aes = &xaes->aes_decrypt;
+#else
+    aes = &xaes->aes;
+#endif
+
+    if (aes->keylen == 0) {
+        WOLFSSL_MSG("wc_AesXtsDecrypt called with unset decryption key.");
+        return BAD_FUNC_ARG;
+    }
+
     if (iSz < AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
@@ -12837,25 +12940,33 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
     {
 #ifdef WOLFSSL_AESNI
 #ifdef WC_AES_C_DYNAMIC_FALLBACK
-        int orig_use_aesni = xaes->aes.use_aesni;
+        int orig_use_aesni = aes->use_aesni;
 #endif
 
-        if (xaes->aes.use_aesni && (SAVE_VECTOR_REGISTERS2() != 0)) {
-            xaes->aes.use_aesni = 0;
+        if (aes->use_aesni && ((ret = SAVE_VECTOR_REGISTERS2() != 0))) {
+#ifdef WC_AES_C_DYNAMIC_FALLBACK
+            aes->use_aesni = 0;
             xaes->tweak.use_aesni = 0;
+#else
+            return ret;
+#endif
         }
-        if (xaes->aes.use_aesni) {
+        if (aes->use_aesni) {
 #if defined(HAVE_INTEL_AVX1)
             if (IS_INTEL_AVX1(intel_flags)) {
-                AES_XTS_decrypt_avx1(in, out, sz, i, (const byte*)xaes->aes.key,
-                                     (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_decrypt_avx1(in, out, sz, i,
+                                     (const byte*)aes->key,
+                                     (const byte*)xaes->tweak.key,
+                                     (int)aes->rounds);
                 ret = 0;
             }
             else
 #endif
             {
-                AES_XTS_decrypt_aesni(in, out, sz, i, (const byte*)xaes->aes.key,
-                                      (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_decrypt_aesni(in, out, sz, i,
+                                      (const byte*)aes->key,
+                                      (const byte*)xaes->tweak.key,
+                                      (int)aes->rounds);
                 ret = 0;
             }
         }
@@ -12866,11 +12977,11 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         }
 
 #ifdef WOLFSSL_AESNI
-        if (xaes->aes.use_aesni)
+        if (aes->use_aesni)
             RESTORE_VECTOR_REGISTERS();
 #ifdef WC_AES_C_DYNAMIC_FALLBACK
         else if (orig_use_aesni) {
-            xaes->aes.use_aesni = orig_use_aesni;
+            aes->use_aesni = orig_use_aesni;
             xaes->tweak.use_aesni = orig_use_aesni;
         }
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S b/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S
index afaa0d40..f961a797 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S
@@ -1095,12 +1095,13 @@ DECB_END_4:
 void AES_128_Key_Expansion_AESNI(const unsigned char* userkey,
    unsigned char* key_schedule);
 */
-.align  16,0x90
 #ifndef __APPLE__
 .globl AES_128_Key_Expansion_AESNI
+.align  16,0x90
 AES_128_Key_Expansion_AESNI:
 #else
 .globl _AES_128_Key_Expansion_AESNI
+.p2align  4
 _AES_128_Key_Expansion_AESNI:
 #endif
 # parameter 1: %rdi
@@ -1971,12 +1972,13 @@ DECB_END_4:
 void AES_128_Key_Expansion_AESNI(const unsigned char* userkey,
    unsigned char* key_schedule);
 */
-.align  16,0x90
 #ifndef __APPLE__
 .globl AES_128_Key_Expansion_AESNI
+.align  16,0x90
 AES_128_Key_Expansion_AESNI:
 #else
 .globl _AES_128_Key_Expansion_AESNI
+.p2align  4
 _AES_128_Key_Expansion_AESNI:
 #endif
         # parameter 1: stack[4] => %eax
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S b/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S
index c428a1c4..0559a206 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S
@@ -97,10 +97,10 @@ L_aes_gcm_avx2_bswap_mask:
 L_aes_gcm_avx2_mod2_128:
 .long	0x1,0x0,0x0,0xc2000000
 .text
-.globl	AES_GCM_encrypt
-.type	AES_GCM_encrypt,@function
+.globl	AES_GCM_encrypt_aesni
+.type	AES_GCM_encrypt_aesni,@function
 .align	16
-AES_GCM_encrypt:
+AES_GCM_encrypt_aesni:
         pushl	%ebx
         pushl	%esi
         pushl	%edi
@@ -112,7 +112,7 @@ AES_GCM_encrypt:
         pxor	%xmm0, %xmm0
         pxor	%xmm2, %xmm2
         cmpl	$12, %edx
-        jne	L_AES_GCM_encrypt_iv_not_12
+        jne	L_AES_GCM_encrypt_aesni_iv_not_12
         # # Calculate values when IV is 12 bytes
         # Set counter based on IV
         movl	$0x1000000, %ecx
@@ -153,7 +153,7 @@ AES_GCM_encrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_calc_iv_12_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	176(%ebp), %xmm3
@@ -161,20 +161,20 @@ AES_GCM_encrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_calc_iv_12_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	208(%ebp), %xmm3
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_encrypt_calc_iv_12_last:
+L_AES_GCM_encrypt_aesni_calc_iv_12_last:
         aesenclast	%xmm3, %xmm1
         aesenclast	%xmm3, %xmm5
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         movdqu	%xmm5, 80(%esp)
-        jmp	L_AES_GCM_encrypt_iv_done
-L_AES_GCM_encrypt_iv_not_12:
+        jmp	L_AES_GCM_encrypt_aesni_iv_done
+L_AES_GCM_encrypt_aesni_iv_not_12:
         # Calculate values when IV is not 12 bytes
         # H = Encrypt X(=0)
         movdqa	(%ebp), %xmm1
@@ -189,27 +189,27 @@ L_AES_GCM_encrypt_iv_not_12:
         aesenc	144(%ebp), %xmm1
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	176(%ebp), %xmm1
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	208(%ebp), %xmm1
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_calc_iv_1_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last:
         aesenclast	%xmm5, %xmm1
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         # Calc counter
         # Initialization vector
         cmpl	$0x00, %edx
         movl	$0x00, %ecx
-        je	L_AES_GCM_encrypt_calc_iv_done
+        je	L_AES_GCM_encrypt_aesni_calc_iv_done
         cmpl	$16, %edx
-        jl	L_AES_GCM_encrypt_calc_iv_lt16
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_encrypt_calc_iv_16_loop:
+L_AES_GCM_encrypt_aesni_calc_iv_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm0
@@ -269,22 +269,22 @@ L_AES_GCM_encrypt_calc_iv_16_loop:
         pxor	%xmm6, %xmm0
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_iv_16_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_16_loop
         movl	160(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_encrypt_calc_iv_done
-L_AES_GCM_encrypt_calc_iv_lt16:
+        je	L_AES_GCM_encrypt_aesni_calc_iv_done
+L_AES_GCM_encrypt_aesni_calc_iv_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_encrypt_calc_iv_loop:
+L_AES_GCM_encrypt_aesni_calc_iv_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_iv_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -343,7 +343,7 @@ L_AES_GCM_encrypt_calc_iv_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm0
-L_AES_GCM_encrypt_calc_iv_done:
+L_AES_GCM_encrypt_aesni_calc_iv_done:
         # T = Encrypt counter
         pxor	%xmm4, %xmm4
         shll	$3, %edx
@@ -418,29 +418,29 @@ L_AES_GCM_encrypt_calc_iv_done:
         aesenc	144(%ebp), %xmm4
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_calc_iv_2_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last:
         aesenclast	%xmm5, %xmm4
         movdqu	%xmm4, 80(%esp)
-L_AES_GCM_encrypt_iv_done:
+L_AES_GCM_encrypt_aesni_iv_done:
         movl	140(%esp), %esi
         # Additional authentication data
         movl	156(%esp), %edx
         cmpl	$0x00, %edx
-        je	L_AES_GCM_encrypt_calc_aad_done
+        je	L_AES_GCM_encrypt_aesni_calc_aad_done
         xorl	%ecx, %ecx
         cmpl	$16, %edx
-        jl	L_AES_GCM_encrypt_calc_aad_lt16
+        jl	L_AES_GCM_encrypt_aesni_calc_aad_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_encrypt_calc_aad_16_loop:
+L_AES_GCM_encrypt_aesni_calc_aad_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm2
@@ -500,22 +500,22 @@ L_AES_GCM_encrypt_calc_aad_16_loop:
         pxor	%xmm6, %xmm2
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_aad_16_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_aad_16_loop
         movl	156(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_encrypt_calc_aad_done
-L_AES_GCM_encrypt_calc_aad_lt16:
+        je	L_AES_GCM_encrypt_aesni_calc_aad_done
+L_AES_GCM_encrypt_aesni_calc_aad_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_encrypt_calc_aad_loop:
+L_AES_GCM_encrypt_aesni_calc_aad_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_aad_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_aad_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -574,7 +574,7 @@ L_AES_GCM_encrypt_calc_aad_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm2
-L_AES_GCM_encrypt_calc_aad_done:
+L_AES_GCM_encrypt_aesni_calc_aad_done:
         movdqu	%xmm2, 96(%esp)
         movl	132(%esp), %esi
         movl	136(%esp), %edi
@@ -595,7 +595,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         xorl	%ebx, %ebx
         movl	152(%esp), %eax
         cmpl	$0x40, %eax
-        jl	L_AES_GCM_encrypt_done_64
+        jl	L_AES_GCM_encrypt_aesni_done_64
         andl	$0xffffffc0, %eax
         movdqa	%xmm2, %xmm6
         # H ^ 1
@@ -792,7 +792,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_enc_done
+        jl	L_AES_GCM_encrypt_aesni_enc_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -804,7 +804,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_enc_done
+        jl	L_AES_GCM_encrypt_aesni_enc_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -815,7 +815,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_encrypt_enc_done:
+L_AES_GCM_encrypt_aesni_enc_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%esi), %xmm0
@@ -836,9 +836,9 @@ L_AES_GCM_encrypt_enc_done:
         movl	$0x40, %ebx
         movl	%esi, %ecx
         movl	%edi, %edx
-        jle	L_AES_GCM_encrypt_end_64
+        jle	L_AES_GCM_encrypt_aesni_end_64
         # More 64 bytes of input
-L_AES_GCM_encrypt_ghash_64:
+L_AES_GCM_encrypt_aesni_ghash_64:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         # Encrypt 64 bytes of counter
@@ -909,7 +909,7 @@ L_AES_GCM_encrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -921,7 +921,7 @@ L_AES_GCM_encrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -932,7 +932,7 @@ L_AES_GCM_encrypt_ghash_64:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_encrypt_aesenc_64_ghash_avx_done:
+L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%ecx), %xmm0
@@ -1045,8 +1045,8 @@ L_AES_GCM_encrypt_aesenc_64_ghash_avx_done:
         movdqu	%xmm6, 96(%esp)
         addl	$0x40, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_encrypt_ghash_64
-L_AES_GCM_encrypt_end_64:
+        jl	L_AES_GCM_encrypt_aesni_ghash_64
+L_AES_GCM_encrypt_aesni_end_64:
         movdqu	96(%esp), %xmm2
         # Block 1
         movdqa	L_aes_gcm_bswap_mask, %xmm4
@@ -1165,14 +1165,14 @@ L_AES_GCM_encrypt_end_64:
         pxor	%xmm0, %xmm6
         pxor	%xmm6, %xmm2
         movdqu	(%esp), %xmm1
-L_AES_GCM_encrypt_done_64:
+L_AES_GCM_encrypt_aesni_done_64:
         movl	152(%esp), %edx
         cmpl	%edx, %ebx
-        jge	L_AES_GCM_encrypt_done_enc
+        jge	L_AES_GCM_encrypt_aesni_done_enc
         movl	152(%esp), %eax
         andl	$0xfffffff0, %eax
         cmpl	%eax, %ebx
-        jge	L_AES_GCM_encrypt_last_block_done
+        jge	L_AES_GCM_encrypt_aesni_last_block_done
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         movdqu	64(%esp), %xmm4
@@ -1192,16 +1192,16 @@ L_AES_GCM_encrypt_done_64:
         aesenc	144(%ebp), %xmm4
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last:
         aesenclast	%xmm5, %xmm4
         movdqu	(%ecx), %xmm5
         pxor	%xmm5, %xmm4
@@ -1210,8 +1210,8 @@ L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last:
         pxor	%xmm4, %xmm2
         addl	$16, %ebx
         cmpl	%eax, %ebx
-        jge	L_AES_GCM_encrypt_last_block_ghash
-L_AES_GCM_encrypt_last_block_start:
+        jge	L_AES_GCM_encrypt_aesni_last_block_ghash
+L_AES_GCM_encrypt_aesni_last_block_start:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         movdqu	64(%esp), %xmm4
@@ -1255,16 +1255,16 @@ L_AES_GCM_encrypt_last_block_start:
         pxor	%xmm5, %xmm2
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_aesenc_gfmul_last:
+L_AES_GCM_encrypt_aesni_aesenc_gfmul_last:
         aesenclast	%xmm5, %xmm4
         movdqu	(%ecx), %xmm5
         pxor	%xmm5, %xmm4
@@ -1273,8 +1273,8 @@ L_AES_GCM_encrypt_aesenc_gfmul_last:
         pxor	%xmm4, %xmm2
         addl	$16, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_encrypt_last_block_start
-L_AES_GCM_encrypt_last_block_ghash:
+        jl	L_AES_GCM_encrypt_aesni_last_block_start
+L_AES_GCM_encrypt_aesni_last_block_ghash:
         pshufd	$0x4e, %xmm1, %xmm5
         pshufd	$0x4e, %xmm2, %xmm6
         movdqa	%xmm2, %xmm7
@@ -1314,11 +1314,11 @@ L_AES_GCM_encrypt_last_block_ghash:
         pxor	%xmm7, %xmm5
         pxor	%xmm4, %xmm5
         pxor	%xmm5, %xmm2
-L_AES_GCM_encrypt_last_block_done:
+L_AES_GCM_encrypt_aesni_last_block_done:
         movl	152(%esp), %ecx
         movl	%ecx, %edx
         andl	$15, %ecx
-        jz	L_AES_GCM_encrypt_aesenc_last15_enc_avx_done
+        jz	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done
         movdqu	64(%esp), %xmm0
         pshufb	L_aes_gcm_bswap_epi64, %xmm0
         pxor	(%ebp), %xmm0
@@ -1333,21 +1333,21 @@ L_AES_GCM_encrypt_last_block_done:
         aesenc	144(%ebp), %xmm0
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	176(%ebp), %xmm0
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	208(%ebp), %xmm0
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last:
         aesenclast	%xmm5, %xmm0
         subl	$16, %esp
         xorl	%ecx, %ecx
         movdqu	%xmm0, (%esp)
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_loop:
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop:
         movzbl	(%esi,%ebx,1), %eax
         xorb	(%esp,%ecx,1), %al
         movb	%al, (%edi,%ebx,1)
@@ -1355,16 +1355,16 @@ L_AES_GCM_encrypt_aesenc_last15_enc_avx_loop:
         incl	%ebx
         incl	%ecx
         cmpl	%edx, %ebx
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_loop
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop
         xorl	%eax, %eax
         cmpl	$16, %ecx
-        je	L_AES_GCM_encrypt_aesenc_last15_enc_avx_finish_enc
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_byte_loop:
+        je	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop:
         movb	%al, (%esp,%ecx,1)
         incl	%ecx
         cmpl	$16, %ecx
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_byte_loop
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_finish_enc:
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc:
         movdqu	(%esp), %xmm0
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm0
@@ -1408,8 +1408,8 @@ L_AES_GCM_encrypt_aesenc_last15_enc_avx_finish_enc:
         pxor	%xmm7, %xmm5
         pxor	%xmm4, %xmm5
         pxor	%xmm5, %xmm2
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_done:
-L_AES_GCM_encrypt_done_enc:
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done:
+L_AES_GCM_encrypt_aesni_done_enc:
         movl	148(%esp), %edi
         movl	164(%esp), %ebx
         movl	152(%esp), %edx
@@ -1468,31 +1468,31 @@ L_AES_GCM_encrypt_done_enc:
         movdqu	80(%esp), %xmm4
         pxor	%xmm2, %xmm4
         cmpl	$16, %ebx
-        je	L_AES_GCM_encrypt_store_tag_16
+        je	L_AES_GCM_encrypt_aesni_store_tag_16
         xorl	%ecx, %ecx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_encrypt_store_tag_loop:
+L_AES_GCM_encrypt_aesni_store_tag_loop:
         movzbl	(%esp,%ecx,1), %eax
         movb	%al, (%edi,%ecx,1)
         incl	%ecx
         cmpl	%ebx, %ecx
-        jne	L_AES_GCM_encrypt_store_tag_loop
-        jmp	L_AES_GCM_encrypt_store_tag_done
-L_AES_GCM_encrypt_store_tag_16:
+        jne	L_AES_GCM_encrypt_aesni_store_tag_loop
+        jmp	L_AES_GCM_encrypt_aesni_store_tag_done
+L_AES_GCM_encrypt_aesni_store_tag_16:
         movdqu	%xmm4, (%edi)
-L_AES_GCM_encrypt_store_tag_done:
+L_AES_GCM_encrypt_aesni_store_tag_done:
         addl	$0x70, %esp
         popl	%ebp
         popl	%edi
         popl	%esi
         popl	%ebx
         ret
-.size	AES_GCM_encrypt,.-AES_GCM_encrypt
+.size	AES_GCM_encrypt_aesni,.-AES_GCM_encrypt_aesni
 .text
-.globl	AES_GCM_decrypt
-.type	AES_GCM_decrypt,@function
+.globl	AES_GCM_decrypt_aesni
+.type	AES_GCM_decrypt_aesni,@function
 .align	16
-AES_GCM_decrypt:
+AES_GCM_decrypt_aesni:
         pushl	%ebx
         pushl	%esi
         pushl	%edi
@@ -1504,7 +1504,7 @@ AES_GCM_decrypt:
         pxor	%xmm0, %xmm0
         pxor	%xmm2, %xmm2
         cmpl	$12, %edx
-        jne	L_AES_GCM_decrypt_iv_not_12
+        jne	L_AES_GCM_decrypt_aesni_iv_not_12
         # # Calculate values when IV is 12 bytes
         # Set counter based on IV
         movl	$0x1000000, %ecx
@@ -1545,7 +1545,7 @@ AES_GCM_decrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_calc_iv_12_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	176(%ebp), %xmm3
@@ -1553,20 +1553,20 @@ AES_GCM_decrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_calc_iv_12_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	208(%ebp), %xmm3
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_decrypt_calc_iv_12_last:
+L_AES_GCM_decrypt_aesni_calc_iv_12_last:
         aesenclast	%xmm3, %xmm1
         aesenclast	%xmm3, %xmm5
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         movdqu	%xmm5, 80(%esp)
-        jmp	L_AES_GCM_decrypt_iv_done
-L_AES_GCM_decrypt_iv_not_12:
+        jmp	L_AES_GCM_decrypt_aesni_iv_done
+L_AES_GCM_decrypt_aesni_iv_not_12:
         # Calculate values when IV is not 12 bytes
         # H = Encrypt X(=0)
         movdqa	(%ebp), %xmm1
@@ -1581,27 +1581,27 @@ L_AES_GCM_decrypt_iv_not_12:
         aesenc	144(%ebp), %xmm1
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	176(%ebp), %xmm1
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	208(%ebp), %xmm1
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_calc_iv_1_aesenc_avx_last:
+L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last:
         aesenclast	%xmm5, %xmm1
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         # Calc counter
         # Initialization vector
         cmpl	$0x00, %edx
         movl	$0x00, %ecx
-        je	L_AES_GCM_decrypt_calc_iv_done
+        je	L_AES_GCM_decrypt_aesni_calc_iv_done
         cmpl	$16, %edx
-        jl	L_AES_GCM_decrypt_calc_iv_lt16
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_decrypt_calc_iv_16_loop:
+L_AES_GCM_decrypt_aesni_calc_iv_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm0
@@ -1661,22 +1661,22 @@ L_AES_GCM_decrypt_calc_iv_16_loop:
         pxor	%xmm6, %xmm0
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_iv_16_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_16_loop
         movl	224(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_decrypt_calc_iv_done
-L_AES_GCM_decrypt_calc_iv_lt16:
+        je	L_AES_GCM_decrypt_aesni_calc_iv_done
+L_AES_GCM_decrypt_aesni_calc_iv_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_decrypt_calc_iv_loop:
+L_AES_GCM_decrypt_aesni_calc_iv_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_iv_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -1735,7 +1735,7 @@ L_AES_GCM_decrypt_calc_iv_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm0
-L_AES_GCM_decrypt_calc_iv_done:
+L_AES_GCM_decrypt_aesni_calc_iv_done:
         # T = Encrypt counter
         pxor	%xmm4, %xmm4
         shll	$3, %edx
@@ -1810,29 +1810,29 @@ L_AES_GCM_decrypt_calc_iv_done:
         aesenc	144(%ebp), %xmm4
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_calc_iv_2_aesenc_avx_last:
+L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last:
         aesenclast	%xmm5, %xmm4
         movdqu	%xmm4, 80(%esp)
-L_AES_GCM_decrypt_iv_done:
+L_AES_GCM_decrypt_aesni_iv_done:
         movl	204(%esp), %esi
         # Additional authentication data
         movl	220(%esp), %edx
         cmpl	$0x00, %edx
-        je	L_AES_GCM_decrypt_calc_aad_done
+        je	L_AES_GCM_decrypt_aesni_calc_aad_done
         xorl	%ecx, %ecx
         cmpl	$16, %edx
-        jl	L_AES_GCM_decrypt_calc_aad_lt16
+        jl	L_AES_GCM_decrypt_aesni_calc_aad_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_decrypt_calc_aad_16_loop:
+L_AES_GCM_decrypt_aesni_calc_aad_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm2
@@ -1892,22 +1892,22 @@ L_AES_GCM_decrypt_calc_aad_16_loop:
         pxor	%xmm6, %xmm2
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_aad_16_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_aad_16_loop
         movl	220(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_decrypt_calc_aad_done
-L_AES_GCM_decrypt_calc_aad_lt16:
+        je	L_AES_GCM_decrypt_aesni_calc_aad_done
+L_AES_GCM_decrypt_aesni_calc_aad_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_decrypt_calc_aad_loop:
+L_AES_GCM_decrypt_aesni_calc_aad_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_aad_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_aad_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -1966,7 +1966,7 @@ L_AES_GCM_decrypt_calc_aad_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm2
-L_AES_GCM_decrypt_calc_aad_done:
+L_AES_GCM_decrypt_aesni_calc_aad_done:
         movdqu	%xmm2, 96(%esp)
         movl	196(%esp), %esi
         movl	200(%esp), %edi
@@ -1987,7 +1987,7 @@ L_AES_GCM_decrypt_calc_aad_done:
         xorl	%ebx, %ebx
         cmpl	$0x40, 216(%esp)
         movl	216(%esp), %eax
-        jl	L_AES_GCM_decrypt_done_64
+        jl	L_AES_GCM_decrypt_aesni_done_64
         andl	$0xffffffc0, %eax
         movdqa	%xmm2, %xmm6
         # H ^ 1
@@ -2116,8 +2116,8 @@ L_AES_GCM_decrypt_calc_aad_done:
         pxor	%xmm5, %xmm3
         movdqu	%xmm3, 48(%esp)
         cmpl	%esi, %edi
-        jne	L_AES_GCM_decrypt_ghash_64
-L_AES_GCM_decrypt_ghash_64_inplace:
+        jne	L_AES_GCM_decrypt_aesni_ghash_64
+L_AES_GCM_decrypt_aesni_ghash_64_inplace:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         # Encrypt 64 bytes of counter
@@ -2188,7 +2188,7 @@ L_AES_GCM_decrypt_ghash_64_inplace:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2200,7 +2200,7 @@ L_AES_GCM_decrypt_ghash_64_inplace:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2211,7 +2211,7 @@ L_AES_GCM_decrypt_ghash_64_inplace:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done:
+L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%ecx), %xmm0
@@ -2328,9 +2328,9 @@ L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done:
         movdqu	%xmm6, 96(%esp)
         addl	$0x40, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_decrypt_ghash_64_inplace
-        jmp	L_AES_GCM_decrypt_ghash_64_done
-L_AES_GCM_decrypt_ghash_64:
+        jl	L_AES_GCM_decrypt_aesni_ghash_64_inplace
+        jmp	L_AES_GCM_decrypt_aesni_ghash_64_done
+L_AES_GCM_decrypt_aesni_ghash_64:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         # Encrypt 64 bytes of counter
@@ -2401,7 +2401,7 @@ L_AES_GCM_decrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2413,7 +2413,7 @@ L_AES_GCM_decrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2424,7 +2424,7 @@ L_AES_GCM_decrypt_ghash_64:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_decrypt_aesenc_64_ghash_avx_done:
+L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%ecx), %xmm0
@@ -2541,19 +2541,19 @@ L_AES_GCM_decrypt_aesenc_64_ghash_avx_done:
         movdqu	%xmm6, 96(%esp)
         addl	$0x40, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_decrypt_ghash_64
-L_AES_GCM_decrypt_ghash_64_done:
+        jl	L_AES_GCM_decrypt_aesni_ghash_64
+L_AES_GCM_decrypt_aesni_ghash_64_done:
         movdqa	%xmm6, %xmm2
         movdqu	(%esp), %xmm1
-L_AES_GCM_decrypt_done_64:
+L_AES_GCM_decrypt_aesni_done_64:
         movl	216(%esp), %edx
         cmpl	%edx, %ebx
-        jge	L_AES_GCM_decrypt_done_dec
+        jge	L_AES_GCM_decrypt_aesni_done_dec
         movl	216(%esp), %eax
         andl	$0xfffffff0, %eax
         cmpl	%eax, %ebx
-        jge	L_AES_GCM_decrypt_last_block_done
-L_AES_GCM_decrypt_last_block_start:
+        jge	L_AES_GCM_decrypt_aesni_last_block_done
+L_AES_GCM_decrypt_aesni_last_block_start:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         movdqu	(%ecx), %xmm5
@@ -2601,28 +2601,28 @@ L_AES_GCM_decrypt_last_block_start:
         pxor	%xmm5, %xmm2
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_aesenc_gfmul_last:
+L_AES_GCM_decrypt_aesni_aesenc_gfmul_last:
         aesenclast	%xmm5, %xmm4
         movdqu	(%ecx), %xmm5
         pxor	%xmm5, %xmm4
         movdqu	%xmm4, (%edx)
         addl	$16, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_decrypt_last_block_start
-L_AES_GCM_decrypt_last_block_done:
+        jl	L_AES_GCM_decrypt_aesni_last_block_start
+L_AES_GCM_decrypt_aesni_last_block_done:
         movl	216(%esp), %ecx
         movl	%ecx, %edx
         andl	$15, %ecx
-        jz	L_AES_GCM_decrypt_aesenc_last15_dec_avx_done
+        jz	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done
         movdqu	64(%esp), %xmm0
         pshufb	L_aes_gcm_bswap_epi64, %xmm0
         pxor	(%ebp), %xmm0
@@ -2637,23 +2637,23 @@ L_AES_GCM_decrypt_last_block_done:
         aesenc	144(%ebp), %xmm0
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_last15_dec_avx_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	176(%ebp), %xmm0
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_last15_dec_avx_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	208(%ebp), %xmm0
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_aesenc_last15_dec_avx_aesenc_avx_last:
+L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last:
         aesenclast	%xmm5, %xmm0
         subl	$32, %esp
         xorl	%ecx, %ecx
         movdqu	%xmm0, (%esp)
         pxor	%xmm4, %xmm4
         movdqu	%xmm4, 16(%esp)
-L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop:
+L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop:
         movzbl	(%esi,%ebx,1), %eax
         movb	%al, 16(%esp,%ecx,1)
         xorb	(%esp,%ecx,1), %al
@@ -2661,7 +2661,7 @@ L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop:
         incl	%ebx
         incl	%ecx
         cmpl	%edx, %ebx
-        jl	L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop
+        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop
         movdqu	16(%esp), %xmm0
         addl	$32, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm0
@@ -2705,8 +2705,8 @@ L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop:
         pxor	%xmm7, %xmm5
         pxor	%xmm4, %xmm5
         pxor	%xmm5, %xmm2
-L_AES_GCM_decrypt_aesenc_last15_dec_avx_done:
-L_AES_GCM_decrypt_done_dec:
+L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done:
+L_AES_GCM_decrypt_aesni_done_dec:
         movl	212(%esp), %esi
         movl	228(%esp), %ebp
         movl	216(%esp), %edx
@@ -2766,24 +2766,24 @@ L_AES_GCM_decrypt_done_dec:
         pxor	%xmm2, %xmm4
         movl	240(%esp), %edi
         cmpl	$16, %ebp
-        je	L_AES_GCM_decrypt_cmp_tag_16
+        je	L_AES_GCM_decrypt_aesni_cmp_tag_16
         subl	$16, %esp
         xorl	%ecx, %ecx
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_decrypt_cmp_tag_loop:
+L_AES_GCM_decrypt_aesni_cmp_tag_loop:
         movzbl	(%esp,%ecx,1), %eax
         xorb	(%esi,%ecx,1), %al
         orb	%al, %bl
         incl	%ecx
         cmpl	%ebp, %ecx
-        jne	L_AES_GCM_decrypt_cmp_tag_loop
+        jne	L_AES_GCM_decrypt_aesni_cmp_tag_loop
         cmpb	$0x00, %bl
         sete	%bl
         addl	$16, %esp
         xorl	%ecx, %ecx
-        jmp	L_AES_GCM_decrypt_cmp_tag_done
-L_AES_GCM_decrypt_cmp_tag_16:
+        jmp	L_AES_GCM_decrypt_aesni_cmp_tag_done
+L_AES_GCM_decrypt_aesni_cmp_tag_16:
         movdqu	(%esi), %xmm5
         pcmpeqb	%xmm5, %xmm4
         pmovmskb	%xmm4, %edx
@@ -2791,7 +2791,7 @@ L_AES_GCM_decrypt_cmp_tag_16:
         xorl	%ebx, %ebx
         cmpl	$0xffff, %edx
         sete	%bl
-L_AES_GCM_decrypt_cmp_tag_done:
+L_AES_GCM_decrypt_aesni_cmp_tag_done:
         movl	%ebx, (%edi)
         addl	$0xb0, %esp
         popl	%ebp
@@ -2799,7 +2799,7 @@ L_AES_GCM_decrypt_cmp_tag_done:
         popl	%esi
         popl	%ebx
         ret
-.size	AES_GCM_decrypt,.-AES_GCM_decrypt
+.size	AES_GCM_decrypt_aesni,.-AES_GCM_decrypt_aesni
 #ifdef WOLFSSL_AESGCM_STREAM
 .text
 .globl	AES_GCM_init_aesni
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c b/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c
index 6147dea8..ac509958 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c
@@ -99,6 +99,7 @@ ASN Options:
  * WOLFSSL_ALLOW_ENCODING_CA_FALSE: Allow encoding BasicConstraints CA:FALSE
  *  which is discouraged by X.690 specification - default values shall not
  *  be encoded.
+ * NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check.
 */
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -1064,6 +1065,16 @@ static int GetASN_Integer(const byte* input, word32 idx, int length,
         #endif
         }
     }
+    /* check for invalid padding on negative integer.
+     * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
+     */
+    else if ((length > 1) && (input[idx] == 0xff) &&
+             ((input[idx + 1] & 0x80) != 0)) {
+        WOLFSSL_MSG("Bad INTEGER encoding of negative");
+    #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
+        return ASN_EXPECT_0_E;
+    #endif /* WOLFSSL_ASN_INT_LEAD_0_ANY */
+    }
     /* Check whether a leading zero byte was required. */
     else if (positive && (input[idx] & 0x80)) {
         WOLFSSL_MSG("INTEGER is negative");
@@ -1115,6 +1126,100 @@ static int GetASN_BitString(const byte* input, word32 idx, int length)
     return 0;
 }
 
+#ifndef WOLFSSL_NO_ASN_STRICT
+/* Check a UTF8STRING's data is valid.
+ *
+ * @param [in] input   BER encoded data.
+ * @param [in] idx     Index of UTF8STRING data.
+ * @param [in] length  Length of input data.
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when data is invalid.
+ */
+static int GetASN_UTF8String(const byte* input, word32 idx, int length)
+{
+    int ret = 0;
+    word32 i = 0;
+
+    while ((ret == 0) && ((int)i < length)) {
+        int cnt;
+
+        /* Check code points and get count of following bytes. */
+        if ((input[idx + i] & 0x80) == 0x00) {
+            cnt = 0;
+        }
+        else if ((input[idx + i] & 0xe0) == 0xc0) {
+            cnt = 1;
+        }
+        else if ((input[idx + i] & 0xf0) == 0xe0) {
+            cnt = 2;
+        }
+        else if ((input[idx + i] & 0xf8) == 0xf0) {
+            cnt = 3;
+        }
+        else {
+            WOLFSSL_MSG("Invalid character in UTF8STRING\n");
+            ret = ASN_PARSE_E;
+            break;
+        }
+
+        /* Have checked first byte. */
+        i++;
+        /* Check each following byte. */
+        for (; cnt > 0; cnt--) {
+            /* Check we have enough data. */
+            if ((int)i == length) {
+                WOLFSSL_MSG("Missing character in UTF8STRING\n");
+                ret = ASN_PARSE_E;
+                break;
+            }
+            /* Check following byte has top bit set. */
+            if ((input[idx + i] & 0x80) != 0x80) {
+                WOLFSSL_MSG("Invalid character in UTF8STRING\n");
+                ret = ASN_PARSE_E;
+                break;
+            }
+            i++;
+        }
+    }
+
+    return ret;
+}
+#endif
+
+/* Check an OBJECT IDENTIFIER's data is valid.
+ *
+ * X.690 8.19
+ *
+ * @param [in] input   BER encoded data.
+ * @param [in] idx     Index of OBJECT IDENTIFIER data.
+ * @param [in] length  Length of input data.
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when data is invalid.
+ */
+static int GetASN_ObjectId(const byte* input, word32 idx, int length)
+{
+    int ret = 0;
+
+    /* OID data must be at least 3 bytes. */
+    if (length < 3) {
+    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", len);
+    #else
+        WOLFSSL_MSG("OID length less than 3");
+    #endif
+        ret = ASN_PARSE_E;
+    }
+    /* Last octet of a subidentifier has bit 8 clear. Last octet must be last
+     * of a subidentifier. Ensure last octet hasn't got top bit set indicating.
+     */
+    else if ((input[(int)idx + length - 1] & 0x80) != 0x00) {
+        WOLFSSL_MSG("OID last octet has top bit set");
+        ret = ASN_PARSE_E;
+    }
+
+    return ret;
+}
+
 /* Get the ASN.1 items from the BER encoding.
  *
  * @param [in] asn         ASN.1 item expected.
@@ -1383,9 +1488,8 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
     int    len;
     /* Current index into buffer. */
     word32 idx = *inOutIdx;
-    /* Initialize the end index at each depth to be the length. */
-    word32 endIdx[GET_ASN_MAX_DEPTH] = { length, length, length, length, length,
-                                         length, length };
+    /* Declare the end index array. */
+    word32 endIdx[GET_ASN_MAX_DEPTH];
     /* Set choices to -1 to indicate they haven't been seen or found. */
     signed char   choiceMet[GET_ASN_MAX_CHOICES] = { -1, -1 };
     /* Not matching a choice right now. */
@@ -1401,6 +1505,11 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
     WOLFSSL_ENTER("GetASN_Items");
 #endif
 
+    /* Set the end index at each depth to be the length. */
+    for (i=0; i<GET_ASN_MAX_DEPTH; i++) {
+        endIdx[i] = length;
+    }
+
     /* Start depth at first items depth. */
     minDepth = depth = asn[0].depth;
     /* Check every ASN.1 item. */
@@ -1576,11 +1685,20 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
             idx++;
             len--;
         }
-        else if ((asn[i].tag == ASN_OBJECT_ID) && (len < 3)) {
-        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
-            WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", len);
-        #endif
-            return ASN_PARSE_E;
+    #ifndef WOLFSSL_NO_ASN_STRICT
+        else if ((asn[i].tag == ASN_UTF8STRING) ||
+                 (data[i].tag == ASN_UTF8STRING)) {
+            /* Check validity of data. */
+            err = GetASN_UTF8String(input, idx, len);
+            if (err != 0)
+                return err;
+        }
+    #endif
+        else if (asn[i].tag == ASN_OBJECT_ID) {
+            /* Check validity of data. */
+            err = GetASN_ObjectId(input, idx, len);
+            if (err != 0)
+                return err;
         }
 
         /* Don't parse data if only header required. */
@@ -2874,7 +2992,7 @@ const char* GetSigName(int oid) {
 #if !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_CERTS) || \
    (!defined(NO_RSA) && \
         (defined(WOLFSSL_CERT_GEN) || \
-        ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))))
+        ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)))))
 /* Set the DER/BER encoding of the ASN.1 INTEGER header.
  *
  * When output is NULL, calculate the header length only.
@@ -2923,7 +3041,7 @@ int SetASNInt(int len, byte firstByte, byte* output)
 #if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_CERT_GEN) && \
     !defined(NO_RSA)) || ((defined(WOLFSSL_KEY_GEN) || \
     (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
-    defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
+    defined(OPENSSL_EXTRA)) && !defined(NO_RSA))
 /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
  * The number is assumed to be positive.
  *
@@ -2959,41 +3077,6 @@ static int SetASNIntMP(mp_int* n, int maxSz, byte* output)
     return idx;
 }
 #endif
-
-#if !defined(NO_RSA) && defined(HAVE_USER_RSA) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA))
-/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int from
- * an RSA key.
- * The number is assumed to be positive.
- *
- * n       Multi-precision integer to encode.
- * output  Buffer to write into.
- * returns BUFFER_E when the data is too long for the buffer.
- *         MP_TO_E when encoding the integer fails.
- *         Otherwise, the number of bytes added to the buffer.
- */
-static int SetASNIntRSA(void* n, byte* output)
-{
-    int idx = 0;
-    int leadingBit;
-    int length;
-
-    leadingBit = wc_Rsa_leading_bit(n);
-    length = wc_Rsa_unsigned_bin_size(n);
-    idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output);
-    if ((idx + length) > MAX_RSA_INT_SZ)
-        return BUFFER_E;
-
-    if (output) {
-        int err = wc_Rsa_to_unsigned_bin(n, output + idx, length);
-        if (err != MP_OKAY)
-            return MP_TO_E;
-    }
-    idx += length;
-
-    return idx;
-}
-#endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */
 #endif /* !WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -3048,7 +3131,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx,
 #else
     ASNGetData dataASN[intASN_Length];
     int ret;
-    byte num;
+    byte num = 0;
 
     /* Clear dynamic data and set the version number variable. */
     XMEMSET(dataASN, 0, sizeof(dataASN));
@@ -3115,7 +3198,7 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
 #else
     ASNGetData dataASN[intASN_Length];
     int ret;
-    word32 num;
+    word32 num = 0;
 
     /* Clear dynamic data and set the 32-bit number variable. */
     XMEMSET(dataASN, 0, sizeof(dataASN));
@@ -3315,7 +3398,7 @@ static int GetIntPositive(mp_int* mpi, const byte* input, word32* inOutIdx,
 #endif /* (ECC || !NO_DSA) && !WOLFSSL_ASN_TEMPLATE */
 
 #ifndef WOLFSSL_ASN_TEMPLATE
-#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || !defined(NO_DSA)
+#if !defined(NO_RSA) || !defined(NO_DSA)
 static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx)
 {
     word32 idx = *inOutIdx;
@@ -3444,7 +3527,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len,
 
 /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 OR ED448 (with CertGen or
  * KeyGen) */
-#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
+#if (!defined(NO_RSA) && \
      (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
       defined(OPENSSL_EXTRA))) || \
     (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \
@@ -3494,6 +3577,72 @@ word32 SetBitString(word32 len, byte unusedBits, byte* output)
 #endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
 
 #ifdef ASN_BER_TO_DER
+
+#ifndef BER_OCTET_LENGTH
+    #define BER_OCTET_LENGTH 4096
+#endif
+
+/* sets the terminating 0x00 0x00 at the end of an indefinite length
+ * returns the number of bytes written */
+word32 SetIndefEnd(byte* output)
+{
+    byte terminate[ASN_INDEF_END_SZ] = { 0x00, 0x00 };
+
+    if (output != NULL) {
+        XMEMCPY(output, terminate, ASN_INDEF_END_SZ);
+    }
+
+    return (word32)ASN_INDEF_END_SZ;
+}
+
+
+/* Breaks an octet string up into chunks for use with streaming
+ * returns 0 on success and updates idx */
+int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz,
+    word32* idx)
+{
+    word32 i  = 0;
+    word32 outIdx = *idx;
+    byte* tmp = out;
+
+    if (tmp) tmp += outIdx;
+
+    while (i < inBufSz) {
+        word32 ret, sz;
+
+        sz = BER_OCTET_LENGTH;
+
+        if ((sz + i) > inBufSz) {
+            sz = inBufSz - i;
+        }
+
+        ret = SetOctetString(sz, tmp);
+        if (ret > 0) {
+            outIdx += ret;
+        }
+
+        if (tmp) {
+            if ((word32)ret + sz + i + outIdx > *outSz) {
+                return BUFFER_E;
+            }
+            XMEMCPY(tmp + ret, inBuf + i, sz);
+            tmp += sz + ret;
+        }
+        outIdx += sz;
+        i      += sz;
+    }
+
+    if (tmp) {
+        *idx = outIdx;
+        return 0;
+    }
+    else {
+        *outSz = outIdx;
+        return LENGTH_ONLY_E;
+    }
+}
+
+
 /* Convert BER to DER */
 
 /* Pull informtation from the ASN.1 BER encoded item header */
@@ -4053,11 +4202,11 @@ static word32 SetBitString16Bit(word16 val, byte* output)
 #endif /* HAVE_ED448 */
 #ifdef HAVE_PQC
 #ifdef HAVE_FALCON
-    /* Falcon Level 1: 1 3 9999 3 1 */
-    static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
+    /* Falcon Level 1: 1 3 9999 3 6 */
+    static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
 
-    /* Falcon Level 5: 1 3 9999 3 4 */
-    static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
+    /* Falcon Level 5: 1 3 9999 3 9 */
+    static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FACON */
 #ifdef HAVE_DILITHIUM
     /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
@@ -4129,11 +4278,11 @@ static word32 SetBitString16Bit(word16 val, byte* output)
 #endif /* !NO_DH */
 #ifdef HAVE_PQC
 #ifdef HAVE_FALCON
-    /* Falcon Level 1: 1 3 9999 3 1 */
-    static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
+    /* Falcon Level 1: 1 3 9999 3 6 */
+    static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
 
-    /* Falcon Level 5: 1 3 9999 3 4 */
-    static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
+    /* Falcon Level 5: 1 3 9999 3 9 */
+    static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
     /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
@@ -6335,7 +6484,6 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
 }
 #endif /* WC_RSA_PSS */
 
-#ifndef HAVE_USER_RSA
 #if defined(WOLFSSL_ASN_TEMPLATE) || (!defined(NO_CERTS) && \
     (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
      defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)))
@@ -6673,8 +6821,6 @@ int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, int* keySz,
 {
     return _RsaPrivateKeyDecode(input, inOutIdx, NULL, keySz, inSz);
 }
-
-#endif /* HAVE_USER_RSA */
 #endif /* NO_RSA */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -6800,7 +6946,7 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
     DECL_ASNGETDATA(dataASN, pkcs8KeyASN_Length);
     int ret = 0;
     word32 oid = 9;
-    byte version;
+    byte version = 0;
     word32 idx;
 
     /* Check validity of parameters. */
@@ -7220,12 +7366,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
 
             if ((ret = wc_RsaPublicKeyDecode(pubKey, &keyIdx, b,
                     pubKeySz)) == 0) {
-                /* limit for user RSA crypto because of RsaKey
-                 * dereference. */
-            #if defined(HAVE_USER_RSA)
-                WOLFSSL_MSG("Cannot verify RSA pair with user RSA");
-                ret = 1; /* return first RSA cert as match */
-            #else
                 /* both keys extracted successfully now check n and e
                  * values are the same. This is dereferencing RsaKey */
                 if (mp_cmp(&(a->n), &(b->n)) != MP_EQ ||
@@ -7235,7 +7375,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
                 }
                 else
                     ret = 1;
-            #endif
             }
             else {
                 WOLFSSL_ERROR_VERBOSE(ret);
@@ -8725,7 +8864,7 @@ exit_dc:
     int    version;
     word32 idx = 0;
     word32 pIdx = 0;
-    word32 iterations;
+    word32 iterations = 0;
     word32 keySz = 0;
     word32 saltSz = 0;
     word32 shaOid = 0;
@@ -9230,7 +9369,6 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
 #ifndef NO_RSA
 
-#ifndef HAVE_USER_RSA
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 /* This function is to retrieve key position information in a cert.*
  * The information will be used to call TSIP TLS-linked API for    *
@@ -9582,7 +9720,6 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
 
     return ret;
 }
-#endif /* HAVE_USER_RSA */
 #endif /* !NO_RSA */
 
 #ifndef NO_DH
@@ -12637,6 +12774,17 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
     (((id) - 3) >= 0 && ((id) - 3) < certNameSubjectSz && \
             (certNameSubject[(id) - 3].strLen > 0))
 
+/* Set the string for a name component into the issuer name. */
+#define SetCertNameIssuer(cert, id, val) \
+    *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = (val)
+/* Set the string length for a name component into the issuer name. */
+#define SetCertNameIssuerLen(cert, id, val) \
+    *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].lenI)) = (int)(val)
+/* Set the encoding for a name component into the issuer name. */
+#define SetCertNameIssuerEnc(cert, id, val) \
+    *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].encI)) = (val)
+
+
 /* Mapping of certificate name component to useful information. */
 typedef struct CertNameData {
     /* Type string of name component. */
@@ -12650,6 +12798,14 @@ typedef struct CertNameData {
     size_t      len;
     /* Offset of encoding in subject name component. */
     size_t      enc;
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+    /* Offset of data in subject name component. */
+    size_t      dataI;
+    /* Offset of length in subject name component. */
+    size_t      lenI;
+    /* Offset of encoding in subject name component. */
+    size_t      encI;
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
     /* NID of type for subject name component. */
@@ -12666,6 +12822,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectCN),
         OFFSETOF(DecodedCert, subjectCNLen),
         OFFSETOF(DecodedCert, subjectCNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerCN),
+        OFFSETOF(DecodedCert, issuerCNLen),
+        OFFSETOF(DecodedCert, issuerCNEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_commonName
@@ -12678,6 +12839,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectSN),
         OFFSETOF(DecodedCert, subjectSNLen),
         OFFSETOF(DecodedCert, subjectSNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerSN),
+        OFFSETOF(DecodedCert, issuerSNLen),
+        OFFSETOF(DecodedCert, issuerSNEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_surname
@@ -12690,6 +12856,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectSND),
         OFFSETOF(DecodedCert, subjectSNDLen),
         OFFSETOF(DecodedCert, subjectSNDEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerSND),
+        OFFSETOF(DecodedCert, issuerSNDLen),
+        OFFSETOF(DecodedCert, issuerSNDEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_serialNumber
@@ -12702,6 +12873,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectC),
         OFFSETOF(DecodedCert, subjectCLen),
         OFFSETOF(DecodedCert, subjectCEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerC),
+        OFFSETOF(DecodedCert, issuerCLen),
+        OFFSETOF(DecodedCert, issuerCEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_countryName
@@ -12714,6 +12890,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectL),
         OFFSETOF(DecodedCert, subjectLLen),
         OFFSETOF(DecodedCert, subjectLEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerL),
+        OFFSETOF(DecodedCert, issuerLLen),
+        OFFSETOF(DecodedCert, issuerLEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_localityName
@@ -12726,6 +12907,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectST),
         OFFSETOF(DecodedCert, subjectSTLen),
         OFFSETOF(DecodedCert, subjectSTEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerST),
+        OFFSETOF(DecodedCert, issuerSTLen),
+        OFFSETOF(DecodedCert, issuerSTEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_stateOrProvinceName
@@ -12738,6 +12924,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectStreet),
         OFFSETOF(DecodedCert, subjectStreetLen),
         OFFSETOF(DecodedCert, subjectStreetEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_streetAddress
@@ -12750,6 +12941,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectO),
         OFFSETOF(DecodedCert, subjectOLen),
         OFFSETOF(DecodedCert, subjectOEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerO),
+        OFFSETOF(DecodedCert, issuerOLen),
+        OFFSETOF(DecodedCert, issuerOEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_organizationName
@@ -12762,6 +12958,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectOU),
         OFFSETOF(DecodedCert, subjectOULen),
         OFFSETOF(DecodedCert, subjectOUEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        OFFSETOF(DecodedCert, issuerOU),
+        OFFSETOF(DecodedCert, issuerOULen),
+        OFFSETOF(DecodedCert, issuerOUEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_organizationalUnitName
@@ -12774,6 +12975,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12786,6 +12992,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12798,6 +13009,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12810,6 +13026,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectBC),
         OFFSETOF(DecodedCert, subjectBCLen),
         OFFSETOF(DecodedCert, subjectBCEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_businessCategory
@@ -12822,6 +13043,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12834,6 +13060,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectPC),
         OFFSETOF(DecodedCert, subjectPCLen),
         OFFSETOF(DecodedCert, subjectPCEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_postalCode
@@ -12846,6 +13077,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectUID),
         OFFSETOF(DecodedCert, subjectUIDLen),
         OFFSETOF(DecodedCert, subjectUIDEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_userId
@@ -12859,6 +13095,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectN),
         OFFSETOF(DecodedCert, subjectNLen),
         OFFSETOF(DecodedCert, subjectNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_name
@@ -12871,6 +13112,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectGN),
         OFFSETOF(DecodedCert, subjectGNLen),
         OFFSETOF(DecodedCert, subjectGNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_givenName
@@ -12883,6 +13129,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectI),
         OFFSETOF(DecodedCert, subjectILen),
         OFFSETOF(DecodedCert, subjectIEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_initials
@@ -12895,6 +13146,11 @@ static const CertNameData certNameSubject[] = {
         OFFSETOF(DecodedCert, subjectDNQ),
         OFFSETOF(DecodedCert, subjectDNQLen),
         OFFSETOF(DecodedCert, subjectDNQEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
         NID_dnQualifier
@@ -12906,6 +13162,7 @@ static const CertNameData certNameSubject[] = {
 static const int certNameSubjectSz =
         (int) (sizeof(certNameSubject) / sizeof(CertNameData));
 
+
 /* ASN.1 template for an RDN.
  * X.509: RFC 5280, 4.1.2.4 - RelativeDistinguishedName
  */
@@ -12946,7 +13203,7 @@ static const byte rdnChoice[] = {
 static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 {
     int ret = 0;
-    size_t nameSz;
+    size_t nameSz = 0;
     char tmpName[WOLFSSL_MAX_IPSTR] = {0};
     unsigned char* ip;
 
@@ -13246,6 +13503,43 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen,
     return ret;
 }
 
+#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
+    defined(WOLFSSL_HAVE_ISSUER_NAMES)
+/* Set the details of an issuer name component into a certificate.
+ *
+ * @param [in, out] cert    Certificate object.
+ * @param [in]      id      Id of component.
+ * @param [in]      str     String for component.
+ * @param [in]      strLen  Length of string.
+ * @param [in]      tag     BER tag representing encoding of string.
+ * @return  0 on success, negative values on failure.
+ */
+static int SetIssuer(DecodedCert* cert, int id, byte* str, int strLen,
+                      byte tag)
+{
+    int ret = 0;
+
+    /* Put string and encoding into certificate. */
+    if (id == ASN_COMMON_NAME) {
+        cert->issuerCN = (char *)str;
+        cert->issuerCNLen = (int)strLen;
+        cert->issuerCNEnc = (char)tag;
+    }
+    else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) {
+        /* Use table and offsets to put data into appropriate fields. */
+        SetCertNameIssuer(cert, id, (char*)str);
+        SetCertNameIssuerLen(cert, id, strLen);
+        SetCertNameIssuerEnc(cert, id, tag);
+    }
+    else if (id == ASN_EMAIL) {
+        cert->issuerEmail = (char*)str;
+        cert->issuerEmailLen = strLen;
+    }
+
+    return ret;
+}
+#endif
+
 /* Get a RelativeDistinguishedName from the encoding and put in certificate.
  *
  * @param [in, out] cert       Certificate object.
@@ -13378,6 +13672,13 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
             /* Store subject field components. */
             ret = SetSubject(cert, id, str, (int)strLen, tag);
         }
+    #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
+        defined(WOLFSSL_HAVE_ISSUER_NAMES)
+        /* Put issuer common name string and encoding into certificate. */
+        else {
+            ret = SetIssuer(cert, id, str, (int)strLen, tag);
+        }
+    #endif
         if (ret == 0) {
             /* Check there is space for this in the full name string and
              * terminating NUL character. */
@@ -14717,12 +15018,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
     (void)tmpTime;
 
     ltime = wc_Time(0);
-    if (sizeof(ltime) == sizeof(word32) && (int)ltime < 0){
+#ifndef NO_TIME_SIGNEDNESS_CHECK
+    if (sizeof(ltime) == sizeof(word32) && (sword32)ltime < 0){
         /* A negative response here could be due to a 32-bit time_t
          * where the year is 2038 or later. */
         WOLFSSL_MSG("wc_Time failed to return a valid value");
         return 0;
     }
+#endif
 
 #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW
     if (dateType == BEFORE) {
@@ -15378,6 +15681,18 @@ word32 SetLength(word32 length, byte* output)
     return i;
 }
 
+word32 SetLengthEx(word32 length, byte* output, byte isIndef)
+{
+    if (isIndef) {
+        if (output != NULL) {
+            output[0] = ASN_INDEF_LENGTH;
+        }
+        return 1;
+    }
+    else {
+        return SetLength(length, output);
+    }
+}
 /* Encode a DER header - type/tag and length.
  *
  * @param [in]  tag     DER tag of ASN.1 item.
@@ -15385,14 +15700,15 @@ word32 SetLength(word32 length, byte* output)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-static word32 SetHeader(byte tag, word32 len, byte* output)
+static word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
 {
     if (output) {
         /* Encode tag first. */
         output[0] = tag;
     }
     /* Encode the length. */
-    return SetLength(len, output ? output + ASN_TAG_SZ : NULL) + ASN_TAG_SZ;
+    return SetLengthEx(len, output ? output + ASN_TAG_SZ : NULL, isIndef) +
+        ASN_TAG_SZ;
 }
 
 /* Encode a SEQUENCE header in DER.
@@ -15403,7 +15719,12 @@ static word32 SetHeader(byte tag, word32 len, byte* output)
  */
 word32 SetSequence(word32 len, byte* output)
 {
-    return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output);
+    return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, 0);
+}
+
+word32 SetSequenceEx(word32 len, byte* output, byte isIndef)
+{
+    return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, isIndef);
 }
 
 /* Encode an OCTET STRING header in DER.
@@ -15414,7 +15735,14 @@ word32 SetSequence(word32 len, byte* output)
  */
 word32 SetOctetString(word32 len, byte* output)
 {
-    return SetHeader(ASN_OCTET_STRING, len, output);
+    return SetHeader(ASN_OCTET_STRING, len, output, 0);
+}
+
+word32 SetOctetStringEx(word32 len, byte* output, byte indef)
+{
+    if (indef)
+        return SetHeader(ASN_OCTET_STRING | ASN_CONSTRUCTED, len, output, indef);
+    return SetOctetString(len, output);
 }
 
 /* Encode a SET header in DER.
@@ -15425,7 +15753,7 @@ word32 SetOctetString(word32 len, byte* output)
  */
 word32 SetSet(word32 len, byte* output)
 {
-    return SetHeader(ASN_SET | ASN_CONSTRUCTED, len, output);
+    return SetHeader(ASN_SET | ASN_CONSTRUCTED, len, output, 0);
 }
 
 /* Encode an implicit context specific header in DER.
@@ -15438,11 +15766,23 @@ word32 SetSet(word32 len, byte* output)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
+word32 SetImplicit(byte tag, byte number, word32 len, byte* output, byte isIndef)
 {
-    tag = (byte)(((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0)
-                 | ASN_CONTEXT_SPECIFIC | number);
-    return SetHeader(tag, len, output);
+    byte useIndef = 0;
+
+    if ((tag == ASN_OCTET_STRING) && isIndef) {
+        tag = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
+    }
+    else {
+        tag = (byte)(((tag == ASN_SEQUENCE || tag == ASN_SET) ?
+            ASN_CONSTRUCTED : 0) | ASN_CONTEXT_SPECIFIC | number);
+    }
+
+    if (isIndef && (tag & ASN_CONSTRUCTED)) {
+        useIndef = 1;
+    }
+
+    return SetHeader(tag, len, output, useIndef);
 }
 
 /* Encode an explicit context specific header in DER.
@@ -15454,10 +15794,10 @@ word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-word32 SetExplicit(byte number, word32 len, byte* output)
+word32 SetExplicit(byte number, word32 len, byte* output, byte isIndef)
 {
     return SetHeader((byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | number),
-                     len, output);
+                     len, output, isIndef);
 }
 
 #if defined(OPENSSL_EXTRA)
@@ -15483,8 +15823,8 @@ word32 SetOthername(void *name, byte *output)
     nameSz = (word32)nm->value->value.utf8string->length;
 
     len = nm->type_id->objSz +
-          SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL) +
-          SetHeader(CTC_UTF8, nameSz, NULL) + nameSz;
+          SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
+          SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
 
     if (output != NULL) {
         /* otherName OID */
@@ -15492,9 +15832,9 @@ word32 SetOthername(void *name, byte *output)
         output += nm->type_id->objSz;
 
         output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2,
-                            output);
+                            output, 0);
 
-        output += SetHeader(CTC_UTF8, nameSz, output);
+        output += SetHeader(CTC_UTF8, nameSz, output, 0);
 
         XMEMCPY(output, nameStr, nameSz);
     }
@@ -16476,6 +16816,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
             #if defined(HAVE_FALCON)
                 case FALCON_LEVEL1k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.falcon =
                         (falcon_key*)XMALLOC(sizeof(falcon_key),
@@ -16484,15 +16825,16 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.falcon == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_falcon_init(sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 1))
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_falcon_import_public(key, keySz,
-                        sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_Falcon_PublicKeyDecode(key, &idx,
+                        sigCtx->key.falcon, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import error Falcon Level 1");
                         WOLFSSL_ERROR_VERBOSE(ret);
                         goto exit_cs;
@@ -16501,6 +16843,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case FALCON_LEVEL5k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.falcon =
                         (falcon_key*)XMALLOC(sizeof(falcon_key),
@@ -16509,15 +16852,16 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.falcon == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_falcon_init(sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 5))
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_falcon_import_public(key, keySz,
-                        sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_Falcon_PublicKeyDecode(key, &idx,
+                        sigCtx->key.falcon, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import error Falcon Level 5");
                         WOLFSSL_ERROR_VERBOSE(ret);
                         goto exit_cs;
@@ -16528,6 +16872,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
             #if defined(HAVE_DILITHIUM)
                 case DILITHIUM_LEVEL2k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.dilithium =
                         (dilithium_key*)XMALLOC(sizeof(dilithium_key),
@@ -16536,7 +16881,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_dilithium_set_level(
@@ -16544,8 +16890,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_dilithium_import_public(key, keySz,
-                        sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
+                        sigCtx->key.dilithium, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import error Dilithium Level 2");
                         goto exit_cs;
                     }
@@ -16553,6 +16899,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case DILITHIUM_LEVEL3k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.dilithium =
                         (dilithium_key*)XMALLOC(sizeof(dilithium_key),
@@ -16561,7 +16908,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_dilithium_set_level(
@@ -16569,15 +16917,16 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_dilithium_import_public(key, keySz,
-                        sigCtx->key.dilithium)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
+                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
+                        sigCtx->key.dilithium, keySz)) < 0) {
+                        WOLFSSL_MSG("ASN Key import error Dilithium Level 3");
                         goto exit_cs;
                     }
                     break;
                 }
                 case DILITHIUM_LEVEL5k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.dilithium =
                         (dilithium_key*)XMALLOC(sizeof(dilithium_key),
@@ -16586,7 +16935,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_dilithium_set_level(
@@ -16594,8 +16944,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_dilithium_import_public(key, keySz,
-                        sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
+                        sigCtx->key.dilithium, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
                         goto exit_cs;
                     }
@@ -16605,6 +16955,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
             #if defined(HAVE_SPHINCS)
                 case SPHINCS_FAST_LEVEL1k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16621,8 +16972,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level1");
                         goto exit_cs;
                     }
@@ -16630,6 +16981,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_FAST_LEVEL3k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16646,8 +16998,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level3");
                         goto exit_cs;
                     }
@@ -16655,6 +17007,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_FAST_LEVEL5k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16671,16 +17024,16 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level5");
                         goto exit_cs;
                     }
                     break;
                 }
-
                 case SPHINCS_SMALL_LEVEL1k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16697,8 +17050,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level1");
                         goto exit_cs;
                     }
@@ -16706,6 +17059,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_SMALL_LEVEL3k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16722,8 +17076,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level3");
                         goto exit_cs;
                     }
@@ -16731,6 +17085,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_SMALL_LEVEL5k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16747,8 +17102,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level5");
                         goto exit_cs;
                     }
@@ -17259,6 +17614,41 @@ exit_cs:
     return ret;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wc_ConfirmAltSignature(
+    const byte* buf, word32 bufSz,
+    const byte* key, word32 keySz, word32 keyOID,
+    const byte* sig, word32 sigSz, word32 sigOID,
+    void *heap)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    SignatureCtx* sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap,
+        DYNAMIC_TYPE_SIGNATURE);
+    if (sigCtx == NULL) {
+        ret = MEMORY_E;
+    }
+#else
+    SignatureCtx  sigCtx[1];
+    (void)heap;
+#endif
+
+    if (ret == 0) {
+        InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
+
+        ret = ConfirmSignature(sigCtx, buf, bufSz, key, keySz,
+             keyOID, sig, sigSz, sigOID, NULL, 0, NULL);
+
+        FreeSignatureCtx(sigCtx);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (sigCtx != NULL)
+        XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
+#endif
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
 #ifndef IGNORE_NAME_CONSTRAINTS
 
@@ -19298,6 +19688,7 @@ static int DecodeKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
 
     /* Clear dynamic data and set where to store extended key usage. */
     XMEMSET(dataASN, 0, sizeof(dataASN));
+    XMEMSET(keyUsage, 0, sizeof(keyUsage));
     GetASN_Buffer(&dataASN[KEYUSAGEASN_IDX_STR], keyUsage, &keyUsageSz);
     /* Parse key usage. */
     ret = GetASN_Items(keyUsageASN, dataASN, keyUsageASN_Length, 0, input,
@@ -19544,7 +19935,7 @@ enum {
 static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag,
                                     Base_entry** head, void* heap)
 {
-    Base_entry* entry;
+    Base_entry* entry = NULL;
     word32 nameIdx = 0;
     word32 len = sz;
     int strLen;
@@ -20365,6 +20756,161 @@ static int DecodeSubjInfoAcc(const byte* input, word32 sz, DecodedCert* cert)
 }
 #endif /* WOLFSSL_SUBJ_INFO_ACC */
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* The subject alternative public key is an extension that holds the same thing
+ * as a subject public key. */
+static const ASNItem subjAltPubKeyInfoASN[] = {
+                           /* subjectPublicKeyInfo SubjectPublicKeyInfo */
+/* ALT_SPUBKEYINFO_SEQ          */      { 0, ASN_SEQUENCE, 1, 1, 0 },
+                           /* algorithm          AlgorithmIdentifier */
+                           /* AlgorithmIdentifier ::= SEQUENCE */
+/* ALT_SPUBKEYINFO_ALGO_SEQ     */         { 1, ASN_SEQUENCE, 1, 1, 0 },
+                          /* Algorithm    OBJECT IDENTIFIER */
+/* ALT_SPUBKEYINFO_ALGO_OID     */             { 2, ASN_OBJECT_ID, 0, 0, 0 },
+                           /* parameters   ANY defined by algorithm OPTIONAL */
+/* ALT_SPUBKEYINFO_ALGO_NULL    */             { 2, ASN_TAG_NULL, 0, 0, 1 },
+/* ALT_SPUBKEYINFO_ALGO_CURVEID */             { 2, ASN_OBJECT_ID, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/* ALT_SPUBKEYINFO_ALGO_P_SEQ   */             { 2, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+                           /* subjectPublicKey   BIT STRING */
+/* ALT_SPUBKEYINFO_PUBKEY       */          { 1, ASN_BIT_STRING, 0, 0, 0 }
+};
+
+#define subjAltPubKeyInfoASN_Length (sizeof(subjAltPubKeyInfoASN) / \
+                                     sizeof(ASNItem))
+
+enum {
+    ALT_SPUBKEYINFO_SEQ = 0,
+    ALT_SPUBKEYINFO_ALGO_SEQ,
+    ALT_SPUBKEYINFO_ALGO_OID,
+    ALT_SPUBKEYINFO_ALGO_NULL,
+    ALT_SPUBKEYINFO_ALGO_CURVEID,
+#ifdef WC_RSA_PSS
+    ALT_SPUBKEYINFO_ALGO_P_SEQ,
+#endif
+    ALT_SPUBKEYINFO_PUBKEY
+};
+
+static int DecodeSubjAltPubKeyInfo(const byte* input, int sz, DecodedCert* cert)
+{
+    int ret = 0;
+    word32 idx = 0;
+    DECL_ASNGETDATA(dataASN, subjAltPubKeyInfoASN_Length);
+
+    WOLFSSL_ENTER("DecodeSubjAltPubKeyInfo");
+
+    if (ret == 0) {
+        CALLOC_ASNGETDATA(dataASN, subjAltPubKeyInfoASN_Length, ret,
+                          cert->heap);
+        (void)cert;
+    }
+
+    if (ret == 0) {
+        GetASN_OID(&dataASN[ALT_SPUBKEYINFO_ALGO_OID], oidKeyType);
+        GetASN_OID(&dataASN[ALT_SPUBKEYINFO_ALGO_CURVEID], oidCurveType);
+
+        ret = GetASN_Items(subjAltPubKeyInfoASN, dataASN,
+                           subjAltPubKeyInfoASN_Length, 1, input, &idx,
+                           (word32)sz);
+    }
+
+    if (ret == 0) {
+        /* dataASN[ALT_SPUBKEYINFO_SEQ].data.u8 */
+        cert->sapkiDer = (byte *)input;
+        /* dataASN[ALT_SPUBKEYINFO_SEQ].length */
+        cert->sapkiLen = sz;
+        cert->sapkiOID = dataASN[ALT_SPUBKEYINFO_ALGO_OID].data.oid.sum;
+    }
+
+    FREE_ASNGETDATA(dataASN, cert->heap);
+    WOLFSSL_LEAVE("DecodeSubjAltPubKeyInfo", ret);
+    return ret;
+}
+
+/* The alternative signature algorithm extension holds the same thing as a
+ * as a signature algorithm identifier. */
+static const ASNItem altSigAlgASN[] = {
+                          /* AltSigAlg            AlgorithmIdentifier */
+                          /* AlgorithmIdentifier ::= SEQUENCE */
+/* ALTSIG_ALGOID_SEQ                */ { 0, ASN_SEQUENCE, 1, 1, 0 },
+                          /* Algorithm    OBJECT IDENTIFIER */
+/* ALTSIG_ALGOID_OID                */     { 1, ASN_OBJECT_ID, 0, 0, 0 },
+                          /* parameters   ANY defined by algorithm OPTIONAL */
+/* ALTSIG_ALGOID_PARAMS_NULL        */     { 1, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/* ALTSIG_ALGOID_PARAMS             */     { 1, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+};
+
+#define altSigAlgASN_Length (sizeof(altSigAlgASN) / sizeof(ASNItem))
+
+enum {
+    ALTSIG_ALGOID_SEQ = 0,
+    ALTSIG_ALGOID_OID,
+    ALTSIG_ALGOID_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    ALTSIG_ALGOID_PARAMS,
+#endif
+};
+
+static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert)
+{
+    int ret = 0;
+    word32 idx = 0;
+    DECL_ASNGETDATA(dataASN, altSigAlgASN_Length);
+
+    WOLFSSL_ENTER("DecodeAltSigAlg");
+
+    if (ret == 0) {
+        CALLOC_ASNGETDATA(dataASN, altSigAlgASN_Length, ret, cert->heap);
+        (void)cert;
+    }
+
+    if (ret == 0) {
+        GetASN_OID(&dataASN[ALTSIG_ALGOID_OID], oidSigType);
+
+        ret = GetASN_Items(altSigAlgASN, dataASN,
+                           altSigAlgASN_Length, 1, input, &idx,
+                           (word32)sz);
+    }
+
+    if (ret == 0) {
+        cert->altSigAlgDer = dataASN[ALTSIG_ALGOID_SEQ].data.u8;
+        cert->altSigAlgLen = dataASN[ALTSIG_ALGOID_SEQ].length;
+        cert->altSigAlgOID = dataASN[ALTSIG_ALGOID_OID].data.oid.sum;
+    }
+
+    FREE_ASNGETDATA(dataASN, cert->heap);
+    WOLFSSL_LEAVE("DecodeAltSigAlg", ret);
+    return ret;
+}
+
+/* The alternative signature value extension holds an ASN.1 bitstring just
+ * like a traditional signature in the certificate. */
+static int DecodeAltSigVal(const byte* input, int sz, DecodedCert* cert)
+{
+    (void)cert;
+    int ret = 0;
+    word32 idx = 0;
+    int len = 0;
+
+    WOLFSSL_ENTER("DecodeAltSigVal");
+
+    if (ret == 0) {
+        ret = CheckBitString(input, &idx, &len, sz, 1, NULL);
+    }
+
+    if (ret == 0) {
+        cert->altSigValDer = (byte *)input + idx;
+        cert->altSigValLen = len;
+    }
+
+    WOLFSSL_LEAVE("DecodeAltSigVal", ret);
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Macro to check if bit is set, if not sets and return success.
     Otherwise returns failure */
 /* Macro required here because bit-field operation */
@@ -20612,6 +21158,23 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
                 return ASN_PARSE_E;
             break;
     #endif
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        case SUBJ_ALT_PUB_KEY_INFO_OID:
+            VERIFY_AND_SET_OID(cert->extSapkiSet);
+            if (DecodeSubjAltPubKeyInfo(&input[idx], length, cert) < 0)
+                return ASN_PARSE_E;
+            break;
+        case ALT_SIG_ALG_OID:
+            VERIFY_AND_SET_OID(cert->extAltSigAlgSet);
+            if (DecodeAltSigAlg(&input[idx], length, cert) < 0)
+                return ASN_PARSE_E;
+            break;
+        case ALT_SIG_VAL_OID:
+            VERIFY_AND_SET_OID(cert->extAltSigValSet);
+            if (DecodeAltSigVal(&input[idx], length, cert) < 0)
+                return ASN_PARSE_E;
+            break;
+    #endif /* WOLFSSL_DUAL_ALG_CERTS */
         default:
             if (isUnknownExt != NULL)
                 *isUnknownExt = 1;
@@ -23326,6 +23889,28 @@ void FreeSignerTable(Signer** table, int rows, void* heap)
     }
 }
 
+void FreeSignerTableType(Signer** table, int rows, byte type, void* heap)
+{
+    int i;
+
+    for (i = 0; i < rows; i++) {
+        Signer* signer = table[i];
+        Signer** next = &table[i];
+
+        while (signer) {
+            if (signer->type == type) {
+                *next = signer->next;
+                FreeSigner(signer, heap);
+                signer = *next;
+            }
+            else {
+                next = &signer->next;
+                signer = signer->next;
+            }
+        }
+    }
+}
+
 #ifdef WOLFSSL_TRUST_PEER_CERT
 /* Free an individual trusted peer cert.
  *
@@ -23731,6 +24316,9 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
     #endif
         case RSA_TYPE:
         case PRIVATEKEY_TYPE:
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        case ALT_PRIVATEKEY_TYPE:
+    #endif
             if (header) *header = BEGIN_RSA_PRIV;
             if (footer) *footer = END_RSA_PRIV;
             ret = 0;
@@ -24238,7 +24826,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             break;
         }
 
-        if (type == PRIVATEKEY_TYPE) {
+        if (type == PRIVATEKEY_TYPE
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            || type == ALT_PRIVATEKEY_TYPE
+#endif
+           ) {
             if (header == BEGIN_RSA_PRIV) {
                 header = BEGIN_PRIV_KEY;
                 footer = END_PRIV_KEY;
@@ -24311,7 +24903,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     if (!headerEnd) {
 #ifdef OPENSSL_EXTRA
-        if (type == PRIVATEKEY_TYPE) {
+        if (type == PRIVATEKEY_TYPE
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            || type == ALT_PRIVATEKEY_TYPE
+#endif
+           ) {
             /* see if there is a -----BEGIN * PRIVATE KEY----- header */
             headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz);
             if (headerEnd) {
@@ -24390,7 +24986,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     if (keyFormat) {
         /* keyFormat is Key_Sum enum */
-        if (type == PRIVATEKEY_TYPE) {
+        if (type == PRIVATEKEY_TYPE
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            || type == ALT_PRIVATEKEY_TYPE
+        #endif
+           ) {
         #ifndef NO_RSA
             if (header == BEGIN_RSA_PRIV)
                 *keyFormat = RSAk;
@@ -25133,7 +25733,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
 
 #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
     defined(WOLFSSL_KCAPI_RSA) || \
-    ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)))
+    ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))))
 /* USER RSA ifdef portions used instead of refactor in consideration for
    possible fips build */
 /* Encode a public RSA key to output.
@@ -25168,19 +25768,13 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
         return BAD_FUNC_ARG;
     }
 
-#ifdef HAVE_USER_RSA
-    nSz = SetASNIntRSA(key->n, NULL);
-#else
     nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL);
-#endif
+
     if (nSz < 0)
         return nSz;
 
-#ifdef HAVE_USER_RSA
-    eSz = SetASNIntRSA(key->e, NULL);
-#else
     eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL);
-#endif
+
     if (eSz < 0)
         return eSz;
     seqSz = SetSequence((word32)(nSz + eSz), seq);
@@ -25221,18 +25815,10 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
     XMEMCPY(output + idx, seq, seqSz);
     idx += seqSz;
     /* n */
-#ifdef HAVE_USER_RSA
-    nSz = SetASNIntRSA(key->n, output + idx);
-#else
     nSz = SetASNIntMP(&key->n, nSz, output + idx);
-#endif
     idx += (word32)nSz;
     /* e */
-#ifdef HAVE_USER_RSA
-    eSz = SetASNIntRSA(key->e, output + idx);
-#else
     eSz = SetASNIntMP(&key->e, eSz, output + idx);
-#endif
     idx += (word32)eSz;
 
     return (int)idx;
@@ -25260,13 +25846,8 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
         dataASN[RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ].noOut = 1;
     #endif
         /* Set public key mp_ints. */
-    #ifdef HAVE_USER_RSA
-        SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N], key->n);
-        SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E], key->e);
-    #else
         SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N], &key->n);
         SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E], &key->e);
-    #endif
         /* Calculate size of RSA public key. */
         ret = SizeASN_Items(rsaPublicKeyASN + o, dataASN + o,
                             (int)rsaPublicKeyASN_Length - o, &sz);
@@ -25335,11 +25916,11 @@ int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
 }
 
 #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || WOLFSSL_KCAPI_RSA ||
-            ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN) && !HAVE_USER_RSA))) */
+            ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN))) */
 
 #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
      defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)) && \
-     !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+     !defined(NO_RSA)
 
 /* Encode private RSA key in DER format.
  *
@@ -25478,7 +26059,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 #endif
 }
 
-#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA && !HAVE_USER_RSA */
+#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
 
 
 #ifdef WOLFSSL_CERT_GEN
@@ -26976,8 +27557,8 @@ static int EncodeName(EncodedName* name, const char* nameStr,
     int ret = 0;
     int sz = 0;
     const byte* oid;
-    word32 oidSz;
-    word32 nameSz;
+    word32 oidSz = 0;
+    word32 nameSz = 0;
 
     /* Validate input parameters. */
     if ((name == NULL) || (nameStr == NULL)) {
@@ -27689,6 +28270,17 @@ static const ASNItem static_certExtsASN[] = {
 /* CRLINFO_SEQ   */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* CRLINFO_OID   */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
 /* CRLINFO_STR   */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* SAPKI_SEQ     */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* SAPKI_OID     */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* SAPKI_STR     */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+/* ALTSIGALG_SEQ */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* ALTSIGALG_OID */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* ALTSIGALG_STR */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+/* ALTSIGVAL_SEQ */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* ALTSIGVAL_OID */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* ALTSIGVAL_STR */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 /* CUSTOM_SEQ    */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* CUSTOM_OID    */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
 /* CUSTOM_STR    */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
@@ -27732,6 +28324,17 @@ enum {
     CERTEXTSASN_IDX_CRLINFO_SEQ,
     CERTEXTSASN_IDX_CRLINFO_OID,
     CERTEXTSASN_IDX_CRLINFO_STR,
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    CERTEXTSASN_IDX_SAPKI_SEQ,
+    CERTEXTSASN_IDX_SAPKI_OID,
+    CERTEXTSASN_IDX_SAPKI_STR,
+    CERTEXTSASN_IDX_ALTSIGALG_SEQ,
+    CERTEXTSASN_IDX_ALTSIGALG_OID,
+    CERTEXTSASN_IDX_ALTSIGALG_STR,
+    CERTEXTSASN_IDX_ALTSIGVAL_SEQ,
+    CERTEXTSASN_IDX_ALTSIGVAL_OID,
+    CERTEXTSASN_IDX_ALTSIGVAL_STR,
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
     CERTEXTSASN_IDX_CUSTOM_SEQ,
     CERTEXTSASN_IDX_CUSTOM_OID,
     CERTEXTSASN_IDX_CUSTOM_STR,
@@ -27754,7 +28357,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
                             int forRequest)
 {
     DECL_ASNSETDATA(dataASN, certExtsASN_Length);
-    int sz;
+    int sz = 0;
     int ret = 0;
     int i = 0;
     static const byte bcOID[]   = { 0x55, 0x1d, 0x13 };
@@ -27770,7 +28373,12 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
     static const byte nsCertOID[] = { 0x60, 0x86, 0x48, 0x01,
                                       0x86, 0xF8, 0x42, 0x01, 0x01 };
     static const byte crlInfoOID[] = { 0x55, 0x1D, 0x1F };
-#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    static const byte sapkiOID[] = { 0x55, 0x1d, 0x48 };
+    static const byte altSigAlgOID[] = { 0x55, 0x1d, 0x49 };
+    static const byte altSigValOID[] = { 0x55, 0x1d, 0x4a };
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* WOLFSSL_CERT_EXT */
 
 #ifdef WOLFSSL_SMALL_STACK
 #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_CERT_EXT)
@@ -28002,6 +28610,47 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
                     CERTEXTSASN_IDX_CRLINFO_STR);
         }
 
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        if (cert->sapkiDer != NULL) {
+            /* Set subject alternative public key info OID and data. */
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_OID], sapkiOID,
+                    sizeof(sapkiOID));
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_STR], cert->sapkiDer,
+                    cert->sapkiLen);
+        }
+        else {
+            /* Don't write out subject alternative public key info. */
+            SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_SAPKI_SEQ,
+                    CERTEXTSASN_IDX_SAPKI_STR);
+        }
+
+        if (cert->altSigAlgDer != NULL) {
+            /* Set alternative signature algorithm OID and data. */
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_OID], altSigAlgOID,
+                    sizeof(altSigAlgOID));
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_STR],
+                    cert->altSigAlgDer, cert->altSigAlgLen);
+        }
+        else {
+            /* Don't write out alternative signature algorithm. */
+            SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_ALTSIGALG_SEQ,
+                    CERTEXTSASN_IDX_ALTSIGALG_STR);
+        }
+
+        if (cert->altSigValDer != NULL) {
+            /* Set alternative signature value OID and data. */
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_OID], altSigValOID,
+                    sizeof(altSigValOID));
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_STR],
+                    cert->altSigValDer, cert->altSigValLen);
+        }
+        else {
+            /* Don't write out alternative signature value. */
+            SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_ALTSIGVAL_SEQ,
+                    CERTEXTSASN_IDX_ALTSIGVAL_STR);
+        }
+    #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CUSTOM_OID)
         /* encode a custom oid and value */
         if (cert->extCustom.oidSz > 0) {
@@ -28897,7 +29546,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
     #if defined(HAVE_FALCON)
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) {
             word32 outSz = sigSz;
-            ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey);
+            ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng);
             if (ret == 0)
                 ret = outSz;
         }
@@ -28906,7 +29555,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             dilithiumKey) {
             word32 outSz = sigSz;
-            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey);
+            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
             if (ret == 0)
                 ret = outSz;
         }
@@ -28915,7 +29564,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             !dilithiumKey && sphincsKey) {
             word32 outSz = sigSz;
-            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey);
+            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);
             if (ret == 0)
                 ret = outSz;
         }
@@ -29342,8 +29991,24 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
                        (byte)cert->version);
         SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_SERIAL], cert->serial,
                 (word32)cert->serialSz);
-        SetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID],
-                   (word32)cert->sigType, oidSigType);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        if (cert->sigType == 0) {
+            /* sigOID being 0 indicates preTBS. Do not encode signature. */
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_SEQ].noOut = 1;
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].noOut = 1;
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL].noOut = 1;
+    #ifdef WC_RSA_PSS
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS].noOut = 1;
+    #endif
+
+        }
+        else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+        {
+            SetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID],
+                       (word32)cert->sigType, oidSigType);
+        }
+
         if (IsSigAlgoECC((word32)cert->sigType)) {
             /* No NULL tagged item with ECDSA and EdDSA signature OIDs. */
             dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL].noOut = 1;
@@ -30622,6 +31287,126 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
     return sigSz;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
+                         word32 bufSz, int keyType, void* key, WC_RNG* rng)
+{
+    RsaKey*            rsaKey = NULL;
+    ecc_key*           eccKey = NULL;
+    ed25519_key*       ed25519Key = NULL;
+    ed448_key*         ed448Key = NULL;
+    falcon_key*        falconKey = NULL;
+    dilithium_key*     dilithiumKey = NULL;
+    sphincs_key*       sphincsKey = NULL;
+
+    int ret = 0;
+    int headerSz;
+    void* heap = NULL;
+    CertSignCtx  certSignCtx_lcl;
+    CertSignCtx* certSignCtx = &certSignCtx_lcl;
+
+    if ((sig == NULL) || (sigSz <= 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMSET(certSignCtx, 0, sizeof(*certSignCtx));
+
+    switch (keyType)
+    {
+        case RSA_TYPE:
+            rsaKey = (RsaKey*)key;
+            break;
+        case ECC_TYPE:
+            eccKey = (ecc_key*)key;
+            break;
+        case ED25519_TYPE:
+            ed25519Key = (ed25519_key*)key;
+            break;
+        case ED448_TYPE:
+            ed448Key = (ed448_key*)key;
+            break;
+        case FALCON_LEVEL1_TYPE:
+        case FALCON_LEVEL5_TYPE:
+            falconKey = (falcon_key*)key;
+            break;
+        case DILITHIUM_LEVEL2_TYPE:
+        case DILITHIUM_LEVEL3_TYPE:
+        case DILITHIUM_LEVEL5_TYPE:
+            dilithiumKey = (dilithium_key*)key;
+            break;
+        case SPHINCS_FAST_LEVEL1_TYPE:
+        case SPHINCS_FAST_LEVEL3_TYPE:
+        case SPHINCS_FAST_LEVEL5_TYPE:
+        case SPHINCS_SMALL_LEVEL1_TYPE:
+        case SPHINCS_SMALL_LEVEL3_TYPE:
+        case SPHINCS_SMALL_LEVEL5_TYPE:
+            sphincsKey = (sphincs_key*)key;
+            break;
+        default:
+            return BAD_FUNC_ARG;
+    }
+
+    /* locate ctx */
+    if (rsaKey) {
+    #ifndef NO_RSA
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        certSignCtx = &rsaKey->certSignCtx;
+    #endif
+        heap = rsaKey->heap;
+    #else
+        return NOT_COMPILED_IN;
+    #endif /* NO_RSA */
+    }
+    else if (eccKey) {
+    #ifdef HAVE_ECC
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        certSignCtx = &eccKey->certSignCtx;
+    #endif
+        heap = eccKey->heap;
+    #else
+        return NOT_COMPILED_IN;
+    #endif /* HAVE_ECC */
+    }
+
+    if (certSignCtx->sig == NULL) {
+        certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (certSignCtx->sig == NULL)
+            return MEMORY_E;
+    }
+
+    ret = MakeSignature(certSignCtx, buf, (word32)bufSz, certSignCtx->sig,
+        MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key,
+        falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap);
+#ifdef WOLFSSL_ASYNC_CRYPT
+    if (ret == WC_PENDING_E) {
+        /* Not free'ing certSignCtx->sig here because it could still be in use
+         * with async operations. */
+        return ret;
+    }
+#endif
+
+    if (ret <= 0) {
+        return ret;
+    }
+
+    headerSz = SetBitString(ret, 0, NULL);
+    if (headerSz + ret > sigSz) {
+        ret = BUFFER_E;
+    }
+
+    if (ret > 0) {
+       sig += SetBitString(ret, 0, sig);
+       XMEMCPY(sig, certSignCtx->sig, ret);
+       ret += headerSz;
+    }
+
+    XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    certSignCtx->sig = NULL;
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
                    int keyType, void* key, WC_RNG* rng)
 {
@@ -31136,8 +31921,8 @@ int wc_SetExtKeyUsage(Cert *cert, const char *value)
 int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
         void* heap)
 {
-    byte oid[MAX_OID_SZ];
-    word32 oidSz = MAX_OID_SZ;
+    byte oid[CTC_MAX_EKU_OID_SZ];
+    word32 oidSz = CTC_MAX_EKU_OID_SZ;
 
     if (idx >= CTC_MAX_EKU_NB || sz >= CTC_MAX_EKU_OID_SZ) {
         WOLFSSL_MSG("Either idx or sz was too large");
@@ -32211,6 +32996,11 @@ int DecodeECC_DSA_Sig_Ex(const byte* sig, word32 sigLen, mp_int* r, mp_int* s,
     /* Decode the DSA signature. */
     ret = GetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, 0, sig, &idx,
                        sigLen);
+
+    if (ret != 0) {
+        ret = ASN_ECC_KEY_E;
+    }
+
 #ifndef NO_STRICT_ECDSA_LEN
     /* sanity check that the index has been advanced all the way to the end of
      * the buffer */
@@ -32350,12 +33140,12 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
 {
     DECL_ASNGETDATA(dataASN, eccSpecifiedASN_Length);
     int ret = 0;
-    ecc_set_type* curve;
+    ecc_set_type* curve = NULL;
     word32 idx = 0;
-    byte version;
-    byte cofactor;
-    const byte *base;
-    word32 baseLen;
+    byte version = 0;
+    byte cofactor = 0;
+    const byte *base = NULL;
+    word32 baseLen = 0;
 
     /* Allocate a new parameter set. */
     curve = (ecc_set_type*)XMALLOC(sizeof(*curve), heap,
@@ -32693,7 +33483,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     return ret;
 #else
     DECL_ASNGETDATA(dataASN, eccKeyASN_Length);
-    byte version;
+    byte version = 0;
     int ret = 0;
     int curve_id = ECC_CURVE_DEF;
 #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
@@ -32813,7 +33603,7 @@ static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
     return 0;
 }
 
-static int EccKeyParamCopy(char** dst, char* src)
+static int EccKeyParamCopy(char** dst, char* src, void* heap)
 {
     int ret = 0;
 #ifdef WOLFSSL_ECC_CURVE_STATIC
@@ -32834,8 +33624,9 @@ static int EccKeyParamCopy(char** dst, char* src)
     else {
         XSTRNCPY(*dst, src, MAX_ECC_STRING);
     }
-    XFREE(src, key->heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(src, heap, DYNAMIC_TYPE_ECC_BUFFER);
 #endif
+    (void)heap;
 
     return ret;
 }
@@ -32943,10 +33734,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->prime, p);
+                ret = EccKeyParamCopy((char**)&curve->prime, p, key->heap);
 #else
                 const char *_tmp_ptr = &curve->prime[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, p);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, p, key->heap);
 #endif
             }
         }
@@ -32962,10 +33753,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->Af, af);
+                ret = EccKeyParamCopy((char**)&curve->Af, af, key->heap);
 #else
                 const char *_tmp_ptr = &curve->Af[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, af);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, af, key->heap);
 #endif
             }
         }
@@ -32975,10 +33766,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->Bf, bf);
+                ret = EccKeyParamCopy((char**)&curve->Bf, bf, key->heap);
 #else
                 const char *_tmp_ptr = &curve->Bf[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, bf);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, bf, key->heap);
 #endif
             }
         }
@@ -33035,10 +33826,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->order, o);
+                ret = EccKeyParamCopy((char**)&curve->order, o, key->heap);
 #else
                 const char *_tmp_ptr = &curve->order[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, o);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, o, key->heap);
 #endif
             }
         }
@@ -34069,7 +34860,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
         /* pubKey */
         if (pubKey) {
             idx += SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY |
-                             1, pubKeyLen, output + idx);
+                             1, pubKeyLen, output + idx, 0);
             XMEMCPY(output + idx, pubKey, pubKeyLen);
             idx += pubKeyLen;
         }
@@ -34447,7 +35238,7 @@ static const ASNItem singleResponseASN[] = {
                                                           /* revocationTime */
 /* CS_REVOKED_TIME       */         { 2, ASN_GENERALIZED_TIME, 0, 0, 0 },
                                                           /* revocationReason  [0] EXPLICIT CRLReason OPTIONAL */
-/* CS_REVOKED_REASON     */         { 2, ASN_CONTEXT_SPECIFIC | 0, 0, 1, 1 },
+/* CS_REVOKED_REASON     */         { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
                                                               /* crlReason */
 /* CS_REVOKED_REASON_VAL */             { 3, ASN_ENUMERATED, 0, 0, 0 },
                                                       /* unknown           [2] IMPLICIT UnknownInfo ::= NULL */
@@ -35069,7 +35860,8 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
     DECL_ASNGETDATA(dataASN, ocspRespDataASN_Length);
     int ret = 0;
     byte version;
-    word32 dateSz, idx = *ioIndex;
+    word32 dateSz = 0;
+    word32 idx = *ioIndex;
     OcspEntry* single = NULL;
 
     WOLFSSL_ENTER("DecodeResponseData");
@@ -35443,13 +36235,11 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     if (ret == 0) {
         word32 dataIdx = 0;
         /* Decode the response data. */
-        if (DecodeResponseData(
+        ret = DecodeResponseData(
                 GetASNItem_Addr(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source),
                 &dataIdx, resp,
                 GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source)
-                ) < 0) {
-            ret = ASN_PARSE_E;
-        }
+                );
     }
 #ifdef WC_RSA_PSS
     if (ret == 0 && (dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS].tag != 0)) {
@@ -35723,7 +36513,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
     int ret = 0;
     word32 idx = 0, size = resp->maxIdx;
     byte* source = resp->source;
-    byte status;
+    byte status = 0;
     byte* basic;
     word32 basicSz;
 
@@ -35848,18 +36638,20 @@ word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size)
     /* Check request has nonce to write in extension. */
     if (req != NULL && req->nonceSz != 0) {
         DECL_ASNSETDATA(dataASN, ocspNonceExtASN_Length);
-        int sz;
+        int sz = 0;
 
         CALLOC_ASNSETDATA(dataASN, ocspNonceExtASN_Length, ret, req->heap);
 
-        /* Set nonce extension OID and nonce. */
-        SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], NonceObjId,
-                sizeof(NonceObjId));
-        SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], req->nonce,
-                (word32)req->nonceSz);
-        /* Calculate size of nonce extension. */
-        ret = SizeASN_Items(ocspNonceExtASN, dataASN, ocspNonceExtASN_Length,
-                            &sz);
+        if (ret == 0) {
+            /* Set nonce extension OID and nonce. */
+            SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], NonceObjId,
+                    sizeof(NonceObjId));
+            SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], req->nonce,
+                    (word32)req->nonceSz);
+            /* Calculate size of nonce extension. */
+            ret = SizeASN_Items(ocspNonceExtASN, dataASN,
+                                ocspNonceExtASN_Length, &sz);
+        }
         /* Check buffer big enough for encoding if supplied. */
         if ((ret == 0) && (output != NULL) && (sz > (int)size)) {
             ret = BUFFER_E;
@@ -35969,7 +36761,7 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
          */
         extSz = EncodeOcspRequestExtensions(req, extArray + 2,
                                             OCSP_NONCE_EXT_SZ);
-        extSz += SetExplicit(2, extSz, extArray);
+        extSz += SetExplicit(2, extSz, extArray, 0);
     }
 
     totalSz = algoSz + issuerSz + issuerKeySz + snSz;
@@ -36606,7 +37398,8 @@ static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
 
 int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
                         word32 tbsSz, const byte* signature, word32 sigSz,
-                        word32 signatureOID, Signer *ca, void* heap)
+                        word32 signatureOID, const byte* sigParams,
+                        int sigParamsSz, Signer *ca, void* heap)
 {
     /* try to confirm/verify signature */
 #ifndef IGNORE_KEY_EXTENSIONS
@@ -36620,7 +37413,7 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
     InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
     if (ConfirmSignature(sigCtx, toBeSigned, tbsSz, ca->publicKey,
                          ca->pubKeySize, ca->keyOID, signature, sigSz,
-                         signatureOID, NULL, 0, NULL) != 0) {
+                         signatureOID, sigParams, sigParamsSz, NULL) != 0) {
         WOLFSSL_MSG("CRL Confirm signature failed");
         WOLFSSL_ERROR_VERBOSE(ASN_CRL_CONFIRM_E);
         return ASN_CRL_CONFIRM_E;
@@ -36639,7 +37432,8 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
  * @return  ASN_CRL_NO_SIGNER_E when no signer found.
  * @return  ASN_CRL_CONFIRM_E when signature did not verify.
  */
-static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm)
+static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* sigParams,
+    int sigParamsSz, const byte* buff, void* cm)
 {
     int ret = 0;
     Signer* ca = NULL;
@@ -36683,7 +37477,7 @@ static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm)
         /* Verify CRL signature with CA. */
         ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin,
            dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength,
-           dcrl->signatureOID, ca, dcrl->heap);
+           dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap);
     }
 
     return ret;
@@ -36715,8 +37509,24 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
         dcrl->version++;
     }
 
-    if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0)
+    if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0) {
         return ASN_PARSE_E;
+    }
+#ifdef WC_RSA_PSS
+    else if (oid == CTC_RSASSAPSS) {
+        word32 tmpSz;
+        int len;
+
+        tmpSz = idx;
+        dcrl->sigParamsIndex = idx;
+        if (GetSequence(buf, &idx, &len, sz) < 0) {
+            dcrl->sigParamsIndex = 0;
+            return ASN_PARSE_E;
+        }
+        idx += len;
+        dcrl->sigParamsLength = idx - tmpSz;
+    }
+#endif
 
     checkIdx = idx;
     if (GetSequence(buf, &checkIdx, &length, sz) < 0) {
@@ -37080,6 +37890,9 @@ static const ASNItem crlASN[] = {
 /* TBS_SIGALGO_OID    */                { 3, ASN_OBJECT_ID, 0, 0, 0 },
 /* TBS_SIGALGO_NULL   */                { 3, ASN_TAG_NULL, 0, 0, 1 },
                                                /* issuer */
+#ifdef WC_RSA_PSS
+/* TBS_SIGALGO_P_SEQ  */                { 3, ASN_SEQUENCE, 1, 0, 2 },
+#endif
 /* TBS_ISSUER         */            { 2, ASN_SEQUENCE, 1, 0, 0 },
                                                /* thisUpdate */
 /* TBS_THISUPDATE_UTC */            { 2, ASN_UTC_TIME, 0, 0, 2 },
@@ -37096,6 +37909,9 @@ static const ASNItem crlASN[] = {
 /* SIGALGO            */        { 1, ASN_SEQUENCE, 1, 1, 0 },
 /* SIGALGO_OID        */            { 2, ASN_OBJECT_ID, 0, 0, 0 },
 /* SIGALGO_NULL       */            { 2, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/* SIGALGO_PARAMS     */            { 2, ASN_SEQUENCE, 1, 0, 2 },
+#endif
                                            /* signatureValue */
 /* SIGNATURE          */        { 1, ASN_BIT_STRING, 0, 0, 0 },
 };
@@ -37106,6 +37922,9 @@ enum {
     CRLASN_IDX_TBS_SIGALGO,
     CRLASN_IDX_TBS_SIGALGO_OID,
     CRLASN_IDX_TBS_SIGALGO_NULL,
+#ifdef WC_RSA_PSS
+    CRLASN_IDX_TBS_SIGALGO_PARAMS,
+#endif
     CRLASN_IDX_TBS_ISSUER,
     CRLASN_IDX_TBS_THISUPDATE_UTC,
     CRLASN_IDX_TBS_THISUPDATE_GT,
@@ -37117,6 +37936,9 @@ enum {
     CRLASN_IDX_SIGALGO,
     CRLASN_IDX_SIGALGO_OID,
     CRLASN_IDX_SIGALGO_NULL,
+#ifdef WC_RSA_PSS
+    CRLASN_IDX_SIGALGO_PARAMS,
+#endif
     CRLASN_IDX_SIGNATURE,
 };
 
@@ -37134,6 +37956,10 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
     int          ret = 0;
     int          len;
     word32       idx = 0;
+#ifdef WC_RSA_PSS
+    const byte* sigParams = NULL;
+    int sigParamsSz = 0;
+#endif
 
     WOLFSSL_MSG("ParseCRL");
 
@@ -37163,8 +37989,24 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
 
     idx = dcrl->sigIndex;
 
-    if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0)
+    if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0) {
         return ASN_PARSE_E;
+    }
+#ifdef WC_RSA_PSS
+    else if (dcrl->signatureOID == CTC_RSASSAPSS) {
+        word32 tmpSz;
+        const byte* params;
+
+        tmpSz = idx;
+        params = buff + idx;
+        if (GetSequence(buff, &idx, &len, sz) < 0) {
+            return ASN_PARSE_E;
+        }
+        idx += len;
+        sigParams = params;
+        sigParamsSz = idx - tmpSz;
+    }
+#endif
 
     if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0)
         return ASN_PARSE_E;
@@ -37204,7 +38046,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
     WOLFSSL_MSG("Found CRL issuer CA");
     ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin,
            dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength,
-           dcrl->signatureOID, ca, dcrl->heap);
+           dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap);
 
 end:
     return ret;
@@ -37217,6 +38059,12 @@ end:
     /* Size of buffer for date. */
     word32 lastDateSz = MAX_DATE_SIZE;
     word32 nextDateSz = MAX_DATE_SIZE;
+    const byte* sigParams = NULL;
+    int   sigParamsSz = 0;
+#ifdef WC_RSA_PSS
+    const byte* tbsParams = NULL;
+    int   tbsParamsSz = 0;
+#endif
 
     /* When NO_ASN_TIME is defined, verify not used. */
     (void)verify;
@@ -37269,11 +38117,54 @@ end:
         dcrl->certBegin = dataASN[CRLASN_IDX_TBS].offset;
         /* Store index of signature. */
         dcrl->sigIndex = dataASN[CRLASN_IDX_SIGALGO].offset;
+
+    #ifdef WC_RSA_PSS
+        /* get TBS and Signature parameters for PSS */
+        if (dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS].tag != 0) {
+            tbsParams =
+                GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
+                    buff);
+            tbsParamsSz =
+                GetASNItem_Length(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
+                    buff);
+        }
+        if (dataASN[CRLASN_IDX_SIGALGO_PARAMS].tag != 0) {
+            sigParams =
+                GetASNItem_Addr(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
+                    buff);
+            sigParamsSz =
+                GetASNItem_Length(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
+                    buff);
+            dcrl->sigParamsIndex =
+                dataASN[CRLASN_IDX_SIGALGO_PARAMS].offset;
+            dcrl->sigParamsLength = sigParamsSz;
+        }
+    #endif
+
         /* Store address and length of signature data. */
         GetASN_GetRef(&dataASN[CRLASN_IDX_SIGNATURE], &dcrl->signature,
                 &dcrl->sigLength);
         /* Get the signature OID. */
         dcrl->signatureOID = dataASN[CRLASN_IDX_SIGALGO_OID].data.oid.sum;
+
+    #ifdef WC_RSA_PSS
+        /* Sanity check on parameters found */
+        if (tbsParamsSz != sigParamsSz) {
+            WOLFSSL_MSG("CRL TBS and signature parameter sizes mismatch");
+            ret = ASN_PARSE_E;
+        }
+        else if ((tbsParamsSz > 0) &&
+          (dataASN[CRLASN_IDX_TBS_SIGALGO_OID].data.oid.sum != CTC_RSASSAPSS)) {
+            WOLFSSL_MSG("CRL unexpected signature parameters found");
+            ret = ASN_PARSE_E;
+        }
+        else if ((tbsParamsSz > 0) &&
+                 (XMEMCMP(tbsParams, sigParams, tbsParamsSz) != 0)) {
+            WOLFSSL_MSG("CRL TBS and signature parameter mismatch");
+            ret = ASN_PARSE_E;
+        }
+    #endif
+
         /* Get the format/tag of the last and next date. */
         dcrl->lastDateFormat = (dataASN[CRLASN_IDX_TBS_THISUPDATE_UTC].tag != 0)
                 ? dataASN[CRLASN_IDX_TBS_THISUPDATE_UTC].tag
@@ -37326,7 +38217,7 @@ end:
     }
     if (ret == 0) {
         /* Find signer and verify signature. */
-        ret = PaseCRL_CheckSignature(dcrl, buff, cm);
+        ret = PaseCRL_CheckSignature(dcrl, sigParams, sigParamsSz, buff, cm);
     }
 
     FREE_ASNGETDATA(dataASN, dcrl->heap);
@@ -37597,8 +38488,10 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
                 mimeType == MIME_PARAM)) && pos >= 1) {
                 mimeStatus = MIME_BODYVAL;
                 end = pos-1;
-                if (nameAttr != NULL)
+                if (nameAttr != NULL) {
                     XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+                    nameAttr = NULL;
+                }
                 ret = wc_MIME_header_strip(curLine, &nameAttr, start, end);
                 if (ret) {
                     goto error;
@@ -38637,8 +39530,7 @@ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data,
 #endif /* !NO_ASN */
 
 /* Functions that parse, but are not using ASN.1 */
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
+#if !defined(NO_RSA) && (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
 /* import RSA public key elements (n, e) into RsaKey structure (key) */
 /* this function does not use any ASN.1 parsing */
 int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
@@ -38689,7 +39581,7 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
 
     return 0;
 }
-#endif /* !NO_RSA && !HAVE_USER_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
+#endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
 
 
 #ifdef WOLFSSL_SEP
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c b/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c
index d3a982ed..c84829b7 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c
@@ -200,6 +200,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     return 0;
 }
 
+#ifndef USE_INTEL_CHACHA_SPEEDUP
 /**
   * Converts word into bytes with rotations having been done.
   */
@@ -228,6 +229,7 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS],
 #endif
     }
 }
+#endif /* !USE_INTEL_CHACHA_SPEEDUP */
 
 
 #ifdef HAVE_XCHACHA
@@ -325,6 +327,7 @@ extern void chacha_encrypt_avx2(ChaCha* ctx, const byte* m, byte* c,
 #endif
 
 
+#ifndef USE_INTEL_CHACHA_SPEEDUP
 /**
   * Encrypt a stream of bytes
   */
@@ -372,6 +375,8 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         ctx->left = CHACHA_CHUNK_BYTES - bytes;
     }
 }
+#endif /* !USE_INTEL_CHACHA_SPEEDUP */
+
 
 /**
   * API to encrypt/decrypt a message of any size.
@@ -423,10 +428,10 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
         chacha_encrypt_x64(ctx, input, output, msglen);
         return 0;
     }
-#endif
+#else
     wc_Chacha_encrypt_bytes(ctx, input, output, msglen);
-
     return 0;
+#endif
 }
 
 void wc_Chacha_purge_current_block(ChaCha* ctx) {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c b/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c
index 0c37de74..df4147c8 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c
@@ -57,7 +57,11 @@ int wc_ChaCha20Poly1305_Encrypt(
                 byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE])
 {
     int ret;
-    ChaChaPoly_Aead aead;
+#ifdef WOLFSSL_SMALL_STACK
+    ChaChaPoly_Aead *aead = NULL;
+#else
+    ChaChaPoly_Aead aead[1];
+#endif
 
     /* Validate function arguments */
     if (!inKey || !inIV ||
@@ -68,15 +72,27 @@ int wc_ChaCha20Poly1305_Encrypt(
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_ChaCha20Poly1305_Init(&aead, inKey, inIV,
+#ifdef WOLFSSL_SMALL_STACK
+    aead = (ChaChaPoly_Aead *)XMALLOC(sizeof(*aead), NULL,
+                                      DYNAMIC_TYPE_TMP_BUFFER);
+    if (aead == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_ChaCha20Poly1305_Init(aead, inKey, inIV,
         CHACHA20_POLY1305_AEAD_ENCRYPT);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateAad(&aead, inAAD, inAADLen);
+        ret = wc_ChaCha20Poly1305_UpdateAad(aead, inAAD, inAADLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateData(&aead, inPlaintext, outCiphertext,
+        ret = wc_ChaCha20Poly1305_UpdateData(aead, inPlaintext, outCiphertext,
             inPlaintextLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_Final(&aead, outAuthTag);
+        ret = wc_ChaCha20Poly1305_Final(aead, outAuthTag);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return ret;
 }
 
@@ -90,7 +106,11 @@ int wc_ChaCha20Poly1305_Decrypt(
                 byte* outPlaintext)
 {
     int ret;
-    ChaChaPoly_Aead aead;
+#ifdef WOLFSSL_SMALL_STACK
+    ChaChaPoly_Aead *aead = NULL;
+#else
+    ChaChaPoly_Aead aead[1];
+#endif
     byte calculatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
 
     /* Validate function arguments */
@@ -102,19 +122,31 @@ int wc_ChaCha20Poly1305_Decrypt(
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLFSSL_SMALL_STACK
+    aead = (ChaChaPoly_Aead *)XMALLOC(sizeof(*aead), NULL,
+                                      DYNAMIC_TYPE_TMP_BUFFER);
+    if (aead == NULL)
+        return MEMORY_E;
+#endif
+
     XMEMSET(calculatedAuthTag, 0, sizeof(calculatedAuthTag));
 
-    ret = wc_ChaCha20Poly1305_Init(&aead, inKey, inIV,
+    ret = wc_ChaCha20Poly1305_Init(aead, inKey, inIV,
         CHACHA20_POLY1305_AEAD_DECRYPT);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateAad(&aead, inAAD, inAADLen);
+        ret = wc_ChaCha20Poly1305_UpdateAad(aead, inAAD, inAADLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateData(&aead, inCiphertext, outPlaintext,
+        ret = wc_ChaCha20Poly1305_UpdateData(aead, inCiphertext, outPlaintext,
             inCiphertextLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_Final(&aead, calculatedAuthTag);
+        ret = wc_ChaCha20Poly1305_Final(aead, calculatedAuthTag);
     if (ret == 0)
         ret = wc_ChaCha20Poly1305_CheckTag(inAuthTag, calculatedAuthTag);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return ret;
 }
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c b/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c
index 7cade190..c1edfc3a 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c
@@ -96,7 +96,7 @@ void ShiftAndXorRb(byte* out, byte* in)
 int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
                 int type, void* unused, void* heap, int devId)
 {
-    int ret;
+    int ret = 0;
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
     byte useSW = 0;
 #endif
@@ -196,10 +196,12 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
         if (ret != CRYPTOCB_UNAVAILABLE)
             return ret;
         /* fall-through when unavailable */
-        ret = 0; /* reset error code */
     }
 #endif
 
+    /* Clear CRYPTOCB_UNAVAILABLE return code */
+    ret = 0;
+
     while (inSz != 0) {
         word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
         XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
@@ -242,7 +244,7 @@ int wc_CmacFree(Cmac* cmac)
 
 int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
 {
-    int ret;
+    int ret = 0;
     const byte* subKey;
     word32 remainder;
 
@@ -296,7 +298,7 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
 }
 
 int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
-    int ret;
+    int ret = 0;
 
     if (cmac == NULL)
         return BAD_FUNC_ARG;
@@ -305,11 +307,70 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
     return ret;
 }
 
+
+int wc_AesCmacGenerate_ex(Cmac* cmac,
+                          byte* out, word32* outSz,
+                          const byte* in, word32 inSz,
+                          const byte* key, word32 keySz,
+                          void* heap, int devId)
+{
+    int ret = 0;
+
+    if (cmac == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    /* Set devId regardless of value (invalid or not) */
+    cmac->devId = devId;
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (devId != INVALID_DEVID)
+    #endif
+    {
+        cmac->devCtx = NULL;
+
+        ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz,
+                WC_CMAC_AES, NULL);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+
+         /* Clear CRYPTOCB_UNAVAILABLE return code */
+        ret = 0;
+
+        /* fall-through when unavailable */
+    }
+#endif
+
+    if ( ((out == NULL) && (outSz != NULL) && (*outSz > 0))
+         || (in == NULL && inSz > 0)
+         || (key == NULL && keySz > 0))  {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Init step is optional */
+    if (key != NULL) {
+        ret = wc_InitCmac_ex(cmac, key, keySz, WC_CMAC_AES, NULL, heap, devId);
+    }
+    if (ret == 0) {
+        ret = wc_CmacUpdate(cmac, in, inSz);
+        /* Ensure we are freed and zeroed if not calling wc_CmacFinal */
+        if (ret != 0) {
+            (void)wc_CmacFree(cmac);
+        }
+    }
+    if (ret == 0) {
+        ret = wc_CmacFinal(cmac, out, outSz);
+    }
+
+    return ret;
+}
+
+
 int wc_AesCmacGenerate(byte* out, word32* outSz,
                        const byte* in, word32 inSz,
                        const byte* key, word32 keySz)
 {
-    int ret;
+    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
     Cmac *cmac;
 #else
@@ -326,21 +387,22 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
         return MEMORY_E;
     }
 #endif
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     XMEMSET(((unsigned char *)cmac) + sizeof(Aes), 0xff,
         sizeof(Cmac) - sizeof(Aes));
     /* Aes part is checked by wc_AesFree. */
-    wc_MemZero_Add("wc_AesCmacGenerate cmac",
+    wc_MemZero_Add("wc_AesCmacGenerate_ex cmac",
         ((unsigned char *)cmac) + sizeof(Aes), sizeof(Cmac) - sizeof(Aes));
 #endif
 
-    ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
-    if (ret == 0) {
-        ret = wc_CmacUpdate(cmac, in, inSz);
-    }
-    if (ret == 0) {
-        ret = wc_CmacFinal(cmac, out, outSz);
-    }
+    ret = wc_AesCmacGenerate_ex(cmac,
+                                out, outSz,
+                                in, inSz,
+                                key, keySz,
+                                NULL,
+                                INVALID_DEVID);
+
 
 #ifdef WOLFSSL_SMALL_STACK
     if (cmac) {
@@ -354,23 +416,31 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
 }
 
 
-int wc_AesCmacVerify(const byte* check, word32 checkSz,
-                     const byte* in, word32 inSz,
-                     const byte* key, word32 keySz)
+int wc_AesCmacVerify_ex(Cmac* cmac,
+                        const byte* check, word32 checkSz,
+                        const byte* in, word32 inSz,
+                        const byte* key, word32 keySz,
+                        void* heap, int devId)
 {
-    int ret;
+    int ret = 0;
     byte a[AES_BLOCK_SIZE];
     word32 aSz = sizeof(a);
     int compareRet;
 
-    if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) ||
-        key == NULL || keySz == 0) {
+    if (cmac == NULL || check == NULL || checkSz == 0 || (in == NULL && inSz != 0)) {
         return BAD_FUNC_ARG;
     }
 
     XMEMSET(a, 0, aSz);
-    ret = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
-    compareRet = ConstantCompare(check, a, (int)min(checkSz, aSz));
+    ret = wc_AesCmacGenerate_ex(cmac,
+                                a, &aSz,
+                                in, inSz,
+                                key, keySz,
+                                heap,
+                                devId);
+    if (ret == 0) {
+        compareRet = ConstantCompare(check, a, (int)min(checkSz, aSz));
+    }
 
     if (ret == 0)
         ret = compareRet ? 1 : 0;
@@ -378,4 +448,54 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
     return ret;
 }
 
+
+int wc_AesCmacVerify(const byte* check, word32 checkSz,
+                     const byte* in, word32 inSz,
+                     const byte* key, word32 keySz)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Cmac *cmac;
+#else
+    Cmac cmac[1];
+#endif
+
+    if (check == NULL || checkSz == 0 || (in == NULL && inSz > 0) ||
+            key == NULL || keySz == 0) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL,
+                                DYNAMIC_TYPE_CMAC)) == NULL) {
+        return MEMORY_E;
+    }
+#endif
+
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+    XMEMSET(((unsigned char *)cmac) + sizeof(Aes), 0xff,
+        sizeof(Cmac) - sizeof(Aes));
+    /* Aes part is checked by wc_AesFree. */
+    wc_MemZero_Add("wc_AesCmacGenerate_ex cmac",
+        ((unsigned char *)cmac) + sizeof(Aes), sizeof(Cmac) - sizeof(Aes));
+#endif
+
+    ret = wc_AesCmacVerify_ex(cmac,
+                              check, checkSz,
+                              in, inSz,
+                              key, keySz,
+                              NULL,
+                              INVALID_DEVID);
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (cmac) {
+        XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
+    }
+#elif defined(WOLFSSL_CHECK_MEM_ZERO)
+    wc_MemZero_Check(cmac, sizeof(Cmac));
+#endif
+
+    return ret;
+}
+
 #endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c b/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c
index c1924c1e..fa7ee436 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c
@@ -96,6 +96,7 @@
             if (cpuid_flag(7, 0, EBX, 19)) { cpuid_flags |= CPUID_ADX   ; }
             if (cpuid_flag(1, 0, ECX, 22)) { cpuid_flags |= CPUID_MOVBE ; }
             if (cpuid_flag(7, 0, EBX,  3)) { cpuid_flags |= CPUID_BMI1  ; }
+            if (cpuid_flag(7, 0, EBX, 29)) { cpuid_flags |= CPUID_SHA   ; }
 
             cpuid_check = 1;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c b/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c
index cc09ec04..07b37f1b 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c
@@ -181,25 +181,35 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
         else
     #endif
         {
-            printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
+            printf("Crypto CB: %s %s (%d)\n",
+                GetAlgoTypeStr(info->algo_type),
                 GetPkTypeStr(info->pk.type), info->pk.type);
         }
     }
     else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
-        printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
-            GetCipherTypeStr(info->cipher.type), info->cipher.type);
+        printf("Crypto CB: %s %s (%d) (%p ctx)\n",
+            GetAlgoTypeStr(info->algo_type),
+            GetCipherTypeStr(info->cipher.type),
+            info->cipher.type, info->cipher.ctx);
     }
     else if (info->algo_type == WC_ALGO_TYPE_HASH) {
-        printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
-            GetHashTypeStr(info->hash.type), info->hash.type);
+        printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
+            GetAlgoTypeStr(info->algo_type),
+            GetHashTypeStr(info->hash.type),
+            info->hash.type, info->hash.ctx,
+            (info->hash.in != NULL) ? "Update" : "Final");
     }
     else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
-        printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
-            GetHashTypeStr(info->hmac.macType), info->hmac.macType);
+        printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
+            GetAlgoTypeStr(info->algo_type),
+            GetHashTypeStr(info->hmac.macType),
+            info->hmac.macType, info->hmac.hmac,
+            (info->hmac.in != NULL) ? "Update" : "Final");
     }
 #ifdef WOLF_CRYPTO_CB_CMD
     else if (info->algo_type == WC_ALGO_TYPE_NONE) {
-        printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
+        printf("Crypto CB: %s %s (%d)\n",
+            GetAlgoTypeStr(info->algo_type),
             GetCryptoCbCmdTypeStr(info->cmd.type), info->cmd.type);
     }
 #endif
@@ -775,6 +785,291 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
 }
 #endif /* HAVE_ED25519 */
 
+#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
+int wc_CryptoCb_PqcKemGetDevId(int type, void* key)
+{
+    int devId = INVALID_DEVID;
+
+    if (key == NULL)
+        return devId;
+
+    /* get devId */
+#if defined(WOLFSSL_HAVE_KYBER)
+    if (type == WC_PQC_KEM_TYPE_KYBER) {
+        devId = ((KyberKey*) key)->devId;
+    }
+#endif
+
+    return devId;
+}
+
+int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type, int keySize, void* key)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcKemGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_KEM_KEYGEN;
+        cryptoInfo.pk.pqc_kem_kg.rng = rng;
+        cryptoInfo.pk.pqc_kem_kg.size = keySize;
+        cryptoInfo.pk.pqc_kem_kg.key = key;
+        cryptoInfo.pk.pqc_kem_kg.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcEncapsulate(byte* ciphertext, word32 ciphertextLen,
+    byte* sharedSecret, word32 sharedSecretLen, WC_RNG* rng, int type,
+    void* key)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcKemGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_KEM_ENCAPS;
+        cryptoInfo.pk.pqc_encaps.ciphertext = ciphertext;
+        cryptoInfo.pk.pqc_encaps.ciphertextLen = ciphertextLen;
+        cryptoInfo.pk.pqc_encaps.sharedSecret = sharedSecret;
+        cryptoInfo.pk.pqc_encaps.sharedSecretLen = sharedSecretLen;
+        cryptoInfo.pk.pqc_encaps.rng = rng;
+        cryptoInfo.pk.pqc_encaps.key = key;
+        cryptoInfo.pk.pqc_encaps.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen,
+    byte* sharedSecret, word32 sharedSecretLen, int type, void* key)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcKemGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_KEM_DECAPS;
+        cryptoInfo.pk.pqc_decaps.ciphertext = ciphertext;
+        cryptoInfo.pk.pqc_decaps.ciphertextLen = ciphertextLen;
+        cryptoInfo.pk.pqc_decaps.sharedSecret = sharedSecret;
+        cryptoInfo.pk.pqc_decaps.sharedSecretLen = sharedSecretLen;
+        cryptoInfo.pk.pqc_decaps.key = key;
+        cryptoInfo.pk.pqc_decaps.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* HAVE_PQC && WOLFSSL_HAVE_KYBER */
+
+#if defined(HAVE_PQC) && (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
+int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
+{
+    int devId = INVALID_DEVID;
+
+    if (key == NULL)
+        return devId;
+
+    /* get devId */
+#if defined(HAVE_DILITHIUM)
+    if (type == WC_PQC_SIG_TYPE_DILITHIUM) {
+        devId = ((dilithium_key*) key)->devId;
+    }
+#endif
+#if defined(HAVE_FALCON)
+    if (type == WC_PQC_SIG_TYPE_FALCON) {
+        devId = ((falcon_key*) key)->devId;
+    }
+#endif
+
+    return devId;
+}
+
+int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize,
+    void* key)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_KEYGEN;
+        cryptoInfo.pk.pqc_sig_kg.rng = rng;
+        cryptoInfo.pk.pqc_sig_kg.size = keySize;
+        cryptoInfo.pk.pqc_sig_kg.key = key;
+        cryptoInfo.pk.pqc_sig_kg.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
+    WC_RNG* rng, int type, void* key)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_SIGN;
+        cryptoInfo.pk.pqc_sign.in = in;
+        cryptoInfo.pk.pqc_sign.inlen = inlen;
+        cryptoInfo.pk.pqc_sign.out = out;
+        cryptoInfo.pk.pqc_sign.outlen = outlen;
+        cryptoInfo.pk.pqc_sign.rng = rng;
+        cryptoInfo.pk.pqc_sign.key = key;
+        cryptoInfo.pk.pqc_sign.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
+    word32 msglen, int* res, int type, void* key)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_VERIFY;
+        cryptoInfo.pk.pqc_verify.sig = sig;
+        cryptoInfo.pk.pqc_verify.siglen = siglen;
+        cryptoInfo.pk.pqc_verify.msg = msg;
+        cryptoInfo.pk.pqc_verify.msglen = msglen;
+        cryptoInfo.pk.pqc_verify.res = res;
+        cryptoInfo.pk.pqc_verify.key = key;
+        cryptoInfo.pk.pqc_verify.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
+    const byte* pubKey, word32 pubKeySz)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY;
+        cryptoInfo.pk.pqc_sig_check.key = key;
+        cryptoInfo.pk.pqc_sig_check.pubKey = pubKey;
+        cryptoInfo.pk.pqc_sig_check.pubKeySz = pubKeySz;
+        cryptoInfo.pk.pqc_sig_check.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* HAVE_PQC && (HAVE_FALCON || HAVE_DILITHIUM) */
+
 #ifndef NO_AES
 #ifdef HAVE_AESGCM
 int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
@@ -1444,7 +1739,8 @@ int wc_CryptoCb_DefaultDevID(void)
 #elif defined(WC_USE_DEVID)
     ret = WC_USE_DEVID;
 #else
-    ret = INVALID_DEVID;
+    /* try first available */
+    ret = wc_CryptoCb_GetDevIdAtIndex(0);
 #endif
 
     return ret;
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c b/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c
index e5c3593b..2c967dd8 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c
@@ -51,6 +51,14 @@
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 const curve25519_set_type curve25519_sets[] = {
     {
         CURVE25519_KEYSIZE,
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c b/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c
index e638a51c..6b686012 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c
@@ -55,6 +55,13 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
 
 /*
 Possible DH enable options:
@@ -3003,7 +3010,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 
     /* loop until p is prime */
     if (ret == 0) {
-        do {
+        for (;;) {
             if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
                 ret = PRIME_GEN_E;
 
@@ -3014,7 +3021,14 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
                 else
                     primeCheckCount++;
             }
-        } while (ret == 0 && primeCheck == MP_NO);
+
+            if (ret != 0 || primeCheck == MP_YES)
+                break;
+
+            /* linuxkm: release the kernel for a moment before iterating. */
+            RESTORE_VECTOR_REGISTERS();
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret; break;);
+        };
     }
 
     /* tmp2 += (2*loop_check_prime)
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c b/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c
index d50b6db3..f8968c56 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c
@@ -59,18 +59,33 @@
  */
 int wc_dilithium_sign_msg(const byte* in, word32 inLen,
                           byte* out, word32 *outLen,
-                          dilithium_key* key)
+                          dilithium_key* key, WC_RNG* rng)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
-    size_t localOutLen = 0;
 
     /* sanity check on arguments */
     if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) {
-        ret = BAD_FUNC_ARG;
+        return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng,
+                                  WC_PQC_SIG_TYPE_DILITHIUM, key);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
+    size_t localOutLen = 0;
+
     if ((ret == 0) && (!key->prvKeySet)) {
         ret = BAD_FUNC_ARG;
     }
@@ -90,6 +105,10 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
         }
     }
 
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
     /* check and set up out length */
     if (ret == 0) {
         if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_SIG_SIZE)) {
@@ -107,6 +126,10 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
         localOutLen = *outLen;
     }
 
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
@@ -117,6 +140,8 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
         *outLen = (word32)localOutLen;
     }
 
+    wolfSSL_liboqsRngMutexUnlock();
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }
@@ -142,13 +167,28 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                             word32 msgLen, int* res, dilithium_key* key)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
 
     if (key == NULL || sig == NULL || msg == NULL || res == NULL) {
-        ret = BAD_FUNC_ARG;
+        return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res,
+                                    WC_PQC_SIG_TYPE_DILITHIUM, key);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
+
     if ((ret == 0) && (!key->pubKeySet)) {
         ret = BAD_FUNC_ARG;
     }
@@ -168,6 +208,10 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
         }
     }
 
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p)
          == OQS_ERROR)) {
@@ -194,15 +238,92 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
  * returns BAD_FUNC_ARG when key is NULL
  */
 int wc_dilithium_init(dilithium_key* key)
+{
+    return wc_dilithium_init_ex(key, NULL, INVALID_DEVID);
+}
+
+/* Initialize the dilithium private/public key.
+ *
+ * key  [in]  Dilithium key.
+ * heap [in]  Heap hint.
+ * devId[in]  Device ID.
+ * returns BAD_FUNC_ARG when key is NULL
+ */
+int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId)
 {
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    ForceZero(key, sizeof(key));
+    ForceZero(key, sizeof(*key));
+
+#ifdef WOLF_CRYPTO_CB
+    key->devCtx = NULL;
+    key->devId = devId;
+#endif
+#ifdef WOLF_PRIVATE_KEY_ID
+    key->idLen = 0;
+    key->labelLen = 0;
+#endif
+
+    (void) heap;
+    (void) devId;
+
     return 0;
 }
 
+#ifdef WOLF_PRIVATE_KEY_ID
+int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len,
+                         void* heap, int devId)
+{
+    int ret = 0;
+
+    if (key == NULL)
+        ret = BAD_FUNC_ARG;
+    if (ret == 0 && (len < 0 || len > DILITHIUM_MAX_ID_LEN))
+        ret = BUFFER_E;
+
+    if (ret == 0)
+        ret = wc_dilithium_init_ex(key, heap, devId);
+    if (ret == 0 && id != NULL && len != 0) {
+        XMEMCPY(key->id, id, (size_t)len);
+        key->idLen = len;
+    }
+
+    /* Set the maxiumum level here */
+    wc_dilithium_set_level(key, 5);
+
+    return ret;
+}
+
+int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap,
+                            int devId)
+{
+    int ret = 0;
+    int labelLen = 0;
+
+    if (key == NULL || label == NULL)
+        ret = BAD_FUNC_ARG;
+    if (ret == 0) {
+        labelLen = (int)XSTRLEN(label);
+        if (labelLen == 0 || labelLen > DILITHIUM_MAX_LABEL_LEN)
+            ret = BUFFER_E;
+    }
+
+    if (ret == 0)
+        ret = wc_dilithium_init_ex(key, heap, devId);
+    if (ret == 0) {
+        XMEMCPY(key->label, label, (size_t)labelLen);
+        key->labelLen = labelLen;
+    }
+
+    /* Set the maxiumum level here */
+    wc_dilithium_set_level(key, 5);
+
+    return ret;
+}
+#endif
+
 /* Set the level of the dilithium private/public key.
  *
  * key   [out]  Dilithium key.
@@ -252,7 +373,7 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level)
 void wc_dilithium_free(dilithium_key* key)
 {
     if (key != NULL) {
-        ForceZero(key, sizeof(key));
+        ForceZero(key, sizeof(*key));
     }
 }
 
@@ -416,15 +537,7 @@ int wc_dilithium_import_private_only(const byte* priv, word32 privSz,
          return ret;
     }
 
-    if (key->level == 2) {
-        XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL2_KEY_SIZE);
-    }
-    else if (key->level == 3) {
-        XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL3_KEY_SIZE);
-    }
-    else if (key->level == 5) {
-        XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL5_KEY_SIZE);
-    }
+    XMEMCPY(key->k, newPriv, newPrivSz);
     key->prvKeySet = 1;
 
     return 0;
@@ -488,15 +601,7 @@ int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
 
     if (ret == 0) {
         /* make the private key (priv + pub) */
-        if (key->level == 2) {
-            XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL2_KEY_SIZE);
-        }
-        else if (key->level == 3) {
-            XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL3_KEY_SIZE);
-        }
-        else if (key->level == 5) {
-            XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL5_KEY_SIZE);
-        }
+        XMEMCPY(key->k, newPriv, newPrivSz);
         key->prvKeySet = 1;
     }
 
@@ -591,20 +696,20 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen)
 
     if (key->level == 2) {
         *outLen = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, DILITHIUM_LEVEL2_PRV_KEY_SIZE);
-        XMEMCPY(out + DILITHIUM_LEVEL2_PRV_KEY_SIZE, key->p,
+        XMEMCPY(out, key->k, DILITHIUM_LEVEL2_KEY_SIZE);
+        XMEMCPY(out + DILITHIUM_LEVEL2_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL2_PUB_KEY_SIZE);
     }
     else if (key->level == 3) {
         *outLen = DILITHIUM_LEVEL3_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, DILITHIUM_LEVEL3_PRV_KEY_SIZE);
-        XMEMCPY(out + DILITHIUM_LEVEL3_PRV_KEY_SIZE, key->p,
+        XMEMCPY(out, key->k, DILITHIUM_LEVEL3_KEY_SIZE);
+        XMEMCPY(out + DILITHIUM_LEVEL3_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL3_PUB_KEY_SIZE);
     }
     else if (key->level == 5) {
         *outLen = DILITHIUM_LEVEL5_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, DILITHIUM_LEVEL5_PRV_KEY_SIZE);
-        XMEMCPY(out + DILITHIUM_LEVEL5_PRV_KEY_SIZE, key->p,
+        XMEMCPY(out, key->k, DILITHIUM_LEVEL5_KEY_SIZE);
+        XMEMCPY(out + DILITHIUM_LEVEL5_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL5_PUB_KEY_SIZE);
     }
 
@@ -653,8 +758,29 @@ int wc_dilithium_check_key(dilithium_key* key)
         return BAD_FUNC_ARG;
     }
 
-    /* Assume everything is fine. */
-    return 0;
+    int ret = 0;
+
+    /* The public key is also decoded and stored within the private key buffer
+     * behind the private key. Hence, we can compare both stored public keys. */
+    if (key->level == 2) {
+        ret = XMEMCMP(key->p, key->k + DILITHIUM_LEVEL2_KEY_SIZE,
+                      DILITHIUM_LEVEL2_PUB_KEY_SIZE);
+    }
+    else if (key->level == 3) {
+        ret = XMEMCMP(key->p, key->k + DILITHIUM_LEVEL3_KEY_SIZE,
+                      DILITHIUM_LEVEL3_PUB_KEY_SIZE);
+    }
+    else if (key->level == 5) {
+        ret = XMEMCMP(key->p, key->k + DILITHIUM_LEVEL5_KEY_SIZE,
+                      DILITHIUM_LEVEL5_PUB_KEY_SIZE);
+    }
+
+    if (ret != 0) {
+        ret = PUBLIC_KEY_E;
+    }
+
+    return ret;
+
 }
 
 /* Returns the size of a dilithium private key.
@@ -761,7 +887,8 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
                                   dilithium_key* key, word32 inSz)
 {
     int ret = 0;
-    byte privKey[DILITHIUM_MAX_KEY_SIZE], pubKey[DILITHIUM_MAX_PUB_KEY_SIZE];
+    byte privKey[DILITHIUM_MAX_PRV_KEY_SIZE];
+    byte pubKey[DILITHIUM_MAX_PUB_KEY_SIZE];
     word32 privKeyLen = (word32)sizeof(privKey);
     word32 pubKeyLen = (word32)sizeof(pubKey);
     int keytype = 0;
@@ -809,6 +936,11 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
         return BAD_FUNC_ARG;
     }
 
+    ret = wc_dilithium_import_public(input, inSz, key);
+    if (ret == 0) {
+        return 0;
+    }
+
     if (key->level == 2) {
         keytype = DILITHIUM_LEVEL2k;
     }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c b/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c
index 3cdcffe3..08f70db5 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c
@@ -42,6 +42,14 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 #ifdef _MSC_VER
     /* disable for while(0) cases (MSVC bug) */
     #pragma warning(disable:4127)
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c b/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c
index c4ad9e8a..78101ed2 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c
@@ -213,6 +213,14 @@ ECC Curve Sizes:
     #include <wolfssl/wolfcrypt/hmac.h>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
     #define GEN_MEM_ERR MP_MEM
 #elif defined(USE_FAST_MATH)
@@ -237,11 +245,17 @@ ECC Curve Sizes:
     #define HAVE_ECC_MAKE_PUB
 #endif
 
+
+/* macro guard for ecc_check_pubkey_order functionality */
 #if !defined(WOLFSSL_SP_MATH) && \
     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_IMXRT1170_CAAM) || \
+      defined(WOLFSSL_QNX_CAAM))
+
+    /* CAAM builds use public key validation as a means to check if an
+     * imported private key is an encrypted black key or not */
     #undef  HAVE_ECC_CHECK_PUBKEY_ORDER
     #define HAVE_ECC_CHECK_PUBKEY_ORDER
 #endif
@@ -251,16 +265,27 @@ ECC Curve Sizes:
 #else
 #define MAX_ECC_BITS_USE    MAX_ECC_BITS_NEEDED
 #endif
+
 #if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \
     (!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224))
+
 #define ECC_KEY_MAX_BITS(key)                                       \
     ((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE :  \
         ((unsigned)((key)->dp->size * 8)))
+#define ECC_KEY_MAX_BITS_NONULLCHECK(key)                           \
+    (((key)->dp == NULL) ? MAX_ECC_BITS_USE :                       \
+        ((unsigned)((key)->dp->size * 8)))
+
 #else
+
 /* Add one bit for cases when order is a bit greater than prime. */
 #define ECC_KEY_MAX_BITS(key)                                       \
     ((((key) == NULL) || ((key)->dp == NULL)) ? MAX_ECC_BITS_USE :  \
         ((unsigned)((key)->dp->size * 8 + 1)))
+#define ECC_KEY_MAX_BITS_NONULLCHECK(key)                           \
+    (((key)->dp == NULL) ? MAX_ECC_BITS_USE :                       \
+        ((unsigned)((key)->dp->size * 8 + 1)))
+
 #endif
 
 /* forward declarations */
@@ -1463,7 +1488,7 @@ static int xil_mpi_import(mp_int *mpi,
     /* cache (mp_int) of the curve parameters */
     static ecc_curve_spec* ecc_curve_spec_cache[ECC_SET_COUNT];
     #ifndef SINGLE_THREADED
-        static wolfSSL_Mutex ecc_curve_cache_mutex;
+        static wolfSSL_Mutex ecc_curve_cache_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_curve_cache_mutex);
     #endif
 
     #define DECLARE_CURVE_SPECS(intcount) ecc_curve_spec* curve = NULL
@@ -1733,7 +1758,8 @@ static int wc_ecc_curve_load(const ecc_set_type* dp, ecc_curve_spec** pCurve,
 int wc_ecc_curve_cache_init(void)
 {
     int ret = 0;
-#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED)
+#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED) && \
+        !defined(WOLFSSL_MUTEX_INITIALIZER)
     ret = wc_InitMutex(&ecc_curve_cache_mutex);
 #endif
     return ret;
@@ -1752,7 +1778,8 @@ void wc_ecc_curve_cache_free(void)
         }
     }
 
-#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED)
+#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED) && \
+        !defined(WOLFSSL_MUTEX_INITIALIZER)
     wc_FreeMutex(&ecc_curve_cache_mutex);
 #endif
 }
@@ -1823,7 +1850,9 @@ static void alt_fp_init(mp_int* a)
 
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLFSSL_CRYPTOCELL) && \
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
 
 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL)
 static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
@@ -2785,7 +2814,10 @@ done:
    }
 
    return err;
+   /* end !defined(WOLFSSL_SP_MATH) */
+
 #else
+   /* begin defined(WOLFSSL_SP_MATH) */
    if (P == NULL || modulus == NULL)
        return ECC_BAD_ARG_E;
 
@@ -2794,26 +2826,27 @@ done:
 
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
    if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
-       return sp_ecc_map_sm2_256(P->x, P->y, P->z);
+       err = sp_ecc_map_sm2_256(P->x, P->y, P->z);
    }
-#endif
-#ifndef WOLFSSL_SP_NO_256
+#elif defined(WOLFSSL_SP_NO_256)
    if (mp_count_bits(modulus) == 256) {
-       return sp_ecc_map_256(P->x, P->y, P->z);
+       err = sp_ecc_map_256(P->x, P->y, P->z);
    }
-#endif
-#ifdef WOLFSSL_SP_384
+#elif defined(WOLFSSL_SP_384)
    if (mp_count_bits(modulus) == 384) {
-       return sp_ecc_map_384(P->x, P->y, P->z);
+       err = sp_ecc_map_384(P->x, P->y, P->z);
    }
-#endif
-#ifdef WOLFSSL_SP_521
+#elif defined(WOLFSSL_SP_521)
    if (mp_count_bits(modulus) == 521) {
-       return sp_ecc_map_521(P->x, P->y, P->z);
+       err = sp_ecc_map_521(P->x, P->y, P->z);
    }
+#else
+   err = ECC_BAD_ARG_E;
 #endif
-   return ECC_BAD_ARG_E;
-#endif
+
+   WOLFSSL_LEAVE("ecc_map_ex (SP Math)");
+   return err;
+#endif /* WOLFSSL_SP_MATH */
 }
 #endif /* !FREESCALE_LTC_ECC && !WOLFSSL_STM32_PKA */
 
@@ -3479,12 +3512,12 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap)
    XMEMSET(key, 0, sizeof(*key));
 
 #if defined(WOLFSSL_SP_MATH_ALL) && defined(WOLFSSL_SMALL_STACK)
-   NEW_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC);
-   NEW_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
 #ifdef ALT_ECC_SIZE
-   NEW_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC);
-   NEW_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC);
-   NEW_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key), heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS_NONULLCHECK(key), heap, DYNAMIC_TYPE_ECC);
 #endif
    if (key->t1 == NULL || key->t2 == NULL
 #ifdef ALT_ECC_SIZE
@@ -3494,20 +3527,20 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap)
        err = MEMORY_E;
    }
    if (err == 0) {
-       err = INIT_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS(key));
+       err = INIT_MP_INT_SIZE(key->t1, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
    if (err == 0) {
-       err = INIT_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS(key));
+       err = INIT_MP_INT_SIZE(key->t2, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
 #ifdef ALT_ECC_SIZE
    if (err == 0) {
-       err = INIT_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS(key));
+       err = INIT_MP_INT_SIZE(key->x, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
    if (err == 0) {
-       err = INIT_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS(key));
+       err = INIT_MP_INT_SIZE(key->y, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
    if (err == 0) {
-       err = INIT_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS(key));
+       err = INIT_MP_INT_SIZE(key->z, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
 #endif
 #else
@@ -3817,6 +3850,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
 #endif
    /* k can't have more bits than order */
    if (mp_count_bits(k) > mp_count_bits(order)) {
+      WOLFSSL_MSG("Private key length is greater than order in bits.");
       return ECC_OUT_OF_RANGE_E;
    }
 
@@ -3951,7 +3985,7 @@ int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
     return wc_ecc_mulmod_ex(k, G, R, a, modulus, map, NULL);
 }
 
-#endif /* !WOLFSSL_ATECC508A */
+#endif
 
 /**
  * Allocate a new ECC point (if one not provided)
@@ -3981,6 +4015,7 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
 #ifndef ALT_ECC_SIZE
    err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL);
    if (err != MP_OKAY) {
+      WOLFSSL_MSG("mp_init_multi failed.");
    #ifndef WOLFSSL_NO_MALLOC
       XFREE(p, heap, DYNAMIC_TYPE_ECC);
    #endif
@@ -3998,13 +4033,15 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
    *point = p;
    (void)heap;
    return err;
-}
+} /* wc_ecc_new_point_ex */
+
 ecc_point* wc_ecc_new_point_h(void* heap)
 {
     ecc_point* p = NULL;
     (void)wc_ecc_new_point_ex(&p, heap);
     return p;
 }
+
 ecc_point* wc_ecc_new_point(void)
 {
    ecc_point* p = NULL;
@@ -4559,20 +4596,15 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
     #endif
     {
         err = wc_CryptoCb_Ecdh(private_key, public_key, out, outlen);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
         if (err != CRYPTOCB_UNAVAILABLE)
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            err = NO_VALID_DEVID;
-        }
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
    /* type valid? */
    if (private_key->type != ECC_PRIVATEKEY &&
            private_key->type != ECC_PRIVATEKEY_ONLY) {
@@ -4621,7 +4653,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
 #else
    err = wc_ecc_shared_secret_ex(private_key, &public_key->pubkey, out, outlen);
 #endif /* WOLFSSL_ATECC508A */
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 
    return err;
 }
@@ -5124,7 +5156,9 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
 #endif /* USE_ECC_B_PARAM */
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLFSSL_CRYPTOCELL) && \
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
 /* return 1 if point is at infinity, 0 if not, < 0 on error */
 int wc_ecc_point_is_at_infinity(ecc_point* p)
 {
@@ -5135,7 +5169,7 @@ int wc_ecc_point_is_at_infinity(ecc_point* p)
 
     return 0;
 }
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL */
+#endif
 
 /* generate random and ensure its greater than 0 and less than order */
 int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
@@ -5518,21 +5552,15 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
     #endif
     {
         err = wc_CryptoCb_MakeEccKey(rng, keysize, key, curve_id);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
         if (err != CRYPTOCB_UNAVAILABLE)
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            return NO_VALID_DEVID;
-        }
-        return err;
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
     if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
     #ifdef HAVE_CAVIUM
@@ -5801,19 +5829,32 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
         /* load curve info */
         if (err == MP_OKAY) {
             ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT, err);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("ALLOC_CURVE_SPECS failed");
+            }
         }
+
         if (err == MP_OKAY) {
             err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("wc_ecc_curve_load failed");
+            }
         }
 
         /* generate k */
         if (err == MP_OKAY) {
             err = wc_ecc_gen_k(rng, key->dp->size, key->k, curve->order);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("wc_ecc_gen_k failed");
+            }
         }
 
         /* generate public key from k */
         if (err == MP_OKAY) {
             err = ecc_make_pub_ex(key, curve, NULL, rng);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("ecc_make_pub_ex failed");
+            }
         }
 
         if (err == MP_OKAY
@@ -5848,7 +5889,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
 #endif /* HAVE_ECC_MAKE_PUB */
 
     return err;
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
 
 
@@ -6060,6 +6101,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 #endif
 
 #ifdef WOLFSSL_HEAP_TEST
+    (void)heap;
     key->heap = (void*)WOLFSSL_HEAP_TEST;
 #else
     key->heap = heap;
@@ -6551,20 +6593,20 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     #endif
     {
         err = wc_CryptoCb_EccSign(in, inlen, out, outlen, rng, key);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
         if (err != CRYPTOCB_UNAVAILABLE)
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            err = NO_VALID_DEVID;
-        }
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    (void)rng;
+    (void)inlen;
+    (void)s;
+    (void)r;
+    (void)err;
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
     if (rng == NULL) {
         WOLFSSL_MSG("ECC sign RNG missing");
         return ECC_BAD_ARG_E;
@@ -6575,12 +6617,12 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     err = wc_ecc_sign_hash_async(in, inlen, out, outlen, rng, key);
 #else
 
-    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
     if (r == NULL)
         return MEMORY_E;
 #endif
-    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
     if (s == NULL) {
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
@@ -6588,13 +6630,13 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     }
 #endif
 
-    err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key));
+    err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
         FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
         return err;
     }
-    err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key));
+    err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
         FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
@@ -6628,15 +6670,8 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
     FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
 #endif /* WOLFSSL_ASYNC_CRYPT */
-#else
-    (void)rng;
-    (void)inlen;
-    (void)s;
-    (void)r;
-    (void)err;
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
-
     return err;
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
 #endif /* !NO_ASN */
 
@@ -6719,16 +6754,16 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
 {
     int err = MP_OKAY;
     int loop_check = 0;
-    DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
+    DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE);
 
-    NEW_MP_INT_SIZE(b, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+    NEW_MP_INT_SIZE(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
     if (b == NULL)
         err = MEMORY_E;
 #endif
 
     if (err == MP_OKAY) {
-        err = INIT_MP_INT_SIZE(b, ECC_KEY_MAX_BITS(key));
+        err = INIT_MP_INT_SIZE(b, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     }
 
 #ifdef WOLFSSL_CUSTOM_CURVES
@@ -7122,7 +7157,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
    }
    e = key->e;
 #else
-   NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
    if (e_lcl == NULL) {
       return MEMORY_E;
@@ -7133,7 +7168,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
 
    /* get the hash and load it as a bignum into 'e' */
    /* init the bignums */
-   if ((err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS(key))) != MP_OKAY) {
+   if ((err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS_NONULLCHECK(key))) != MP_OKAY) {
       FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC);
       return err;
    }
@@ -7263,10 +7298,10 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
        pubkey = (ecc_key*)XMALLOC(sizeof(ecc_key), key->heap, DYNAMIC_TYPE_ECC);
        if (pubkey == NULL)
            err = MEMORY_E;
+       else
    #endif
-
+       {
        /* don't use async for key, since we don't support async return here */
-       if (err == MP_OKAY) {
            err = wc_ecc_init_ex(pubkey, key->heap, INVALID_DEVID);
            if (err == MP_OKAY) {
               err = ecc_sign_hash_sw(key, pubkey, rng, curve, e, r, s);
@@ -7753,7 +7788,9 @@ int wc_ecc_free(ecc_key* key)
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
+
 /* Handles add failure cases:
  *
  * Before add:
@@ -7867,8 +7904,11 @@ int ecc_projective_dbl_point_safe(ecc_point *P, ecc_point *R, mp_int* a,
 
     return err;
 }
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A
-          && !WOLFSSL_CRYPTOCELL && !WOLFSSL_SP_MATH */
+#endif /* !(WOLFSSL_ATECC508A) && !(WOLFSSL_ATECC608A) && \
+          !(WOLFSSL_CRYPTOCELL) && !(WOLFSSL_SP_MATH) && \
+          (!(WOLF_CRYPTO_CB_ONLY_ECC) || (WOLFSSL_QNX_CAAM) || \
+            (WOLFSSL_IMXRT1170_CAAM))
+        */
 
 #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \
     !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL) && \
@@ -8277,21 +8317,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
     #endif
     {
         err = wc_CryptoCb_EccVerify(sig, siglen, hash, hashlen, res, key);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
         if (err != CRYPTOCB_UNAVAILABLE)
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            err = NO_VALID_DEVID;
-        }
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
-
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    (void)siglen;
+    (void)hashlen;
+    (void)s;
+    (void)r;
+    (void)err;
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
     err = wc_ecc_alloc_async(key);
     if (err != 0)
@@ -8299,25 +8338,25 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
     r = key->r;
     s = key->s;
 #else
-    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
     if (r == NULL)
         return MEMORY_E;
 #endif
-    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
     if (s == NULL) {
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
         return MEMORY_E;
     }
 #endif
-    err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS(key));
+    err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
         FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
         return err;
     }
-    err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS(key));
+    err = INIT_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
         FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
@@ -8403,15 +8442,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
     /* make sure required variables are reset */
     wc_ecc_reset(key);
-#else
-    (void)siglen;
-    (void)hashlen;
-    (void)s;
-    (void)r;
-    (void)err;
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
-
     return err;
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
 #endif /* !NO_ASN */
 
@@ -8618,9 +8650,9 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    ecc_point  lcl_mG;
    ecc_point  lcl_mQ;
 #endif
-   DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
+   DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE);
 #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
-   DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
+   DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE);
 #endif
    mp_int*    e;
    mp_int*    v = NULL;      /* Will be w. */
@@ -8636,7 +8668,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 
    err = mp_init(e);
 #else
-   NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(e_lcl, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
    if (e_lcl == NULL) {
        return MEMORY_E;
@@ -8644,7 +8676,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 #endif
    e = e_lcl;
 
-   err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS(key));
+   err = INIT_MP_INT_SIZE(e, ECC_KEY_MAX_BITS_NONULLCHECK(key));
 #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_CAVIUM_V */
    if (err != MP_OKAY) {
 #ifdef WOLFSSL_SMALL_STACK
@@ -8706,7 +8738,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    }
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */
 
-   NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
+   NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
 #ifdef MP_INT_SIZE_CHECK_NULL
    if (w == NULL) {
        err = MEMORY_E;
@@ -8719,7 +8751,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
        v = w;
    }
    if (err == MP_OKAY) {
-       err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key));
+       err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
 
    /* allocate points */
@@ -9600,7 +9632,9 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
+    !defined(WOLFSSL_STM32_PKA) && \
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
 
 /* is ecc point on curve described by dp ? */
 static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@@ -10099,7 +10133,11 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
 }
 #endif /* !WOLFSSL_SP_MATH */
 
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL*/
+#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A &&
+          !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 && !WOLFSSL_STM32_PKA &&
+          (!WOLF_CRYPTO_CB_ONLY_ECC || WOLFSSL_QNX_CAAM ||
+            WOLFSSL_IMXRT1170_CAAM)
+       */
 
 #ifdef OPENSSL_EXTRA
 int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
@@ -10139,11 +10177,7 @@ int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
 static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 {
     int err = MP_OKAY;
-#ifndef WOLFSSL_SP_MATH
-#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
-    !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
+#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
     mp_int* b = NULL;
     #ifdef USE_ECC_B_PARAM
         DECLARE_CURVE_SPECS(4);
@@ -10153,9 +10187,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
         #endif
         DECLARE_CURVE_SPECS(3);
     #endif /* USE_ECC_B_PARAM */
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A &&
-          !WOLFSSL_CRYPTOCELL && !WOLFSSL_SILABS_SE_ACCEL && !WOLFSSL_SE050 */
-#endif /* !WOLFSSL_SP_MATH */
+#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */
 
     ASSERT_SAVED_VECTOR_REGISTERS();
 
@@ -10200,7 +10232,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
     /* consider key check success on HW crypto
      * ex: ATECC508/608A, CryptoCell and Silabs
      *
-     * consider key check success on Crypt Cb
+     * consider key check success on most Crypt Cb only builds
      */
     err = MP_OKAY;
 
@@ -11575,8 +11607,10 @@ typedef struct {
 static THREAD_LS_T fp_cache_t fp_cache[FP_ENTRIES];
 
 #ifndef HAVE_THREAD_LS
+    static wolfSSL_Mutex ecc_fp_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_fp_lock);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initMutex = 0;  /* prevent multiple mutex inits */
-    static wolfSSL_Mutex ecc_fp_lock;
+#endif
 #endif /* HAVE_THREAD_LS */
 
 /* simple table to help direct the generation of the LUT */
@@ -12863,10 +12897,12 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
    }
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) != 0) {
 #ifdef WOLFSSL_SMALL_STACK
@@ -13021,10 +13057,12 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
    }
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) != 0) {
       err = BAD_MUTEX_E;
@@ -13196,10 +13234,12 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
    }
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) != 0) {
       err = BAD_MUTEX_E;
@@ -13356,12 +13396,14 @@ void wc_ecc_fp_init(void)
 {
 #ifndef WOLFSSL_SP_MATH
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) {
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
 #endif
 #endif
+#endif
 }
 
 
@@ -13371,10 +13413,12 @@ void wc_ecc_fp_free(void)
 {
 #if !defined(WOLFSSL_SP_MATH)
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) == 0) {
 #endif /* HAVE_THREAD_LS */
@@ -13383,8 +13427,10 @@ void wc_ecc_fp_free(void)
 
 #ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&ecc_fp_lock);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
        wc_FreeMutex(&ecc_fp_lock);
        initMutex = 0;
+#endif
    }
 #endif /* HAVE_THREAD_LS */
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c b/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c
index 836243be..0b12991e 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c
@@ -43,6 +43,14 @@
     #include <wolfssl/wolfcrypt/sp.h>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
     #define wc_ecc_key_get_priv(key) (&((key)->k))
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c b/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c
index 6dfb7a0f..f59b6729 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c
@@ -22,6 +22,12 @@
 
  /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
 
+
+/* Possible Ed25519 enable options:
+ *   WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN                               Default: OFF
+ *     Check that the private key didn't change during the signing operations.
+ */
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -32,6 +38,7 @@
 #ifdef HAVE_ED25519
 
 #include <wolfssl/wolfcrypt/ed25519.h>
+#include <wolfssl/wolfcrypt/ge_operations.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #ifdef NO_INLINE
@@ -304,6 +311,9 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     ALIGN16 byte nonce[WC_SHA512_DIGEST_SIZE];
     ALIGN16 byte hram[WC_SHA512_DIGEST_SIZE];
     ALIGN16 byte az[ED25519_PRV_KEY_SIZE];
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    byte orig_k[ED25519_KEY_SIZE];
+#endif
 
     /* sanity check on arguments */
     if (in == NULL || out == NULL || outLen == NULL || key == NULL ||
@@ -331,6 +341,10 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     }
     *outLen = ED25519_SIG_SIZE;
 
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    XMEMCPY(orig_k, key->k, ED25519_KEY_SIZE);
+#endif
+
     /* step 1: create nonce to use where nonce is r in
        r = H(h_b, ... ,h_2b-1,M) */
     ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az);
@@ -441,6 +455,18 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
 #endif
 #endif /* WOLFSSL_SE050 */
+
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    {
+        int  i;
+        byte c = 0;
+        for (i = 0; i < ED25519_KEY_SIZE; i++) {
+            c |= key->k[i] ^ orig_k[i];
+        }
+        ret = ctMaskGT(c, 0) & SIG_VERIFY_E;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c b/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c
index 8eb83372..e93c2128 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c
@@ -25,6 +25,11 @@
  * Reworked for curve448 by Sean Parkinson.
  */
 
+/* Possible Ed448 enable options:
+ *   WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN                               Default: OFF
+ *     Check that the private key didn't change during the signing operations.
+ */
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -198,7 +203,10 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey, word32 pubKeySz)
         az[55] |= 0x80;
         az[56]  = 0x00;
 
-        ge448_scalarmult_base(&A, az);
+        ret = ge448_scalarmult_base(&A, az);
+    }
+
+    if (ret == 0) {
         ge448_to_bytes(pubKey, &A);
 
         key->pubKeySet = 1;
@@ -279,6 +287,9 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     byte     hram[ED448_SIG_SIZE];
     byte     az[ED448_PRV_KEY_SIZE];
     int      ret = 0;
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    byte     orig_k[ED448_KEY_SIZE];
+#endif
 
     /* sanity check on arguments */
     if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL) ||
@@ -298,6 +309,10 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     if (ret == 0) {
         *outLen = ED448_SIG_SIZE;
 
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+        XMEMCPY(orig_k, key->k, ED448_KEY_SIZE);
+#endif
+
         /* step 1: create nonce to use where nonce is r in
            r = H(h_b, ... ,h_2b-1,M) */
         ret = ed448_hash(key, key->k, ED448_KEY_SIZE, az, sizeof(az));
@@ -353,13 +368,15 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
 
         /* step 2: computing R = rB where rB is the scalar multiplication of
            r and B */
-        ge448_scalarmult_base(&R,nonce);
-        ge448_to_bytes(out,&R);
+        ret = ge448_scalarmult_base(&R,nonce);
 
         /* step 3: hash R + public key + message getting H(R,A,M) then
            creating S = (r + H(R,A,M)a) mod l */
+        if (ret == 0) {
+            ge448_to_bytes(out,&R);
 
-        ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
+            ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
+        }
         if (ret == 0) {
             ret = ed448_hash_update(key, sha, &type, sizeof(type));
         }
@@ -391,6 +408,17 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
         sc448_muladd(out + (ED448_SIG_SIZE/2), hram, az, nonce);
     }
 
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    if (ret == 0) {
+        int  i;
+        byte c = 0;
+        for (i = 0; i < ED448_KEY_SIZE; i++) {
+            c |= key->k[i] ^ orig_k[i];
+        }
+        ret = ctMaskGT(c, 0) & SIG_VERIFY_E;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/error.c b/extra/wolfssl/wolfssl/wolfcrypt/src/error.c
index 929e0bfd..eebd4dbc 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/error.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/error.c
@@ -601,6 +601,9 @@ const char* wc_GetErrorString(int error)
     case AES_EAX_AUTH_E:
         return "AES-EAX Authentication check fail";
 
+    case KEY_EXHAUSTED_E:
+        return "Key no longer usable for operation";
+
     default:
         return "unknown error number";
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c b/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c
index cdda3947..a365ff68 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c
@@ -2273,7 +2273,7 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
     if (ctx == NULL) return NULL;
     XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX));
     ctx->pkey = pkey;
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     ctx->padding = RSA_PKCS1_PADDING;
     ctx->md = NULL;
 #endif
@@ -2497,9 +2497,9 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
 #endif
                 return WOLFSSL_FAILURE;
             }
-            if (wc_ecc_shared_secret_ssh((ecc_key*)ctx->pkey->ecc->internal,
-                                         (ecc_point*)ctx->peerKey->ecc->pub_key->internal,
-                                         key, &len32) != MP_OKAY) {
+            if (wc_ecc_shared_secret((ecc_key*)ctx->pkey->ecc->internal,
+                    (ecc_key*)ctx->peerKey->ecc->internal, key, &len32)
+                    != MP_OKAY) {
                 WOLFSSL_MSG("wc_ecc_shared_secret failed");
 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
     && (!defined(HAVE_FIPS) || \
@@ -2774,7 +2774,7 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
     (void)len;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
@@ -2877,7 +2877,7 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
     (void)len;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
@@ -2958,7 +2958,7 @@ int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return ret;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
         case EVP_PKEY_RSA:
             ctx->op = EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
@@ -3006,7 +3006,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
     (void)tbslen;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA: {
         unsigned int usiglen = (unsigned int)*siglen;
         if (!sig) {
@@ -3120,7 +3120,7 @@ int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
         case EVP_PKEY_RSA:
             ctx->op = EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
@@ -3162,7 +3162,7 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA:
         return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs,
             (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa,
@@ -3358,8 +3358,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
     }
 
     switch (pkey->type) {
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
         case EVP_PKEY_RSA:
             pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
                 NULL, NULL);
@@ -3892,7 +3891,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
         return ret;
 
     switch (pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd;
@@ -3988,7 +3987,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     (void)siglen;
 
     switch (pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
     case EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
@@ -4461,7 +4460,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     else {
         /* Sign the digest. */
         switch (ctx->pctx->pkey->type) {
-    #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+    #if !defined(NO_RSA)
         case EVP_PKEY_RSA: {
             unsigned int sigSz = (unsigned int)*siglen;
             int nid;
@@ -4564,7 +4563,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     else {
         /* Verify the signature with the digest. */
         switch (ctx->pctx->pkey->type) {
-    #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+    #if !defined(NO_RSA)
         case EVP_PKEY_RSA: {
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
@@ -8111,6 +8110,26 @@ void wolfSSL_EVP_init(void)
     }
 #endif /* !NO_AES || !NO_DES3 */
 
+    static int IsCipherTypeAEAD(unsigned char cipherType)
+    {
+        switch (cipherType) {
+            case AES_128_GCM_TYPE:
+            case AES_192_GCM_TYPE:
+            case AES_256_GCM_TYPE:
+            case AES_128_CCM_TYPE:
+            case AES_192_CCM_TYPE:
+            case AES_256_CCM_TYPE:
+            case ARIA_128_GCM_TYPE:
+            case ARIA_192_GCM_TYPE:
+            case ARIA_256_GCM_TYPE:
+            case SM4_GCM_TYPE:
+            case SM4_CCM_TYPE:
+                return 1;
+            default:
+                return 0;
+        }
+    }
+
     /* Return length on ok */
     int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
                            word32 len)
@@ -8119,34 +8138,21 @@ void wolfSSL_EVP_init(void)
 
         WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
 
-        if (ctx == NULL || ((src == NULL || dst == NULL) &&
-            (TRUE
-        #ifdef HAVE_AESGCM
-            && ctx->cipherType != AES_128_GCM_TYPE &&
-             ctx->cipherType != AES_192_GCM_TYPE &&
-             ctx->cipherType != AES_256_GCM_TYPE
-        #endif
-        #ifdef HAVE_AESCCM
-            && ctx->cipherType != AES_128_CCM_TYPE &&
-             ctx->cipherType != AES_192_CCM_TYPE &&
-             ctx->cipherType != AES_256_CCM_TYPE
-        #endif
-        #ifdef HAVE_ARIA
-            && ctx->cipherType != ARIA_128_GCM_TYPE &&
-             ctx->cipherType != ARIA_192_GCM_TYPE &&
-             ctx->cipherType != ARIA_256_GCM_TYPE
-        #endif
-        #ifdef WOLFSSL_SM4_GCM
-            && ctx->cipherType != SM4_GCM_TYPE
-        #endif
-        #ifdef WOLFSSL_SM4_CCM
-            && ctx->cipherType != SM4_CCM_TYPE
-        #endif
-            ))) {
+        if (ctx == NULL) {
             WOLFSSL_MSG("Bad argument.");
             return WOLFSSL_FATAL_ERROR;
         }
 
+        if (!IsCipherTypeAEAD(ctx->cipherType)) {
+            /* No-op for non-AEAD ciphers */
+            if (src == NULL && dst == NULL && len == 0)
+                return 0;
+            if (src == NULL || dst == NULL) {
+                WOLFSSL_MSG("Bad argument.");
+                return WOLFSSL_FATAL_ERROR;
+            }
+        }
+
         if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
             WOLFSSL_MSG("Cipher operation not initialized. Call "
                         "wolfSSL_EVP_CipherInit.");
@@ -8510,7 +8516,7 @@ static void clearEVPPkeyKeys(WOLFSSL_EVP_PKEY *pkey)
 }
 
 #ifndef NO_RSA
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
 {
     int ret = 0;
@@ -8668,12 +8674,12 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
         }
     }
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
     if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
         return WOLFSSL_FAILURE;
     }
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
 #ifdef WC_RSA_BLINDING
     if (key->ownRng == 0) {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/ext_kyber.c b/extra/wolfssl/wolfssl/wolfcrypt/src/ext_kyber.c
index 834d9890..0e694c09 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/ext_kyber.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/ext_kyber.c
@@ -39,6 +39,8 @@
 
 #if defined (HAVE_LIBOQS)
 
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+
 static const char* OQS_ID2name(int id) {
     switch (id) {
         case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
@@ -99,10 +101,15 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
 
         /* Keep type for parameters. */
         key->type = type;
+
+#ifdef WOLF_CRYPTO_CB
+        key->devCtx = NULL;
+        key->devId = devId;
+#endif
     }
 
-    (void)devId;
     (void)heap;
+    (void)devId;
 
     return ret;
 }
@@ -310,39 +317,49 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
     OQS_KEM *kem = NULL;
 #endif
 
-    (void)rng;
-
     /* Validate parameter. */
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-#ifdef HAVE_LIBOQS
-    if (ret == 0) {
-        algName = OQS_ID2name(key->type);
-        if (algName == NULL) {
-            ret = BAD_FUNC_ARG;
-        }
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_MakePqcKemKey(rng, WC_PQC_KEM_TYPE_KYBER,
+                                        key->type, key);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
     }
+#endif
 
+#ifdef HAVE_LIBOQS
     if (ret == 0) {
         algName = OQS_ID2name(key->type);
         if (algName == NULL) {
             ret = BAD_FUNC_ARG;
         }
     }
+
     if (ret == 0) {
         kem = OQS_KEM_new(algName);
         if (kem == NULL) {
             ret = BAD_FUNC_ARG;
         }
     }
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
     if (ret == 0) {
         if (OQS_KEM_keypair(kem, key->pub, key->priv) !=
             OQS_SUCCESS) {
             ret = BAD_FUNC_ARG;
         }
     }
+    wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
 #ifdef HAVE_PQM4
@@ -397,6 +414,9 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
     WC_RNG* rng)
 {
     int ret = 0;
+#ifdef WOLF_CRYPTO_CB
+    word32 ctlen = 0;
+#endif
 #ifdef HAVE_LIBOQS
     const char * algName = NULL;
     OQS_KEM *kem = NULL;
@@ -409,6 +429,24 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
         ret = BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+        ret = wc_KyberKey_CipherTextSize(key, &ctlen);
+    }
+    if ((ret == 0)
+    #ifndef WOLF_CRYPTO_CB_FIND
+        && (key->devId != INVALID_DEVID)
+    #endif
+    ) {
+        ret = wc_CryptoCb_PqcEncapsulate(ct, ctlen, ss, KYBER_SS_SZ, rng,
+                                         WC_PQC_KEM_TYPE_KYBER, key);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
 #ifdef HAVE_LIBOQS
     if (ret == 0) {
         algName = OQS_ID2name(key->type);
@@ -422,12 +460,15 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
             ret = BAD_FUNC_ARG;
         }
     }
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
     if (ret == 0) {
         if (OQS_KEM_encaps(kem, ct, ss, key->pub) != OQS_SUCCESS) {
             ret = BAD_FUNC_ARG;
         }
     }
-
+    wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
 #ifdef HAVE_PQM4
@@ -500,6 +541,21 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
         ret = BUFFER_E;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    if ((ret == 0)
+    #ifndef WOLF_CRYPTO_CB_FIND
+        && (key->devId != INVALID_DEVID)
+    #endif
+    ) {
+        ret = wc_CryptoCb_PqcDecapsulate(ct, ctlen, ss, KYBER_SS_SZ,
+                                         WC_PQC_KEM_TYPE_KYBER, key);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
 #ifdef HAVE_LIBOQS
     if (ret == 0) {
         algName = OQS_ID2name(key->type);
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c b/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c
index b1e5e46d..84498d9a 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c
@@ -39,6 +39,7 @@
 #endif
 
 #include <xmss_callbacks.h>
+#include <utils.h>
 
 #ifndef WOLFSSL_XMSS_VERIFY_ONLY
 static THREAD_LS_T WC_RNG * xmssRng = NULL;
@@ -177,6 +178,11 @@ static int wc_XmssKey_SetOid(XmssKey * key, uint32_t oid, int is_xmssmt)
         WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set");
         return -1;
     }
+    if ((key->params.full_height < WOLFSSL_XMSS_MIN_HEIGHT) ||
+        (key->params.full_height > WOLFSSL_XMSS_MAX_HEIGHT)) {
+        WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set - height");
+        return -1;
+    }
 
     ret = xmss_set_sha_cb(sha256_cb);
     if (ret != 0) {
@@ -747,6 +753,64 @@ int wc_XmssKey_Sign(XmssKey* key, byte * sig, word32 * sigLen, const byte * msg,
 
     return (key->state == WC_XMSS_STATE_OK) ? 0 : -1;
 }
+
+
+/* Check if more signatures are possible with key.
+ *
+ * @param [in] key  XMSS key to check.
+ * @return  1 when signatures possible.
+ * @return  0 when key exhausted.
+ */
+int  wc_XmssKey_SigsLeft(XmssKey* key)
+{
+    int ret = 0;
+
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = 0;
+    }
+    /* Validate state. */
+    else if (key->state == WC_XMSS_STATE_NOSIGS) {
+        WOLFSSL_MSG("error: XMSS signatures exhausted");
+        ret = 0;
+    }
+    else if (key->state != WC_XMSS_STATE_OK) {
+        WOLFSSL_MSG("error: can't sign, XMSS key not in good state");
+        ret = 0;
+    }
+    /* Read the current secret key from NV storage.*/
+    else if (key->read_private_key(key->sk, key->sk_len, key->context) !=
+             WC_XMSS_RC_READ_TO_MEMORY) {
+        WOLFSSL_MSG("error: XMSS read_private_key failed");
+        ret = 0;
+    }
+    else {
+        /* The following assumes core_fast implementation is used
+         * from patched xmss-reference. */
+        const unsigned char* sk = (key->sk + XMSS_OID_LEN);
+        const xmss_params*   params = &key->params;
+        unsigned long long   idx = 0;
+
+        if (key->is_xmssmt) {
+            for (uint64_t i = 0; i < params->index_bytes; i++) {
+                idx |= ((unsigned long long)sk[i])
+                       << 8 * (params->index_bytes - 1 - i);
+            }
+        }
+        else {
+            idx = ((unsigned long)sk[0] << 24) |
+                  ((unsigned long)sk[1] << 16) |
+                  ((unsigned long)sk[2] <<  8) | sk[3];
+        }
+
+        ret = idx < ((1ULL << params->full_height) - 1);
+
+        /* Force zero the secret key from memory always. */
+        ForceZero(key->sk, key->sk_len);
+    }
+
+    return ret;
+}
 #endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY*/
 
 /* Get the XMSS/XMSS^MT public key length. The public key
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c b/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c
index ea722a20..2645db63 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c
@@ -59,17 +59,32 @@
  */
 int wc_falcon_sign_msg(const byte* in, word32 inLen,
                               byte* out, word32 *outLen,
-                              falcon_key* key)
+                              falcon_key* key, WC_RNG* rng)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
-    size_t localOutLen = 0;
 
     /* sanity check on arguments */
     if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) {
-        ret = BAD_FUNC_ARG;
+        return  BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng,
+                                  WC_PQC_SIG_TYPE_FALCON, key);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
     }
+#endif
+
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
+    size_t localOutLen = 0;
 
     if ((ret == 0) && (!key->prvKeySet)) {
         ret = BAD_FUNC_ARG;
@@ -88,6 +103,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
         }
     }
 
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
     /* check and set up out length */
     if (ret == 0) {
         if ((key->level == 1) && (*outLen < FALCON_LEVEL1_SIG_SIZE)) {
@@ -101,6 +120,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
         localOutLen = *outLen;
     }
 
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
@@ -111,6 +134,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
         *outLen = (word32)localOutLen;
     }
 
+    wolfSSL_liboqsRngMutexUnlock();
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }
@@ -136,12 +161,27 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                         word32 msgLen, int* res, falcon_key* key)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
 
     if (key == NULL || sig == NULL || msg == NULL || res == NULL) {
-        ret = BAD_FUNC_ARG;
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res,
+                                    WC_PQC_SIG_TYPE_FALCON, key);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
     }
+#endif
+
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
 
     if ((ret == 0) && (!key->pubKeySet)) {
         ret = BAD_FUNC_ARG;
@@ -160,6 +200,10 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
         }
     }
 
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p)
          == OQS_ERROR)) {
@@ -186,15 +230,92 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
  * returns BAD_FUNC_ARG when key is NULL
  */
 int wc_falcon_init(falcon_key* key)
+{
+    return wc_falcon_init_ex(key, NULL, INVALID_DEVID);
+}
+
+/* Initialize the falcon private/public key.
+ *
+ * key  [in]  Falcon key.
+ * heap [in]  Heap hint.
+ * devId[in]  Device ID.
+ * returns BAD_FUNC_ARG when key is NULL
+ */
+int wc_falcon_init_ex(falcon_key* key, void* heap, int devId)
 {
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    ForceZero(key, sizeof(key));
+    ForceZero(key, sizeof(*key));
+
+#ifdef WOLF_CRYPTO_CB
+    key->devCtx = NULL;
+    key->devId = devId;
+#endif
+#ifdef WOLF_PRIVATE_KEY_ID
+    key->idLen = 0;
+    key->labelLen = 0;
+#endif
+
+    (void) heap;
+    (void) devId;
+
     return 0;
 }
 
+#ifdef WOLF_PRIVATE_KEY_ID
+int wc_falcon_init_id(falcon_key* key, const unsigned char* id, int len,
+                         void* heap, int devId)
+{
+    int ret = 0;
+
+    if (key == NULL)
+        ret = BAD_FUNC_ARG;
+    if (ret == 0 && (len < 0 || len > FALCON_MAX_ID_LEN))
+        ret = BUFFER_E;
+
+    if (ret == 0)
+        ret = wc_falcon_init_ex(key, heap, devId);
+    if (ret == 0 && id != NULL && len != 0) {
+        XMEMCPY(key->id, id, (size_t)len);
+        key->idLen = len;
+    }
+
+    /* Set the maxiumum level here */
+    wc_falcon_set_level(key, 5);
+
+    return ret;
+}
+
+int wc_falcon_init_label(falcon_key* key, const char* label, void* heap,
+                            int devId)
+{
+    int ret = 0;
+    int labelLen = 0;
+
+    if (key == NULL || label == NULL)
+        ret = BAD_FUNC_ARG;
+    if (ret == 0) {
+        labelLen = (int)XSTRLEN(label);
+        if (labelLen == 0 || labelLen > FALCON_MAX_LABEL_LEN)
+            ret = BUFFER_E;
+    }
+
+    if (ret == 0)
+        ret = wc_falcon_init_ex(key, heap, devId);
+    if (ret == 0) {
+        XMEMCPY(key->label, label, (size_t)labelLen);
+        key->labelLen = labelLen;
+    }
+
+    /* Set the maxiumum level here */
+    wc_falcon_set_level(key, 5);
+
+    return ret;
+}
+#endif
+
 /* Set the level of the falcon private/public key.
  *
  * key   [out]  Falcon key.
@@ -244,7 +365,7 @@ int wc_falcon_get_level(falcon_key* key, byte* level)
 void wc_falcon_free(falcon_key* key)
 {
     if (key != NULL) {
-        ForceZero(key, sizeof(key));
+        ForceZero(key, sizeof(*key));
     }
 }
 
@@ -393,12 +514,7 @@ int wc_falcon_import_private_only(const byte* priv, word32 privSz,
          return ret;
     }
 
-    if (key->level == 1) {
-        XMEMCPY(key->k, newPriv, FALCON_LEVEL1_KEY_SIZE);
-    }
-    else if (key->level == 5) {
-        XMEMCPY(key->k, newPriv, FALCON_LEVEL5_KEY_SIZE);
-    }
+    XMEMCPY(key->k, newPriv, newPrivSz);
     key->prvKeySet = 1;
 
     return 0;
@@ -456,12 +572,7 @@ int wc_falcon_import_private_key(const byte* priv, word32 privSz,
 
     if (ret == 0) {
         /* make the private key (priv + pub) */
-        if (key->level == 1) {
-            XMEMCPY(key->k, newPriv, FALCON_LEVEL1_KEY_SIZE);
-        }
-        else if (key->level == 5) {
-            XMEMCPY(key->k, newPriv, FALCON_LEVEL5_KEY_SIZE);
-        }
+        XMEMCPY(key->k, newPriv, newPrivSz);
         key->prvKeySet = 1;
     }
 
@@ -544,14 +655,14 @@ int wc_falcon_export_private(falcon_key* key, byte* out, word32* outLen)
 
     if (key->level == 1) {
         *outLen = FALCON_LEVEL1_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, FALCON_LEVEL1_PRV_KEY_SIZE);
-        XMEMCPY(out + FALCON_LEVEL1_PRV_KEY_SIZE, key->p,
+        XMEMCPY(out, key->k, FALCON_LEVEL1_KEY_SIZE);
+        XMEMCPY(out + FALCON_LEVEL1_KEY_SIZE, key->p,
                 FALCON_LEVEL1_PUB_KEY_SIZE);
     }
     else if (key->level == 5) {
         *outLen = FALCON_LEVEL5_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, FALCON_LEVEL5_PRV_KEY_SIZE);
-        XMEMCPY(out + FALCON_LEVEL5_PRV_KEY_SIZE, key->p,
+        XMEMCPY(out, key->k, FALCON_LEVEL5_KEY_SIZE);
+        XMEMCPY(out + FALCON_LEVEL5_KEY_SIZE, key->p,
                 FALCON_LEVEL5_PUB_KEY_SIZE);
     }
 
@@ -600,8 +711,24 @@ int wc_falcon_check_key(falcon_key* key)
         return BAD_FUNC_ARG;
     }
 
-    /* Assume everything is fine. */
-    return 0;
+    int ret = 0;
+
+    /* The public key is also decoded and stored within the private key buffer
+     * behind the private key. Hence, we can compare both stored public keys. */
+    if (key->level == 1) {
+        ret = XMEMCMP(key->p, key->k + FALCON_LEVEL1_KEY_SIZE,
+                      FALCON_LEVEL1_PUB_KEY_SIZE);
+    }
+    else if (key->level == 5) {
+        ret = XMEMCMP(key->p, key->k + FALCON_LEVEL5_KEY_SIZE,
+                      FALCON_LEVEL5_PUB_KEY_SIZE);
+    }
+
+    if (ret != 0) {
+        ret = PUBLIC_KEY_E;
+    }
+
+    return ret;
 }
 
 /* Returns the size of a falcon private key.
@@ -696,7 +823,7 @@ int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
                                      falcon_key* key, word32 inSz)
 {
     int ret = 0;
-    byte privKey[FALCON_MAX_KEY_SIZE], pubKey[FALCON_MAX_PUB_KEY_SIZE];
+    byte privKey[FALCON_MAX_PRV_KEY_SIZE], pubKey[FALCON_MAX_PUB_KEY_SIZE];
     word32 privKeyLen = (word32)sizeof(privKey);
     word32 pubKeyLen = (word32)sizeof(pubKey);
     int keytype = 0;
@@ -741,6 +868,11 @@ int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx,
         return BAD_FUNC_ARG;
     }
 
+    ret = wc_falcon_import_public(input, inSz, key);
+    if (ret == 0) {
+        return 0;
+    }
+
     if (key->level == 1) {
         keytype = FALCON_LEVEL1k;
     }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S b/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S
index 7f6192ac..2001bc0a 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S
@@ -1254,7 +1254,7 @@ cpuFlagsSet:
 	.long	0
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _cpuFlagsSet:
 	.long	0
 #endif /* __APPLE__ */
@@ -1266,7 +1266,7 @@ intelFlags:
 	.long	0
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _intelFlags:
 	.long	0
 #endif /* __APPLE__ */
@@ -1278,7 +1278,7 @@ fe_mul_p:
 	.quad	fe_mul_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_mul_p:
 	.quad	_fe_mul_x64
 #endif /* __APPLE__ */
@@ -1290,7 +1290,7 @@ fe_sq_p:
 	.quad	fe_sq_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_sq_p:
 	.quad	_fe_sq_x64
 #endif /* __APPLE__ */
@@ -1302,7 +1302,7 @@ fe_mul121666_p:
 	.quad	fe_mul121666_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_mul121666_p:
 	.quad	_fe_mul121666_x64
 #endif /* __APPLE__ */
@@ -1314,7 +1314,7 @@ fe_invert_p:
 	.quad	fe_invert_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_invert_p:
 	.quad	_fe_invert_x64
 #endif /* __APPLE__ */
@@ -1326,7 +1326,7 @@ curve25519_p:
 	.quad	curve25519_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _curve25519_p:
 	.quad	_curve25519_x64
 #endif /* __APPLE__ */
@@ -1339,7 +1339,7 @@ fe_sq2_p:
 	.quad	fe_sq2_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_sq2_p:
 	.quad	_fe_sq2_x64
 #endif /* __APPLE__ */
@@ -1351,7 +1351,7 @@ fe_pow22523_p:
 	.quad	fe_pow22523_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_pow22523_p:
 	.quad	_fe_pow22523_x64
 #endif /* __APPLE__ */
@@ -1363,7 +1363,7 @@ ge_p1p1_to_p2_p:
 	.quad	ge_p1p1_to_p2_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_p1p1_to_p2_p:
 	.quad	_ge_p1p1_to_p2_x64
 #endif /* __APPLE__ */
@@ -1375,7 +1375,7 @@ ge_p1p1_to_p3_p:
 	.quad	ge_p1p1_to_p3_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_p1p1_to_p3_p:
 	.quad	_ge_p1p1_to_p3_x64
 #endif /* __APPLE__ */
@@ -1387,7 +1387,7 @@ ge_p2_dbl_p:
 	.quad	ge_p2_dbl_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_p2_dbl_p:
 	.quad	_ge_p2_dbl_x64
 #endif /* __APPLE__ */
@@ -1399,7 +1399,7 @@ ge_madd_p:
 	.quad	ge_madd_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_madd_p:
 	.quad	_ge_madd_x64
 #endif /* __APPLE__ */
@@ -1411,7 +1411,7 @@ ge_msub_p:
 	.quad	ge_msub_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_msub_p:
 	.quad	_ge_msub_x64
 #endif /* __APPLE__ */
@@ -1423,7 +1423,7 @@ ge_add_p:
 	.quad	ge_add_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_add_p:
 	.quad	_ge_add_x64
 #endif /* __APPLE__ */
@@ -1435,7 +1435,7 @@ ge_sub_p:
 	.quad	ge_sub_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_sub_p:
 	.quad	_ge_sub_x64
 #endif /* __APPLE__ */
@@ -1447,7 +1447,7 @@ sc_reduce_p:
 	.quad	sc_reduce_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _sc_reduce_p:
 	.quad	_sc_reduce_x64
 #endif /* __APPLE__ */
@@ -1459,7 +1459,7 @@ sc_muladd_p:
 	.quad	sc_muladd_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _sc_muladd_p:
 	.quad	_sc_muladd_x64
 #endif /* __APPLE__ */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c b/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c
index 7065b9af..5ce8ea75 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c
@@ -342,9 +342,10 @@ static void ge448_scalarmult(ge448_p2* h, const ge448_p2* p, const byte* a)
  * r  [in]  Point to hold result.
  * a  [in]  Scalar to multiply by.
  */
-void ge448_scalarmult_base(ge448_p2* h, const byte* a)
+int ge448_scalarmult_base(ge448_p2* h, const byte* a)
 {
     ge448_scalarmult(h, &ed448_base, a);
+    return 0;
 }
 
 /* Perform a scalar multplication of the base point and public point.
@@ -10563,12 +10564,28 @@ static void ge448_select(ge448_precomp* r, int pos, byte b)
  * r  [in]  Point to hold result.
  * a  [in]  Scalar to multiply by.
  */
-void ge448_scalarmult_base(ge448_p2* r, const byte* a)
+int ge448_scalarmult_base(ge448_p2* r, const byte* a)
 {
     byte          carry;
-    ge448_precomp t;
-    int           i;
+#ifdef WOLFSSL_SMALL_STACK
+    ge448_precomp *t = NULL;
+    byte          *e = NULL;
+#else
+    ge448_precomp t[1];
     byte          e[113];
+#endif
+    int           i;
+
+#ifdef WOLFSSL_SMALL_STACK
+    t = (ge448_precomp *)XMALLOC(sizeof(*t), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (t == NULL)
+        return MEMORY_E;
+    e = (byte *)XMALLOC(113, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (e == NULL) {
+        XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
 
     carry = 0;
     for (i = 0; i < 56; ++i) {
@@ -10586,13 +10603,13 @@ void ge448_scalarmult_base(ge448_p2* r, const byte* a)
     /* each e[i] is between -8 and 8 */
 
     /* Odd indeces first - sum based on even index so multiply by 16 */
-    ge448_select(&t, 0, e[1]);
-    fe448_copy(r->X, t.x);
-    fe448_copy(r->Y, t.y);
+    ge448_select(t, 0, e[1]);
+    fe448_copy(r->X, t->x);
+    fe448_copy(r->Y, t->y);
     fe448_1(r->Z);
     for (i = 3; i < 112; i += 2) {
-        ge448_select(&t, i / 2, e[i]);
-        ge448_madd(r, r, &t);
+        ge448_select(t, i / 2, e[i]);
+        ge448_madd(r, r, t);
     }
 
     ge448_dbl(r, r);
@@ -10602,9 +10619,16 @@ void ge448_scalarmult_base(ge448_p2* r, const byte* a)
 
     /* Add even indeces */
     for (i = 0; i <= 112; i += 2) {
-        ge448_select(&t, i / 2, e[i]);
-        ge448_madd(r, r, &t);
+        ge448_select(t, i / 2, e[i]);
+        ge448_madd(r, r, t);
     }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
 }
 
 /* Create to a sliding window for the scalar multiplicaton.
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c b/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c
index 7f614803..9c7682f2 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c
@@ -552,8 +552,8 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type)
 }
 
 /* Generic Hashing Wrapper */
-int wc_Hash(enum wc_HashType hash_type, const byte* data,
-    word32 data_len, byte* hash, word32 hash_len)
+int wc_Hash_ex(enum wc_HashType hash_type, const byte* data,
+    word32 data_len, byte* hash, word32 hash_len, void* heap, int devId)
 {
     int ret = HASH_TYPE_E; /* Default to hash type error */
     int dig_size;
@@ -578,39 +578,39 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
     {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5Hash(data, data_len, hash);
+            ret = wc_Md5Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaHash(data, data_len, hash);
+            ret = wc_ShaHash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224Hash(data, data_len, hash);
+            ret = wc_Sha224Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256Hash(data, data_len, hash);
+            ret = wc_Sha256Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384Hash(data, data_len, hash);
+            ret = wc_Sha384Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512Hash(data, data_len, hash);
+            ret = wc_Sha512Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_224Hash(data, data_len, hash);
+            ret = wc_Sha512_224Hash_ex(data, data_len, hash, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -619,44 +619,45 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_256Hash(data, data_len, hash);
+            ret = wc_Sha512_256Hash_ex(data, data_len, hash, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_MD5_SHA:
 #if !defined(NO_MD5) && !defined(NO_SHA)
-            ret = wc_Md5Hash(data, data_len, hash);
+            ret = wc_Md5Hash_ex(data, data_len, hash, heap, devId);
             if (ret == 0) {
-                ret = wc_ShaHash(data, data_len, &hash[WC_MD5_DIGEST_SIZE]);
+                ret = wc_ShaHash_ex(data, data_len, &hash[WC_MD5_DIGEST_SIZE],
+                    heap, devId);
             }
 #endif
             break;
 
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_Sha3_224Hash(data, data_len, hash);
+            ret = wc_Sha3_224Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_Sha3_256Hash(data, data_len, hash);
+            ret = wc_Sha3_256Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_Sha3_384Hash(data, data_len, hash);
+            ret = wc_Sha3_384Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_Sha3_512Hash(data, data_len, hash);
+            ret = wc_Sha3_512Hash_ex(data, data_len, hash, heap, devId);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3Hash(data, data_len, hash);
+            ret = wc_Sm3Hash_ex(data, data_len, hash, heap, devId);
             break;
     #endif
 
@@ -678,6 +679,12 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
     }
     return ret;
 }
+int wc_Hash(enum wc_HashType hash_type, const byte* data,
+    word32 data_len, byte* hash, word32 hash_len)
+{
+    return wc_Hash_ex(hash_type, data, data_len, hash, hash_len,
+        NULL, INVALID_DEVID);
+}
 
 int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
     int devId)
@@ -1279,7 +1286,8 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 #if !defined(WOLFSSL_TI_HASH)
 
 #if !defined(NO_MD5)
-    int wc_Md5Hash(const byte* data, word32 len, byte* hash)
+    int wc_Md5Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1294,7 +1302,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitMd5(md5)) != 0) {
+        if ((ret = wc_InitMd5_ex(md5, heap, devId)) != 0) {
             WOLFSSL_MSG("InitMd5 failed");
         }
         else {
@@ -1313,10 +1321,22 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Md5Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Md5Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !NO_MD5 */
 
 #if !defined(NO_SHA)
-    int wc_ShaHash(const byte* data, word32 len, byte* hash)
+    int wc_ShaHash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1324,7 +1344,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     #else
         wc_Sha sha[1];
     #endif
-        int devId = INVALID_DEVID;
 
     #ifdef WOLFSSL_SMALL_STACK
         sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1332,13 +1351,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* only use devId if its not an empty hash */
-        if (data != NULL && len > 0)
-            devId = wc_CryptoCb_GetDevIdAtIndex(0);
-    #endif
-
-        if ((ret = wc_InitSha_ex(sha, NULL, devId)) != 0) {
+        if ((ret = wc_InitSha_ex(sha, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha failed");
         }
         else {
@@ -1357,10 +1370,22 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_ShaHash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_ShaHash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !NO_SHA */
 
 #if defined(WOLFSSL_SHA224)
-    int wc_Sha224Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha224Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1376,7 +1401,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha224(sha224)) != 0) {
+        if ((ret = wc_InitSha224_ex(sha224, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha224 failed");
         }
         else {
@@ -1393,12 +1418,24 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
         XFREE(sha224, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
 
-    return ret;
-}
+        return ret;
+    }
+    int wc_Sha224Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha224Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* WOLFSSL_SHA224 */
 
 #if !defined(NO_SHA256)
-    int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha256Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1406,7 +1443,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     #else
         wc_Sha256 sha256[1];
     #endif
-        int devId = INVALID_DEVID;
 
     #ifdef WOLFSSL_SMALL_STACK
         sha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL,
@@ -1415,13 +1451,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* only use devId if its not an empty hash */
-        if (data != NULL && len > 0)
-            devId = wc_CryptoCb_GetDevIdAtIndex(0);
-    #endif
-
-        if ((ret = wc_InitSha256_ex(sha256, NULL, devId)) != 0) {
+        if ((ret = wc_InitSha256_ex(sha256, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha256 failed");
         }
         else {
@@ -1441,13 +1471,25 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha256Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !NO_SHA256 */
 
 #endif /* !defined(WOLFSSL_TI_HASH) */
 
 
 #if defined(WOLFSSL_SHA512)
-    int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha512Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1463,7 +1505,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha512(sha512)) != 0) {
+        if ((ret = wc_InitSha512_ex(sha512, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha512 failed");
         }
         else {
@@ -1482,9 +1524,21 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha512Hash_ex(data, len, hash, NULL, devId);
+    }
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #ifndef WOLFSSL_NOSHA512_224
-    int wc_Sha512_224Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha512_224Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1500,7 +1554,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha512_224(sha512)) != 0) {
+        if ((ret = wc_InitSha512_224_ex(sha512, heap, devId)) != 0) {
             WOLFSSL_MSG("wc_InitSha512_224 failed");
         }
         else {
@@ -1519,12 +1573,24 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha512_224Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha512_224Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !WOLFSSL_NOSHA512_224 */
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
 
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #ifndef WOLFSSL_NOSHA512_256
-    int wc_Sha512_256Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha512_256Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1540,7 +1606,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha512_256(sha512)) != 0) {
+        if ((ret = wc_InitSha512_256_ex(sha512, heap, devId)) != 0) {
             WOLFSSL_MSG("wc_InitSha512_256 failed");
         }
         else {
@@ -1559,13 +1625,25 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha512_256Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha512_256Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !WOLFSSL_NOSHA512_256 */
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
 
 #endif /* WOLFSSL_SHA512 */
 
 #if defined(WOLFSSL_SHA384)
-    int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha384Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1581,7 +1659,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha384(sha384)) != 0) {
+        if ((ret = wc_InitSha384_ex(sha384, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha384 failed");
         }
         else {
@@ -1600,11 +1678,23 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha384Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* WOLFSSL_SHA384 */
 
 #if defined(WOLFSSL_SHA3)
 #if !defined(WOLFSSL_NOSHA3_224)
-    int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha3_224Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1620,7 +1710,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha3_224(sha3, NULL, INVALID_DEVID)) != 0) {
+        if ((ret = wc_InitSha3_224(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_224 failed");
         }
         else {
@@ -1639,10 +1729,22 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_224Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !WOLFSSL_NOSHA3_224 */
 
 #if !defined(WOLFSSL_NOSHA3_256)
-    int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha3_256Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1658,7 +1760,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha3_256(sha3, NULL, INVALID_DEVID)) != 0) {
+        if ((ret = wc_InitSha3_256(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_256 failed");
         }
         else {
@@ -1677,10 +1779,22 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_256Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !WOLFSSL_NOSHA3_256 */
 
 #if !defined(WOLFSSL_NOSHA3_384)
-    int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha3_384Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1696,7 +1810,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha3_384(sha3, NULL, INVALID_DEVID)) != 0) {
+        if ((ret = wc_InitSha3_384(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_384 failed");
         }
         else {
@@ -1715,10 +1829,22 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_384Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !WOLFSSL_NOSHA3_384 */
 
 #if !defined(WOLFSSL_NOSHA3_512)
-    int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sha3_512Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1734,7 +1860,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSha3_512(sha3, NULL, INVALID_DEVID)) != 0) {
+        if ((ret = wc_InitSha3_512(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_512 failed");
         }
         else {
@@ -1753,11 +1879,22 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_512Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !WOLFSSL_NOSHA3_512 */
 
 #ifdef WOLFSSL_SHAKE128
-    int wc_Shake128Hash(const byte* data, word32 len, byte* hash,
-                        word32 hashLen)
+    int wc_Shake128Hash_ex(const byte* data, word32 len, byte* hash,
+                        word32 hashLen, void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1773,7 +1910,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) {
+        if ((ret = wc_InitShake128(shake, heap, devId)) != 0) {
             WOLFSSL_MSG("InitShake128 failed");
         }
         else {
@@ -1792,11 +1929,24 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Shake128Hash(const byte* data, word32 len, byte* hash,
+                        word32 hashLen)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Shake128Hash_ex(data, len, hash, hashLen,
+            NULL, devId);
+    }
 #endif /* WOLFSSL_SHAKE_128 */
 
 #ifdef WOLFSSL_SHAKE256
-    int wc_Shake256Hash(const byte* data, word32 len, byte* hash,
-                        word32 hashLen)
+    int wc_Shake256Hash_ex(const byte* data, word32 len, byte* hash,
+                        word32 hashLen, void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1812,7 +1962,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) {
+        if ((ret = wc_InitShake256(shake, heap, devId)) != 0) {
             WOLFSSL_MSG("InitShake256 failed");
         }
         else {
@@ -1831,11 +1981,25 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Shake256Hash(const byte* data, word32 len, byte* hash,
+                        word32 hashLen)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Shake256Hash_ex(data, len, hash, hashLen,
+            NULL, devId);
+    }
 #endif /* WOLFSSL_SHAKE_256 */
 #endif /* WOLFSSL_SHA3 */
 
 #ifdef WOLFSSL_SM3
-    int wc_Sm3Hash(const byte* data, word32 len, byte* hash)
+    int wc_Sm3Hash_ex(const byte* data, word32 len, byte* hash,
+        void* heap, int devId)
     {
         int ret = 0;
     #ifdef WOLFSSL_SMALL_STACK
@@ -1850,7 +2014,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_InitSm3(sm3, NULL, INVALID_DEVID)) != 0) {
+        if ((ret = wc_InitSm3(sm3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSm3 failed");
         }
         else {
@@ -1869,6 +2033,17 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 
         return ret;
     }
+    int wc_Sm3Hash(const byte* data, word32 len, byte* hash)
+    {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sm3Hash_ex(data, len, hash, NULL, devId);
+    }
 #endif /* !WOLFSSL_NOSHA3_224 */
 
 #endif /* !NO_HASH_WRAPPER */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c b/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c
index 83e693b2..9a80cb1e 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c
@@ -1195,8 +1195,8 @@ int wolfSSL_GetHmacMaxSize(void)
      * out      The pseudorandom key with the length that of the hash.
      * returns 0 on success, otherwise failure.
      */
-    int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
-                        const byte* inKey, word32 inKeySz, byte* out)
+    int wc_HKDF_Extract_ex(int type, const byte* salt, word32 saltSz,
+        const byte* inKey, word32 inKeySz, byte* out, void* heap, int devId)
     {
         byte   tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */
     #ifdef WOLFSSL_SMALL_STACK
@@ -1228,7 +1228,7 @@ int wolfSSL_GetHmacMaxSize(void)
             saltSz    = hashSz;
         }
 
-        ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
+        ret = wc_HmacInit(myHmac, heap, devId);
         if (ret == 0) {
             ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
             if (ret == 0)
@@ -1244,6 +1244,13 @@ int wolfSSL_GetHmacMaxSize(void)
         return ret;
     }
 
+    int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
+                        const byte* inKey, word32 inKeySz, byte* out)
+    {
+        return wc_HKDF_Extract_ex(type, salt, saltSz, inKey, inKeySz, out, NULL,
+            INVALID_DEVID);
+    }
+
     /* HMAC-KDF-Expand.
      * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
      *
@@ -1255,8 +1262,9 @@ int wolfSSL_GetHmacMaxSize(void)
      * out      The output keying material.
      * returns 0 on success, otherwise failure.
      */
-    int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
-                       const byte* info, word32 infoSz, byte* out, word32 outSz)
+    int wc_HKDF_Expand_ex(int type, const byte* inKey, word32 inKeySz,
+                       const byte* info, word32 infoSz, byte* out, word32 outSz,
+                       void* heap, int devId)
     {
         byte   tmp[WC_MAX_DIGEST_SIZE];
     #ifdef WOLFSSL_SMALL_STACK
@@ -1289,7 +1297,7 @@ int wolfSSL_GetHmacMaxSize(void)
         }
     #endif
 
-        ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
+        ret = wc_HmacInit(myHmac, heap, devId);
         if (ret != 0) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
@@ -1334,6 +1342,13 @@ int wolfSSL_GetHmacMaxSize(void)
         return ret;
     }
 
+    int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
+                       const byte* info, word32 infoSz, byte* out, word32 outSz)
+    {
+        return wc_HKDF_Expand_ex(type, inKey, inKeySz, info, infoSz, out, outSz,
+            NULL, INVALID_DEVID);
+    }
+
     /* HMAC-KDF.
      * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
      *
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/include.am b/extra/wolfssl/wolfssl/wolfcrypt/src/include.am
index 2a501411..0a6fa215 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/include.am
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/include.am
@@ -132,7 +132,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
               wolfcrypt/src/port/Renesas/README.md \
-              wolfcrypt/src/port/cypress/psoc6_crypto.c
+              wolfcrypt/src/port/cypress/psoc6_crypto.c \
+              wolfcrypt/src/port/liboqs/liboqs.c
 
 $(ASYNC_FILES):
 	$(AM_V_at)touch $(srcdir)/$@
@@ -213,3 +214,6 @@ if BUILD_MAXQ10XX
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/maxim/maxq10xx.c
 endif
 EXTRA_DIST += wolfcrypt/src/port/maxim/README.md
+
+include wolfcrypt/src/port/autosar/include.am
+
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c b/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c
index 21ae2353..dadfeb4e 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c
@@ -5358,6 +5358,9 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
     ++str;
   }
 
+  /* Skip whitespace at end of str */
+  while (CharIsWhiteSpace(*str))
+    ++str;
   /* if digit in isn't null term, then invalid character was found */
   if (*str != '\0') {
      mp_zero (a);
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c b/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c
index 4921e5bb..55b7ab0c 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c
@@ -353,17 +353,9 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 
     /* Extract data using HMAC, salt and input.
      * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
-     *
-     * prk      The generated pseudorandom key.
-     * salt     The salt.
-     * saltLen  The length of the salt.
-     * ikm      The input keying material.
-     * ikmLen   The length of the input keying material.
-     * digest   The type of digest to use.
-     * returns 0 on success, otherwise failure.
      */
-    int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, word32 saltLen,
-                                 byte* ikm, word32 ikmLen, int digest)
+    int wc_Tls13_HKDF_Extract_ex(byte* prk, const byte* salt, word32 saltLen,
+        byte* ikm, word32 ikmLen, int digest, void* heap, int devId)
     {
         int ret;
         word32 len = 0;
@@ -410,7 +402,15 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
         WOLFSSL_BUFFER(ikm, ikmLen);
 #endif
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_HKDF_Extract_ex(digest, salt, saltLen, ikm, ikmLen, prk, heap,
+            devId);
+#else
         ret = wc_HKDF_Extract(digest, salt, saltLen, ikm, ikmLen, prk);
+        (void)heap;
+        (void)devId;
+#endif
 
 #ifdef WOLFSSL_DEBUG_TLS
         WOLFSSL_MSG("  PRK");
@@ -420,27 +420,21 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
         return ret;
     }
 
+    int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, word32 saltLen,
+                                 byte* ikm, word32 ikmLen, int digest)
+    {
+        return wc_Tls13_HKDF_Extract_ex(prk, salt, saltLen, ikm, ikmLen, digest,
+            NULL, INVALID_DEVID);
+    }
+
     /* Expand data using HMAC, salt and label and info.
-     * TLS v1.3 defines this function.
-     *
-     * okm          The generated pseudorandom key - output key material.
-     * okmLen       The length of generated pseudorandom key -
-     *              output key material.
-     * prk          The salt - pseudo-random key.
-     * prkLen       The length of the salt - pseudo-random key.
-     * protocol     The TLS protocol label.
-     * protocolLen  The length of the TLS protocol label.
-     * info         The information to expand.
-     * infoLen      The length of the information.
-     * digest       The type of digest to use.
-     * returns 0 on success, otherwise failure.
-     */
-    int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen,
+     * TLS v1.3 defines this function. */
+    int wc_Tls13_HKDF_Expand_Label_ex(byte* okm, word32 okmLen,
                                  const byte* prk, word32 prkLen,
                                  const byte* protocol, word32 protocolLen,
                                  const byte* label, word32 labelLen,
                                  const byte* info, word32 infoLen,
-                                 int digest)
+                                 int digest, void* heap, int devId)
     {
         int    ret = 0;
         word32 idx = 0;
@@ -470,17 +464,23 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
         data[idx++] = (byte)okmLen;
         /* Length of protocol | label. */
         data[idx++] = (byte)(protocolLen + labelLen);
-        /* Protocol */
-        XMEMCPY(&data[idx], protocol, protocolLen);
-        idx += protocolLen;
-        /* Label */
-        XMEMCPY(&data[idx], label, labelLen);
-        idx += labelLen;
+        if (protocolLen > 0) {
+            /* Protocol */
+            XMEMCPY(&data[idx], protocol, protocolLen);
+            idx += protocolLen;
+        }
+        if (labelLen > 0) {
+            /* Label */
+            XMEMCPY(&data[idx], label, labelLen);
+            idx += labelLen;
+        }
         /* Length of hash of messages */
         data[idx++] = (byte)infoLen;
-        /* Hash of messages */
-        XMEMCPY(&data[idx], info, infoLen);
-        idx += infoLen;
+        if (infoLen > 0) {
+            /* Hash of messages */
+            XMEMCPY(&data[idx], info, infoLen);
+            idx += infoLen;
+        }
 
     #ifdef WOLFSSL_CHECK_MEM_ZERO
         wc_MemZero_Add("wc_Tls13_HKDF_Expand_Label data", data, idx);
@@ -494,7 +494,15 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
         WOLFSSL_MSG_EX("  Digest %d", digest);
 #endif
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_HKDF_Expand_ex(digest, prk, prkLen, data, idx, okm, okmLen,
+            heap, devId);
+#else
         ret = wc_HKDF_Expand(digest, prk, prkLen, data, idx, okm, okmLen);
+        (void)heap;
+        (void)devId;
+#endif
 
 #ifdef WOLFSSL_DEBUG_TLS
         WOLFSSL_MSG("  OKM");
@@ -512,27 +520,22 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
         return ret;
     }
 
+    int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen,
+                                 const byte* prk, word32 prkLen,
+                                 const byte* protocol, word32 protocolLen,
+                                 const byte* label, word32 labelLen,
+                                 const byte* info, word32 infoLen,
+                                 int digest)
+    {
+        return wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, protocol,
+            protocolLen, label, labelLen, info, infoLen, digest,
+            NULL, INVALID_DEVID);
+    }
+
 #if defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
     (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
     /* Expand data using HMAC, salt and label and info.
-     * TLS v1.3 defines this function.
-     *
-     * okm          The generated pseudorandom key - output key material.
-     * okmLen       The length of generated pseudorandom key -
-     *              output key material.
-     * prk          The salt - pseudo-random key.
-     * prkLen       The length of the salt - pseudo-random key.
-     * protocol     The TLS protocol label.
-     * protocolLen  The length of the TLS protocol label.
-     * info         The information to expand.
-     * infoLen      The length of the information.
-     * digest       The type of digest to use.
-     *
-     * This functions is very similar to wc_Tls13_HKDF_Expand_Label() but it
-     * allocate memory if the stack space usually used isn't enough.
-     *
-     * returns 0 on success, otherwise failure.
-     */
+     * TLS v1.3 defines this function. */
     int wc_Tls13_HKDF_Expand_Label_Alloc(byte* okm, word32 okmLen,
         const byte* prk, word32 prkLen, const byte* protocol,
         word32 protocolLen, const byte* label, word32 labelLen,
@@ -885,12 +888,12 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
  * @param [out] block    First block to encrypt.
  */
 static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
-        const byte* index, byte indexSz, unsigned char* block)
+        const byte* index, int indexSz, unsigned char* block)
 {
-    word32 i;
+    int i;
 
     /* XOR salt into zeroized buffer. */
-    for (i = 0; i < WC_SRTP_MAX_SALT - saltSz; i++) {
+    for (i = 0; i < WC_SRTP_MAX_SALT - (int)saltSz; i++) {
         block[i] = 0;
     }
     XMEMCPY(block + WC_SRTP_MAX_SALT - saltSz, salt, saltSz);
@@ -939,13 +942,13 @@ static int wc_srtp_kdf_derive_key(byte* block, byte indexSz, byte label,
     int i;
     int ret = 0;
     /* Calculate the number of full blocks needed for derived key. */
-    int blocks = keySz / AES_BLOCK_SIZE;
+    int blocks = (int)(keySz / AES_BLOCK_SIZE);
 
     /* XOR in label. */
     block[WC_SRTP_MAX_SALT - indexSz - 1] ^= label;
     for (i = 0; (ret == 0) && (i < blocks); i++) {
         /* Set counter. */
-        block[15] = i;
+        block[15] = (byte)i;
         /* Encrypt block into key buffer. */
         ret = wc_AesEcbEncrypt(aes, key, block, AES_BLOCK_SIZE);
         /* Reposition for more derived key. */
@@ -957,7 +960,7 @@ static int wc_srtp_kdf_derive_key(byte* block, byte indexSz, byte label,
     if ((ret == 0) && (keySz > 0)) {
         byte enc[AES_BLOCK_SIZE];
         /* Set counter. */
-        block[15] = i;
+        block[15] = (byte)i;
         /* Encrypt block into temporary. */
         ret = wc_AesEcbEncrypt(aes, enc, block, AES_BLOCK_SIZE);
         if (ret == 0) {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c b/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c
index afa0c6f0..43c44a1e 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c
@@ -234,7 +234,9 @@ void WOLFSSL_TIME(int count)
 
 #ifdef DEBUG_WOLFSSL
 
-#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+#if defined(ARDUINO)
+    /* see Arduino wolfssl.h for wolfSSL_Arduino_Serial_Print */
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     /* see wc_port.h for fio.h and nio.h includes */
 #elif defined(WOLFSSL_SGX)
     /* Declare sprintf for ocall */
@@ -281,9 +283,10 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
     else {
 #if defined(WOLFSSL_USER_LOG)
         WOLFSSL_USER_LOG(logMessage);
+#elif defined(ARDUINO)
+        wolfSSL_Arduino_Serial_Print(logMessage);
 #elif defined(WOLFSSL_LOG_PRINTF)
         printf("%s\n", logMessage);
-
 #elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
         dc_log_printf("%s\n", logMessage);
 #elif defined(WOLFSSL_DEOS)
@@ -818,7 +821,7 @@ static struct wc_error_queue* wc_current_node;
 static void* wc_error_heap;
 
 /* mutex for list operation protection */
-static wolfSSL_Mutex wc_error_mutex;
+static wolfSSL_Mutex wc_error_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wc_error_mutex);
 #define ERRQ_MUTEX_INIT()      wc_InitMutex(&wc_error_mutex)
 #define ERRQ_MUTEX_FREE()      wc_FreeMutex(&wc_error_mutex)
 #define ERRQ_LOCK()            wc_LockMutex(&wc_error_mutex)
@@ -827,10 +830,12 @@ static wolfSSL_Mutex wc_error_mutex;
 /* Internal function that is called by wolfCrypt_Init() */
 int wc_LoggingInit(void)
 {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (ERRQ_MUTEX_INIT() != 0) {
         WOLFSSL_MSG("Bad Init Mutex");
         return BAD_MUTEX_E;
     }
+#endif
     wc_errors_count = 0;
     wc_errors          = NULL;
     wc_current_node    = NULL;
@@ -845,10 +850,12 @@ int wc_LoggingCleanup(void)
     /* clear logging entries */
     wc_ClearErrorNodes();
     /* free mutex */
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (ERRQ_MUTEX_FREE() != 0) {
         WOLFSSL_MSG("Bad Mutex free");
         return BAD_MUTEX_E;
     }
+#endif
     return 0;
 }
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c b/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c
index 1f613026..daab9c9e 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c
@@ -454,6 +454,7 @@ int wc_Md5Final(wc_Md5* md5, byte* hash)
 
     /* ensure we have a valid buffer length; (-1 to append a byte to length) */
     if (md5->buffLen > WC_MD5_BLOCK_SIZE - 1) {
+        /* some places consider this BAD_STATE_E */
         return BUFFER_E;
     }
 
@@ -461,7 +462,9 @@ int wc_Md5Final(wc_Md5* md5, byte* hash)
 
     /* pad with zeros */
     if (md5->buffLen > WC_MD5_PAD_SIZE) {
-        XMEMSET(&local[md5->buffLen], 0, WC_MD5_BLOCK_SIZE - md5->buffLen);
+        if (md5->buffLen < WC_MD5_BLOCK_SIZE) {
+            XMEMSET(&local[md5->buffLen], 0, WC_MD5_BLOCK_SIZE - md5->buffLen);
+        }
         md5->buffLen += WC_MD5_BLOCK_SIZE - md5->buffLen;
 
 #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c b/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c
index 565d9107..4b068ce9 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c
@@ -120,7 +120,7 @@ int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*  mf,
 }
 
 #ifdef WOLFSSL_MEM_FAIL_COUNT
-static wolfSSL_Mutex memFailMutex;
+static wolfSSL_Mutex memFailMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(memFailMutex);
 int mem_fail_allocs = 0;
 int mem_fail_frees = 0;
 int mem_fail_cnt = 0;
@@ -128,7 +128,9 @@ int mem_fail_cnt = 0;
 void wc_MemFailCount_Init()
 {
     char* cnt;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_InitMutex(&memFailMutex);
+#endif
     cnt = getenv("MEM_FAIL_CNT");
     if (cnt != NULL) {
         fprintf(stderr, "MemFailCount At: %d\n", mem_fail_cnt);
@@ -158,7 +160,9 @@ static void wc_MemFailCount_FreeMem(void)
 }
 void wc_MemFailCount_Free()
 {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_FreeMutex(&memFailMutex);
+#endif
     fprintf(stderr, "MemFailCount Total: %d\n", mem_fail_allocs);
     fprintf(stderr, "MemFailCount Frees: %d\n", mem_fail_frees);
 }
@@ -196,7 +200,7 @@ static MemZero memZero[WOLFSSL_MEM_CHECK_ZERO_CACHE_LEN];
  */
 static int nextIdx = -1;
 /* Mutex to protect modifying list of addresses to check. */
-static wolfSSL_Mutex zeroMutex;
+static wolfSSL_Mutex zeroMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(zeroMutex);
 
 /* Initialize the table of addresses and the mutex.
  */
@@ -205,7 +209,9 @@ void wc_MemZero_Init()
     /* Clear the table to more easily see what is valid. */
     XMEMSET(memZero, 0, sizeof(memZero));
     /* Initialize mutex. */
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_InitMutex(&zeroMutex);
+#endif
     /* Next index is first entry. */
     nextIdx = 0;
 }
@@ -215,7 +221,9 @@ void wc_MemZero_Init()
 void wc_MemZero_Free()
 {
     /* Free mutex. */
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_FreeMutex(&zeroMutex);
+#endif
     /* Make sure we checked all addresses. */
     if (nextIdx > 0) {
         int i;
@@ -1508,16 +1516,21 @@ THREAD_LS_T const char *wc_svr_last_file = NULL;
 THREAD_LS_T int wc_svr_last_line = -1;
 THREAD_LS_T int wc_debug_vector_registers_retval =
     WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL;
+#endif
 
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
 
+#ifdef HAVE_THREAD_LS
+
 WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
     static THREAD_LS_T struct drand48_data wc_svr_fuzzing_state;
     static THREAD_LS_T int wc_svr_fuzzing_seeded = 0;
     long result;
 
+#ifdef DEBUG_VECTOR_REGISTER_ACCESS
     if (wc_debug_vector_registers_retval)
         return wc_debug_vector_registers_retval;
+#endif
 
     if (wc_svr_fuzzing_seeded == 0) {
         long seed = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
@@ -1534,10 +1547,48 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
         return 0;
 }
 
-#endif
+#else /* !HAVE_THREAD_LS */
+
+/* alternate implementation useful for testing in the kernel module build, where
+ * glibc and thread-local storage are unavailable.
+ *
+ * note this is not a well-behaved PRNG, but is adequate for fuzzing purposes.
+ * the prn sequence is incompressible according to ent and xz, and does not
+ * cycle within 10M iterations with various seeds including zero, but the Chi
+ * square distribution is poor, and the unconditioned lsb bit balance is ~54%
+ * regardless of seed.
+ *
+ * deterministic only if access is single-threaded, but never degenerate.
+ */
+
+WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
+    static unsigned long prn = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
+    static int balance_bit = 0;
+    unsigned long new_prn = prn ^ 0xba86943da66ee701ul; /* note this magic
+                                                         * random number is
+                                                         * bit-balanced.
+                                                         */
 
+#ifdef DEBUG_VECTOR_REGISTER_ACCESS
+    if (wc_debug_vector_registers_retval)
+        return wc_debug_vector_registers_retval;
 #endif
 
+    /* barrel-roll using the bottom 6 bits. */
+    if (new_prn & 0x3f)
+        new_prn = (new_prn << (new_prn & 0x3f)) |
+            (new_prn >> (0x40 - (new_prn & 0x3f)));
+    prn = new_prn;
+
+    balance_bit = !balance_bit;
+
+    return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
+}
+
+#endif /* !HAVE_THREAD_LS */
+
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
+
 #ifdef WOLFSSL_LINUXKM
     #include "../../linuxkm/linuxkm_memory.c"
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c b/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c
index 62cd9b40..af5f09ab 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c
@@ -460,10 +460,16 @@ WC_MISC_STATIC WC_INLINE void c16toa(word16 wc_u16, byte* c)
 /* convert 32 bit integer to opaque */
 WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
 {
+#ifdef WOLFSSL_USE_ALIGN
     c[0] = (byte)((wc_u32 >> 24) & 0xff);
     c[1] = (byte)((wc_u32 >> 16) & 0xff);
     c[2] = (byte)((wc_u32 >>  8) & 0xff);
     c[3] =  (byte)(wc_u32        & 0xff);
+#elif defined(LITTLE_ENDIAN_ORDER)
+    *(word32*)c = ByteReverseWord32(wc_u32);
+#else
+    *(word32*)c = wc_u32;
+#endif
 }
 #endif
 
@@ -492,10 +498,16 @@ WC_MISC_STATIC WC_INLINE void ato16(const byte* c, word16* wc_u16)
 /* convert opaque to 32 bit integer */
 WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32)
 {
+#ifdef WOLFSSL_USE_ALIGN
     *wc_u32 = ((word32)c[0] << 24) |
               ((word32)c[1] << 16) |
               ((word32)c[2] << 8) |
                (word32)c[3];
+#elif defined(LITTLE_ENDIAN_ORDER)
+    *wc_u32 = ByteReverseWord32(*(word32*)c);
+#else
+    *wc_u32 = *(word32*)c;
+#endif
 }
 
 /* convert opaque to 32 bit integer. Interpret as little endian. */
@@ -545,6 +557,18 @@ WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
     return 0;
 }
 
+WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch)
+{
+    switch (ch) {
+        case ' ':
+        case '\t':
+        case '\n':
+            return 1;
+        default:
+            return 0;
+    }
+}
+
 #ifndef WOLFSSL_NO_CT_OPS
 /* Constant time - mask set when a > b. */
 WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
@@ -760,7 +784,20 @@ WC_MISC_STATIC WC_INLINE void w64Zero(w64wrapper *a)
     a->n = 0;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
+{
+    a.n >>= shift;
+    return a;
+}
+
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
+{
+    a.n <<= shift;
+    return a;
+}
+
 #else
+
 WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n)
 {
     n->n[1]++;
@@ -899,6 +936,31 @@ WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b)
     return 0;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
+{
+     if (shift < 32) {
+         a.n[1] = (a.n[1] >> shift) || (a.n[0] << (32 - shift));
+         a.n[0] >>= shift;
+     }
+     else {
+         a.n[1] = a.n[0] >> (shift - 32);
+         a.n[0] = 0;
+     }
+     return a;
+}
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
+{
+     if (shift < 32) {
+         a.n[0] = (a.n[0] << shift) || (a.n[1] >> (32 - shift));
+         a.n[1] <<= shift;
+     }
+     else {
+         a.n[0] = a.n[1] << (shift - 32);
+         a.n[1] = 0;
+     }
+     return a;
+}
+
 #endif /* WORD64_AVAILABLE && !WOLFSSL_W64_WRAPPER_TEST */
 #endif /* WOLFSSL_W64_WRAPPER */
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c b/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c
index 22e64150..123b2e9d 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c
@@ -1836,7 +1836,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
 
     /* rewind index and set tag and length */
     tmpIdx -= MAX_LENGTH_SZ + 1;
-    sz = (word32)SetExplicit(0, (word32)ret, out + tmpIdx);
+    sz = (word32)SetExplicit(0, (word32)ret, out + tmpIdx, 0);
     tmpIdx += sz; totalSz += sz;
     XMEMMOVE(out + tmpIdx, out + MAX_LENGTH_SZ + 1, (size_t)ret);
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c b/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c
index 507d9eee..997fd4f0 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c
@@ -88,6 +88,10 @@ struct PKCS7State {
     byte* content;
     byte* buffer;   /* main internal read buffer */
 
+    wc_HashAlg hashAlg;
+    int   hashType;
+    int   cntIdfCnt; /* count of in-definite length in content info */
+
     /* stack variables to store for when returning */
     word32 varOne;
     int    varTwo;
@@ -105,6 +109,10 @@ struct PKCS7State {
     word32 aadSz;    /* size of additional AEAD data */
     word32 tagSz;    /* size of tag for AEAD */
     word32 contentSz;
+    word32 currContIdx;   /* index of current content */
+    word32 currContSz;    /* size of current content */
+    word32 currContRmnSz; /* remaining size of current content */
+    word32 accumContSz;   /* size of accumulated content size */
     byte tmpIv[MAX_CONTENT_IV_SIZE]; /* store IV if needed */
 #ifdef WC_PKCS7_STREAM_DEBUG
     word32 peakUsed; /* most bytes used for struct at any one time */
@@ -113,6 +121,9 @@ struct PKCS7State {
     byte   multi:1;  /* flag for if content is in multiple parts */
     byte   flagOne:1;
     byte   detached:1; /* flag to indicate detached signature is present */
+    byte   noContent:1;/* indicates content isn't included in bundle */
+    byte   degenerate:1;
+    byte   indefLen:1; /* flag to indicate indef-length encoding used */
 };
 
 
@@ -187,6 +198,15 @@ static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
         pkcs7->stream->varOne   = 0;
         pkcs7->stream->varTwo   = 0;
         pkcs7->stream->varThree = 0;
+        pkcs7->stream->noContent    = 0;
+        pkcs7->stream->indefLen     = 0;
+        pkcs7->stream->cntIdfCnt    = 0;
+        pkcs7->stream->currContIdx  = 0;
+        pkcs7->stream->currContSz   = 0;
+        pkcs7->stream->currContRmnSz= 0;
+        pkcs7->stream->accumContSz  = 0;
+        pkcs7->stream->contentSz    = 0;
+        pkcs7->stream->hashType     = WC_HASH_TYPE_NONE;
     }
 }
 
@@ -200,7 +220,6 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
         XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->stream->content = NULL;
         pkcs7->stream->tmpCert = NULL;
-
         XFREE(pkcs7->stream, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->stream = NULL;
     }
@@ -468,6 +487,7 @@ static const char* wc_PKCS7_GetStateName(int in)
         case WC_PKCS7_VERIFY_STAGE4: return "WC_PKCS7_VERIFY_STAGE4";
         case WC_PKCS7_VERIFY_STAGE5: return "WC_PKCS7_VERIFY_STAGE5";
         case WC_PKCS7_VERIFY_STAGE6: return "WC_PKCS7_VERIFY_STAGE6";
+        case WC_PKCS7_VERIFY_STAGE7: return "WC_PKCS7_VERIFY_STAGE7";
 
         default:
             return "Unknown state";
@@ -1487,6 +1507,7 @@ typedef struct ESD {
     wc_HashAlg  hash;
     enum wc_HashType hashType;
     byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
+    byte contentDigestSet:1;
     byte contentAttribsDigest[WC_MAX_DIGEST_SIZE];
     byte encContentDigest[MAX_ENCRYPTED_KEY_SZ];
 
@@ -1740,27 +1761,10 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
 
 #ifndef NO_RSA
 
-/* returns size of signature put into out, negative on error */
-static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey)
 {
     int ret;
     word32 idx;
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey* privKey;
-#else
-    RsaKey  privKey[1];
-#endif
-
-    if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    if (privKey == NULL)
-        return MEMORY_E;
-#endif
 
     ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId);
     if (ret == 0) {
@@ -1794,6 +1798,32 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
         }
     }
 
+    return ret;
+}
+
+
+/* returns size of signature put into out, negative on error */
+static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+{
+    int ret;
+#ifdef WOLFSSL_SMALL_STACK
+    RsaKey* privKey;
+#else
+    RsaKey  privKey[1];
+#endif
+
+    if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (privKey == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_PKCS7_ImportRSA(pkcs7, privKey);
     if (ret == 0) {
     #ifdef WOLFSSL_ASYNC_CRYPT
         do {
@@ -1824,27 +1854,10 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 
 #ifdef HAVE_ECC
 
-/* returns size of signature put into out, negative on error */
-static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey)
 {
     int ret;
-    word32 outSz, idx;
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key* privKey;
-#else
-    ecc_key  privKey[1];
-#endif
-
-    if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    if (privKey == NULL)
-        return MEMORY_E;
-#endif
+    word32 idx;
 
     ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId);
     if (ret == 0) {
@@ -1874,6 +1887,33 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
         }
     }
 
+    return ret;
+}
+
+
+/* returns size of signature put into out, negative on error */
+static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+{
+    int ret;
+    word32 outSz;
+#ifdef WOLFSSL_SMALL_STACK
+    ecc_key* privKey;
+#else
+    ecc_key  privKey[1];
+#endif
+
+    if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (privKey == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_PKCS7_ImportECC(pkcs7, privKey);
     if (ret == 0) {
         outSz = sizeof(esd->encContentDigest);
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -1903,6 +1943,67 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 
 #endif /* HAVE_ECC */
 
+/* returns encContentDigestSz based on the signature set to be used */
+static int wc_PKCS7_GetSignSize(PKCS7* pkcs7)
+{
+    int ret = 0;
+
+    switch (pkcs7->publicKeyOID) {
+
+    #ifndef NO_RSA
+        case RSAk:
+        {
+        #ifndef WOLFSSL_SMALL_STACK
+            RsaKey  privKey[1];
+        #else
+            RsaKey* privKey;
+            privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (privKey == NULL)
+                return MEMORY_E;
+        #endif
+
+            ret = wc_PKCS7_ImportRSA(pkcs7, privKey);
+            if (ret == 0) {
+                ret = wc_RsaEncryptSize(privKey);
+            }
+            wc_FreeRsaKey(privKey);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+        break;
+    #endif
+
+    #ifdef HAVE_ECC
+        case ECDSAk:
+        {
+        #ifndef WOLFSSL_SMALL_STACK
+            ecc_key  privKey[1];
+        #else
+            ecc_key* privKey;
+            privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (privKey == NULL)
+                return MEMORY_E;
+        #endif
+
+            ret = wc_PKCS7_ImportECC(pkcs7, privKey);
+            if (ret == 0) {
+                ret = wc_ecc_sig_size(privKey);
+            }
+            wc_ecc_free(privKey);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+        break;
+    #endif
+    }
+
+    return ret;
+}
+
 
 /* builds up SignedData signed attributes, including default ones.
  *
@@ -2345,10 +2446,286 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
     return ret;
 }
 
+#ifndef BER_OCTET_LENGTH
+    #define BER_OCTET_LENGTH 4096
+#endif
+
+/**
+ * This helper function encodes a chunk of content stream and writes it out.
+ *
+ * @param pkcs7 Pointer to a PKCS7 structure.
+ * @param cipherType The type of cipher to use for encryption.
+ * @param aes Optional pointer to an Aes structure for AES encryption.
+ * @param encContentOut Buffer to hold the encrypted content.
+ * @param contentData Buffer holding the content to be encrypted.
+ * @param contentDataSz Size of the content to be encrypted.
+ * @param out Buffer to hold the output data.
+ * @param outIdx Pointer to an index into the output buffer.
+ * @param esd Pointer to an ESD structure for digest calculation.
+ * @return Returns 0 on success, and a negative value on failure.
+ */
+static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
+    Aes* aes, byte* encContentOut, byte* contentData, int contentDataSz,
+    byte* out, word32* outIdx, ESD* esd)
+{
+    int ret = BAD_FUNC_ARG;
+    byte   encContentOutOct[MAX_OCTET_STR_SZ];
+    word32 encContentOutOctSz = 0;
+
+    switch (cipherType) {
+        case WC_CIPHER_NONE:
+            XMEMCPY(encContentOut, contentData, contentDataSz);
+            if (esd && esd->contentDigestSet != 1) {
+                ret = wc_HashUpdate(&esd->hash, esd->hashType,
+                    contentData, contentDataSz);
+            }
+            break;
+
+    #ifndef NO_AES
+        case WC_CIPHER_AES_CBC:
+            ret = wc_AesCbcEncrypt(aes, encContentOut,
+                contentData, contentDataSz);
+            break;
+    #endif
+
+    #ifdef WOLFSSL_AESGCM_STREAM
+        case WC_CIPHER_AES_GCM:
+            ret = wc_AesGcmEncryptUpdate(aes, encContentOut,
+                    contentData, contentDataSz, NULL, 0);
+            break;
+    #endif
+    }
+
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        /* async encrypt not available here, so block till done */
+        if (ret == WC_PENDING_E && cipherType != WC_CIPHER_NONE) {
+            ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
+        }
+    #endif
+
+    if (ret == 0) {
+        encContentOutOctSz = SetOctetString(contentDataSz, encContentOutOct);
+        wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx: NULL,
+                          encContentOutOct, encContentOutOctSz);
+        *outIdx += encContentOutOctSz;
+        wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx : NULL,
+                                            encContentOut, contentDataSz);
+        *outIdx += contentDataSz;
+    }
+
+    return ret;
+}
+
+
+/* Used for encoding the content, potentially one octet chunck at a time if
+ * in streaming mode with IO callbacks set.
+ * Can handle the cipher types:
+ *      - WC_CIPHER_NONE, used for encoding signed bundle where no encryption is
+ *                        done.
+ *      - WC_CIPHER_AES_CBC
+ *      - WC_CIPHER_AES_GCM, requires WOLFSSL_AESGCM_STREAM for streaming
+ *                           encryption
+ * If ESD is passed in then hash of the conentet is collected as processed.
+ *
+ * Returns 0 on success */
+#ifndef NO_AES
+static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, Aes* aes,
+    byte* in, int inSz, byte* out, int cipherType)
+#else
+static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
+    byte* in, int inSz, byte* out, int cipherType)
+#endif
+{
+    int ret = 0;
+    int devId  = pkcs7->devId;
+    void* heap = pkcs7->heap;
+
+    if (pkcs7->encodeStream) {
+        int    sz;
+        word32 totalSz = 0;
+        byte*  buf;
+        byte*  encContentOut;
+        byte*  contentData;
+        word32 idx = 0, outIdx = 0;
+        int padSz = 0;
+
+        if (cipherType != WC_CIPHER_NONE) {
+            padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz,
+                   wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID));
+        }
+
+        if (cipherType == WC_CIPHER_NONE && esd && esd->contentDigestSet != 1) {
+            /* calculate hash for content */
+            ret = wc_HashInit(&esd->hash, esd->hashType);
+            if (ret != 0) {
+                return ret;
+            }
+        }
+
+        encContentOut = (byte *)XMALLOC(BER_OCTET_LENGTH + MAX_OCTET_STR_SZ,
+                heap, DYNAMIC_TYPE_PKCS7);
+        contentData = (byte *)XMALLOC(BER_OCTET_LENGTH + padSz,
+                heap, DYNAMIC_TYPE_PKCS7);
+
+        if (encContentOut == NULL || contentData == NULL) {
+            XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+            WOLFSSL_MSG("Memory allocation failed for content data");
+            return MEMORY_E;
+        }
+
+        /* keep pulling from content until empty */
+        do {
+            int contentDataRead = 0;
+
+        #ifdef ASN_BER_TO_DER
+            if (pkcs7->getContentCb) {
+                contentDataRead = pkcs7->getContentCb(pkcs7,
+                                                      &buf, pkcs7->streamCtx);
+
+                if (buf == NULL) {
+                    WOLFSSL_MSG("Get content callback returned null "
+                        "buffer pointer");
+                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                    return BAD_FUNC_ARG;
+                }
+            }
+            else
+        #endif
+            {
+                int szLeft = BER_OCTET_LENGTH;
+
+                if (in == NULL) {
+                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                    return BAD_FUNC_ARG;
+                }
+
+                if (szLeft + totalSz > (word32)inSz)
+                    szLeft = inSz - totalSz;
+
+                contentDataRead = szLeft;
+                buf = in + totalSz;
+            }
+
+            if (contentDataRead <= 0) {
+                /* no more data returned from callback */
+                break;
+            }
+            totalSz += (word32)contentDataRead;
+
+            /* check and handle octet boundary */
+            sz = contentDataRead;
+            if (idx + sz > BER_OCTET_LENGTH) {
+                sz = BER_OCTET_LENGTH - idx;
+                contentDataRead -= sz;
+
+                XMEMCPY(contentData + idx, buf, sz);
+                ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType,
+                    aes, encContentOut, contentData, BER_OCTET_LENGTH, out,
+                    &outIdx, esd);
+                if (ret != 0) {
+                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                    return ret;
+                }
+
+                /* copy over any remaining data */
+                XMEMCPY(contentData, buf + sz, contentDataRead);
+                idx = contentDataRead;
+            }
+            else {
+                /* was not on an octet boundary, copy full
+                 * amount over */
+                XMEMCPY(contentData + idx, buf, sz);
+                idx += sz;
+            }
+        } while (totalSz < pkcs7->contentSz);
+
+        /* add in padding to the end */
+        if ((cipherType != WC_CIPHER_NONE) && (totalSz == pkcs7->contentSz)) {
+            int i;
+
+            if (BER_OCTET_LENGTH < idx) {
+                XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                return BAD_FUNC_ARG;
+            }
+
+            for (i = 0; i < padSz; i++) {
+                contentData[idx + i] = (byte)padSz;
+            }
+            idx += padSz;
+        }
+
+        /* encrypt and flush out remainder of content data */
+        ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType, aes,
+                    encContentOut, contentData, idx, out, &outIdx, esd);
+        if (ret == 0) {
+            if (cipherType == WC_CIPHER_NONE && esd &&
+                    esd->contentDigestSet != 1) {
+                ret = wc_HashFinal(&esd->hash, esd->hashType,
+                    esd->contentDigest + 2);
+                wc_HashFree(&esd->hash, esd->hashType);
+            }
+        }
+
+        XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+    }
+    else {
+        if (in == NULL || out == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        switch (cipherType) {
+            case WC_CIPHER_NONE:
+                if (!pkcs7->detached) {
+                    XMEMCPY(out, in, inSz);
+                }
+                if (esd && esd->contentDigestSet != 1) {
+                    ret = wc_HashInit(&esd->hash, esd->hashType);
+                    if (ret == 0)
+                        ret = wc_HashUpdate(&esd->hash, esd->hashType, in,
+                                            inSz);
+                    if (ret == 0)
+                        ret = wc_HashFinal(&esd->hash, esd->hashType,
+                                           esd->contentDigest + 2);
+                    wc_HashFree(&esd->hash, esd->hashType);
+                }
+                break;
+
+        #ifndef NO_AES
+            case WC_CIPHER_AES_CBC:
+                ret = wc_AesCbcEncrypt(aes, out, in, inSz);
+                break;
+        #endif
+
+        #ifdef WOLFSSL_AESGCM_STREAM
+            case WC_CIPHER_AES_GCM:
+                ret = wc_AesGcmEncryptUpdate(aes, out, in, inSz, NULL, 0);
+                break;
+        #endif
+        }
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        /* async encrypt not available here, so block till done */
+        if (cipherType != WC_CIPHER_NONE) {
+            ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
+        }
+    #endif
+    }
+
+    (void)devId;
+    (void)heap;
+
+    return ret;
+}
+
 
 /* build PKCS#7 signedData content type */
 /* To get the output size then set output = 0 and *outputSz = 0 */
-static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
+static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz,
     byte* output2, word32* output2Sz)
 {
@@ -2378,6 +2755,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
     byte* flatSignedAttribs = NULL;
     word32 flatSignedAttribsSz = 0;
 
+#ifdef WOLFSSL_SMALL_STACK
+    ESD* esd = NULL;
+#else
+    ESD  esd[1];
+#endif
+#ifdef ASN_BER_TO_DER
+    word32 streamSz = 0;
+#endif
 #ifdef WOLFSSL_SMALL_STACK
     byte *signedDataOid = NULL;
 #else
@@ -2388,8 +2773,21 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
     byte signingTime[MAX_TIME_STRING_SZ];
 
     if (pkcs7 == NULL || pkcs7->hashOID == 0 ||
-        outputSz == NULL || hashSz == 0 ||
-        hashBuf == NULL) {
+        outputSz == NULL) {
+        WOLFSSL_MSG("PKCS7 struct / outputSz null, or hashOID is 0");
+        return BAD_FUNC_ARG;
+    }
+
+    if (hashSz == 0 && hashBuf != NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* signature size varies with ECDSA, with a varying sign size the content
+     * hash must be known in order to create the surrounding ASN1 syntax
+     * properly before writing out the content and generating the hash on the
+     * fly and then creating the signature */
+    if (hashBuf == NULL && pkcs7->publicKeyOID == ECDSAk) {
+        WOLFSSL_MSG("Pre-calculated content hash is needed in this case");
         return BAD_FUNC_ARG;
     }
 
@@ -2444,31 +2842,43 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
 
     if (pkcs7->sidType != DEGENERATE_SID) {
         esd->hashType = wc_OidGetHash(pkcs7->hashOID);
-        if (wc_HashGetDigestSize(esd->hashType) != (int)hashSz) {
+        if (hashBuf != NULL &&
+                wc_HashGetDigestSize(esd->hashType) != (int)hashSz) {
             WOLFSSL_MSG("hashSz did not match hashOID");
             idx = BUFFER_E;
             goto out;
         }
 
-        /* include hash */
+        /* include hash if provided, otherwise create hash when processing
+         * content data */
         esd->contentDigest[0] = ASN_OCTET_STRING;
-        esd->contentDigest[1] = (byte)hashSz;
-        XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz);
-    }
-
+        if (hashBuf != NULL) {
+            esd->contentDigestSet = 1;
+            esd->contentDigest[1] = (byte)hashSz;
+            XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz);
+        }
+        else {
+            esd->contentDigest[1] = (byte)wc_HashGetDigestSize(esd->hashType);
+        }
+    }
+
     if (pkcs7->detached == 1) {
         /* do not include content if generating detached signature */
         esd->innerOctetsSz = 0;
         esd->innerContSeqSz = 0;
         esd->contentInfoSeqSz = SetSequence(pkcs7->contentTypeSz,
                                             esd->contentInfoSeq);
-    } else {
-        esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets);
+    }
+    else {
+        esd->innerOctetsSz = SetOctetStringEx(pkcs7->contentSz, esd->innerOctets,
+                                    pkcs7->encodeStream);
         esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz +
-                                    pkcs7->contentSz, esd->innerContSeq);
-        esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz +
+                                    pkcs7->contentSz, esd->innerContSeq,
+                                    pkcs7->encodeStream);
+        esd->contentInfoSeqSz = SetSequenceEx(pkcs7->contentSz +
                                     esd->innerOctetsSz + pkcs7->contentTypeSz +
-                                    esd->innerContSeqSz, esd->contentInfoSeq);
+                                    esd->innerContSeqSz, esd->contentInfoSeq,
+                                    pkcs7->encodeStream);
     }
 
     /* SignerIdentifier */
@@ -2495,7 +2905,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         /* SubjectKeyIdentifier */
         esd->issuerSKIDSz = SetOctetString(keyIdSize, esd->issuerSKID);
         esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize,
-                                           esd->issuerSKIDSeq);
+                                           esd->issuerSKIDSeq, 0);
         signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize);
 
         /* version MUST be 3 */
@@ -2550,14 +2960,18 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
             FlattenAttributes(pkcs7, flatSignedAttribs,
                                        esd->signedAttribs, esd->signedAttribsCount);
             esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz,
-                                                              esd->signedAttribSet);
+                                                              esd->signedAttribSet, 0);
         } else {
             esd->signedAttribSetSz = 0;
         }
 
-        /* Calculate the final hash and encrypt it. */
-        ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
-                                                flatSignedAttribsSz, esd);
+        if (pkcs7->publicKeyOID != ECDSAk && hashBuf == NULL) {
+            ret = esd->encContentDigestSz = wc_PKCS7_GetSignSize(pkcs7);
+        }
+        else {
+            ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
+                                            flatSignedAttribsSz, esd);
+        }
         if (ret < 0) {
             idx = ret;
             goto out;
@@ -2577,15 +2991,17 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
 
     /* certificates [0] IMPLICIT CertificateSet */
     /* get total certificates size */
-    certPtr = pkcs7->certList;
-    while (certPtr != NULL) {
-        certSetSz += certPtr->derSz;
-        certPtr = certPtr->next;
+    if (pkcs7->noCerts != 1) {
+        certPtr = pkcs7->certList;
+        while (certPtr != NULL) {
+            certSetSz += certPtr->derSz;
+            certPtr = certPtr->next;
+        }
     }
     certPtr = NULL;
 
     if (certSetSz > 0)
-        esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet);
+        esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet, 0);
 
     if (pkcs7->sidType != DEGENERATE_SID) {
         esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
@@ -2603,19 +3019,48 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
 
     totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz +
               esd->contentInfoSeqSz + pkcs7->contentTypeSz +
-              esd->innerContSeqSz + esd->innerOctetsSz + pkcs7->contentSz;
+              esd->innerContSeqSz + esd->innerOctetsSz;
+
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        word32 tmpIdx = 0;
+        totalSz += (3 * ASN_INDEF_END_SZ) ; /* 00's for BER with inner content */
+
+        StreamOctetString(pkcs7->content, pkcs7->contentSz, NULL, &streamSz,
+            &tmpIdx);
+        totalSz += streamSz + (3 * ASN_INDEF_END_SZ);
+    }
+    else
+#endif
+    {
+        totalSz += pkcs7->contentSz;
+    }
     total2Sz = esd->certsSetSz + certSetSz + signerInfoSz;
 
     if (pkcs7->detached) {
         totalSz -= pkcs7->contentSz;
     }
 
-    esd->innerSeqSz = SetSequence(totalSz + total2Sz, esd->innerSeq);
+    esd->innerSeqSz = SetSequenceEx(totalSz + total2Sz, esd->innerSeq,
+        pkcs7->encodeStream);
     totalSz += esd->innerSeqSz;
-    esd->outerContentSz = SetExplicit(0, totalSz + total2Sz, esd->outerContent);
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+
+    esd->outerContentSz = SetExplicit(0, totalSz + total2Sz,
+        esd->outerContent, pkcs7->encodeStream);
     totalSz += esd->outerContentSz + signedDataOidSz;
-    esd->outerSeqSz = SetSequence(totalSz + total2Sz, esd->outerSeq);
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+
+    esd->outerSeqSz = SetSequenceEx(totalSz + total2Sz, esd->outerSeq,
+        pkcs7->encodeStream);
     totalSz += esd->outerSeqSz;
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
 
     /* if using header/footer, we are not returning the content */
     if (output2 && output2Sz) {
@@ -2639,7 +3084,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         totalSz += total2Sz;
     }
 
-    if (totalSz > *outputSz) {
+    if (totalSz > *outputSz
+    #ifdef ASN_BER_TO_DER
+        && pkcs7->streamOutCb == NULL
+    #endif
+    ) {
         if (*outputSz == 0) {
         #ifdef HAVE_ECC
             if (pkcs7->publicKeyOID == ECDSAk) {
@@ -2654,33 +3103,48 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         goto out;
     }
 
+#ifdef ASN_BER_TO_DER
+    if (output == NULL && pkcs7->streamOutCb == NULL) {
+#else
     if (output == NULL) {
+#endif
         idx = BUFFER_E;
         goto out;
     }
 
     idx = 0;
-    XMEMCPY(output + idx, esd->outerSeq, esd->outerSeqSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->outerSeq, esd->outerSeqSz);
     idx += esd->outerSeqSz;
-    XMEMCPY(output + idx, signedDataOid, signedDataOidSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            signedDataOid, signedDataOidSz);
     idx += signedDataOidSz;
-    XMEMCPY(output + idx, esd->outerContent, esd->outerContentSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->outerContent, esd->outerContentSz);
     idx += esd->outerContentSz;
-    XMEMCPY(output + idx, esd->innerSeq, esd->innerSeqSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->innerSeq, esd->innerSeqSz);
     idx += esd->innerSeqSz;
-    XMEMCPY(output + idx, esd->version, esd->versionSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->version, esd->versionSz);
     idx += esd->versionSz;
-    XMEMCPY(output + idx, esd->digAlgoIdSet, esd->digAlgoIdSetSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->digAlgoIdSet, esd->digAlgoIdSetSz);
     idx += esd->digAlgoIdSetSz;
-    XMEMCPY(output + idx, esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
     idx += esd->singleDigAlgoIdSz;
-    XMEMCPY(output + idx, esd->contentInfoSeq, esd->contentInfoSeqSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->contentInfoSeq, esd->contentInfoSeqSz);
     idx += esd->contentInfoSeqSz;
-    XMEMCPY(output + idx, pkcs7->contentType, pkcs7->contentTypeSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            pkcs7->contentType, pkcs7->contentTypeSz);
     idx += pkcs7->contentTypeSz;
-    XMEMCPY(output + idx, esd->innerContSeq, esd->innerContSeqSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->innerContSeq, esd->innerContSeqSz);
     idx += esd->innerContSeqSz;
-    XMEMCPY(output + idx, esd->innerOctets, esd->innerOctetsSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->innerOctets, esd->innerOctetsSz);
     idx += esd->innerOctetsSz;
 
     /* support returning header and footer without content */
@@ -2689,48 +3153,97 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         idx = 0;
     }
     else {
-        if (!pkcs7->detached && pkcs7->content != NULL && pkcs7->contentSz > 0) {
-            XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
-            idx += pkcs7->contentSz;
+        if (
+        #ifdef ASN_BER_TO_DER
+            (pkcs7->content != NULL || pkcs7->getContentCb != NULL)
+        #else
+            pkcs7->content != NULL
+        #endif
+             && pkcs7->contentSz > 0) {
+            wc_PKCS7_EncodeContentStream(pkcs7, esd, NULL, pkcs7->content,
+               pkcs7->contentSz, (output)? output + idx : NULL, WC_CIPHER_NONE);
+            if (!pkcs7->detached) {
+            #ifdef ASN_BER_TO_DER
+                if (pkcs7->encodeStream) {
+                    byte indefEnd[ASN_INDEF_END_SZ * 3];
+                    word32 localIdx = 0;
+
+                    idx += streamSz;
+
+                    /* end of content octet string */
+                    localIdx += SetIndefEnd(indefEnd + localIdx);
+
+                    /* end of inner content seq */
+                    localIdx += SetIndefEnd(indefEnd + localIdx);
+
+                    /* end of inner content info seq */
+                    localIdx += SetIndefEnd(indefEnd + localIdx);
+
+                    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+                        indefEnd, localIdx);
+                    idx += localIdx;
+                }
+                else
+            #endif
+                {
+                        idx += pkcs7->contentSz;
+                }
+            }
         }
         output2 = output;
     }
 
     /* certificates */
-    XMEMCPY(output2 + idx, esd->certsSet, esd->certsSetSz);
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+        esd->certsSet, esd->certsSetSz);
     idx += esd->certsSetSz;
-    certPtr = pkcs7->certList;
-    while (certPtr != NULL) {
-        XMEMCPY(output2 + idx, certPtr->der, certPtr->derSz);
-        idx += certPtr->derSz;
-        certPtr = certPtr->next;
+
+    if (pkcs7->noCerts != 1) {
+        certPtr = pkcs7->certList;
+        while (certPtr != NULL) {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                certPtr->der, certPtr->derSz);
+            idx += certPtr->derSz;
+            certPtr = certPtr->next;
+        }
     }
+
     wc_PKCS7_FreeCertSet(pkcs7);
 
-    XMEMCPY(output2 + idx, esd->signerInfoSet, esd->signerInfoSetSz);
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerInfoSet, esd->signerInfoSetSz);
     idx += esd->signerInfoSetSz;
-    XMEMCPY(output2 + idx, esd->signerInfoSeq, esd->signerInfoSeqSz);
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerInfoSeq, esd->signerInfoSeqSz);
     idx += esd->signerInfoSeqSz;
-    XMEMCPY(output2 + idx, esd->signerVersion, esd->signerVersionSz);
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerVersion, esd->signerVersionSz);
     idx += esd->signerVersionSz;
     /* SignerIdentifier */
     if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
         /* IssuerAndSerialNumber */
-        XMEMCPY(output2 + idx, esd->issuerSnSeq, esd->issuerSnSeqSz);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSnSeq, esd->issuerSnSeqSz);
         idx += esd->issuerSnSeqSz;
-        XMEMCPY(output2 + idx, esd->issuerName, esd->issuerNameSz);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerName, esd->issuerNameSz);
         idx += esd->issuerNameSz;
-        XMEMCPY(output2 + idx, pkcs7->issuer, pkcs7->issuerSz);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->issuer, pkcs7->issuerSz);
         idx += pkcs7->issuerSz;
-        XMEMCPY(output2 + idx, esd->issuerSn, esd->issuerSnSz);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSn, esd->issuerSnSz);
         idx += esd->issuerSnSz;
     } else if (pkcs7->sidType == CMS_SKID) {
         /* SubjectKeyIdentifier */
-        XMEMCPY(output2 + idx, esd->issuerSKIDSeq, esd->issuerSKIDSeqSz);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSKIDSeq, esd->issuerSKIDSeqSz);
         idx += esd->issuerSKIDSeqSz;
-        XMEMCPY(output2 + idx, esd->issuerSKID, esd->issuerSKIDSz);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSKID, esd->issuerSKIDSz);
         idx += esd->issuerSKIDSz;
-        XMEMCPY(output2 + idx, pkcs7->issuerSubjKeyId, keyIdSize);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->issuerSubjKeyId, keyIdSize);
         idx += keyIdSize;
     } else if (pkcs7->sidType == DEGENERATE_SID) {
         /* no signer infos in degenerate case */
@@ -2738,24 +3251,95 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         idx = SKID_E;
         goto out;
     }
-    XMEMCPY(output2 + idx, esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
     idx += esd->signerDigAlgoIdSz;
 
     /* SignerInfo:Attributes */
     if (flatSignedAttribsSz > 0) {
-        XMEMCPY(output2 + idx, esd->signedAttribSet, esd->signedAttribSetSz);
+        /* if the original hash buffer passed in was null then recreate the
+        * signature */
+        if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) {
+            /* recreate flat attribs after the content hash is known if needed
+             * build up signed attributes, include contentType, signingTime, and
+               messageDigest by default */
+            esd->signedAttribsCount = 0;
+            esd->signedAttribsSz = 0;
+            ret = wc_PKCS7_BuildSignedAttributes(pkcs7, esd, pkcs7->contentType,
+                                     pkcs7->contentTypeSz,
+                                     contentTypeOid, sizeof(contentTypeOid),
+                                     messageDigestOid, sizeof(messageDigestOid),
+                                     signingTimeOid, sizeof(signingTimeOid),
+                                     signingTime, sizeof(signingTime));
+            if (ret < 0) {
+                idx = ret;
+                goto out;
+            }
+
+            if (esd->signedAttribsSz > 0) {
+                if (flatSignedAttribs == NULL) {
+                    idx = MEMORY_E;
+                    goto out;
+                }
+
+                flatSignedAttribsSz = esd->signedAttribsSz;
+                FlattenAttributes(pkcs7, flatSignedAttribs,
+                                   esd->signedAttribs, esd->signedAttribsCount);
+            } else {
+                esd->signedAttribSetSz = 0;
+            }
+        }
+
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signedAttribSet, esd->signedAttribSetSz);
         idx += esd->signedAttribSetSz;
-        XMEMCPY(output2 + idx, flatSignedAttribs, flatSignedAttribsSz);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                flatSignedAttribs, flatSignedAttribsSz);
         idx += flatSignedAttribsSz;
     }
 
-    XMEMCPY(output2 + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz);
+    if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) {
+        /* Calculate the final hash and encrypt it. */
+        WOLFSSL_MSG("Recreating signature with new hash");
+        ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
+                                                flatSignedAttribsSz, esd);
+        if (ret < 0) {
+            idx = ret;
+            goto out;
+        }
+    }
+
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->digEncAlgoId, esd->digEncAlgoIdSz);
     idx += esd->digEncAlgoIdSz;
-    XMEMCPY(output2 + idx, esd->signerDigest, esd->signerDigestSz);
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerDigest, esd->signerDigestSz);
     idx += esd->signerDigestSz;
-    XMEMCPY(output2 + idx, esd->encContentDigest, esd->encContentDigestSz);
+
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->encContentDigest, esd->encContentDigestSz);
     idx += esd->encContentDigestSz;
 
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        byte indefEnd[ASN_INDEF_END_SZ * 3];
+        word32 localIdx = 0;
+
+        /* end of signedData seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content set */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content info seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                    indefEnd, localIdx);
+        idx += localIdx;
+    }
+#endif
+
     if (output2Sz) {
         *output2Sz = idx;
         idx = 0; /* success */
@@ -2792,32 +3376,25 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
     word32* outputFootSz)
 {
     int ret;
-#ifdef WOLFSSL_SMALL_STACK
-    ESD* esd;
-#else
-    ESD  esd[1];
-#endif
 
     /* other args checked in wc_PKCS7_EncodeSigned_ex */
-    if (pkcs7 == NULL || outputFoot == NULL || outputFootSz == NULL) {
+    if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
     }
 
-#ifdef WOLFSSL_SMALL_STACK
-    esd = (ESD*)XMALLOC(sizeof(ESD), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (esd == NULL)
-        return MEMORY_E;
+#ifndef ASN_BER_TO_DER
+    if (outputFoot == NULL || outputFootSz == NULL)
+#else
+    if (pkcs7->getContentCb == NULL &&
+        (outputFoot == NULL || outputFootSz == NULL))
 #endif
+    {
+        return BAD_FUNC_ARG;
+    }
 
-    XMEMSET(esd, 0, sizeof(ESD));
-
-    ret = PKCS7_EncodeSigned(pkcs7, esd, hashBuf, hashSz,
+    ret = PKCS7_EncodeSigned(pkcs7, hashBuf, hashSz,
         outputHead, outputHeadSz, outputFoot, outputFootSz);
 
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
     return ret;
 }
 
@@ -2904,55 +3481,50 @@ int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag)
 int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret;
-    int hashSz;
-    enum wc_HashType hashType;
-    byte hashBuf[WC_MAX_DIGEST_SIZE];
-#ifdef WOLFSSL_SMALL_STACK
-    ESD* esd;
-#else
-    ESD  esd[1];
-#endif
 
     /* other args checked in wc_PKCS7_EncodeSigned_ex */
-    if (pkcs7 == NULL || (pkcs7->contentSz > 0 && pkcs7->content == NULL)) {
+    if (pkcs7 == NULL || (pkcs7->contentSz > 0 &&
+    #ifdef ASN_BER_TO_DER
+        (pkcs7->content == NULL && pkcs7->getContentCb == NULL))
+    #else
+        pkcs7->content == NULL)
+    #endif
+    ) {
         return BAD_FUNC_ARG;
     }
 
-    /* get hash type and size, validate hashOID */
-    hashType = wc_OidGetHash(pkcs7->hashOID);
-    hashSz = wc_HashGetDigestSize(hashType);
-    if (hashSz < 0)
-        return hashSz;
-
-#ifdef WOLFSSL_SMALL_STACK
-    esd = (ESD*)XMALLOC(sizeof(ESD), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (esd == NULL)
-        return MEMORY_E;
-#endif
+    /* pre-calculate hash for ECC signatures */
+    if (pkcs7->publicKeyOID == ECDSAk) {
+        int hashSz;
+        enum wc_HashType hashType;
+        byte hashBuf[WC_MAX_DIGEST_SIZE];
+        wc_HashAlg hash;
 
-    XMEMSET(esd, 0, sizeof(ESD));
-    esd->hashType = hashType;
+        /* get hash type and size, validate hashOID */
+        hashType = wc_OidGetHash(pkcs7->hashOID);
+        hashSz = wc_HashGetDigestSize(hashType);
+        if (hashSz < 0)
+            return hashSz;
 
-    /* calculate hash for content */
-    ret = wc_HashInit(&esd->hash, esd->hashType);
-    if (ret == 0) {
-        ret = wc_HashUpdate(&esd->hash, esd->hashType,
+        /* calculate hash for content */
+        ret = wc_HashInit(&hash, hashType);
+        if (ret == 0) {
+            ret = wc_HashUpdate(&hash, hashType,
                             pkcs7->content, pkcs7->contentSz);
+            if (ret == 0) {
+                ret = wc_HashFinal(&hash, hashType, hashBuf);
+            }
+            wc_HashFree(&hash, hashType);
+        }
         if (ret == 0) {
-            ret = wc_HashFinal(&esd->hash, esd->hashType, hashBuf);
+            ret = PKCS7_EncodeSigned(pkcs7, hashBuf, hashSz,
+                output, &outputSz, NULL, NULL);
         }
-        wc_HashFree(&esd->hash, esd->hashType);
     }
-
-    if (ret == 0) {
-        ret = PKCS7_EncodeSigned(pkcs7, esd, hashBuf, hashSz,
-            output, &outputSz, NULL, NULL);
+    else {
+        ret = PKCS7_EncodeSigned(pkcs7, NULL, 0, output, &outputSz,
+            NULL, NULL);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
     return ret;
 }
 
@@ -4280,8 +4852,8 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
         word32* idxIn, int degenerate, byte** signedAttrib, int* signedAttribSz)
 {
     int ret = 0;
-    int length;
-    int version;
+    int length = 0;
+    int version = 0;
     word32 sigOID = 0, hashOID = 0;
     word32 idx = *idxIn, localIdx;
     byte tag;
@@ -4439,7 +5011,245 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
     return ret;
 }
 
+/* parse input to get single/multiple octet strings.
+ * get each octet string from stream up to the size defined by
+ * MAX_PKCS7_STREAM_BUFFER then hash and store them to the content buffer.
+ * hash is stored to pkcs7->stream->hashBuf and its size in
+ * pkcs7->stream->hashBufSz if keepContent is true, accumulates content into
+ * pkcs7->stream->content and stores its size in pkcs7->stream->contentSz.
+ */
+#ifndef NO_PKCS7_STREAM
+static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
+                                word32* tmpIdx, word32* idx, int keepContent)
+{
+    int ret, length;
+    word32 msgSz, i, contBufSz;
+    byte tag;
+    byte* msg = NULL;
+    byte* tempBuf = NULL;
+
+    /* allow 0 for inSz in streaming */
+    if (inSz == 0) {
+        return WC_PKCS7_WANT_READ_E;
+    }
+
+    if (pkcs7 == NULL || in == NULL || idx == NULL)
+        return BAD_FUNC_ARG;
+
+    /* no content case, do nothing */
+    if (pkcs7->stream->noContent) {
+        if (pkcs7->content && pkcs7->contentSz > 0) {
+            if (pkcs7->stream->content != NULL) {
+                XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                pkcs7->stream->content = NULL;
+            }
+
+            pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz,
+                                            pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            if (pkcs7->stream->content == NULL) {
+                WOLFSSL_MSG("Failed to grow content buffer.");
+                return MEMORY_E;
+            }
+            XMEMCPY(pkcs7->stream->content, pkcs7->content, pkcs7->contentSz);
+            pkcs7->stream->contentSz = pkcs7->contentSz;
+        }
+        return 0;
+    }
+
+    /* free pkcs7->contentDynamic buffer */
+    if (pkcs7->contentDynamic != NULL) {
+        XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->contentDynamic = NULL;
+    }
+
+    while(1) {
+        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx)) != 0) {
+            break;
+        }
+
+        msgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:inSz;
+
+        if (pkcs7->stream->currContRmnSz == 0) {
+
+            /* processed single OCTET STRING, try to find another one. */
+            if ((ret = GetASNTag(msg, idx, &tag, msgSz)) < 0) {
+                break;
+            }
+
+            /* if another OCTET STRING is found, get its length */
+            if (ret == 0 && tag == ASN_OCTET_STRING) {
+
+                if (ret == 0 && GetLength_ex(msg, idx, &length, msgSz,
+                                                            NO_USER_CHECK) < 0){
+                    ret = ASN_PARSE_E;
+                    break;
+                }
+
+                /* set up for next octet string */
+                pkcs7->stream->currContSz    = length;
+                pkcs7->stream->currContRmnSz = length;
+                pkcs7->stream->expected      = min(pkcs7->stream->currContRmnSz,
+                                                   MAX_PKCS7_STREAM_BUFFER);
+
+                /* advance read index */
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                /* check if expected data is available in stream */
+                ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx);
+                if (ret == WC_PKCS7_WANT_READ_E) {
+                    break;  /* ask user more input */
+                }
+
+                /* data available, continue processing */
+                continue;
+            }
+            /* reached to the end of contents. trailing zeros may follow. */
+            else if (ret == 0 && tag == ASN_EOC) {
+
+                /* ASN_EOC tag and one zero follows to show the end of
+                 * in-definite length encoding.
+                 * number of indef is stored in pkcs7->stream->cntIdfCnt.
+                 */
+                pkcs7->stream->expected = (ASN_TAG_SZ + TRAILING_ZERO) *
+                                                    pkcs7->stream->cntIdfCnt;
+
+                /* dec idx by one since already consumed to get ASN_EOC */
+                (*idx)--;
 
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                /* check if expected data is available in stream */
+                ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx);
+                if (ret == WC_PKCS7_WANT_READ_E) {
+                    break;  /* ask user more input */
+                }
+
+                /* data available, continue processing trailing zeros */
+                for (i = 0; i < pkcs7->stream->expected; i++) {
+                    if (msg[*idx + i] != 0) {
+                        ret = ASN_PARSE_E;
+                        break;
+                    }
+                }
+                /* reset indef-length count */
+                pkcs7->stream->cntIdfCnt = 0;
+
+                /* advance read index */
+                *idx += pkcs7->stream->expected;
+
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                /* handled OCTET STRINGs successfully */
+                ret = 0;
+                break;
+            }
+            /* reached to the end of contents without trailing zeros */
+            else if (ret == 0) {
+
+                /* dec idx by one since already consumed to get ASN_EOC */
+                (*idx)--;
+
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx);
+                if (ret == WC_PKCS7_WANT_READ_E) {
+                    break;
+                }
+
+                /* handled OCTET STRINGs successfully */
+                ret = 0;
+                break;
+            }
+            else {
+                break;
+            }
+        }
+        else {
+            /* got partial octet string data */
+            /* accumulate partial octet string to buffer */
+            if (keepContent) {
+
+                /* store current content buffer temporarily */
+                tempBuf = pkcs7->stream->content;
+                pkcs7->stream->content = NULL;
+
+                /* grow content buffer */
+                contBufSz = pkcs7->stream->accumContSz;
+                pkcs7->stream->accumContSz += pkcs7->stream->expected;
+
+                pkcs7->stream->content =
+                                (byte*)XMALLOC(pkcs7->stream->accumContSz,
+                                            pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+
+                if (pkcs7->stream->content == NULL) {
+                    WOLFSSL_MSG("failed to grow content buffer.");
+                    if (tempBuf != NULL) {
+                        XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                        tempBuf = NULL;
+                    }
+                    ret = MEMORY_E;
+                    break;
+                }
+                else {
+                    /* accumulate content */
+                    if (tempBuf != NULL && contBufSz != 0) {
+                        XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz);
+                    }
+                    XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
+                                                    pkcs7->stream->expected);
+                    if (tempBuf != NULL) {
+                        XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                        tempBuf = NULL;
+                    }
+                }
+            }
+
+            *idx                         += pkcs7->stream->expected;
+            pkcs7->stream->currContRmnSz -= pkcs7->stream->expected;
+            pkcs7->stream->contentSz     += pkcs7->stream->expected;
+
+            if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                break;
+            }
+
+            if (pkcs7->stream->currContRmnSz > 0) {
+                pkcs7->stream->expected = min(pkcs7->stream->currContRmnSz,
+                                              MAX_PKCS7_STREAM_BUFFER);
+            }
+            else {
+                /* Processed current OCTET STRING. Proceed to the next one. */
+                pkcs7->stream->currContRmnSz = 0;
+                pkcs7->stream->currContSz    = 0;
+                pkcs7->stream->expected= ASN_TAG_SZ + MAX_LENGTH_SZ;
+
+                if (pkcs7->stream->maxLen > 0 &&
+                    (pkcs7->stream->maxLen - pkcs7->stream->totalRd)
+                                                < ASN_TAG_SZ + MAX_LENGTH_SZ) {
+                    /* seems reached to end of content */
+                    ret = 0;
+                    break;
+                }
+            }
+
+            /* data available */
+            continue;
+        }
+    }
+    return ret;
+}
+#endif /* !NO_PKCS7_STREAM */
 /* Finds the certificates in the message and saves it. By default allows
  * degenerate cases which can have no signer.
  *
@@ -4463,6 +5273,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
     int encapContentInfoLen = 0;
     int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
     word32 localIdx, start;
+    word32 certIdx, certIdx2;
     byte degenerate = 0;
     byte detached = 0;
     byte tag = 0;
@@ -4477,11 +5288,14 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
     word32 pkiMsgSz = inSz;
 #ifndef NO_PKCS7_STREAM
     word32 stateIdx = 0;
+    word32 hashOID = 0;
+    enum wc_HashType hashType = WC_HASH_TYPE_NONE;
+    byte*   src = NULL;
+    word32  srcSz;
 #endif
-
     byte* pkiMsg2 = in2;
     word32 pkiMsg2Sz = in2Sz;
-
+    (void)keepContent;
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
 
@@ -4524,11 +5338,19 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 break;
             }
 
-            if ((ret = wc_PKCS7_SetMaxStream(pkcs7, in, inSz)) != 0) {
+            pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
+
+            /* get content info size */
+            localIdx = 0;
+            if (GetSequence_ex(pkiMsg, &localIdx, &length, pkiMsgSz,
+                                        NO_USER_CHECK) < 0) {
                 break;
             }
-            pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
-                                                    inSz;
+            if (ret == 0 && length > 0)
+                pkcs7->stream->maxLen = length + localIdx;
+            else
+                pkcs7->stream->maxLen = inSz;
+
         #endif
 
             /* determine total message size */
@@ -4543,13 +5365,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 ret = ASN_PARSE_E;
 
             if (ret == 0 && length == 0 && pkiMsg[idx-1] == ASN_INDEF_LENGTH) {
+
+    #if defined(NO_PKCS7_STREAM)
         #ifdef ASN_BER_TO_DER
                 word32 len = 0;
 
                 ret = wc_BerToDer(pkiMsg, pkiMsgSz, NULL, &len);
                 if (ret != LENGTH_ONLY_E)
                     return ret;
-                pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap,
+                                                        DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->der == NULL)
                     return MEMORY_E;
                 ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len);
@@ -4588,6 +5413,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
         #else
                 ret = BER_INDEF_E;
         #endif
+    #else
+                /* the bundle has indefinite length encoding */
+                pkcs7->stream->indefLen = 1;
+
+    #endif /* NO_PKCS7_STREAM */
             }
 
             /* Get the contentInfo contentType */
@@ -4633,9 +5463,47 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             if (ret == 0 && GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
                 ret = ASN_PARSE_E;
 
+            localIdx = idx;
+
+        #ifndef NO_PKCS7_STREAM
+            /* initialize hashType*/
+            pkcs7->stream->hashType = WC_HASH_TYPE_NONE;
+
+            /* Get the first DigestAlgorithmIdentifier from the SET */
+            if (ret == 0 && length > 0) {
+                if (GetAlgoId(pkiMsg, &idx, &hashOID, oidHashType, pkiMsgSz)
+                                                                          < 0)
+                    ret = ASN_PARSE_E;
+
+                pkcs7->hashOID = hashOID;
+                /* get hash type */
+                hashType = wc_OidGetHash(pkcs7->hashOID);
+
+                if (hashType == WC_HASH_TYPE_NONE) {
+                    WOLFSSL_MSG("Error getting hash type for PKCS7 content"
+                                                            " verification");
+                    ret = ASN_PARSE_E;
+                }
+                if (wc_HashGetDigestSize(hashType) < 0) {
+                    WOLFSSL_MSG("Error getting digest size");
+                    ret = ASN_PARSE_E;
+                }
+                /* store hashType for later hashing */
+                pkcs7->stream->hashType = hashType;
+
+                /* restore idx */
+                idx = localIdx;
+
+                WOLFSSL_MSG("DigestAlgorithmIdentifier found in bundle");
+            }
+        #endif /* !NO_PKCS7_STREAM */
+
             /* Skip the set. */
             idx += length;
             degenerate = (length == 0) ? 1 : 0;
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->degenerate = degenerate;
+        #endif /* !NO_PKCS7_STREAM */
             if (pkcs7->noDegenerate == 1 && degenerate == 1) {
                 ret = PKCS7_NO_SIGNER_E;
             }
@@ -4651,18 +5519,24 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkcs7->stream->maxLen += pkiMsg2Sz + pkcs7->contentSz;
             }
             wc_PKCS7_StreamStoreVar(pkcs7, totalSz, 0, 0);
+
         #endif
 
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE2);
+
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->expected = MAX_SEQ_SZ + MAX_OID_SZ + ASN_TAG_SZ +
+                                    MAX_LENGTH_SZ + ASN_TAG_SZ + MAX_LENGTH_SZ;
+        #endif /* !NO_PKCS7_STREAM */
             FALL_THROUGH;
 
         case WC_PKCS7_VERIFY_STAGE2:
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                           MAX_SEQ_SZ + MAX_OID_SZ + ASN_TAG_SZ + MAX_LENGTH_SZ
-                           + ASN_TAG_SZ + MAX_LENGTH_SZ, &pkiMsg, &idx)) != 0) {
+                           pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 break;
             }
+            degenerate = pkcs7->stream->degenerate;
 
             wc_PKCS7_StreamGetVar(pkcs7, &totalSz, 0, 0);
             if (pkcs7->stream->length > 0)
@@ -4687,6 +5561,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 if (encapContentInfoLen == 0 &&
                     pkiMsg[idx-1] == ASN_INDEF_LENGTH) {
                     isIndef = 1;
+            #ifndef NO_PKCS7_STREAM
+                    /* count up indef-length count  */
+                    pkcs7->stream->cntIdfCnt++;
+            #endif
                 }
                 if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) == 0) {
                     contentType = pkiMsg + tmpIdx;
@@ -4703,6 +5581,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     }
                     else if (pkiMsg[idx] == ASN_EOC && pkiMsg[idx+1] == 0) {
                         idx += 2; /* skip EOF + zero byte */
+            #ifndef NO_PKCS7_STREAM
+                        pkcs7->stream->cntIdfCnt--;
+            #endif
                     }
                 }
             }
@@ -4723,6 +5604,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             if ((encapContentInfoLen != 0) &&
                 (encapContentInfoLen - contentTypeSz == 0)) {
                 ret = ASN_PARSE_E;
+            #ifndef NO_PKCS7_STREAM
+                pkcs7->stream->noContent = 1;
+            #endif
             }
 
             /* PKCS#7 spec:
@@ -4740,13 +5624,26 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
              * OCTET_STRING will be next. If so, we use the length retrieved
              * there. PKCS#7 spec defines ANY as eContent type. In this case
              * we fall back and save this content length for use later */
-            if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, &length, pkiMsgSz,
+            if (ret == 0 && pkiMsg[localIdx] != ASN_INDEF_LENGTH) {
+                if (GetLength_ex(pkiMsg, &localIdx, &length, pkiMsgSz,
                         NO_USER_CHECK) <= 0) {
-                ret = ASN_PARSE_E;
-            }
+                    ret = ASN_PARSE_E;
+                }
 
-            if (localIdx >= pkiMsgSz) {
-                ret = BUFFER_E;
+                if (localIdx >= pkiMsgSz) {
+                    ret = BUFFER_E;
+                }
+            }
+            else if (ret == 0 && pkiMsg[localIdx] == ASN_INDEF_LENGTH) {
+        #ifndef NO_PKCS7_STREAM
+                pkcs7->stream->cntIdfCnt++;    /* count up indef-length count */
+        #endif
+                length = 0;
+                localIdx++;
+            }
+            else {
+                length = 0;
+                localIdx++;
             }
 
             /* Save idx to back up in case of PKCS#7 eContent */
@@ -4781,7 +5678,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     if (GetLength_ex(pkiMsg, &localIdx, &contentLen, pkiMsgSz,
                                 NO_USER_CHECK) < 0)
                         ret = ASN_PARSE_E;
-
+                #ifndef NO_PKCS7_STREAM
+                    if (ret == 0 && pkiMsg[localIdx - 1] == ASN_INDEF_LENGTH) {
+                        pkcs7->stream->cntIdfCnt++;  /* indef-length count  */
+                    }
+                #endif
                     /* Check whether there is one OCTET_STRING inside. */
                     start = localIdx;
                     if (localIdx >= pkiMsgSz) {
@@ -4804,6 +5705,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         if (localIdx - start + length == (word32)contentLen) {
                             multiPart = 0;
                         } else {
+                        #ifndef NO_PKCS7_STREAM
+                            pkcs7->stream->multi         = multiPart;
+                            pkcs7->stream->currContIdx   = localIdx;
+                            pkcs7->stream->currContSz    = length;
+                            pkcs7->stream->currContRmnSz = length;
+                        #endif
                             /* reset length to outer OCTET_STRING for bundle
                              * size check below */
                             length = contentLen;
@@ -4825,6 +5732,14 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
                                 &length, pkiMsgSz, NO_USER_CHECK) < 0)
                         ret = ASN_PARSE_E;
+                #ifndef NO_PKCS7_STREAM
+                    if (ret == 0) {
+                        pkcs7->stream->multi         = multiPart;
+                        pkcs7->stream->currContIdx   = localIdx;
+                        pkcs7->stream->currContSz    = length;
+                        pkcs7->stream->currContRmnSz = length;
+                    }
+                #endif
                 }
             }
 
@@ -4833,16 +5748,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 /* support using header and footer without content */
                 if (pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0) {
                     localIdx = 0;
+            #ifndef NO_PKCS7_STREAM
+                    pkcs7->stream->noContent = 1;
+            #endif
 
-                } else if (pkiMsg2 == NULL && hashBuf == NULL) {
-                    /* header/footer not separate, check content length is
-                     * not larger than total bundle size */
-                    if ((localIdx + length) > pkiMsgSz) {
-                        WOLFSSL_MSG("Content length detected is larger than "
-                                    "total bundle size");
-                        ret = BUFFER_E;
-                        break;
-                    }
                 }
                 idx = localIdx;
             }
@@ -4890,18 +5799,23 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkcs7->stream->nonceSz = contentTypeSz;
                 XMEMCPY(pkcs7->stream->nonce, contentType, contentTypeSz);
             }
+            if (ret < 0)
+                break;
 
-            /* content expected? */
-            if ((ret == 0 && length > 0) &&
-                !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0)) {
-                pkcs7->stream->expected = length + ASN_TAG_SZ + MAX_LENGTH_SZ;
+            if (pkcs7->stream->noContent) {
+                pkcs7->stream->expected = 0;
             }
             else {
-                pkcs7->stream->expected = ASN_TAG_SZ + MAX_LENGTH_SZ;
-            }
-
-            if (pkcs7->stream->expected > (pkcs7->stream->maxLen - idx)) {
-                pkcs7->stream->expected = pkcs7->stream->maxLen - idx;
+                if (multiPart) {
+                    idx = pkcs7->stream->currContIdx;
+                }
+                if (in2Sz > 0 && hashSz > 0) {
+                    /* seems no content included */
+                    pkcs7->stream->expected = + ASN_TAG_SZ + MAX_LENGTH_SZ;
+                }
+                else {
+                    pkcs7->stream->expected = pkcs7->stream->currContSz;
+                }
             }
 
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &stateIdx, &idx)) != 0) {
@@ -4909,39 +5823,59 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             }
             wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, localIdx, length);
 
-            /* content length is in multiple parts */
-            if (multiPart) {
-                pkcs7->stream->expected = contentLen + ASN_TAG_SZ;
-            }
-            pkcs7->stream->multi = (byte)multiPart;
 
-        #endif
+        #endif /* !NO_PKCS7_STREAM */
+
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
+
+        #ifndef NO_PKCS7_STREAM
+        /* free pkcs7->stream->content buffer */
+        if (pkcs7->stream->content != NULL) {
+            XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            pkcs7->stream->content = NULL;
+        }
+        #endif /* !NO_PKCS7_STREAM */
+
             FALL_THROUGH;
 
         case WC_PKCS7_VERIFY_STAGE3:
+            keepContent = !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0);
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+            ret = wc_PKCS7_HandleOctetStrings(pkcs7, in, inSz,
+                                                &stateIdx, &idx, keepContent);
+            if (ret != 0)
                 break;
+
+            /* copy content to pkcs7->contentDynamic */
+            if (keepContent && pkcs7->stream->content &&
+                                            pkcs7->stream->contentSz >0) {
+                pkcs7->contentDynamic = (byte*)XMALLOC(pkcs7->stream->contentSz,
+                                              pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                if (pkcs7->contentDynamic == NULL) {
+                    ret = MEMORY_E;
+                    break;
+                }
+                XMEMCPY(pkcs7->contentDynamic, pkcs7->stream->content,
+                                               pkcs7->stream->contentSz);
+
+                pkcs7->contentSz = pkcs7->stream->contentSz;
+                pkcs7->content   = pkcs7->contentDynamic;
             }
-        #ifdef ASN_BER_TO_DER
-            if (pkcs7->derSz != 0)
-                pkiMsgSz = pkcs7->derSz;
-            else
-        #endif
-                pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
-                    inSz;
-            wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, (int*)&localIdx, &length);
 
-            if (pkcs7->stream->length > 0) {
-                localIdx = 0;
+            /* check if bundle has more elements or footer, if not, set content
+             * to pkcs7->content and hash to pkcs7->hash.
+             */
+            if (ret == 0 && pkcs7->stream->maxLen > 0 &&
+                    (pkcs7->stream->maxLen - pkcs7->stream->totalRd)
+                                                < ASN_TAG_SZ + MAX_LENGTH_SZ) {
+
+                ret = 0;
+                break;
             }
-            multiPart = pkcs7->stream->multi;
-            detached  = pkcs7->stream->detached;
-            maxIdx = idx + pkcs7->stream->expected;
-        #endif
+            /* expect data length to be enough to check set and seq of certs */
+            pkcs7->stream->expected = (ASN_TAG_SZ + MAX_LENGTH_SZ) * 2;
 
+        #else
             /* Break out before content because it can be optional in degenerate
              * cases. */
             if (ret != 0 && !degenerate)
@@ -4950,12 +5884,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* get parts of content */
             if (ret == 0 && multiPart) {
                 int i = 0;
-                keepContent = !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0);
+                keepContent = !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf &&
+                                                                hashSz > 0);
 
                 if (keepContent) {
                     /* Create a buffer to hold content of OCTET_STRINGs. */
-                    pkcs7->contentDynamic = (byte*)XMALLOC(contentLen, pkcs7->heap,
-                                                            DYNAMIC_TYPE_PKCS7);
+                    pkcs7->contentDynamic = (byte*)XMALLOC(contentLen,
+                                            pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                     if (pkcs7->contentDynamic == NULL)
                         ret = MEMORY_E;
                 }
@@ -4968,15 +5903,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     if (ret == 0 && tag != ASN_OCTET_STRING)
                         ret = ASN_PARSE_E;
 
-                    if (ret == 0 && GetLength(pkiMsg, &localIdx, &length, totalSz) < 0)
+                    if (ret == 0 && GetLength(pkiMsg, &localIdx, &length,
+                                                                totalSz) < 0)
                         ret = ASN_PARSE_E;
                     if (ret == 0 && length + localIdx > start + contentLen)
                         ret = ASN_PARSE_E;
 
                     if (ret == 0) {
                         if (keepContent) {
-                            XMEMCPY(pkcs7->contentDynamic + i, pkiMsg + localIdx,
-                                                                        length);
+                            XMEMCPY(pkcs7->contentDynamic + i,
+                                                    pkiMsg + localIdx, length);
                         }
                         i += length;
                         localIdx += length;
@@ -4996,7 +5932,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     content = NULL;
                     localIdx = 0;
                     if (contentSz != (int)pkcs7->contentSz) {
-                        WOLFSSL_MSG("Data signed does not match contentSz provided");
+                        WOLFSSL_MSG("Data signed does not match contentSz"
+                                                                " provided");
                         ret = BUFFER_E;
                     }
                 }
@@ -5019,26 +5956,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                     pkiMsg2   = pkiMsg;
                     pkiMsg2Sz = pkiMsgSz;
-                #ifndef NO_PKCS7_STREAM
-                    pkiMsg2Sz = pkcs7->stream->maxLen;
-                    pkcs7->stream->varOne = pkiMsg2Sz;
-                    pkcs7->stream->flagOne = 1;
-                #endif
                 }
             }
             else {
                 pkiMsg2 = pkiMsg;
                 pkiMsg2Sz = pkiMsgSz;
-            #ifndef NO_PKCS7_STREAM
-                pkiMsg2Sz = pkcs7->stream->maxLen;
-                pkcs7->stream->varOne = pkiMsg2Sz;
-                pkcs7->stream->flagOne = 1;
-            #endif
             }
 
-            /* If getting the content info failed with non degenerate then return the
-             * error case. Otherwise with a degenerate it is ok if the content
-             * info was omitted */
+            /* If getting the content info failed with non degenerate then
+             * return the error case. Otherwise with a degenerate it is ok
+             * if the content info was omitted */
             if (!degenerate && !detached && (ret != 0)) {
                 break;
             }
@@ -5052,23 +5979,48 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 content = pkcs7->content;
                 contentSz = pkcs7->contentSz;
             }
+        #endif /* !NO_PKCS7_STREAM */
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE4);
+
+            FALL_THROUGH;
 
+       case WC_PKCS7_VERIFY_STAGE4:
         #ifndef NO_PKCS7_STREAM
-            if (content != NULL) {
-                XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                pkcs7->stream->content = (byte*)XMALLOC(contentSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
-                if (pkcs7->stream->content == NULL) {
-                    ret = MEMORY_E;
-                    break;
-                }
-                else {
-                    XMEMCPY(pkcs7->stream->content, content, contentSz);
-                    pkcs7->stream->contentSz = contentSz;
-                }
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
+            }
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
+                break;
             }
+
+        #ifdef ASN_BER_TO_DER
+            if (pkcs7->derSz != 0)
+                pkiMsg2Sz = pkcs7->derSz;
+            else
+        #endif
+                pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                    srcSz;
+
+            if (pkcs7->stream->length > 0) {
+                localIdx = 0;
+            }
+
+            maxIdx = idx + pkcs7->stream->expected;
         #endif /* !NO_PKCS7_STREAM */
 
+            if (pkiMsg2 == NULL || pkiMsg2Sz == 0) {
+                pkiMsg2Sz = pkiMsgSz;
+                pkiMsg2   = pkiMsg;
+            }
+
             /* Certificates begin "footer" section (ie pkiMsg2) if being used */
             /* Get the implicit[0] set of certificates */
             if (ret == 0 && idx >= pkiMsg2Sz)
@@ -5076,12 +6028,44 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
             length = 0; /* set length to 0 to check if reading in any certs */
             localIdx = idx;
+
             if (ret == 0 && GetASNTag(pkiMsg2, &localIdx, &tag, pkiMsg2Sz) == 0
                     && tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
                 idx++;
-                if (GetLength_ex(pkiMsg2, &idx, &length, maxIdx, NO_USER_CHECK)
-                        < 0)
+
+                /* if certificates set has indefinite length, try to get
+                 * the first certificate length of the set.
+                 */
+                if (ret == 0 && pkiMsg2[localIdx] == ASN_INDEF_LENGTH) {
+
+                    localIdx++;
+                    certIdx = localIdx;
+                #ifndef NO_PKCS7_STREAM
+                /* set indef-length count. used for skipping trailing zeros */
+                    pkcs7->stream->cntIdfCnt = 1;
+                #endif
+                    ret = GetASNTag(pkiMsg2, &localIdx, &tag, pkiMsg2Sz);
+                    if (ret == 0 && tag == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
+                        if (GetLength_ex(pkiMsg2, &localIdx, &length, maxIdx,
+                                                NO_USER_CHECK) < 0)
                     ret = ASN_PARSE_E;
+
+                        WOLFSSL_MSG("certificate set found");
+
+                        /* adjust cert length */
+                        length += localIdx - certIdx;
+                        idx = certIdx;
+                    }
+                }
+                /* in case certificates set has definite length  */
+                else {
+
+                    if (GetLength_ex(pkiMsg2, &localIdx, &length, maxIdx,
+                                                NO_USER_CHECK) < 0)
+                        ret = ASN_PARSE_E;
+
+                    idx = localIdx;
+                }
             }
 
             if (ret != 0) {
@@ -5102,26 +6086,36 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             else {
                 pkcs7->stream->expected = MAX_SEQ_SZ;
                 if (pkcs7->stream->expected > (pkcs7->stream->maxLen -
-                                pkcs7->stream->totalRd) + pkcs7->stream->length) {
+                            pkcs7->stream->totalRd) + pkcs7->stream->length) {
                     pkcs7->stream->expected = (pkcs7->stream->maxLen -
                                 pkcs7->stream->totalRd) + pkcs7->stream->length;
                 }
             }
         #endif
-            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE4);
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE5);
             FALL_THROUGH;
 
-        case WC_PKCS7_VERIFY_STAGE4:
+        case WC_PKCS7_VERIFY_STAGE5:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
+            }
+
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
                 break;
             }
+            pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                                        srcSz;
 
             wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
-            if (pkcs7->stream->flagOne) {
-                pkiMsg2 = pkiMsg;
-            }
 
             /* restore content */
             content   = pkcs7->stream->content;
@@ -5130,6 +6124,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* restore detached flag */
             detached = pkcs7->stream->detached;
 
+            /* store current index to get the signerInfo index later  */
+            certIdx2 = idx;
+
             /* store certificate if needed */
             if (length > 0 && in2Sz == 0) {
                 /* free tmpCert if not NULL */
@@ -5145,6 +6142,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkiMsg2Sz = length;
                 idx = 0;
             }
+        #else
+            /* store current index to get the signerInfo index later  */
+            certIdx2 = idx;
         #endif
 
                 if (length > 0) {
@@ -5154,7 +6154,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                      * certificate. We want to save the first cert if it
                      * is X.509. */
 
-                    word32 certIdx = idx;
+                    certIdx = idx;
 
                     if (length < MAX_LENGTH_SZ + ASN_TAG_SZ)
                         ret = BUFFER_E;
@@ -5163,7 +6163,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         ret = GetASNTag(pkiMsg2, &certIdx, &tag, pkiMsg2Sz);
 
                     if (ret == 0 && tag == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
-                        if (GetLength(pkiMsg2, &certIdx, &certSz, pkiMsg2Sz) < 0)
+                        if (GetLength_ex(pkiMsg2, &certIdx, &certSz, pkiMsg2Sz,
+                                                        NO_USER_CHECK) < 0)
                             ret = ASN_PARSE_E;
 
                         cert = &pkiMsg2[idx];
@@ -5192,6 +6193,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                             contentDynamic = (byte*)XMALLOC(contentSz,
                                                pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                             if (contentDynamic == NULL) {
+                            #ifndef NO_PKCS7_STREAM
+                                pkcs7->stream = stream;
+                            #endif
                                 ret = MEMORY_E;
                                 break;
                             }
@@ -5270,27 +6274,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkcs7->content   = content;
                 pkcs7->contentSz = contentSz;
             }
-        #ifndef NO_PKCS7_STREAM
-            else {
-                /* save content if detached and using streaming API */
-                if (pkcs7->content != NULL) {
-                    XFREE(pkcs7->stream->content, pkcs7->heap,
-                          DYNAMIC_TYPE_PKCS7);
-                    pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz,
-                                                            pkcs7->heap,
-                                                            DYNAMIC_TYPE_PKCS7);
-                    if (pkcs7->stream->content == NULL) {
-                        ret = MEMORY_E;
-                        break;
-                    }
-                    else {
-                        XMEMCPY(pkcs7->stream->content, pkcs7->content,
-                                contentSz);
-                        pkcs7->stream->contentSz = pkcs7->contentSz;
-                    }
-                }
-            }
-        #endif
+
+            idx = certIdx2 + length;
 
             if (ret != 0) {
                 break;
@@ -5307,19 +6292,17 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     break;
                 }
             }
-            else {
-                stateIdx = idx; /* didn't read any from internal buffer */
-            }
-
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &stateIdx, &idx)) != 0) {
                 break;
             }
-            if (pkcs7->stream->flagOne && pkcs7->stream->length > 0) {
-                idx = stateIdx + idx;
-            }
 
             pkcs7->stream->expected = MAX_OID_SZ + ASN_TAG_SZ + MAX_LENGTH_SZ +
                                       MAX_SET_SZ;
+            /* if certificate set has indef-length, there maybe trailing zeros.
+             * add expected size to include size of zeros. */
+            if (pkcs7->stream->cntIdfCnt > 0) {
+                pkcs7->stream->expected += pkcs7->stream->cntIdfCnt * 2;
+            }
 
             if (pkcs7->stream->expected > (pkcs7->stream->maxLen -
                                 pkcs7->stream->totalRd) + pkcs7->stream->length)
@@ -5329,24 +6312,31 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz,  0, 0);
             wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, 0, length);
         #endif
-            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE5);
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE6);
             FALL_THROUGH;
 
-        case WC_PKCS7_VERIFY_STAGE5:
+        case WC_PKCS7_VERIFY_STAGE6:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
+            }
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
                 break;
             }
             wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
-            if (pkcs7->stream->flagOne) {
-                pkiMsg2 = pkiMsg;
 
-                /* check if using internal stream buffer and should adjust sz */
-                if (pkiMsg != in && pkcs7->stream->length > 0) {
-                    pkiMsg2Sz = pkcs7->stream->length;
-                }
-            }
+            /* check if using internal stream buffer and should adjust sz */
+            pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                                        srcSz;
 
             /* restore content type */
             contentType   = pkcs7->stream->nonce;
@@ -5367,7 +6357,27 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             if (ret == 0 && wc_PKCS7_SetContentType(pkcs7, contentType,
                         contentTypeSz) < 0)
                 ret = ASN_PARSE_E;
-
+        #ifndef NO_PKCS7_STREAM
+            /* prior to find set of crls, remove trailing zeros of
+             * set of certificates */
+            if (ret == 0 && pkcs7->stream->cntIdfCnt > 0) {
+                int i;
+                localIdx = idx;
+                for (i = 0; i < pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                                                                         i++) {
+                    if (pkiMsg2[localIdx + i] == 0)
+                        continue;
+                    else {
+                        ret = ASN_PARSE_E;
+                        break;
+                    }
+                }
+                if (ret == 0) {
+                    idx += pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                    pkcs7->stream->cntIdfCnt = 0;
+                }
+            }
+        #endif /* !NO_PKCS7_STREAM */
             /* Get the implicit[1] set of crls */
             if (ret == 0 && idx >= maxIdx)
                 ret = BUFFER_E;
@@ -5412,32 +6422,41 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkcs7->stream->expected = (pkcs7->stream->maxLen -
                     pkcs7->stream->totalRd) + pkcs7->stream->length;
             }
+            /* In case of indefinite length used in the bundle, terminating
+             * zero's should exist at the end of the bundle.
+             */
+            if (pkcs7->stream->indefLen == 1) {
+                pkcs7->stream->expected = length + 3 * ASN_INDEF_END_SZ;
+            }
+            else  {
+                pkcs7->stream->expected = length;
+            }
 
-        #endif
-            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE6);
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE7);
+        #endif /* !NO_PKCS7_STREAM */
             FALL_THROUGH;
 
-        case WC_PKCS7_VERIFY_STAGE6:
+        case WC_PKCS7_VERIFY_STAGE7:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
+            }
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
                 break;
             }
 
             wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
-            if (pkcs7->stream->flagOne) {
-                pkiMsg2 = pkiMsg;
-
-                /* check if using internal stream buffer and should adjust sz */
-                if (pkiMsg != in && pkcs7->stream->length > 0) {
-                    pkiMsg2Sz = pkcs7->stream->length;
-                }
-                else {
-                    /* if pkiMsg2 is pkiMsg and not using an internal stream
-                     * buffer then the size is limited by inSz */
-                    pkiMsg2Sz = inSz;
-                }
-            }
+            pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                                        srcSz;
+            degenerate = pkcs7->stream->degenerate;
 
             /* restore content */
             content   = pkcs7->stream->content;
@@ -5479,9 +6498,24 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 }
             }
 
+        #ifndef NO_PKCS7_STREAM
+            /* make sure that terminating zero's follow */
+            if ((ret == PKCS7_SIGNEEDS_CHECK || ret >= 0) &&
+                    pkcs7->stream->indefLen == 1) {
+                int i;
+                for (i = 0; i < 3 * ASN_INDEF_END_SZ; i++) {
+                    if (pkiMsg2[idx + i] != 0) {
+                        ret = ASN_PARSE_E;
+                        break;
+                    }
+                }
+            }
+        #endif /* NO_PKCS7_STREAM */
+
             if (ret < 0)
                 break;
 
+
             ret = 0; /* success */
         #ifndef NO_PKCS7_STREAM
             wc_PKCS7_ResetStream(pkcs7);
@@ -6009,7 +7043,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
     /* suppPubInfo */
     suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2,
                                    kekOctetSz + sizeof(word32),
-                                   suppPubInfoSeq);
+                                   suppPubInfoSeq, 0);
     sharedInfoSz += suppPubInfoSeqSz;
 
     /* optional ukm/entityInfo */
@@ -6019,7 +7053,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
 
         entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz +
                                             kari->ukmSz,
-                                            entityUInfoExplicitSeq);
+                                            entityUInfoExplicitSeq, 0);
         sharedInfoSz += entityUInfoExplicitSz;
     }
 
@@ -6395,7 +7429,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     /* RecipientKeyIdentifier IMPLICIT [0] */
     recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz +
-                                  keyIdSize, recipKeyIdSeq);
+                                  keyIdSize, recipKeyIdSeq, 0);
     totalSz += recipKeyIdSeqSz;
 
     /* RecipientEncryptedKey */
@@ -6413,7 +7447,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         totalSz += (ukmOctetSz + kari->ukmSz);
 
         ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz,
-                                    ukmExplicitSeq);
+                                    ukmExplicitSeq, 0);
         totalSz += ukmExplicitSz;
     }
 
@@ -6447,14 +7481,14 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     /* outer OriginatorPublicKey IMPLICIT [1] */
     origPubKeySeqSz = SetImplicit(ASN_SEQUENCE, 1,
                                   origAlgIdSz + origPubKeyStrSz +
-                                  kari->senderKeyExportSz, origPubKeySeq);
+                                  kari->senderKeyExportSz, origPubKeySeq, 0);
     totalSz += origPubKeySeqSz;
 
     /* outer OriginatorIdentifierOrKey IMPLICIT [0] */
     origIdOrKeySeqSz = SetImplicit(ASN_SEQUENCE, 0,
                                    origPubKeySeqSz + origAlgIdSz +
                                    origPubKeyStrSz + kari->senderKeyExportSz,
-                                   origIdOrKeySeq);
+                                   origIdOrKeySeq, 0);
     totalSz += origIdOrKeySeqSz;
 
     /* version, always 3 */
@@ -6463,7 +7497,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     recip->recipVersion = 3;
 
     /* outer IMPLICIT [1] kari */
-    kariSeqSz = SetImplicit(ASN_SEQUENCE, 1, totalSz, kariSeq);
+    kariSeqSz = SetImplicit(ASN_SEQUENCE, 1, totalSz, kariSeq, 0);
     totalSz += kariSeqSz;
 
     if (totalSz > MAX_RECIP_SZ) {
@@ -6995,12 +8029,52 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
 #endif /* !NO_RSA */
 
+/* abstraction for writing out PKCS7 bundle during creation
+   returns 0 on success
+ */
+int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, const byte* input,
+    word32 inputSz)
+{
+    int ret = 0;
+
+    if (inputSz == 0)
+        return 0;
+
+    if (input == NULL) {
+        WOLFSSL_MSG("Internal error, trying to write out NULL buffer");
+        return -1;
+    }
+
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->streamOutCb) {
+        ret = pkcs7->streamOutCb(pkcs7, input, inputSz, pkcs7->streamCtx);
+        /* sanity check on user provided ret value */
+        if (ret < 0) {
+            WOLFSSL_MSG("Return value error from stream out callback");
+            ret = BUFFER_E;
+        }
+    }
+    else
+#endif
+    if (output) {
+        XMEMCPY(output, input, inputSz);
+    }
+    else {
+        WOLFSSL_MSG("No way provided to output bundle");
+        ret = BUFFER_E;
+    }
+
+    (void)pkcs7;
+    return ret;
+}
+
 
 /* encrypt content using encryptOID algo */
-static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
+static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
+                                   int keySz,
                                    byte* iv, int ivSz, byte* aad, word32 aadSz,
                                    byte* authTag, word32 authTagSz, byte* in,
-                                   int inSz, byte* out, int devId, void* heap)
+                                   int inSz, byte* out)
 {
     int ret;
 #ifndef NO_AES
@@ -7014,10 +8088,23 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
     Des  des;
     Des3 des3;
 #endif
+    int devId  = pkcs7->devId;
+    void* heap = pkcs7->heap;
 
-    if (key == NULL || iv == NULL || in == NULL || out == NULL)
+    if (key == NULL || iv == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef ASN_BER_TO_DER
+    if ((in == NULL && pkcs7->getContentCb == NULL) ||
+        (out == NULL && pkcs7->streamOutCb == NULL)) {
+        WOLFSSL_MSG("No input or output set for encrypt");
+        return BAD_FUNC_ARG;
+    }
+#else
+    if (in == NULL || out == NULL)
+        return BAD_FUNC_ARG;
+#endif
+
     switch (encryptOID) {
 #ifndef NO_AES
     #ifdef HAVE_AES_CBC
@@ -7052,11 +8139,8 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (ret == 0) {
                 ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
                 if (ret == 0) {
-                    ret = wc_AesCbcEncrypt(aes, out, in, inSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async encrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
+                    ret = wc_PKCS7_EncodeContentStream(pkcs7, NULL, aes, in,
+                        inSz, out, WC_CIPHER_AES_CBC);
                 }
                 wc_AesFree(aes);
             }
@@ -7089,11 +8173,34 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (ret == 0) {
                 ret = wc_AesGcmSetKey(aes, key, keySz);
                 if (ret == 0) {
-                    ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
+                #ifndef WOLFSSL_AESGCM_STREAM
+                    if (pkcs7->encodeStream) {
+                        WOLFSSL_MSG("Not AES-GCM stream support compiled in");
+                        ret = NOT_COMPILED_IN;
+                    }
+                    else {
+                        ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
                                            authTag, authTagSz, aad, aadSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async encrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
+                    #ifdef WOLFSSL_ASYNC_CRYPT
+                        /* async encrypt not available here, so block till done */
+                        ret = wc_AsyncWait(ret, &aes->asyncDev,
+                            WC_ASYNC_FLAG_NONE);
+                    #endif
+                    }
+                #else
+                    ret = wc_AesGcmEncryptInit(aes, key, keySz, iv, ivSz);
+                    if (ret == 0) {
+                        ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, aad,
+                            aadSz);
+                    }
+                    if (ret == 0) {
+                        ret = wc_PKCS7_EncodeContentStream(pkcs7, NULL, aes, in,
+                            inSz, out, WC_CIPHER_AES_GCM);
+                    }
+
+                    if (ret == 0) {
+                        ret = wc_AesGcmEncryptFinal(aes, authTag, authTagSz);
+                    }
                 #endif
                 }
                 wc_AesFree(aes);
@@ -7119,6 +8226,11 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (authTag == NULL)
                 return BAD_FUNC_ARG;
 
+            if (pkcs7->encodeStream) {
+                WOLFSSL_MSG("Streaming encoding not supported with AES-CCM");
+                return BAD_FUNC_ARG;
+            }
+
 #ifdef WOLFSSL_SMALL_STACK
             if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
                                       DYNAMIC_TYPE_AES)) == NULL)
@@ -7149,6 +8261,11 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
                 return BAD_FUNC_ARG;
 
+            if (pkcs7->encodeStream) {
+                WOLFSSL_MSG("Streaming encoding not supported with DES3");
+                return BAD_FUNC_ARG;
+            }
+
             ret = wc_Des_SetKey(&des, key, iv, DES_ENCRYPTION);
             if (ret == 0)
                 ret = wc_Des_CbcEncrypt(&des, out, in, inSz);
@@ -7159,6 +8276,11 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
                 return BAD_FUNC_ARG;
 
+            if (pkcs7->encodeStream) {
+                WOLFSSL_MSG("Streaming encoding not supported with DES3");
+                return BAD_FUNC_ARG;
+            }
+
             ret = wc_Des3Init(&des3, heap, devId);
             if (ret == 0) {
                 ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
@@ -7578,7 +8700,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
     oriTypeLenSz = SetLength(oriTypeSz, oriTypeLen);
 
     recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz +
-                             oriValueSz, recipSeq);
+                             oriValueSz, recipSeq, 0);
 
     idx = 0;
     XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
@@ -7707,17 +8829,17 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
 
     if (ret == 0) {
         /* encrypt, normal */
-        ret = wc_PKCS7_EncryptContent(algID, (byte*)kek, kekSz, (byte*)iv,
-                                      ivSz, NULL, 0, NULL, 0, out, outLen, out,
-                                      pkcs7->devId, pkcs7->heap);
+        ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, kekSz,
+                                      (byte*)iv, ivSz, NULL, 0, NULL, 0, out,
+                                      outLen, out);
     }
 
     if (ret == 0) {
         /* encrypt again, using last ciphertext block as IV */
         lastBlock = out + (((outLen / blockSz) - 1) * blockSz);
-        ret = wc_PKCS7_EncryptContent(algID, (byte*)kek, kekSz, lastBlock,
-                                      blockSz, NULL, 0, NULL, 0, out,
-                                      outLen, out, pkcs7->devId, pkcs7->heap);
+        ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, kekSz,
+                                      lastBlock, blockSz, NULL, 0, NULL, 0, out,
+                                      outLen, out);
     }
 
     if (ret == 0) {
@@ -8028,7 +9150,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     /* set KeyDerivationAlgorithmIdentifier EXPLICIT [0] SEQ */
     kdfAlgoIdSeqSz = SetExplicit(0, kdfAlgoIdSz + kdfParamsSeqSz +
                                  kdfSaltOctetStrSz + saltSz + kdfIterationsSz,
-                                 kdfAlgoIdSeq);
+                                 kdfAlgoIdSeq, 0);
     totalSz += kdfAlgoIdSeqSz;
 
     /* set PasswordRecipientInfo CMSVersion, MUST be 0 */
@@ -8037,7 +9159,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     recip->recipVersion = 0;
 
     /* set PasswordRecipientInfo SEQ */
-    recipSeqSz = SetImplicit(ASN_SEQUENCE, 3, totalSz, recipSeq);
+    recipSeqSz = SetImplicit(ASN_SEQUENCE, 3, totalSz, recipSeq, 0);
     totalSz += recipSeqSz;
 
     if (totalSz > MAX_RECIP_SZ) {
@@ -8280,7 +9402,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     recip->recipVersion = 4;
 
     /* KEKRecipientInfo SEQ */
-    recipSeqSz = SetImplicit(ASN_SEQUENCE, 2, totalSz, recipSeq);
+    recipSeqSz = SetImplicit(ASN_SEQUENCE, 2, totalSz, recipSeq, 0);
     totalSz += recipSeqSz;
 
     if (totalSz > MAX_RECIP_SZ) {
@@ -8405,8 +9527,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     WC_RNG rng;
     int blockSz, blockKeySz;
-    byte* plain;
-    byte* encryptedContent;
+    byte* plain            = NULL;
+    byte* encryptedContent = NULL;
 
     Pkcs7EncodedRecip* tmpRecip = NULL;
     int recipSz, recipSetSz;
@@ -8420,12 +9542,27 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     byte tmpIv[MAX_CONTENT_IV_SIZE];
     byte ivOctetString[MAX_OCTET_STR_SZ];
     byte encContentOctet[MAX_OCTET_STR_SZ];
+#ifdef ASN_BER_TO_DER
+    word32 streamSz = 0;
+#endif
 
-    if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0)
+    if (pkcs7 == NULL
+        #ifndef ASN_BER_TO_DER
+            || pkcs7->content == NULL
+        #endif
+            || pkcs7->contentSz == 0) {
         return BAD_FUNC_ARG;
+    }
 
+#ifndef ASN_BER_TO_DER
     if (output == NULL || outputSz == 0)
         return BAD_FUNC_ARG;
+#else
+    /* if both output and callback are not set then error out */
+    if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+#endif
 
     blockKeySz = wc_PKCS7_GetOIDKeySize(pkcs7->encryptOID);
     if (blockKeySz < 0)
@@ -8534,26 +9671,37 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     encryptedOutSz = pkcs7->contentSz + padSz;
 
-    plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    if (plain == NULL) {
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return MEMORY_E;
-    }
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->getContentCb == NULL)
+#endif
+    {
+        plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        if (plain == NULL) {
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            return MEMORY_E;
+        }
+
+        ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
+                               encryptedOutSz, blockSz);
+        if (ret < 0) {
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            return ret;
+        }
 
-    ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
-                           encryptedOutSz, blockSz);
-    if (ret < 0) {
-        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return ret;
     }
 
-    encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
-                                      DYNAMIC_TYPE_PKCS7);
-    if (encryptedContent == NULL) {
-        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return MEMORY_E;
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->streamOutCb == NULL)
+#endif
+    {
+        encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+                                          DYNAMIC_TYPE_PKCS7);
+        if (encryptedContent == NULL) {
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            return MEMORY_E;
+        }
     }
 
     /* put together IV OCTET STRING */
@@ -8571,26 +9719,12 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return BAD_FUNC_ARG;
     }
 
-    /* encrypt content */
-    ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->cek,
-            pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
-            encryptedOutSz, encryptedContent,
-            pkcs7->devId, pkcs7->heap);
-
-    if (ret != 0) {
-        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return ret;
-    }
-
     encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz,
-                                    encContentOctet);
-
-    encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  ivOctetStringSz + blockSz +
-                                  encContentOctetSz + encryptedOutSz,
-                                  encContentSeq);
+                                encContentOctet, pkcs7->encodeStream);
+    encContentSeqSz = SetSequenceEx(contentTypeSz + contentEncAlgoSz +
+                              ivOctetStringSz + blockSz +
+                              encContentOctetSz + encryptedOutSz,
+                              encContentSeq, pkcs7->encodeStream);
 
     /* keep track of sizes for outer wrapper layering */
     totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
@@ -8598,21 +9732,68 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
               encContentOctetSz + encryptedOutSz;
 
     /* EnvelopedData */
-    envDataSeqSz = SetSequence(totalSz, envDataSeq);
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        word32 tmpIdx = 0;
+
+        /* account for ending of encContentOctet */
+        totalSz += ASN_INDEF_END_SZ;
+
+        /* account for ending of encContentSeq */
+        totalSz += ASN_INDEF_END_SZ;
+
+        /* account for asn1 syntax around octet strings */
+        StreamOctetString(NULL, encryptedOutSz, NULL, &streamSz, &tmpIdx);
+        totalSz += (streamSz - encryptedOutSz);
+
+        /* resize encrytped content buffer */
+        if (encryptedContent != NULL) {
+        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        encryptedContent = (byte*)XMALLOC(streamSz, pkcs7->heap,
+                                          DYNAMIC_TYPE_PKCS7);
+        if (encryptedContent == NULL) {
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            return MEMORY_E;
+        }
+        }
+    }
+#endif
+    envDataSeqSz = SetSequenceEx(totalSz, envDataSeq, pkcs7->encodeStream);
     totalSz += envDataSeqSz;
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+#endif
 
     /* outer content */
-    outerContentSz = SetExplicit(0, totalSz, outerContent);
+    outerContentSz = SetExplicit(0, totalSz, outerContent, pkcs7->encodeStream);
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+#endif
     totalSz += outerContentTypeSz;
     totalSz += outerContentSz;
 
     if (pkcs7->contentOID != FIRMWARE_PKG_DATA) {
         /* ContentInfo */
-        contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
+        contentInfoSeqSz = SetSequenceEx(totalSz, contentInfoSeq,
+            pkcs7->encodeStream);
         totalSz += contentInfoSeqSz;
+    #ifdef ASN_BER_TO_DER
+        if (pkcs7->encodeStream) {
+            totalSz += ASN_INDEF_END_SZ;
+        }
+    #endif
     }
 
-    if (totalSz > (int)outputSz) {
+    if ((totalSz > (int)outputSz)
+    #ifdef ASN_BER_TO_DER
+         && (pkcs7->streamOutCb == NULL)
+    #endif
+    ) {
         WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -8620,45 +9801,121 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return BUFFER_E;
     }
 
+    /* begin writing out PKCS7 bundle */
     if (pkcs7->contentOID != FIRMWARE_PKG_DATA) {
-        XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            contentInfoSeq, contentInfoSeqSz);
         idx += contentInfoSeqSz;
-        XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            outerContentType, outerContentTypeSz);
         idx += outerContentTypeSz;
-        XMEMCPY(output + idx, outerContent, outerContentSz);
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            outerContent, outerContentSz);
         idx += outerContentSz;
     }
-    XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
+
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            envDataSeq, envDataSeqSz);
     idx += envDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            ver, verSz);
     idx += verSz;
-    XMEMCPY(output + idx, recipSet, recipSetSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            recipSet, recipSetSz);
     idx += recipSetSz;
     /* copy in recipients from list */
     tmpRecip = pkcs7->recipList;
     while (tmpRecip != NULL) {
-        XMEMCPY(output + idx, tmpRecip->recip, tmpRecip->recipSz);
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            tmpRecip->recip, tmpRecip->recipSz);
         idx += tmpRecip->recipSz;
         tmpRecip = tmpRecip->next;
     }
     wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            encContentSeq, encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            contentType, contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            contentEncAlgo, contentEncAlgoSz);
     idx += contentEncAlgoSz;
-    XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            ivOctetString, ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(output + idx, tmpIv, blockSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            tmpIv, blockSz);
     idx += blockSz;
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            encContentOctet, encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
-    idx += encryptedOutSz;
 
-    XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    /* encrypt content */
+    ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
+            pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
+            encryptedOutSz, encryptedContent);
+    if (ret != 0) {
+        if (encryptedContent != NULL) {
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        }
+
+        if (plain != NULL) {
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        }
+
+        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+        return ret;
+    }
+
+#ifdef ASN_BER_TO_DER
+    /* stream the content (octet string with multiple octet elements) */
+    if (pkcs7->encodeStream) {
+        byte indefEnd[ASN_INDEF_END_SZ * 5];
+        word32 localIdx = 0;
+
+        /* advance index past encrypted content */
+        if (!pkcs7->streamOutCb) {
+            wc_PKCS7_WriteOut(pkcs7, (output)? output + idx : NULL,
+                encryptedContent, streamSz);
+        }
+        idx += streamSz;
+
+        /* end of encrypted content */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of encrypted content info */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of Enveloped Data seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content set */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content info seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            indefEnd, localIdx);
+        idx += localIdx;
+    }
+    else
+#endif
+    {
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            encryptedContent, encryptedOutSz);
+        idx += encryptedOutSz;
+    }
+
+    if (plain != NULL) {
+        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    }
+
+    if (encryptedContent != NULL) {
+        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    }
 
     return idx;
 }
@@ -11489,11 +12746,16 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
             return MEMORY_E;
         }
 
-        FlattenAttributes(pkcs7, flatAuthAttribs, authAttribs,
+        ret = FlattenAttributes(pkcs7, flatAuthAttribs, authAttribs,
                           authAttribsCount);
+        if (ret != 0) {
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            return ret;
+        }
 
         authAttribsSetSz = SetImplicit(ASN_SET, 1, authAttribsSz,
-                                       authAttribSet);
+                                       authAttribSet, 0);
 
         /* From RFC5083, "For the purpose of constructing the AAD, the
          * IMPLICIT [1] tag in the authAttrs field is not used for the
@@ -11539,7 +12801,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
         FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs,
                           unauthAttribsCount);
         unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz,
-                                         unauthAttribSet);
+                                         unauthAttribSet, 0);
     }
 
     /* AES-GCM/CCM does NOT require padding for plaintext content or
@@ -11585,10 +12847,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     }
 
     /* encrypt content */
-    ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->cek,
+    ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
             pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag,
-            sizeof(authTag), plain, encryptedOutSz, encryptedContent,
-            pkcs7->devId, pkcs7->heap);
+            sizeof(authTag), plain, encryptedOutSz, encryptedContent);
 
     XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     plain = NULL;
@@ -11651,8 +12912,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     }
 
     encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz,
-                                    encContentOctet);
-
+                                    encContentOctet, 0);
     encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
                                   nonceOctetStringSz + nonceSz + macIntSz +
                                   algoParamSeqSz + encContentOctetSz +
@@ -11672,7 +12932,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     totalSz += envDataSeqSz;
 
     /* outer content */
-    outerContentSz = SetExplicit(0, totalSz, outerContent);
+    outerContentSz = SetExplicit(0, totalSz, outerContent, 0);
     totalSz += outerContentTypeSz;
     totalSz += outerContentSz;
 
@@ -11725,6 +12985,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     idx += nonceSz;
     XMEMCPY(output + idx, macInt, macIntSz);
     idx += macIntSz;
+
+
     XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
     idx += encContentOctetSz;
     XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
@@ -11825,10 +13087,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
     }
 #endif
 
-#ifndef WOLFSSL_SMALL_STACK
-    XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
-#endif
-
     switch (pkcs7->state) {
         case WC_PKCS7_START:
         case WC_PKCS7_INFOSET_START:
@@ -11867,6 +13125,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             pkcs7->stream->key = decryptedKey;
         #endif
         #endif
+            XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
             FALL_THROUGH;
 
         case WC_PKCS7_DECRYPT_KTRI:
@@ -12527,10 +13786,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return ret;
     }
 
-    ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->encryptionKey,
-            pkcs7->encryptionKeySz, tmpIv, blockSz, NULL, 0, NULL, 0,
-            plain, encryptedOutSz, encryptedContent,
-            pkcs7->devId, pkcs7->heap);
+    ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID,
+            pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, blockSz, NULL,
+            0, NULL, 0, plain, encryptedOutSz, encryptedContent);
     if (ret != 0) {
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -12538,7 +13796,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
     encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
-                                    encryptedOutSz, encContentOctet);
+                                    encryptedOutSz, encContentOctet, 0);
 
     encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
                                   ivOctetStringSz + blockSz +
@@ -12576,8 +13834,15 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
             return MEMORY_E;
         }
 
-        FlattenAttributes(pkcs7, flatAttribs, attribs, attribsCount);
-        attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet);
+        ret = FlattenAttributes(pkcs7, flatAttribs, attribs, attribsCount);
+        if (ret != 0) {
+            XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            return ret;
+        }
+        attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet, 0);
 
     } else {
         attribsSz = 0;
@@ -12595,7 +13860,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     if (pkcs7->version != 3) {
         /* outer content */
-        outerContentSz = SetExplicit(0, totalSz, outerContent);
+        outerContentSz = SetExplicit(0, totalSz, outerContent, 0);
         totalSz += outerContentTypeSz;
         totalSz += outerContentSz;
         /* ContentInfo */
@@ -13086,6 +14351,68 @@ int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx)
 }
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 
+
+/* set stream mode for encoding and signing
+ * returns 0 on success */
+int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
+    CallbackGetContent getContentCb,
+    CallbackStreamOut streamOutCb, void* ctx)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+#ifdef ASN_BER_TO_DER
+    pkcs7->encodeStream = flag;
+    pkcs7->getContentCb = getContentCb;
+    pkcs7->streamOutCb  = streamOutCb;
+    pkcs7->streamCtx    = ctx;
+    return 0;
+#else
+    (void)flag;
+    (void)getContentCb;
+    (void)streamOutCb;
+    (void)ctx;
+    return NOT_COMPILED_IN;
+#endif
+}
+
+
+/* returns to current stream mode flag on success, negative values on fail */
+int wc_PKCS7_GetStreamMode(PKCS7* pkcs7)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+#ifdef ASN_BER_TO_DER
+    return pkcs7->encodeStream;
+#else
+    return 0;
+#endif
+}
+
+
+/* set option to not include certificates when creating a bundle
+ * returns 0 on success */
+int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    pkcs7->noCerts = flag;
+    return 0;
+}
+
+
+/* returns the current noCerts flag value on success, negative values on fail */
+int wc_PKCS7_GetNoCerts(PKCS7* pkcs7)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return pkcs7->noCerts;
+}
+
+
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 
 /* build PKCS#7 compressedData content type, return encrypted size */
@@ -13140,7 +14467,7 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     totalSz = contentOctetStrSz + compressedSz;
 
     /* EXPLICIT [0] eContentType */
-    contentSeqSz = SetExplicit(0, totalSz, contentSeq);
+    contentSeqSz = SetExplicit(0, totalSz, contentSeq, 0);
     totalSz += contentSeqSz;
 
     /* eContentType OBJECT IDENTIFIER */
@@ -13200,7 +14527,7 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
          */
 
         /* ContentInfo content EXPLICIT SEQUENCE */
-        contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq);
+        contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq, 0);
         totalSz += contentInfoContentSeqSz;
 
         ret = wc_SetContentType(COMPRESSED_DATA, contentInfoTypeOid,
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c
index 20fb4ee9..1afda2b8 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c
@@ -2441,14 +2441,14 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
                            esp_mp_mulmod_usage_ct);
             ESP_LOGI(TAG, "esp_mp_mulmod_error_ct = %lu failures",
                            esp_mp_mulmod_error_ct);
-            ESP_LOGI(TAG, "");
+            ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
             esp_show_mp("HW Z", Z); /* this is the HW result */
             esp_show_mp("SW Z2", Z2); /* this is the SW result */
             ESP_LOGI(TAG, "esp_mp_mulmod_usage_ct = %lu tries",
                            esp_mp_mulmod_usage_ct);
             ESP_LOGI(TAG, "esp_mp_mulmod_error_ct = %lu failures",
                            esp_mp_mulmod_error_ct);
-            ESP_LOGI(TAG, "");
+            ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
 
             #ifndef NO_RECOVER_SOFTWARE_CALC
@@ -2991,7 +2991,7 @@ int esp_hw_show_mp_metrics(void)
                   "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL");
 #else
     /* Metrics: esp_mp_mul() */
-    ESP_LOGI(TAG, ""); /* mul follows */
+    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mul follows */
     ESP_LOGI(TAG, "esp_mp_mul HW acceleration enabled.");
     ESP_LOGI(TAG, "Number of calls to esp_mp_mul: %lu",
                    esp_mp_mul_usage_ct);
@@ -3010,7 +3010,7 @@ int esp_hw_show_mp_metrics(void)
                   "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD");
 #else
     /* Metrics: esp_mp_mulmod() */
-    ESP_LOGI(TAG, ""); /* mulmod follows */
+    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mulmod follows */
 
     ESP_LOGI(TAG, "esp_mp_mulmod HW acceleration enabled.");
     /* Metrics: esp_mp_mulmod() */
@@ -3052,7 +3052,7 @@ int esp_hw_show_mp_metrics(void)
                   "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD");
 #else
     /* Metrics: sp_mp_exptmod() */
-    ESP_LOGI(TAG, ""); /* exptmod follows */
+    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* exptmod follows */
 
     ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod: %lu",
                    esp_mp_exptmod_usage_ct);
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c
index 30ba0e7b..332c532a 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c
@@ -227,10 +227,13 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type)
 #if defined(CONFIG_IDF_TARGET_ESP32) || \
     defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
     switch (hash_type) { /* check each wolfSSL hash type WC_[n] */
+
+        #ifndef NO_SHA
         case WC_HASH_TYPE_SHA:
             ctx->sha_type = SHA1; /* assign Espressif SHA HW type */
             ret = esp_sha_init_ctx(ctx);
             break;
+        #endif
 
         case WC_HASH_TYPE_SHA224:
         #if defined(CONFIG_IDF_TARGET_ESP32S2) || \
@@ -333,7 +336,6 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type)
     return ret;
 }
 
-#ifndef NO_SHAx /* TODO cannot currently turn off SHA */
 /* we'll call a separate init as there's only 1 HW acceleration */
 int esp_sha_init_ctx(WC_ESP32SHA* ctx)
 {
@@ -522,6 +524,7 @@ int esp_sha_init_ctx(WC_ESP32SHA* ctx)
                     * We assume all issues handled, above. */
 } /* esp_sha_init_ctx */
 
+#ifndef NO_SHA
 /*
 ** internal SHA ctx copy for ESP HW
 */
@@ -679,7 +682,10 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
 } /* esp_sha256_ctx_copy */
 #endif
 
-#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
+#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
+     ) && \
+    (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
 /*
 ** internal sha384 ctx copy for ESP HW
 */
@@ -744,7 +750,10 @@ int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
 } /* esp_sha384_ctx_copy */
 #endif
 
-#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
+#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
+     ) && \
+    (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
 /*
 ** Internal sha512 ctx copy for ESP HW.
 ** If HW already active, fall back to SW for this ctx.
@@ -1190,7 +1199,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
         ESP_LOGE(TAG, "unexpected error in esp_sha_try_hw_lock.");
         return ESP_FAIL;
     }
-#else /* not ESP_FAILfined(SINGLE_THREADED) */
+#else /* not SINGLE_THREADED */
     /*
     ** there's only one SHA engine for all the hash types
     ** so when any hash is in use, no others can use it.
@@ -2013,7 +2022,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
             pwrd1[i]     ^= pwrd1[i + 1];
         }
     }
-#endif
+#endif /* SHA512 or SHA384*/
 #endif /* not CONFIG_IDF_TARGET_ESP32S3, C3, else... */
 
     ESP_LOGV(TAG, "leave esp_digest_state");
@@ -2122,6 +2131,9 @@ int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess)
     }
 
     wc_esp_digest_state(&sha->ctx, (byte*)sha->digest);
+#else
+    ESP_LOGE(TAG, "Call esp_sha256_digest_process with "
+                  "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 ");
 #endif
     ESP_LOGV(TAG, "leave esp_sha256_digest_process");
     return ret;
@@ -2130,7 +2142,10 @@ int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess)
 
 #endif /* NO_SHA256 */
 
-#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
+     ) && \
+    (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384))
 /*
 ** sha512 process. this is used for sha384 too.
 */
@@ -2232,14 +2247,18 @@ int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc)
 
 #if defined(WOLFSSL_ESP32_CRYPT) && defined(WOLFSSL_HW_METRICS)
 int esp_sw_sha256_count_add(void) {
+    int ret = 0;
+#if !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
     esp_sha256_sw_fallback_usage_ct++;
-    return esp_sha256_sw_fallback_usage_ct;
+    ret = esp_sha256_sw_fallback_usage_ct;
+#endif
+    return ret;
 }
 
 int esp_hw_show_sha_metrics(void)
 {
     int ret = 0;
-#ifdef WOLFSSL_ESP32_CRYPT
+#if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics----------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -2268,7 +2287,6 @@ int esp_hw_show_sha_metrics(void)
     ret = 0;
 #endif /* HW_MATH_ENABLED */
 
-
     return ret;
 }
 #endif /* WOLFSSL_ESP32_CRYPT and WOLFSSL_HW_METRICS */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c
index 162b38fd..829afa4a 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c
@@ -482,7 +482,7 @@ int ShowExtendedSystemInfo_config(void)
     show_macro("WOLFSSL_NO_CURRDIR",        STR_IFNDEF(WOLFSSL_NO_CURRDIR));
     show_macro("WOLFSSL_LWIP",              STR_IFNDEF(WOLFSSL_LWIP));
 
-    ESP_LOGI(TAG, "");
+    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT)
     ESP_LOGI(TAG, "Compiler Optimization: Default");
 #elif defined(CONFIG_COMPILER_OPTIMIZATION_SIZE)
@@ -494,7 +494,7 @@ int ShowExtendedSystemInfo_config(void)
 #else
     ESP_LOGI(TAG, "Compiler Optimization: Unknown");
 #endif
-    ESP_LOGI(TAG, "");
+    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
     return ESP_OK;
 }
@@ -592,9 +592,10 @@ int ShowExtendedSystemInfo(void)
     ESP_LOGI(TAG, "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = %u MHz",
                    CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
             );
-#elif defined(CONFIG_IDF_TARGET_ESP32C3)
-    ESP_LOGI(TAG, "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+#elif defined(CONFIG_IDF_TARGET_ESP32C3) && \
+      defined(CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ)
+    ESP_LOGI(TAG, "CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
+                   CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ
             );
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
@@ -628,7 +629,7 @@ int ShowExtendedSystemInfo(void)
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
     ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 #endif
-    ESP_LOGI(TAG, "");
+    ESP_LOGI(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
     ShowExtendedSystemInfo_config();
     ShowExtendedSystemInfo_git();
@@ -664,7 +665,7 @@ int esp_show_mp_attributes(char* c, MATH_INT_T* X)
         ESP_LOGV(MP_TAG, "esp_show_mp_attributes called with X == NULL");
     }
     else {
-        ESP_LOGI(MP_TAG, "");
+        ESP_LOGI(MP_TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
         ESP_LOGI(MP_TAG, "%s.used = %d;", c, X->used);
 #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH)
         ESP_LOGI(MP_TAG, "%s.sign = %d;", c, X->sign);
@@ -716,7 +717,7 @@ int esp_show_mp(char* c, MATH_INT_T* X)
                                    i  /* the index, again, for comment   */
                      );
         }
-        ESP_LOGI(MP_TAG, "");
+        ESP_LOGI(MP_TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
     }
     return ret;
 }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c
index 202ae8b3..d310c6eb 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c
@@ -114,6 +114,11 @@ int wc_AriaSetKey(wc_Aria* aria, byte* key)
 {
     MC_RV rv = MC_OK;
     MC_UINT keylen;
+
+    if (aria == NULL || key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
     if (aria->algo == MC_ALGID_ARIA_128BITKEY) {
         keylen = ARIA_128_KEY_SIZE;
     } else if (aria->algo == MC_ALGID_ARIA_192BITKEY) {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c
index e52509a5..e52c8338 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -185,8 +185,8 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
 
     MC_APIMODE gApimode = MC_MODE_KCMV;
     MC_ALGORITHM mcAlg = {MC_ALGID_NONE, NULL, 0};
-    byte keyAsn1[ARIA_KEYASN1_MAXSZ];
-    word32 keyAsn1Sz=(word32)sizeof(keyAsn1);
+    byte keyarr[ARIA_KEYASN1_MAXSZ];
+    word32 keySz=(word32)sizeof(keyarr);
 
     WOLFSSL_ENTER("AriaSign");
 
@@ -204,13 +204,13 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
         rv = MC_SetApiMode(hSession, gApimode);
 
     if (rv == MC_OK) {
-        int ret = wc_BuildEccKeyDer(key,keyAsn1,&keyAsn1Sz,0,0);
+        int ret = wc_EccPrivateKeyToDer(key, keyarr, keySz);
         if (ret < 0) { rv = ret; }
-        else { keyAsn1Sz = ret; }
+        else { keySz = ret; }
     }
 
-    WOLFSSL_MSG_EX("AriaSign key(%d):",keyAsn1Sz);
-    WOLFSSL_BUFFER(keyAsn1,keyAsn1Sz);
+    WOLFSSL_MSG_EX("AriaSign key(%d):",keySz);
+    WOLFSSL_BUFFER(keyarr,keySz);
 
     WOLFSSL_MSG_EX("AriaSign rv=%d",rv);
 
@@ -230,7 +230,7 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
     }
 
     if (rv == MC_OK)
-        rv = MC_CreateObject(hSession, keyAsn1, keyAsn1Sz, &hPrikey);
+        rv = MC_CreateObject(hSession, keyarr, keySz, &hPrikey);
     WOLFSSL_MSG_EX("AriaSign CreateObject rv=%d",rv);
 
     if (rv == MC_OK)
@@ -281,7 +281,7 @@ int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz,
         rv = MC_SetApiMode(hSession, gApimode);
 
     if (rv == MC_OK) {
-        int ret = wc_EccPublicKeyToDer(key,keyarr,keySz,0);
+        int ret = wc_EccPublicKeyToDer(key, keyarr, keySz, 0);
         if (ret < 0) { rv = ret; }
         else { keySz = ret; }
     }
@@ -544,13 +544,11 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                     ret = wc_AriaInitSha(&(info->hash.sha256->hSession), MC_ALGID_SHA256);
                 }
 
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.in != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     ret = wc_AriaShaUpdate(info->hash.sha256->hSession,
                                         (byte *) info->hash.in, info->hash.inSz);
                 }
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.digest != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     MC_UINT digestSz = 32;
                     ret = wc_AriaShaFinal(info->hash.sha256->hSession,
                                         info->hash.digest, &digestSz);
@@ -573,13 +571,11 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                     ret = wc_AriaInitSha(&(info->hash.sha384->hSession), MC_ALGID_SHA384);
                 }
 
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.in != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     ret = wc_AriaShaUpdate(info->hash.sha384->hSession,
                                         (byte *) info->hash.in, info->hash.inSz);
                 }
-                if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
-                    && (info->hash.digest != NULL)) {
+                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
                     MC_UINT digestSz = 48;
                     ret = wc_AriaShaFinal(info->hash.sha384->hSession,
                                         info->hash.digest, &digestSz);
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes.c
index 455d30bb..871d6b38 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes.c
@@ -16493,9 +16493,11 @@ extern void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
 extern void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
 /* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. */
 extern void GCM_gmult_len(byte* x, /* const */ byte m[32][AES_BLOCK_SIZE],
     const unsigned char* data, unsigned long len);
+#endif
 extern void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 
@@ -16992,6 +16994,7 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
     x[0] ^= borrow;
 }
 
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
 void GenerateM0(Gcm* gcm)
 {
     int i;
@@ -17047,6 +17050,7 @@ void GenerateM0(Gcm* gcm)
         m32[3] = ByteReverseWord32(m32[3]);
     }
 }
+#endif /* GCM_TABLE */
 
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
@@ -17067,7 +17071,9 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
     if (ret == 0) {
         AES_ECB_encrypt(iv, aes->gcm.H, AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds);
-        GenerateM0(&aes->gcm);
+        #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+            GenerateM0(&aes->gcm);
+        #endif /* GCM_TABLE */
     }
 
     return ret;
@@ -17101,6 +17107,44 @@ static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
     buf[7] = sz & 0xff;
 }
 
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+    /* GCM_gmult_len implementation in armv8-32-aes-asm or thumb2-aes-asm */
+    #define GCM_GMULT_LEN(aes, x, a, len) GCM_gmult_len(x, aes->gcm.M0, a, len)
+#elif defined(GCM_SMALL)
+    static void GCM_gmult_len(byte* x, const byte* h,
+        const unsigned char* a, unsigned long len)
+    {
+        byte Z[AES_BLOCK_SIZE];
+        byte V[AES_BLOCK_SIZE];
+        int i, j;
+
+        while (len >= AES_BLOCK_SIZE) {
+            xorbuf(x, a, AES_BLOCK_SIZE);
+
+            XMEMSET(Z, 0, AES_BLOCK_SIZE);
+            XMEMCPY(V, x, AES_BLOCK_SIZE);
+            for (i = 0; i < AES_BLOCK_SIZE; i++) {
+                byte y = h[i];
+                for (j = 0; j < 8; j++) {
+                    if (y & 0x80) {
+                        xorbuf(Z, V, AES_BLOCK_SIZE);
+                    }
+
+                    RIGHTSHIFTX(V);
+                    y = y << 1;
+                }
+            }
+            XMEMCPY(x, Z, AES_BLOCK_SIZE);
+
+            len -= AES_BLOCK_SIZE;
+            a += AES_BLOCK_SIZE;
+        }
+    }
+    #define GCM_GMULT_LEN(aes, x, a, len) GCM_gmult_len(x, aes->gcm.H, a, len)
+#else
+    #error ARMv8 AES only supports GCM_TABLE or GCM_TABLE_4BIT or GCM_SMALL
+#endif /* GCM_TABLE */
+
 static void gcm_ghash_arm32(Aes* aes, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
@@ -17119,13 +17163,13 @@ static void gcm_ghash_arm32(Aes* aes, const byte* a, word32 aSz, const byte* c,
         blocks = aSz / AES_BLOCK_SIZE;
         partial = aSz % AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, a, blocks * AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, a, blocks * AES_BLOCK_SIZE);
             a += blocks * AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             XMEMSET(scratch, 0, AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
         }
     }
 
@@ -17134,20 +17178,20 @@ static void gcm_ghash_arm32(Aes* aes, const byte* a, word32 aSz, const byte* c,
         blocks = cSz / AES_BLOCK_SIZE;
         partial = cSz % AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, c, blocks * AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, c, blocks * AES_BLOCK_SIZE);
             c += blocks * AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             XMEMSET(scratch, 0, AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
         }
     }
 
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+    GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
 
     /* Copy the result into s. */
     XMEMCPY(s, x, sSz);
@@ -17198,13 +17242,13 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         blocks = authInSz / AES_BLOCK_SIZE;
         partial = authInSz % AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, authIn, blocks * AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, authIn, blocks * AES_BLOCK_SIZE);
             authIn += blocks * AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             XMEMSET(scratch, 0, AES_BLOCK_SIZE);
             XMEMCPY(scratch, authIn, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
         }
     }
 
@@ -17214,7 +17258,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     if (blocks > 0) {
         AES_GCM_encrypt(in, out, blocks * AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
-        GCM_gmult_len(x, aes->gcm.M0, out, blocks * AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, out, blocks * AES_BLOCK_SIZE);
         in += blocks * AES_BLOCK_SIZE;
         out += blocks * AES_BLOCK_SIZE;
     }
@@ -17227,14 +17271,14 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
         XMEMSET(scratch, 0, AES_BLOCK_SIZE);
         XMEMCPY(scratch, out, partial);
-        GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
     }
 
     /* Hash in the lengths of A and C in bits */
     XMEMSET(scratch, 0, AES_BLOCK_SIZE);
     FlattenSzInBits(&scratch[0], authInSz);
     FlattenSzInBits(&scratch[8], sz);
-    GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+    GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
     if (authTagSz > AES_BLOCK_SIZE) {
         XMEMCPY(authTag, x, AES_BLOCK_SIZE);
     }
@@ -17286,13 +17330,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         blocks = authInSz / AES_BLOCK_SIZE;
         partial = authInSz % AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, authIn, blocks * AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, authIn, blocks * AES_BLOCK_SIZE);
             authIn += blocks * AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             XMEMSET(scratch, 0, AES_BLOCK_SIZE);
             XMEMCPY(scratch, authIn, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
         }
     }
 
@@ -17300,7 +17344,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     partial = sz % AES_BLOCK_SIZE;
     /* do as many blocks as possible */
     if (blocks > 0) {
-        GCM_gmult_len(x, aes->gcm.M0, in, blocks * AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, in, blocks * AES_BLOCK_SIZE);
 
         AES_GCM_encrypt(in, out, blocks * AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
@@ -17310,7 +17354,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     if (partial != 0) {
         XMEMSET(scratch, 0, AES_BLOCK_SIZE);
         XMEMCPY(scratch, in, partial);
-        GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
 
         AES_GCM_encrypt(in, scratch, AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
@@ -17320,7 +17364,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     XMEMSET(scratch, 0, AES_BLOCK_SIZE);
     FlattenSzInBits(&scratch[0], authInSz);
     FlattenSzInBits(&scratch[8], sz);
-    GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+    GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
     AES_ECB_encrypt(initialCounter, scratch, AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     xorbuf(x, scratch, authTagSz);
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha.c
index 94e64504..18dd9e59 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha.c
@@ -1666,7 +1666,10 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q6, q6, q12 \n\t"
         "VADD.I32 q7, q7, q13 \n\t"
 
-        "VLDM %[m], { q8-q15 } \n\t"
+        "VLD1.8 { q8, q9 }, [%[m]]! \n\t"
+        "VLD1.8 { q10, q11 }, [%[m]]! \n\t"
+        "VLD1.8 { q12, q13 }, [%[m]]! \n\t"
+        "VLD1.8 { q14, q15 }, [%[m]]! \n\t"
         "VEOR q0, q0, q8 \n\t"
         "VEOR q1, q1, q9 \n\t"
         "VEOR q2, q2, q10 \n\t"
@@ -1675,7 +1678,10 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VEOR q5, q5, q13 \n\t"
         "VEOR q6, q6, q14 \n\t"
         "VEOR q7, q7, q15 \n\t"
-        "VSTM %[c], { q0-q7 } \n\t"
+        "VST1.8 { q0, q1 }, [%[c]]! \n\t"
+        "VST1.8 { q2, q3 }, [%[c]]! \n\t"
+        "VST1.8 { q4, q5 }, [%[c]]! \n\t"
+        "VST1.8 { q6, q7 }, [%[c]]! \n\t"
 
         : [c] "+r" (c), [m] "+r" (m)
         : [rounds] "I" (ROUNDS/2), [input] "r" (input),
@@ -2725,14 +2731,14 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         "CMP        %[bytes], #64        \n\t"
         "BLT        L_chacha20_arm32_64_lt_64_%= \n\t"
         /* XOR full 64 byte block */
-        "VLDM       %[m], { q4-q7 }      \n\t"
-        "ADD        %[m], %[m], #64      \n\t"
+        "VLD1.8     { q4, q5 }, [%[m]]!  \n\t"
+        "VLD1.8     { q6, q7 }, [%[m]]!  \n\t"
         "VEOR       q0, q0, q4           \n\t"
         "VEOR       q1, q1, q5           \n\t"
         "VEOR       q2, q2, q6           \n\t"
         "VEOR       q3, q3, q7           \n\t"
-        "VSTM       %[c], { q0-q3 }      \n\t"
-        "ADD        %[c], %[c], #64      \n\t"
+        "VST1.8     { q0, q1 }, [%[c]]!  \n\t"
+        "VST1.8     { q2, q3 }, [%[c]]!  \n\t"
         "SUBS       %[bytes], %[bytes], #64 \n\t"
         "VADD.I32   q11, q11, q14        \n\t"
         "BNE        L_chacha20_arm32_64_outer_loop_%= \n\t"
@@ -2743,12 +2749,10 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         /* XOR 32 bytes */
         "CMP        %[bytes], #32        \n\t"
         "BLT        L_chacha20_arm32_64_lt_32_%= \n\t"
-        "VLDM       %[m], { q4-q5 }      \n\t"
-        "ADD        %[m], %[m], #32      \n\t"
+        "VLD1.8     { q4, q5 }, [%[m]]!  \n\t"
         "VEOR       q4, q4, q0           \n\t"
         "VEOR       q5, q5, q1           \n\t"
-        "VSTM       %[c], { q4-q5 }      \n\t"
-        "ADD        %[c], %[c], #32      \n\t"
+        "VST1.8     { q4, q5 }, [%[c]]!  \n\t"
         "SUBS       %[bytes], %[bytes], #32 \n\t"
         "VMOV       q0, q2               \n\t"
         "VMOV       q1, q3               \n\t"
@@ -2758,11 +2762,9 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         /* XOR 16 bytes */
         "CMP        %[bytes], #16        \n\t"
         "BLT        L_chacha20_arm32_64_lt_16_%= \n\t"
-        "VLDM       %[m], { q4 }         \n\t"
-        "ADD        %[m], %[m], #16      \n\t"
+        "VLD1.8     { q4 }, [%[m]]!      \n\t"
         "VEOR       q4, q4, q0           \n\t"
-        "VSTM       %[c], { q4 }         \n\t"
-        "ADD        %[c], %[c], #16      \n\t"
+        "VST1.8     { q4 }, [%[c]]!      \n\t"
         "SUBS       %[bytes], %[bytes], #16 \n\t"
         "VMOV       q0, q1               \n\t"
         "BEQ        L_chacha20_arm32_64_done_%= \n\t"
@@ -2771,9 +2773,9 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         /* XOR 8 bytes */
         "CMP        %[bytes], #8         \n\t"
         "BLT        L_chacha20_arm32_64_lt_8_%= \n\t"
-        "VLD1.64    { d8 }, [%[m]]!      \n\t"
+        "VLD1.8     { d8 }, [%[m]]!      \n\t"
         "VEOR       d8, d8, d0           \n\t"
-        "VST1.64    { d8 }, [%[c]]!      \n\t"
+        "VST1.8     { d8 }, [%[c]]!      \n\t"
         "SUBS       %[bytes], %[bytes], #8 \n\t"
         "VMOV       d0, d1               \n\t"
         "BEQ        L_chacha20_arm32_64_done_%= \n\t"
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256.c
index 55860d86..37380a3d 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256.c
@@ -130,8 +130,8 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     word32* k = (word32*)K;
 
     __asm__ volatile (
-    "#load leftover data\n"
-    "LD1 {v0.2d-v3.2d}, %[buffer]   \n"
+    "# load first block of data\n"
+    "LD1 {v0.16b-v3.16b}, [%[dataIn]], #64   \n"
 
     "#load current digest\n"
     "LD1 {v12.2d-v13.2d}, %[digest] \n"
@@ -281,7 +281,7 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     "CBZ w8, 2f \n"
 
     "#load in message and schedule updates \n"
-    "LD1 {v0.2d-v3.2d}, [%[dataIn]], #64   \n"
+    "LD1 {v0.16b-v3.16b}, [%[dataIn]], #64   \n"
     "MOV v14.16b, v12.16b \n"
     "MOV v15.16b, v13.16b \n"
     "REV32 v0.16b, v0.16b \n"
@@ -291,12 +291,11 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     "B 1b \n" /* do another block */
 
     "2:\n"
-    "STP q12, q13, %[out] \n"
+    "ST1 {v12.2d-v13.2d}, %[out] \n"
 
-    : [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
-      "=r" (data), "=r" (k)
-    : [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
-      [blocks] "2" (numBlocks), [dataIn] "3" (data)
+    : [out] "=m" (sha256->digest), "=r" (numBlocks), "=r" (data), "=r" (k)
+    : [k] "3" (k), [digest] "m" (sha256->digest), [blocks] "1" (numBlocks),
+      [dataIn] "2" (data)
     : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
                       "v8",  "v9",  "v10", "v11", "v12", "v13", "v14",
                       "v15", "v16", "v17", "v18", "v19", "v20", "v21",
@@ -306,35 +305,42 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
 }
 
 /* ARMv8 hardware acceleration */
-static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+    word32 len)
 {
     word32 add;
     word32 numBlocks;
 
     /* only perform actions if a buffer is passed in */
     if (len > 0) {
-        /* fill leftover buffer with data */
-        add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
-        XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
-        sha256->buffLen += add;
-        data            += add;
-        len             -= add;
+        AddLength(sha256, len);
+
+        if (sha256->buffLen > 0) {
+             /* fill leftover buffer with data */
+             add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+             XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
+             sha256->buffLen += add;
+             data            += add;
+             len             -= add;
+             if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
+                 Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+                 sha256->buffLen = 0;
+             }
+        }
 
         /* number of blocks in a row to complete */
         numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
 
         if (numBlocks > 0) {
-            /* get leftover amount after blocks */
-            add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
-
             Sha256Transform(sha256, data, numBlocks);
-            data += numBlocks * WC_SHA256_BLOCK_SIZE - sha256->buffLen;
-
-            AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
+            data += numBlocks * WC_SHA256_BLOCK_SIZE;
+            len  -= numBlocks * WC_SHA256_BLOCK_SIZE;
+        }
 
+        if (len > 0) {
             /* copy over any remaining data leftover */
-            XMEMCPY(sha256->buffer, data, add);
-            sha256->buffLen = add;
+            XMEMCPY(sha256->buffer, data, len);
+            sha256->buffLen = len;
         }
     }
 
@@ -352,8 +358,6 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
     const word32* k;
 
     local = (byte*)sha256->buffer;
-    AddLength(sha256, sha256->buffLen);  /* before adding pads */
-
     local[sha256->buffLen++] = 0x80;     /* add 1 */
 
     /* pad with zeros */
@@ -380,7 +384,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
             "MOV v16.16b, v20.16b \n"
             "MOV v17.16b, v21.16b \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
             "SHA256SU0 v4.4s, v1.4s        \n"
             "ADD v0.4s, v0.4s, v22.4s      \n"
             "MOV v6.16b, v2.16b            \n"
@@ -413,7 +417,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
             "SHA256H q16, q17, v3.4s       \n"
             "SHA256H2 q17, q18, v3.4s      \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
             "SHA256SU0 v8.4s, v5.4s        \n"
             "ADD v4.4s, v4.4s, v22.4s      \n"
             "MOV v18.16b, v16.16b          \n"
@@ -446,7 +450,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
             "SHA256H q16, q17, v7.4s         \n"
             "SHA256H2 q17, q18, v7.4s        \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
             "SHA256SU0 v12.4s, v9.4s            \n"
             "ADD v8.4s, v8.4s, v22.4s           \n"
             "MOV v18.16b, v16.16b               \n"
@@ -477,7 +481,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
             "SHA256H q16, q17, v11.4s           \n"
             "SHA256H2 q17, q18, v11.4s          \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]] \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]] \n"
             "ADD v12.4s, v12.4s, v22.4s    \n"
             "MOV v18.16b, v16.16b          \n"
             "SHA256H q16, q17, v12.4s      \n"
@@ -501,7 +505,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
             "#Add working vars back into digest state \n"
             "ADD v16.4s, v16.4s, v20.4s \n"
             "ADD v17.4s, v17.4s, v21.4s \n"
-            "STP q16, q17, %[out] \n"
+            "ST1 {v16.2d-v17.2d}, %[out]        \n"
 
             : [out] "=m" (sha256->digest), [k] "+r" (k)
             : [digest] "m" (sha256->digest),
@@ -551,7 +555,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
 
         "MOV v16.16b, v20.16b      \n"
         "MOV v17.16b, v21.16b      \n"
-        "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
+        "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
         "SHA256SU0 v4.4s, v1.4s          \n"
         "ADD v0.4s, v0.4s, v22.4s        \n"
         "MOV v6.16b, v2.16b              \n"
@@ -584,7 +588,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
         "SHA256H q16, q17, v3.4s         \n"
         "SHA256H2 q17, q18, v3.4s        \n"
 
-        "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
+        "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
         "SHA256SU0 v8.4s, v5.4s          \n"
         "ADD v4.4s, v4.4s, v22.4s        \n"
         "MOV v18.16b, v16.16b            \n"
@@ -617,7 +621,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
         "SHA256H q16, q17, v7.4s         \n"
         "SHA256H2 q17, q18, v7.4s        \n"
 
-        "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
+        "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
         "SHA256SU0 v12.4s, v9.4s          \n"
         "ADD v8.4s, v8.4s, v22.4s         \n"
         "MOV v18.16b, v16.16b             \n"
@@ -648,7 +652,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
         "SHA256H q16, q17, v11.4s         \n"
         "SHA256H2 q17, q18, v11.4s        \n"
 
-        "LD1 {v22.16b-v25.16b}, [%[k]] \n"
+        "LD1 {v22.4s-v25.4s}, [%[k]] \n"
         "ADD v12.4s, v12.4s, v22.4s    \n"
         "MOV v18.16b, v16.16b          \n"
         "SHA256H q16, q17, v12.4s      \n"
@@ -704,8 +708,9 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     word32* digPt = sha256->digest;
 
     __asm__ volatile (
-    "#load leftover data\n"
-    "VLDM %[buffer]!, {q0-q3} \n"
+    "# load first block of data\n"
+    "VLD1.8 {d0-d3}, [%[dataIn]]! \n"
+    "VLD1.8 {d4-d7}, [%[dataIn]]! \n"
 
     "#load current digest\n"
     "VLDM %[digest], {q12-q13} \n"
@@ -865,10 +870,8 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     "BEQ 2f \n"
 
     "#load in message and schedule updates \n"
-    "VLD1.32 {q0}, [%[dataIn]]!   \n"
-    "VLD1.32 {q1}, [%[dataIn]]!   \n"
-    "VLD1.32 {q2}, [%[dataIn]]!   \n"
-    "VLD1.32 {q3}, [%[dataIn]]!   \n"
+    "VLD1.8 {d0-d3}, [%[dataIn]]! \n"
+    "VLD1.8 {d4-d7}, [%[dataIn]]! \n"
 
     /* reset K pointer */
     "SUB %[k], %[k], #160 \n"
@@ -894,35 +897,42 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
 }
 
 /* ARMv8 hardware acceleration Aarch32 */
-static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+    word32 len)
 {
     word32 add;
     word32 numBlocks;
 
     /* only perform actions if a buffer is passed in */
     if (len > 0) {
-        /* fill leftover buffer with data */
-        add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
-        XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
-        sha256->buffLen += add;
-        data            += add;
-        len             -= add;
+        AddLength(sha256, len);
+
+        if (sha256->buffLen > 0) {
+             /* fill leftover buffer with data */
+             add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+             XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
+             sha256->buffLen += add;
+             data            += add;
+             len             -= add;
+             if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
+                 Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+                 sha256->buffLen = 0;
+             }
+        }
 
         /* number of blocks in a row to complete */
         numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
 
         if (numBlocks > 0) {
-            /* get leftover amount after blocks */
-            add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
-
             Sha256Transform(sha256, data, numBlocks);
-            data += numBlocks * WC_SHA256_BLOCK_SIZE - sha256->buffLen;
-
-            AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
+            data += numBlocks * WC_SHA256_BLOCK_SIZE;
+            len  -= numBlocks * WC_SHA256_BLOCK_SIZE;
+        }
 
+        if (len > 0) {
             /* copy over any remaining data leftover */
-            XMEMCPY(sha256->buffer, data, add);
-            sha256->buffLen = add;
+            XMEMCPY(sha256->buffer, data, len);
+            sha256->buffLen = len;
         }
     }
 
@@ -943,8 +953,6 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
     }
 
     local = (byte*)sha256->buffer;
-    AddLength(sha256, sha256->buffLen);  /* before adding pads */
-
     local[sha256->buffLen++] = 0x80;     /* add 1 */
 
     /* pad with zeros */
@@ -1615,14 +1623,86 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
     XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
 #endif
 #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
-    Sha256Transform(sha256, data, 1);
+    Sha256Transform(sha256, (byte*)sha256->buffer, 1);
 #else
-    Transform_Sha256_Len(sha256, data, WC_SHA256_BLOCK_SIZE);
+    Transform_Sha256_Len(sha256, (byte*)sha256->buffer, WC_SHA256_BLOCK_SIZE);
 #endif
     return 0;
 }
 #endif
 
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+/* One block will be used from data.
+ * hash must be big enough to hold all of digest output.
+ */
+int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
+    unsigned char* hash)
+{
+    int ret = 0;
+
+    if ((sha256 == NULL) || (data == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
+    Sha256Transform(sha256, data, 1);
+#else
+    Transform_Sha256_Len(sha256, data, WC_SHA256_BLOCK_SIZE);
+#endif
+
+    if (hash != NULL) {
+#ifdef LITTLE_ENDIAN_ORDER
+    #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
+        #ifdef __aarch64__
+            __asm__ __volatile__ (
+                "LD1 {v0.2d-v1.2d}, [%[digest]]   \n"
+                "REV32 v0.16b, v0.16b \n"
+                "REV32 v1.16b, v1.16b \n"
+                "ST1 {v0.16b-v1.16b}, [%[hash]]  \n"
+                :
+                : [digest] "r" (sha256->digest), [hash] "r" (hash)
+                : "memory", "v0", "v1"
+            );
+        #else
+            __asm__ __volatile__ (
+                "VLDM %[digest], {q0-q1} \n"
+                "VREV32.8 q0, q0 \n"
+                "VREV32.8 q1, q1 \n"
+                "VST1.8 {d0-d3}, [%[hash]] \n"
+                :
+                : [digest] "r" (sha256->digest), [hash] "r" (hash)
+                : "memory", "q0", "q1"
+            );
+        #endif
+    #else
+        word32* hash32 = (word32*)hash;
+        word32* digest = (word32*)sha256->digest;
+        hash32[0] = ByteReverseWord32(digest[0]);
+        hash32[1] = ByteReverseWord32(digest[1]);
+        hash32[2] = ByteReverseWord32(digest[2]);
+        hash32[3] = ByteReverseWord32(digest[3]);
+        hash32[4] = ByteReverseWord32(digest[4]);
+        hash32[5] = ByteReverseWord32(digest[5]);
+        hash32[6] = ByteReverseWord32(digest[6]);
+        hash32[7] = ByteReverseWord32(digest[7]);
+    #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
+#else
+        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+#endif
+        sha256->digest[0] = 0x6A09E667L;
+        sha256->digest[1] = 0xBB67AE85L;
+        sha256->digest[2] = 0x3C6EF372L;
+        sha256->digest[3] = 0xA54FF53AL;
+        sha256->digest[4] = 0x510E527FL;
+        sha256->digest[5] = 0x9B05688CL;
+        sha256->digest[6] = 0x1F83D9ABL;
+        sha256->digest[7] = 0x5BE0CD19L;
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
+
 #endif /* !NO_SHA256 */
 
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S
index 0badf8f9..68695a7e 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S
@@ -714,15 +714,19 @@ AES_set_encrypt_key:
 #else
 	BEQ.W	L_AES_set_encrypt_key_start_192
 #endif
-	LDRD	r4, r5, [r0]
-	LDRD	r6, r7, [r0, #8]
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
 	REV	r7, r7
 	STM	r2!, {r4, r5, r6, r7}
-	LDRD	r4, r5, [r0, #16]
-	LDRD	r6, r7, [r0, #24]
+	LDR	r4, [r0, #16]
+	LDR	r5, [r0, #20]
+	LDR	r6, [r0, #24]
+	LDR	r7, [r0, #28]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -805,9 +809,12 @@ L_AES_set_encrypt_key_loop_256:
 	B.N	L_AES_set_encrypt_key_end
 #endif
 L_AES_set_encrypt_key_start_192:
-	LDRD	r4, r5, [r0]
-	LDRD	r6, r7, [r0, #8]
-	LDRD	r8, r9, [r0, #16]
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
+	LDR	r8, [r0, #16]
+	LDR	r9, [r0, #20]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -871,8 +878,10 @@ L_AES_set_encrypt_key_loop_192:
 	B.N	L_AES_set_encrypt_key_end
 #endif
 L_AES_set_encrypt_key_start_128:
-	LDRD	r4, r5, [r0]
-	LDRD	r6, r7, [r0, #8]
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -907,7 +916,7 @@ L_AES_set_encrypt_key_loop_128:
 #endif
 L_AES_set_encrypt_key_end:
 	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
-	/* Cycle Count = 331 */
+	/* Cycle Count = 340 */
 	.size	AES_set_encrypt_key,.-AES_set_encrypt_key
 	.text
 	.align	4
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
index 54531316..fc4be05f 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
@@ -54,7 +54,7 @@
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t L_AES_Thumb2_td_data[] = {
+XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = {
     0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
     0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
     0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
@@ -123,7 +123,7 @@ static const uint32_t L_AES_Thumb2_td_data[] = {
 
 #endif /* HAVE_AES_DECRYPT */
 #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t L_AES_Thumb2_te_data[] = {
+XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = {
     0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
     0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
     0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
@@ -310,16 +310,17 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
         : [ks] "+r" (ks), [rounds] "+r" (rounds),
           [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_td] "+r" (L_AES_Thumb2_td_c)
         :
+        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
         : [ks] "+r" (ks), [rounds] "+r" (rounds)
         : [L_AES_Thumb2_te] "r" (L_AES_Thumb2_te), [L_AES_Thumb2_td] "r" (L_AES_Thumb2_td)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
 #endif /* HAVE_AES_DECRYPT */
-static const uint32_t L_AES_Thumb2_rcon[] = {
+XALIGNED(16) static const uint32_t L_AES_Thumb2_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
     0x1b000000, 0x36000000
@@ -356,15 +357,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
 #else
         "BEQ.W	L_AES_set_encrypt_key_start_192\n\t"
 #endif
-        "LDRD	r4, r5, [%[key]]\n\t"
-        "LDRD	r6, r7, [%[key], #8]\n\t"
+        "LDR	r4, [%[key]]\n\t"
+        "LDR	r5, [%[key], #4]\n\t"
+        "LDR	r6, [%[key], #8]\n\t"
+        "LDR	r7, [%[key], #12]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "STM	%[ks]!, {r4, r5, r6, r7}\n\t"
-        "LDRD	r4, r5, [%[key], #16]\n\t"
-        "LDRD	r6, r7, [%[key], #24]\n\t"
+        "LDR	r4, [%[key], #16]\n\t"
+        "LDR	r5, [%[key], #20]\n\t"
+        "LDR	r6, [%[key], #24]\n\t"
+        "LDR	r7, [%[key], #28]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -449,9 +454,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
 #endif
         "\n"
     "L_AES_set_encrypt_key_start_192:\n\t"
-        "LDRD	r4, r5, [%[key]]\n\t"
-        "LDRD	r6, r7, [%[key], #8]\n\t"
-        "LDRD	r8, r9, [%[key], #16]\n\t"
+        "LDR	r4, [%[key]]\n\t"
+        "LDR	r5, [%[key], #4]\n\t"
+        "LDR	r6, [%[key], #8]\n\t"
+        "LDR	r7, [%[key], #12]\n\t"
+        "LDR	r8, [%[key], #16]\n\t"
+        "LDR	r9, [%[key], #20]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -517,8 +525,10 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
 #endif
         "\n"
     "L_AES_set_encrypt_key_start_128:\n\t"
-        "LDRD	r4, r5, [%[key]]\n\t"
-        "LDRD	r6, r7, [%[key], #8]\n\t"
+        "LDR	r4, [%[key]]\n\t"
+        "LDR	r5, [%[key], #4]\n\t"
+        "LDR	r6, [%[key], #8]\n\t"
+        "LDR	r7, [%[key], #12]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -558,11 +568,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks),
           [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_rcon] "+r" (L_AES_Thumb2_rcon_c)
         :
+        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
 #else
         : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_te] "r" (L_AES_Thumb2_te), [L_AES_Thumb2_rcon] "r" (L_AES_Thumb2_rcon)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
@@ -969,12 +980,16 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
+        : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
+        : "memory", "r12", "lr", "r4", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
 #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
-        : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
@@ -1169,12 +1184,19 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
+        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
+        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
 #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)iv;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AES_CBC */
@@ -1390,12 +1412,19 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
+        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
+        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
 #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)ctr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
@@ -1834,12 +1863,16 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
           [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
         :
+        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
+        : "memory", "r12", "lr", "r4", "r7", "r8", "r9", "r10", "r11", "cc"
 #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
@@ -2193,19 +2226,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv),
           [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
         :
+        : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc"
 #else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
+        : "memory", "r12", "lr", "r4", "r5", "r8", "r9", "r10", "r11", "cc"
 #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
-        : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc"
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)iv;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AES_CBC */
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */
 #endif /* HAVE_AES_DECRYPT */
 #ifdef HAVE_AESGCM
-static const uint32_t L_GCM_gmult_len_r[] = {
+XALIGNED(16) static const uint32_t L_GCM_gmult_len_r[] = {
     0x00000000, 0x1c200000, 0x38400000, 0x24600000,
     0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000,
     0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000,
@@ -2785,11 +2825,12 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len),
           [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
         :
+        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
         : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len)
         : [L_GCM_gmult_len_r] "r" (L_GCM_gmult_len_r)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
@@ -2996,12 +3037,19 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr),
           [L_AES_Thumb2_te_gcm] "+r" (L_AES_Thumb2_te_gcm_c)
         :
+        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_te_gcm] "r" (L_AES_Thumb2_te_gcm)
+        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
 #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)ctr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AESGCM */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
index 4654dd21..93f8078a 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
@@ -54,7 +54,7 @@
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_len_k[] = {
+XALIGNED(16) static const uint32_t L_SHA256_transform_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -1459,11 +1459,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
           [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
         :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
 #else
         : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len)
         : [L_SHA256_transform_len_k] "r" (L_SHA256_transform_len_k)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
index d7fbd83e..ab154ada 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
@@ -3574,11 +3574,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
           [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
         :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
 #else
         : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len)
         : [L_SHA512_transform_len_k] "r" (L_SHA512_transform_len_k)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/README.md b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/README.md
new file mode 100644
index 00000000..004989ae
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/README.md
@@ -0,0 +1,45 @@
+## 1.0 Intro To Using wolfSSL with AutoSAR
+
+This readme covers building and using wolfSSL for AutoSAR applications. Currently AES-CBC and RNG are supported. The version of AutoSAR used for reference was 4.4. Currently there is no asynchronous support.
+
+
+## 2.0 Building wolfSSL
+
+### 2.1 wolfSSL Library
+To enable the use of AutoSAR with wolfSSL use the enable option --enable-autosar. In example “./configure --eanble-autosar”. If building without autotools then the macro WOLFSSL_AUTOSAR should be defined. This is usually defined in a user_settings.h file which gets included to the wolfSSL build when the macro WOLFSSL_USER_SETTINGS is defined.
+
+
+### 2.2 Key Redirection
+By default the next available key with the same key type desired is used. When specific keys are to be used then key input redirection is needed. This is done at compile time with setting specific macros. An example of key redirection would be as follows :
+
+/* set redirection of primary and secondary */
+#define REDIRECTION_CONFIG 0x03
+
+/* set primary key to keyId of 1 and element type CRYPTO_KE_CIPHER_KEY */
+#define REDIRECTION_IN1_KEYID 1
+#define REDIRECTION_IN1_KEYELMID 0x01
+
+
+/* set secondary key to keyId of 4 and element type CRYPTO_KE_CIPHER_IV */
+#define REDIRECTION_IN2_KEYID 4
+#define REDIRECTION_IN2_KEYELMID 0x05
+
+
+## 3.0 example
+
+There is an example test case located at wolfcrypt/src/port/autsar/example.c. After compiling with autotools (./configure --enable-autsar && make) the example can be ran by running the command ./wolfcrypt/src/port/autsar/example.test
+
+## 4.0 API Implemented
+
+- Std_ReturnType Csm_Decrypt(uint32 jobId,                            
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength, 
+         uint8* resultPtr, uint32* resultLengthPtr);                             
+- Std_ReturnType Csm_Encrypt(uint32 jobId,                            
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength, 
+         uint8* resultPtr, uint32* resultLengthPtr);                             
+- Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId, 
+         const uint8* keyPtr, uint32 keyLength);                                 
+- Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,  
+         uint32* resultLengthPtr);
+
+Along with the structures necessary for these API.
\ No newline at end of file
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c
new file mode 100644
index 00000000..0bd767b4
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c
@@ -0,0 +1,103 @@
+/* cryif.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* AutoSAR 4.4 */
+/* shim layer for use of wolfSSL crypto driver */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#include <wolfssl/wolfcrypt/port/autosar/CryIf.h>
+#include <wolfssl/wolfcrypt/port/autosar/Crypto.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CRYIF
+
+#include <wolfssl/wolfcrypt/logging.h>
+
+/* initialization function */
+void CryIf_Init(const CryIf_ConfigType* in)
+{
+    (void)in;
+    Crypto_Init(NULL);
+}
+
+
+void CryIf_GetVersionInfo(Std_VersionInfoType* ver)
+{
+    if (ver != NULL) {
+        ver->vendorID = 0; /* no vendor or module ID */
+        ver->moduleID = 0;
+        ver->sw_major_version = (LIBWOLFSSL_VERSION_HEX >> 24) & 0xFFF;
+        ver->sw_minor_version = (LIBWOLFSSL_VERSION_HEX >> 12) & 0xFFF;
+        ver->sw_patch_version = (LIBWOLFSSL_VERSION_HEX) & 0xFFF;
+    }
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType CryIf_ProcessJob(uint32 id, Crypto_JobType* job)
+{
+    WOLFSSL_ENTER("CryIf_ProcessJob");
+    if (job == NULL) {
+        return E_NOT_OK;
+    }
+
+    /* only handle synchronous jobs */
+    if (job->jobPrimitiveInfo->processingType != CRYPTO_PROCESSING_SYNC) {
+        WOLFSSL_MSG("Crypto Interface only supporting synchronous jobs");
+        return E_NOT_OK;
+    }
+
+    return Crypto_ProcessJob(id, job);
+}
+
+
+/* not implemented yet since async not supported */
+Std_ReturnType CryIf_CancelJob(uint32 id, Crypto_JobType* job)
+{
+    (void)id;
+    (void)job;
+    WOLFSSL_STUB("CryIf_CancelJob");
+
+    return E_NOT_OK;
+}
+
+
+/* return E_OK on success */
+Std_ReturnType CryIf_KeyElementSet(uint32 keyId, uint32 eId, const uint8* key,
+        uint32 keySz)
+{
+    if (key == NULL || keySz == 0) {
+        /* report CRYIF_E_PARAM_POINTER to the DET */
+        return E_NOT_OK;
+    }
+
+    return Crypto_KeyElementSet(keyId, eId, key, keySz);
+}
+#endif /* NO_WOLFSSL_AUTOSAR_CRYIF */
+#endif /* WOLFSSL_AUTOSAR */
+
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c
new file mode 100644
index 00000000..e124b3ca
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c
@@ -0,0 +1,495 @@
+/* crypto.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#include <wolfssl/wolfcrypt/port/autosar/Crypto.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CRYPTO
+
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* Low level crypto (software based driver) where wolfCrypt gets called */
+Std_ReturnType wolfSSL_Crypto_CBC(Crypto_JobType* job);
+Std_ReturnType wolfSSL_Crypto(Crypto_JobType* job);
+Std_ReturnType wolfSSL_Crypto_RNG(Crypto_JobType* job);
+
+
+#ifndef MAX_KEYSTORE
+    #define MAX_KEYSTORE 15
+#endif
+#ifndef MAX_JOBS
+    #define MAX_JOBS 10
+#endif
+
+static wolfSSL_Mutex crypto_mutex;
+struct Keys {
+    uint32 keyLen;
+    uint32 eId;
+
+    /* raw key */
+    uint8 key[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE];
+} Keys;
+
+
+struct Jobs {
+    uint32 jobId;
+    uint8  inUse; /* is the key available for use */
+    Aes aes;
+} Jobs;
+
+static struct Jobs activeJobs[MAX_JOBS];
+static struct Keys keyStore[MAX_KEYSTORE];
+
+
+/* tries to get a key of type eId
+ * returns 0 on success
+ */
+static int GetKey(Crypto_JobType* job, uint32 eId, uint8 **key, uint32 *keySz)
+{
+    int i, ret = 0;
+
+    if (key == NULL || keySz == NULL || *key != NULL) {
+        WOLFSSL_MSG("Bad parameter to GetKey");
+        return -1;
+    }
+
+    if (wc_LockMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Unable to lock crypto mutex");
+        return -1;
+    }
+
+#ifdef REDIRECTION_CONFIG
+    /* keys should be set... */
+    if (job->jobRedirectionInfoRef == NULL) {
+        WOLFSSL_MSG("Issue with getting key redirection");
+        wc_UnLockMutex(&crypto_mutex);
+        return -1;
+    }
+
+    /* @TODO sanity checks on setup... uint8 redirectionConfig; */
+    switch (eid) {
+        case job->jobRedirectionInfoRef->inputKeyElementId:
+            if (job->jobRedirectionInfoRef->inputKeyId >= MAX_KEYSTORE) {
+                WOLFSSL_MSG("Bogus input key ID redirection (too large)");
+                ret = -1;
+            }
+            else {
+                i = job->jobRedirectionInfoRef->inputKeyId;
+                *key   = keyStore[i].key;
+                *keySz = keyStore[i].keyLen;
+            }
+            break;
+        case job->jobRedirectionInfoRef->secondaryInputKeyElementId:
+            if (job->jobRedirectionInfoRef->secondaryInputKeyId >= MAX_KEYSTORE) {
+                WOLFSSL_MSG("Bogus input key ID redirection (too large)");
+                ret = -1;
+            }
+            else {
+                i = job->jobRedirectionInfoRef->secondaryInputKeyId;
+                *key   = keyStore[i].key;
+                *keySz = keyStore[i].keyLen;
+            }
+            break;
+        case job->jobRedirectionInfoRef->tertiaryInputKeyElementId:
+            if (job->jobRedirectionInfoRef->tertiaryInputKeyId >= MAX_KEYSTORE) {
+                WOLFSSL_MSG("Bogus input key ID redirection (too large)");
+                ret = -1;
+            }
+            else {
+                i = job->jobRedirectionInfoRef->tertiaryInputKeyId;
+                *key   = keyStore[i].key;
+                *keySz = keyStore[i].keyLen;
+            }
+            break;
+        default:
+            WOLFSSL_MSG("Unknown key element ID");
+            ret = -1;
+            break;
+    }
+#else
+    /* find first key of key element type */
+    for (i = 0; i < MAX_KEYSTORE; i++) {
+        if (keyStore[i].eId == eId && keyStore[i].keyLen ==
+                job->jobPrimitiveInfo->primitiveInfo->algorithm.keyLength) {
+            /* found matching key available, use it */
+            *key = keyStore[i].key;
+            *keySz = keyStore[i].keyLen;
+        }
+    }
+#endif
+
+    if (*key == NULL) {
+        WOLFSSL_MSG("Unable to find an available key");
+        ret = -1;
+    }
+
+    if (wc_UnLockMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Unable to unlock crypto mutex");
+        ret = -1;
+    }
+    return ret;
+}
+
+
+/* returns a pointer to the Aes struct on success, NULL on failure */
+static Aes* GetAesStruct(Crypto_JobType* job)
+{
+    int i;
+
+    for (i = 0; i < MAX_JOBS; i++) {
+        if (activeJobs[i].inUse == 1 && activeJobs[i].jobId == job->jobId) {
+            return &activeJobs[i].aes;
+        }
+    }
+    return NULL;
+}
+
+
+/* returns a pointer to the Aes struct on success, NULL on failure */
+static Aes* NewAesStruct(Crypto_JobType* job)
+{
+    int i;
+
+    for (i = 0; i < MAX_JOBS; i++) {
+        if (activeJobs[i].inUse == 0) {
+            int ret;
+
+            activeJobs[i].inUse = 1;
+            activeJobs[i].jobId = job->jobId;
+            ret = wc_AesInit(&activeJobs[i].aes, NULL, INVALID_DEVID);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error initializing AES structure");
+                return NULL;
+            }
+            return &activeJobs[i].aes;
+        }
+    }
+    return NULL;
+}
+
+
+/* free's up the use of an AES structure */
+static void FreeAesStruct(Crypto_JobType* job) {
+    int i;
+
+    for (i = 0; i < MAX_JOBS; i++) {
+        if (activeJobs[i].inUse == 1 && activeJobs[i].jobId == job->jobId) {
+            break;
+        }
+    }
+
+    if (i >= MAX_JOBS) {
+        WOLFSSL_MSG("Error finding AES structure");
+    }
+    else {
+        wc_AesFree(&activeJobs[i].aes);
+        activeJobs[i].inUse = 0;
+        activeJobs[i].jobId = 0;
+    }
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType wolfSSL_Crypto_CBC(Crypto_JobType* job)
+{
+    Std_ReturnType ret = E_OK;
+    int encrypt;
+    Aes* aes ;
+
+    encrypt = (job->jobPrimitiveInfo->primitiveInfo->service == CRYPTO_ENCRYPT)
+        ? AES_ENCRYPTION : AES_DECRYPTION;
+
+    /* check if key should be set */
+    if ((job->jobPrimitiveInputOutput.mode & CRYPTO_OPERATIONMODE_START) != 0) {
+        uint8 *key   = NULL;
+        uint8 *iv    = NULL;
+        uint32 keySz = 0;
+        uint32 ivSz  = 0;
+
+        if (GetKey(job, CRYPTO_KE_CIPHER_KEY, &key, &keySz) != 0) {
+            WOLFSSL_MSG("Crypto error with getting a key");
+            return E_NOT_OK;
+        }
+
+        if (GetKey(job, CRYPTO_KE_CIPHER_IV, &iv, &ivSz) != 0) {
+            WOLFSSL_MSG("Crypto error with getting an IV");
+            return E_NOT_OK;
+        }
+
+        if (iv != NULL && ivSz < AES_BLOCK_SIZE) {
+            WOLFSSL_MSG("Error IV is too small");
+            return E_NOT_OK;
+        }
+
+        aes = NewAesStruct(job);
+        if (aes == NULL) {
+            WOLFSSL_MSG("Unable to get AES structure for use");
+            return E_NOT_OK;
+        }
+
+        if (wc_AesSetKey(aes, key, keySz, iv, encrypt) != 0) {
+            WOLFSSL_MSG("Crypto error setting up AES key");
+            return E_NOT_OK;
+        }
+        ForceZero(key, keySz);
+    }
+
+    if ((job->jobPrimitiveInputOutput.mode & CRYPTO_OPERATIONMODE_UPDATE)
+            != 0) {
+        aes = GetAesStruct(job);
+        if (aes == NULL) {
+            WOLFSSL_MSG("Error finding AES structure");
+            return E_NOT_OK;
+        }
+
+        if (encrypt == AES_ENCRYPTION) {
+            if (wc_AesCbcEncrypt(aes, job->jobPrimitiveInputOutput.outputPtr,
+                    job->jobPrimitiveInputOutput.inputPtr,
+                    job->jobPrimitiveInputOutput.inputLength) != 0) {
+                WOLFSSL_MSG("AES-CBC encrypt error");
+                return E_NOT_OK;
+            }
+        }
+        else {
+            if (wc_AesCbcDecrypt(aes, job->jobPrimitiveInputOutput.outputPtr,
+                    job->jobPrimitiveInputOutput.inputPtr,
+                    job->jobPrimitiveInputOutput.inputLength) != 0) {
+                WOLFSSL_MSG("AES-CBC decrypt error");
+                return E_NOT_OK;
+            }
+        }
+    }
+
+    if ((job->jobPrimitiveInputOutput.mode & CRYPTO_OPERATIONMODE_FINISH)
+            != 0) {
+        FreeAesStruct(job);
+    }
+
+    return ret;
+}
+
+
+/* returns E_OK on success and E_NOT_OK on failure */
+Std_ReturnType wolfSSL_Crypto(Crypto_JobType* job)
+{
+    Std_ReturnType ret = E_OK;
+
+    WOLFSSL_ENTER("wolfSSL_Crypto");
+
+    /* switch on encryption type */
+    switch (job->jobPrimitiveInfo->primitiveInfo->algorithm.mode) {
+        case CRYPTO_ALGOMODE_CBC:
+            ret = wolfSSL_Crypto_CBC(job);
+            break;
+
+        case CRYPTO_ALGOMODE_NOT_SET:
+            WOLFSSL_MSG("Encrypt algo mode not set!");
+            ret = E_NOT_OK;
+            break;
+
+        default:
+            WOLFSSL_MSG("Unsupported encryption mode");
+            ret = E_NOT_OK;
+            break;
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_Crypto", ret);
+    return ret;
+}
+
+static WC_RNG rng;
+static wolfSSL_Mutex rngMutex;
+static volatile byte rngInit = 0;
+
+/* returns E_OK on success */
+Std_ReturnType wolfSSL_Crypto_RNG(Crypto_JobType* job)
+{
+    int ret;
+
+    uint8  *out   = job->jobPrimitiveInputOutput.outputPtr;
+    uint32 *outSz = job->jobPrimitiveInputOutput.outputLengthPtr;
+
+    if (outSz == NULL || out == NULL) {
+        WOLFSSL_MSG("Bad parameter passed into wolfSSL_Crypto_RNG");
+        return E_NOT_OK;
+    }
+
+    if (rngInit == 1) {
+        if (wc_LockMutex(&rngMutex) != 0) {
+            WOLFSSL_MSG("Error locking RNG mutex");
+            return E_NOT_OK;
+        }
+    }
+
+    if (rngInit == 0) {
+        if (wc_InitMutex(&rngMutex) != 0) {
+            WOLFSSL_MSG("Error initializing RNG mutex");
+            return E_NOT_OK;
+        }
+
+        if (wc_LockMutex(&rngMutex) != 0) {
+            WOLFSSL_MSG("Error locking RNG mutex");
+            return E_NOT_OK;
+        }
+
+        ret = wc_InitRng_ex(&rng, NULL, 0);
+        if (ret != 0) {
+            WOLFSSL_MSG("Error initializing RNG");
+            wc_UnLockMutex(&rngMutex);
+            return E_NOT_OK;
+        }
+        rngInit = 1;
+    }
+
+    ret = wc_RNG_GenerateBlock(&rng, out, *outSz);
+    if (ret != 0) {
+        WOLFSSL_MSG("Unable to generate random values");
+        ret = wc_FreeRng(&rng);
+        if (ret != 0) {
+            WOLFSSL_MSG("Error free'ing RNG");
+        }
+        rngInit = 0;
+        wc_UnLockMutex(&rngMutex);
+        return E_NOT_OK;
+    }
+
+    if (wc_UnLockMutex(&rngMutex) != 0) {
+        WOLFSSL_MSG("Error unlocking RNG mutex");
+        return E_NOT_OK;
+    }
+
+    return E_OK;
+}
+
+
+/* returns E_OK on success and E_NOT_OK on failure */
+Std_ReturnType Crypto_ProcessJob(uint32 objectId, Crypto_JobType* job)
+{
+    Std_ReturnType ret = E_OK;
+    (void)objectId;
+
+    WOLFSSL_ENTER("Crypto_ProcessJob");
+    if (job == NULL) {
+        WOLFSSL_MSG("Bad parameter passed to Crypto_ProcessJob");
+        ret = E_NOT_OK;
+    }
+
+    /* only handle synchronous jobs */
+    if (ret == E_OK &&
+            job->jobPrimitiveInfo->processingType != CRYPTO_PROCESSING_SYNC) {
+        WOLFSSL_MSG("Crypto only supporting synchronous jobs");
+        ret = E_NOT_OK;
+    }
+
+    if (ret == E_OK) {
+        job->jobState = CRYPTO_JOBSTATE_ACTIVE;
+        switch (job->jobPrimitiveInfo->primitiveInfo->service) {
+            case CRYPTO_ENCRYPT:
+                ret = wolfSSL_Crypto(job);
+                break;
+
+            case CRYPTO_DECRYPT:
+                ret = wolfSSL_Crypto(job);
+                break;
+
+            case CRYPTO_RANDOMGENERATE:
+                ret = wolfSSL_Crypto_RNG(job);
+                break;
+
+            default:
+                WOLFSSL_MSG("Unsuported Crypto service");
+                ret = E_NOT_OK;
+                break;
+        }
+        job->jobState = CRYPTO_JOBSTATE_IDLE;
+    }
+
+    WOLFSSL_LEAVE("Crypto_ProcessJob", ret);
+    return ret;
+}
+
+
+/* config currently not used, should always be null */
+void Crypto_Init(const Crypto_ConfigType* config)
+{
+    if (wc_InitMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Issues setting up crypto mutex");
+    }
+    XMEMSET(&keyStore, 0, MAX_KEYSTORE * sizeof(Keys));
+    XMEMSET(&activeJobs, 0, MAX_JOBS * sizeof(Jobs));
+    (void)config;
+}
+
+
+/* returns E_OK on success and E_NOT_OK on failure */
+Std_ReturnType Crypto_KeyElementSet(uint32 keyId, uint32 eId, const uint8* key,
+        uint32 keySz)
+{
+    Std_ReturnType ret = E_OK;
+
+    if (key == NULL || keySz == 0 || keyId >= MAX_KEYSTORE) {
+        WOLFSSL_MSG("Bad argument to Crypto_KeyElementSet");
+        ret = E_NOT_OK;
+    }
+
+    if (ret == E_OK && wc_LockMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Unable to lock crypto mutex");
+        ret = E_NOT_OK;
+    }
+
+    if (ret == E_OK) {
+        if (keySz > sizeof(keyStore[keyId].key)) {
+            ret =  E_NOT_OK;
+        }
+        if (ret == E_OK) {
+            WOLFSSL_MSG("Setting new key");
+            keyStore[keyId].eId   = eId;
+            XMEMCPY(keyStore[keyId].key, key, keySz);
+            keyStore[keyId].keyLen = keySz;
+        }
+
+        if (wc_UnLockMutex(&crypto_mutex) != 0) {
+            WOLFSSL_MSG("Unable to unlock crypto mutex");
+            ret = E_NOT_OK;
+        }
+    }
+
+    return ret;
+}
+#endif /* NO_WOLFSSL_AUTOSAR_CRYPTO */
+#endif /* WOLFSSL_AUTOSAR */
+
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c
new file mode 100644
index 00000000..f5df124b
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c
@@ -0,0 +1,298 @@
+/* csm.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#include <wolfssl/wolfcrypt/port/autosar/CryIf.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CSM
+
+
+/* AutoSAR 4.4 */
+/* basic shim layer to plug in wolfSSL crypto */
+
+#ifndef REDIRECTION_CONFIG
+Crypto_JobRedirectionInfoType redirect = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+#else
+Crypto_JobRedirectionInfoType redirect = {
+    REDIRECTION_CONFIG,
+    #ifdef REDIRECTION_IN1_KEYID
+        REDIRECTION_IN1_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_IN1_KEYELMID
+        REDIRECTION_IN1_KEYELMID,
+    #else
+        0,
+    #endif
+
+
+    #ifdef REDIRECTION_IN2_KEYID
+        REDIRECTION_IN2_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_IN2_KEYELMID
+        REDIRECTION_IN2_KEYELMID,
+    #else
+        0,
+    #endif
+
+
+    #ifdef REDIRECTION_IN3_KEYID
+        REDIRECTION_IN3_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_IN3_KEYELMID
+        REDIRECTION_IN3_KEYELMID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_OUT1_KEYID
+        REDIRECTION_OUT1_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_OUT1_KEYELMID
+        REDIRECTION_OUT1_KEYELMID,
+    #else
+        0,
+    #endif
+
+
+    #ifdef REDIRECTION_OUT2_KEYID
+        REDIRECTION_OUT2_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_OUT2_KEYELMID
+        REDIRECTION_OUT2_KEYELMID,
+    #else
+        0,
+    #endif
+};
+#endif
+
+static byte CsmDevErrorDetect = 1; /* flag for development error detection */
+
+enum {
+    CSM_E_PARAM_POINTER,
+    CSM_E_SMALL_BUFFER,
+    CSM_E_UNINT,
+    CSM_E_INIT_FAILED,
+    CSM_E_PROCESSING_MODE
+};
+
+
+/* development error reporting */
+void ReportToDET(int err)
+{
+    if (CsmDevErrorDetect == 1) {
+        switch (err) {
+            case CSM_E_PARAM_POINTER:
+                WOLFSSL_MSG("AutoSAR CSM_E_PARAM_POINTER error");
+                break;
+
+            case CSM_E_SMALL_BUFFER:
+                WOLFSSL_MSG("AutoSAR CSM_E_SMALL_BUFFER error");
+                break;
+
+            case CSM_E_UNINT:
+                WOLFSSL_MSG("AutoSAR CSM_E_UNINT error");
+                break;
+
+            case CSM_E_INIT_FAILED:
+                WOLFSSL_MSG("AutoSAR CSM_E_INIT_FAILED error");
+                break;
+
+            case CSM_E_PROCESSING_MODE:
+                WOLFSSL_MSG("AutoSAR CSM_E_PROCESSING_MODE error");
+                break;
+
+            default:
+                WOLFSSL_MSG("AutoSAR Unknown error");
+        }
+    }
+}
+
+
+void Csm_Init(const Csm_ConfigType* config)
+{
+    (void)config;
+    CryIf_Init(NULL);
+}
+
+
+/* getter function for CSM version info */
+void Csm_GetVersionInfo(Std_VersionInfoType* version)
+{
+    if (version != NULL) {
+        version->vendorID = 0; /* no vendor or module ID */
+        version->moduleID = 0;
+        version->sw_major_version = (LIBWOLFSSL_VERSION_HEX >> 24) & 0xFFF;
+        version->sw_minor_version = (LIBWOLFSSL_VERSION_HEX >> 12) & 0xFFF;
+        version->sw_patch_version = (LIBWOLFSSL_VERSION_HEX) & 0xFFF;
+    }
+}
+
+
+/* creates a new job type and passes it down to CryIf
+ *
+ * return E_OK on success
+ */
+static Std_ReturnType CreateAndRunJobType(uint32 id,
+        Crypto_JobPrimitiveInfoType* jobInfo, Crypto_JobInfoType* jobInfoType,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz,
+        Crypto_OperationModeType mode)
+{
+    WOLFSSL_JOBIO   jobIO;
+    WOLFSSL_JOBTYPE jobType;
+
+    XMEMSET(&jobIO, 0, sizeof(WOLFSSL_JOBIO));
+    jobIO.inputPtr    = data;
+    jobIO.inputLength = dataSz;
+    jobIO.outputPtr   = out;
+    jobIO.outputLengthPtr = outSz;
+    jobIO.mode  = mode;
+
+    jobType.jobId = id;
+    jobType.jobState = CRYPTO_JOBSTATE_IDLE;
+    jobType.jobPrimitiveInputOutput = jobIO;
+    jobType.jobPrimitiveInfo = jobInfo;
+    jobType.jobInfo = jobInfoType;
+    jobType.jobRedirectionInfoRef = &redirect;
+
+    return CryIf_ProcessJob(id, &jobType);
+}
+
+
+/* returns E_OK on success */
+static Std_ReturnType Csm_CBC_Operation(uint32 id, Crypto_OperationModeType mode,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz,
+        Crypto_ServiceInfoType service)
+{
+    Crypto_JobInfoType jobInfoType;
+    Crypto_PrimitiveInfoType pInfo;
+    Crypto_JobPrimitiveInfoType jobInfo;
+
+    Crypto_AlgorithmInfoType algorithm = {
+        CRYPTO_ALGOFAM_AES,
+        CRYPTO_ALGOFAM_NOT_SET,
+        16, /* 128 bit key length */
+        CRYPTO_ALGOMODE_CBC
+    };
+
+    jobInfoType.jobId = id;
+    jobInfoType.jobPriority = 0;
+
+    pInfo.resultLength = 16; /* 128 bit key length */
+    pInfo.service = service;
+    pInfo.algorithm = algorithm;
+
+    jobInfo.callbackId = 0;
+    jobInfo.primitiveInfo = &pInfo;
+    jobInfo.cryIfKeyId = 0;
+    jobInfo.processingType = CRYPTO_PROCESSING_SYNC;
+    jobInfo.callbackUpdateNotification = FALSE;
+
+    return CreateAndRunJobType(id, &jobInfo, &jobInfoType,
+                data, dataSz, out, outSz, mode);
+}
+
+
+/* single shot encrypt
+ * returns E_OK on success */
+Std_ReturnType Csm_Encrypt(uint32 id, Crypto_OperationModeType mode,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz)
+{
+    WOLFSSL_ENTER("Csm_Encrypt");
+    return Csm_CBC_Operation(id, mode, data, dataSz, out, outSz,CRYPTO_ENCRYPT);
+}
+
+
+/* single shot decrypt
+ * returns E_OK on success */
+Std_ReturnType Csm_Decrypt(uint32 id, Crypto_OperationModeType mode,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz)
+{
+    WOLFSSL_ENTER("Csm_Decrypt");
+    return Csm_CBC_Operation(id, mode, data, dataSz, out, outSz,CRYPTO_DECRYPT);
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType Csm_RandomGenerate(uint32 id, uint8* out, uint32* outSz)
+{
+    Crypto_JobInfoType jobInfoType;
+    Crypto_PrimitiveInfoType pInfo;
+    Crypto_JobPrimitiveInfoType jobInfo;
+
+    Crypto_AlgorithmInfoType algorithm = {
+        CRYPTO_ALGOFAM_DRBG,
+        CRYPTO_ALGOFAM_NOT_SET,
+        0, /* key length */
+        CRYPTO_ALGOMODE_NOT_SET
+    };
+
+    jobInfoType.jobId = id;
+    jobInfoType.jobPriority = 0;
+
+    pInfo.resultLength = 0;
+    pInfo.service = CRYPTO_RANDOMGENERATE;
+    pInfo.algorithm = algorithm;
+
+    jobInfo.callbackId = 0;
+    jobInfo.primitiveInfo = &pInfo;
+    jobInfo.cryIfKeyId = 0;
+    jobInfo.processingType = CRYPTO_PROCESSING_SYNC;
+    jobInfo.callbackUpdateNotification = FALSE;
+
+    return CreateAndRunJobType(id, &jobInfo, &jobInfoType,
+                NULL, 0, out, outSz, CRYPTO_OPERATIONMODE_SINGLECALL);
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 eId,
+        const uint8* key, uint32 keySz)
+{
+    return CryIf_KeyElementSet(keyId, eId, key, keySz);
+}
+
+#endif /* NO_WOLFSSL_AUTOSAR_CSM */
+#endif /* WOLFSSL_AUTOSAR */
+
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/include.am b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/include.am
new file mode 100644
index 00000000..fe13f7dd
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/include.am
@@ -0,0 +1,23 @@
+
+EXTRA_DIST += wolfcrypt/src/port/autosar/csm.c \
+              wolfcrypt/src/port/autosar/crypto.c \
+              wolfcrypt/src/port/autosar/cryif.c \
+              wolfcrypt/src/port/autosar/README.md \
+              wolfcrypt/src/port/autosar/test.c
+
+if BUILD_AUTOSAR
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/autosar/csm.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/autosar/crypto.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/autosar/cryif.c
+
+if BUILD_TESTS
+check_PROGRAMS += wolfcrypt/src/port/autosar/test.test
+noinst_PROGRAMS += wolfcrypt/src/port/autosar/test.test
+
+wolfcrypt_src_port_autosar_test_test_SOURCES = \
+                        wolfcrypt/src/port/autosar/test.c
+wolfcrypt_src_port_autosar_test_test_LDADD = \
+                        src/libwolfssl.la $(LIB_STATIC_ADD)
+wolfcrypt_src_port_autosar_test_test_DEPENDENCIES = src/libwolfssl.la
+endif
+endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c
new file mode 100644
index 00000000..4c311f18
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c
@@ -0,0 +1,430 @@
+/* test.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#define BLOCK_SIZE 16
+
+static int singleshot_test(void)
+{
+    Std_ReturnType ret;
+
+    uint8 cipher[BLOCK_SIZE * 2];
+    uint8 plain[BLOCK_SIZE * 2];
+
+    uint32 cipherSz = 0;
+    uint32 plainSz  = 0;
+    const uint8 msg[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
+    };
+    const uint8 verify[] =
+    {
+        0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
+        0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
+    };
+    const uint8 key[] = "0123456789abcdef   ";
+    const uint8 iv[]  = "1234567890abcdef   ";
+
+    XMEMSET(cipher, 0, BLOCK_SIZE);
+    XMEMSET(plain, 0, BLOCK_SIZE);
+
+    /* set key that will be used for encryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(1U, CRYPTO_OPERATIONMODE_SINGLECALL, msg, BLOCK_SIZE,
+        cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(cipher, verify, BLOCK_SIZE) != 0) {
+        printf("Error with cipher data\n");
+        return -1;
+    }
+
+    /* set key that will be used for decryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* decrypt data using AES CBC */
+    ret = Csm_Decrypt(2U, CRYPTO_OPERATIONMODE_SINGLECALL, cipher, BLOCK_SIZE,
+        plain, &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(msg, plain, BLOCK_SIZE) != 0) {
+        printf("Error with plain data\n");
+        return -1;
+    }
+
+    return 0;
+}
+
+
+static int update_test(void)
+{
+    Std_ReturnType ret;
+
+    uint8 cipher[BLOCK_SIZE * 3];
+    uint8 plain[BLOCK_SIZE * 3];
+
+    uint32 cipherSz = 0;
+    uint32 plainSz  = 0;
+    const uint8 msg[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
+    };
+    const uint8 key[] = "0123456789abcdef   ";
+    const uint8 iv[]  = "1234567890abcdef   ";
+
+    XMEMSET(cipher, 0, BLOCK_SIZE);
+    XMEMSET(plain, 0, BLOCK_SIZE);
+
+    /* set key that will be used for encryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(1U,
+            CRYPTO_OPERATIONMODE_START | CRYPTO_OPERATIONMODE_UPDATE,
+            msg, BLOCK_SIZE, cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Encrypt(1U, CRYPTO_OPERATIONMODE_UPDATE, msg, BLOCK_SIZE,
+            cipher + BLOCK_SIZE, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Encrypt(1U,
+            CRYPTO_OPERATIONMODE_UPDATE | CRYPTO_OPERATIONMODE_FINISH,
+            msg, BLOCK_SIZE, cipher + (BLOCK_SIZE * 2), &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    /* set key that will be used for decryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* decrypt data using AES CBC */
+    ret = Csm_Decrypt(2U,
+            CRYPTO_OPERATIONMODE_START | CRYPTO_OPERATIONMODE_UPDATE,
+            cipher, BLOCK_SIZE, plain, &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Decrypt(2U, CRYPTO_OPERATIONMODE_UPDATE, cipher + BLOCK_SIZE,
+            BLOCK_SIZE, plain + BLOCK_SIZE, &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Decrypt(2U,
+            CRYPTO_OPERATIONMODE_UPDATE | CRYPTO_OPERATIONMODE_FINISH,
+            cipher + (BLOCK_SIZE * 2), BLOCK_SIZE,
+            plain + (BLOCK_SIZE * 2), &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(msg, plain, BLOCK_SIZE) != 0 ||
+        XMEMCMP(msg, plain + BLOCK_SIZE, BLOCK_SIZE) != 0 ||
+        XMEMCMP(msg, plain + (BLOCK_SIZE * 2), BLOCK_SIZE) != 0) {
+        printf("Error with plain data\n");
+        return -1;
+    }
+
+    return 0;
+}
+
+
+static int random_test(void)
+{
+    Std_ReturnType ret;
+
+    int i;
+    uint8 j;
+    uint8 data[BLOCK_SIZE * 3];
+    uint32 dataSz;
+    XMEMSET(data, 0, BLOCK_SIZE * 3);
+
+    /* make three calls, filling up data buffer */
+    for (i = 0; i < 3; i++) {
+        dataSz = BLOCK_SIZE;
+        ret = Csm_RandomGenerate(0U, data + (i * BLOCK_SIZE), &dataSz);
+        if (ret != E_OK) {
+            printf("Issue with getting random data block");
+            return -1;
+        }
+
+        if (dataSz != BLOCK_SIZE) {
+            printf("Did not get full block of random data");
+            return -1;
+        }
+    }
+
+    /* simple test that is not all 0's still after random generate */
+    j = 0;
+    dataSz = sizeof(data);
+    for (i = 0; i < (int)dataSz; i++) {
+        j |= data[i];
+    }
+    if (j == 0) {
+        printf("call to random generate produced all 0's");
+        return -1;
+    }
+
+    /* fill full data buffer all at once */
+    dataSz = sizeof(data);
+    ret = Csm_RandomGenerate(0U, data, &dataSz);
+    if (ret != E_OK) {
+        printf("Issue with getting random data block");
+        return -1;
+    }
+
+    if (dataSz != sizeof(data)) {
+        printf("Did not get full block of random data");
+        return -1;
+    }
+    return 0;
+}
+
+
+#ifndef MAX_KEYSTORE
+    /* default max key slots from crypto.c */
+    #define MAX_KEYSTORE 15
+#endif
+static int key_test(void)
+{
+    Std_ReturnType ret;
+
+    uint8 i;
+    uint8 max = MAX_KEYSTORE;
+    uint8 data[BLOCK_SIZE];
+    uint32 dataSz;
+    XMEMSET(data, 0, BLOCK_SIZE);
+
+    for (i = 0; i < max; i++) {
+        dataSz = BLOCK_SIZE;
+        ret = Csm_RandomGenerate(0U, data, &dataSz);
+        if (ret != E_OK) {
+            printf("Issue with getting random data block for key");
+            return -1;
+        }
+
+        if (dataSz != BLOCK_SIZE) {
+            printf("Did not get full block of random data");
+            return -1;
+        }
+
+        ret = Csm_KeyElementSet(i, CRYPTO_KE_CIPHER_KEY, data, BLOCK_SIZE);
+        if (ret != E_OK) {
+            printf("Issue with setting key id %d", i);
+            return -1;
+        }
+    }
+
+    /* try creating one more key for fail case */
+    ret = Csm_KeyElementSet(i, CRYPTO_KE_CIPHER_KEY, data, BLOCK_SIZE);
+    if (ret == E_OK) {
+        printf("Created more keys than should be possible");
+        return -1;
+    }
+
+    return 0;
+}
+
+#ifdef REDIRECTION_CONFIG
+static int redirect_test()
+{
+    Std_ReturnType ret;
+
+    uint8 cipher[BLOCK_SIZE * 2];
+    uint32 cipherSz = 0;
+    const uint8 msg[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
+    };
+    const uint8 verify[] =
+    {
+        0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
+        0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
+    };
+    const uint8 key[] = "0123456789abcdef   ";  /* align */
+    const uint8 iv[]  = "1234567890abcdef   ";  /* align */
+    unsigned int i;
+
+    XMEMSET(cipher, 0, BLOCK_SIZE);
+
+    /* fill keystore with bad keys */
+    for (i = 0; i < MAX_KEYSTORE; i++) {
+        ret = Csm_KeyElementSet(i, CRYPTO_KE_CIPHER_KEY, verify, BLOCK_SIZE);
+        if (ret != E_OK) {
+            printf("Issue with setting key");
+            return -1;
+        }
+    }
+
+    /* set specific key that will be used for encryption */
+    ret = Csm_KeyElementSet(REDIRECTION_IN1_KEYID, REDIRECTION_IN1_KEYELMID,
+            key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(REDIRECTION_IN2_KEYID, REDIRECTION_IN2_KEYELMID,
+            iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(0U, CRYPTO_OPERATIONMODE_SINGLECALL, msg, BLOCK_SIZE,
+        cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(cipher, verify, BLOCK_SIZE) != 0) {
+        printf("Error with cipher data ");
+        return -1;
+    }
+
+    /* now set bad key to be used for encryption */
+    ret = Csm_KeyElementSet(REDIRECTION_IN1_KEYID, REDIRECTION_IN1_KEYELMID,
+            verify, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key ");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(0U, CRYPTO_OPERATIONMODE_SINGLECALL, msg, BLOCK_SIZE,
+        cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg ");
+        return -1;
+    }
+
+    if (XMEMCMP(cipher, verify, BLOCK_SIZE) == 0) {
+        printf("Error with cipher data ");
+        return -1;
+    }
+
+    return 0;
+}
+#endif /* REDIRECTION_CONFIG */
+
+/* takes in test function test() and name of test
+ * returns 1 if test failed and 0 if passed */
+static int run_test(int(test)(void), const char* name)
+{
+    printf("%s", name);
+    if (test() != 0) {
+        printf("fail\n");
+        return 1;
+    }
+    else {
+        printf("pass\n");
+    }
+    return 0;
+}
+
+
+/* AES block size */
+int main(int argc, char* argv[])
+{
+    int ret = 0;
+    (void)argv;
+    (void)argc;
+
+    wolfSSL_Debugging_ON();
+    Csm_Init(NULL);
+
+    ret |= run_test(singleshot_test, "singleshot_test ... ");
+    ret |= run_test(update_test, "update_test ... ");
+    ret |= run_test(random_test, "random_test ... ");
+    ret |= run_test(key_test, "key_test ... ");
+#ifdef REDIRECTION_CONFIG
+    ret |= run_test(redirect_test, "redirect_test ... ");
+#endif /* REDIRECTION_CONFIG */
+    return ret;
+}
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c
index 8a3af53d..8a7ec2e6 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c
@@ -749,43 +749,37 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
     int ret;
     char *resp;
     uint16_t hash_algo = 0;
-    int len;
+    int hash_len;
     uint16_t hash_algo_be = 0;
 
     WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
-     switch (digest) {
-        #ifndef NO_SHA256
+    switch (digest) {
+#ifndef NO_SHA256
         case WC_SHA256:
-        hash_algo = (uint16_t)1;
-        if (ikmLen == 0) {
-            len = WC_SHA256_DIGEST_SIZE;
-        }
+            hash_algo = (uint16_t)1;
+            hash_len = WC_SHA256_DIGEST_SIZE;
             break;
-        #endif
-        #ifdef WOLFSSL_SHA384
+#endif
+#ifdef WOLFSSL_SHA384
         case WC_SHA384:
-        hash_algo = (uint16_t)2;
-        if (ikmLen == 0) {
-            len = WC_SHA384_DIGEST_SIZE;
-        }
+            hash_algo = (uint16_t)2;
+            hash_len = WC_SHA384_DIGEST_SIZE;
             break;
-        #endif
-        #ifdef WOLFSSL_TLS13_SHA512
+#endif
+#ifdef WOLFSSL_SHA512
         case WC_SHA512:
-        hash_algo = (uint16_t)4;
-        if (ikmLen == 0) {
-            len = WC_SHA512_DIGEST_SIZE;
-        }
+            hash_algo = (uint16_t)4;
+            hash_len = WC_SHA512_DIGEST_SIZE;
             break;
-        #endif
+#endif
         default:
             return BAD_FUNC_ARG;
             break;
-     }
+    }
 
     if (ikmLen == 0) {
-        ikmLen = len;
-        XMEMSET(ikm, 0, len);
+        ikmLen = hash_len;
+        XMEMSET(ikm, 0, hash_len);
     }
 
 #ifdef DEBUG_IOTSAFE
@@ -812,14 +806,12 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
         WOLFSSL_MSG("Unexpected reply from HKDF extract");
         ret = WC_HW_E;
     } else {
-
-         ret = hexbuffer_conv(resp, prk, 32);
+        ret = hexbuffer_conv(resp, prk, hash_len);
         if (ret < 0)
             ret = WC_HW_E;
         else
             ret = 0;
     }
-
     return ret;
 }
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c
new file mode 100644
index 00000000..f04cab02
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c
@@ -0,0 +1,132 @@
+/* liboqs.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+
+DESCRIPTION
+This library provides the support interfaces to the liboqs library providing
+implementations for Post-Quantum cryptography algorithms.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+
+#if defined(HAVE_LIBOQS)
+
+/* RNG for liboqs */
+static WC_RNG liboqsDefaultRNG;
+static WC_RNG* liboqsCurrentRNG;
+
+static wolfSSL_Mutex liboqsRNGMutex;
+
+static int liboqs_init = 0;
+
+
+static void wolfSSL_liboqsGetRandomData(uint8_t* buffer, size_t numOfBytes)
+{
+    int ret;
+    word32 numOfBytes_word32;
+
+    while (numOfBytes > 0) {
+        numOfBytes_word32 = (word32)numOfBytes;
+        numOfBytes -= numOfBytes_word32;
+        ret = wc_RNG_GenerateBlock(liboqsCurrentRNG, buffer,
+                                   numOfBytes_word32);
+        if (ret != 0) {
+            /* ToDo: liboqs exits programm if RNG fails,
+             * not sure what to do here
+             */
+            WOLFSSL_MSG_EX(
+                "wc_RNG_GenerateBlock(..., %u) failed with ret %d "
+                "in wolfSSL_liboqsGetRandomData().", numOfBytes_word32, ret
+                );
+            abort();
+        }
+    }
+}
+
+int wolfSSL_liboqsInit(void)
+{
+    int ret = 0;
+
+    if (liboqs_init == 0) {
+        ret = wc_InitMutex(&liboqsRNGMutex);
+        if (ret != 0) {
+            return ret;
+        }
+        ret = wc_LockMutex(&liboqsRNGMutex);
+        if (ret != 0) {
+            return ret;
+        }
+        ret = wc_InitRng(&liboqsDefaultRNG);
+        if (ret == 0) {
+            OQS_init();
+            liboqs_init = 1;
+        }
+        liboqsCurrentRNG = &liboqsDefaultRNG;
+        wc_UnLockMutex(&liboqsRNGMutex);
+
+        OQS_randombytes_custom_algorithm(wolfSSL_liboqsGetRandomData);
+    }
+
+    return ret;
+}
+
+void wolfSSL_liboqsClose(void)
+{
+    wc_FreeRng(&liboqsDefaultRNG);
+}
+
+int wolfSSL_liboqsRngMutexLock(WC_RNG* rng)
+{
+    int ret = wolfSSL_liboqsInit();
+    if (ret == 0) {
+        ret = wc_LockMutex(&liboqsRNGMutex);
+    }
+    if (ret == 0 && rng != NULL) {
+        /* Update the pointer with the RNG to use. This is safe as we locked the mutex */
+        liboqsCurrentRNG = rng;
+    }
+    return ret;
+}
+
+int wolfSSL_liboqsRngMutexUnlock(void)
+{
+    int ret = BAD_MUTEX_E;
+
+    liboqsCurrentRNG = &liboqsDefaultRNG;
+
+    if (liboqs_init) {
+        ret = wc_UnLockMutex(&liboqsRNGMutex);
+    }
+    return ret;
+}
+
+#endif /* HAVE_LIBOQS */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c
index 04d6c475..83497af2 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c
@@ -595,7 +595,7 @@ static int stm32_getabs_from_mp_int(uint8_t *dst, const mp_int *a, int sz,
     #else
         *abs_sign = 1; /* default to negative */
     #endif
-        res = mp_abs(a, &x);
+        res = mp_abs((mp_int*)a, &x);
         if (res == MP_OKAY)
             res = stm32_get_from_mp_int(dst, &x, sz);
         mp_clear(&x);
@@ -638,10 +638,43 @@ static int stm32_get_from_hexstr(const char* hex, uint8_t* dst, int sz)
     return stm32_getabs_from_hexstr(hex, dst, sz, NULL);
 }
 
-
 /* STM32 PKA supports up to 640-bit numbers */
 #define STM32_MAX_ECC_SIZE (80)
 
+#ifdef WOLFSSL_STM32_PKA_V2
+/* find curve based on prime/modulus and return order/coefB */
+static int stm32_get_curve_params(mp_int* modulus,
+    uint8_t* order, uint8_t* coefB)
+{
+    int res, i, found = 0;
+    mp_int modulusChk;
+    res = mp_init(&modulusChk);
+    if (res != MP_OKAY)
+        return res;
+    for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) {
+        const ecc_set_type* curve = &ecc_sets[i];
+        /* match based on curve prime */
+        if ((res = mp_read_radix(&modulusChk, curve->prime, MP_RADIX_HEX)) ==
+                MP_OKAY && (mp_cmp(modulus, &modulusChk) == MP_EQ))
+        {
+            found = 1;
+            if (order) {
+                res = stm32_get_from_hexstr(curve->order, order, curve->size);
+            }
+            if (coefB) {
+                res = stm32_get_from_hexstr(curve->Bf, coefB, curve->size);
+            }
+            break;
+        }
+    }
+    mp_clear(&modulusChk);
+    if (!found && res == MP_OKAY) {
+        res = MP_RANGE;
+    }
+    return res;
+}
+#endif /* WOLFSSL_STM32_PKA_V2 */
+
 
 /**
    Perform a point multiplication  (timing resistant)
@@ -706,8 +739,19 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
 #ifdef WOLFSSL_STM32_PKA_V2
     XMEMSET(order, 0, sizeof(order));
     XMEMSET(coefB, 0, sizeof(coefB));
-    if (res == MP_OKAY && o != NULL)
-        res = stm32_get_from_mp_int(order, o, szModulus);
+    if (res == MP_OKAY) {
+        if (o != NULL) {
+            /* use provided order and get coefB */
+            res = stm32_get_from_mp_int(order, o, szModulus);
+            if (res == MP_OKAY) {
+                res = stm32_get_curve_params(modulus, NULL, coefB);
+            }
+        }
+        else {
+            /* get order and coefB for matching prime */
+            res = stm32_get_curve_params(modulus, order, coefB);
+        }
+    }
 #endif
     if (res != MP_OKAY)
         return res;
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c
index 28a898ae..18feb969 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c
@@ -26,10 +26,8 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#ifndef NO_AES
+#if !defined(NO_AES) && defined(WOLFSSL_TI_CRYPT)
 
-
-#if defined(WOLFSSL_TI_CRYPT)
 #include <stdbool.h>
 #include <stdint.h>
 
@@ -37,6 +35,13 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
 
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
 #include "inc/hw_aes.h"
 #include "inc/hw_memmap.h"
 #include "inc/hw_ints.h"
@@ -45,7 +50,14 @@
 #include "driverlib/rom_map.h"
 #include "driverlib/rom.h"
 
-static int  AesSetIV(Aes* aes, const byte* iv)
+#define AES_CFG_MODE_CTR_NOCTR (AES_CFG_MODE_CTR + 100)
+#define IS_ALIGN16(p) (((unsigned int)(p) & 0xf) == 0)
+#define ROUNDUP_16(n) ((n+15) & 0xfffffff0)
+#ifndef TI_BUFFSIZE
+#define TI_BUFFSIZE 1024
+#endif
+
+static int AesSetIV(Aes* aes, const byte* iv)
 {
     if (aes == NULL)
         return BAD_FUNC_ARG;
@@ -58,196 +70,253 @@ static int  AesSetIV(Aes* aes, const byte* iv)
     return 0;
 }
 
-WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
-                          int dir)
+int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir)
 {
-    if(!wolfSSL_TI_CCMInit())return 1 ;
-    if ((aes == NULL) || (key == NULL) || (iv == NULL))
+    if (!wolfSSL_TI_CCMInit())
+        return 1;
+    if ((aes == NULL) || (key == NULL))
         return BAD_FUNC_ARG;
-    if(!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
+    if (!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
         return BAD_FUNC_ARG;
 
-    switch(len) {
-    case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT ; break ;
-    case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT ; break ;
-    case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT ; break ;
-    default: return BAD_FUNC_ARG;
+    switch (len) {
+    #ifdef WOLFSSL_AES_128
+        case 16:
+            break;
+    #endif
+    #ifdef WOLFSSL_AES_192
+        case 24:
+            break;
+    #endif
+    #ifdef WOLFSSL_AES_256
+        case 32:
+            break;
+    #endif
+        default:
+            return BAD_FUNC_ARG;
     }
+    aes->keylen = len;
+    aes->rounds = len / 4 + 6;
 
-    XMEMCPY(aes->key, key, len) ;
-    #ifdef WOLFSSL_AES_COUNTER
+    XMEMCPY(aes->key, key, len);
+#ifdef WOLFSSL_AES_COUNTER
     aes->left = 0;
-    #endif /* WOLFSSL_AES_COUNTER */
+#endif
     return AesSetIV(aes, iv);
 }
 
-#define AES_CFG_MODE_CTR_NOCTR AES_CFG_MODE_CTR+100
-#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
+int wc_AesGetKeySize(Aes* aes, word32* keySize)
+{
+    int ret = 0;
+
+    if (aes == NULL || keySize == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    switch (aes->rounds) {
+#ifdef WOLFSSL_AES_128
+    case 10:
+        *keySize = 16;
+        break;
+#endif
+#ifdef WOLFSSL_AES_192
+    case 12:
+        *keySize = 24;
+        break;
+#endif
+#ifdef WOLFSSL_AES_256
+    case 14:
+        *keySize = 32;
+        break;
+#endif
+    default:
+        *keySize = 0;
+        ret = BAD_FUNC_ARG;
+    }
+
+    return ret;
+}
 
-static int  AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz,
+    word32 dir, word32 mode)
 {
-    wolfSSL_TI_lockCCM() ;
+    /* Processed aligned chunk to HW AES */
+    wolfSSL_TI_lockCCM();
     ROM_AESReset(AES_BASE);
-    ROM_AESConfigSet(AES_BASE, (aes->keylen | dir |
-                     (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
+    ROM_AESConfigSet(AES_BASE, (aes->keylen-8 | dir |
+        (mode == AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
     ROM_AESIVSet(AES_BASE, (uint32_t *)aes->reg);
-    ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen);
-    if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
+    ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen-8);
+    if (dir == AES_CFG_DIR_DECRYPT && mode == AES_CFG_MODE_CBC) {
         /* if input and output same will overwrite input iv */
         XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    }
     ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
-    wolfSSL_TI_unlockCCM() ;
+    wolfSSL_TI_unlockCCM();
 
     /* store iv for next call */
-    if(mode == AES_CFG_MODE_CBC){
-        if(dir == AES_CFG_DIR_ENCRYPT)
+    if (mode == AES_CFG_MODE_CBC) {
+        if (dir == AES_CFG_DIR_ENCRYPT)
             XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
         else
             XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
     }
 
-    if(mode == AES_CFG_MODE_CTR) {
+    if (mode == AES_CFG_MODE_CTR) {
         do {
-            int i ;
+            int i;
             for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
-                 if (++((byte *)aes->reg)[i])
-                     break ;
+                 if (++((byte*)aes->reg)[i])
+                     break;
             }
-            sz -= AES_BLOCK_SIZE ;
-        } while((int)sz > 0) ;
+            sz -= AES_BLOCK_SIZE;
+        } while ((int)sz > 0);
     }
 
-    return 0 ;
+    return true;
 }
 
-static int  AesProcess(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+static int AesProcess(Aes* aes, byte* out, const byte* in, word32 sz,
+    word32 dir, word32 mode)
 {
-    const byte * in_p ; byte * out_p ;
-    word32 size ;
-    #define TI_BUFFSIZE 1024
-    byte buff[TI_BUFFSIZE] ;
+    const byte *in_p; byte *out_p;
+    word32 size;
+    byte buff[TI_BUFFSIZE];
 
     if ((aes == NULL) || (in == NULL) || (out == NULL))
         return BAD_FUNC_ARG;
-    if(sz % AES_BLOCK_SIZE)
+    if (sz % AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
-    while(sz > 0) {
-        size = sz ; in_p = in ; out_p = out ;
-        if(!IS_ALIGN16(in)){
-            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
-            XMEMCPY(buff, in, size) ;
-            in_p = (const byte *)buff ;
+    while (sz > 0) {
+        size = sz; in_p = in; out_p = out;
+        if (!IS_ALIGN16(in)) {
+            size = sz > TI_BUFFSIZE ? TI_BUFFSIZE : sz;
+            XMEMCPY(buff, in, size);
+            in_p = (const byte*)buff;
         }
-        if(!IS_ALIGN16(out)){
-            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
-            out_p = buff ;
+        if (!IS_ALIGN16(out)) {
+            size = sz > TI_BUFFSIZE ? TI_BUFFSIZE : sz;
+            out_p = buff;
         }
 
-        AesAlign16(aes, out_p, in_p, size, dir, mode) ;
+        AesAlign16(aes, out_p, in_p, size, dir, mode);
 
-        if(!IS_ALIGN16(out)){
-            XMEMCPY(out, buff, size) ;
+        if (!IS_ALIGN16(out)) {
+            XMEMCPY(out, buff, size);
         }
-        sz -= size ; in += size ; out += size ;
+        sz -= size; in += size; out += size;
     }
 
-    return 0 ;
+    return 0;
 }
 
-WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC);
 }
 
-WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC);
 }
 
 #ifdef WOLFSSL_AES_COUNTER
-WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-{
-            char out_block[AES_BLOCK_SIZE] ;
-            int odd ;
-            int even ;
-            char *tmp ; /* (char *)aes->tmp, for short */
-            int ret;
-
-            tmp = (char *)aes->tmp ;
-            if(aes->left) {
-                if((aes->left + sz) >= AES_BLOCK_SIZE){
-                    odd = AES_BLOCK_SIZE - aes->left ;
-                } else {
-                    odd = sz ;
-                }
-                XMEMCPY(tmp+aes->left, in, odd) ;
-                if((odd+aes->left) == AES_BLOCK_SIZE){
-                    ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
-                             AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ;
-                    if (ret != 0)
-                        return ret;
-                    XMEMCPY(out, out_block+aes->left, odd) ;
-                    aes->left = 0 ;
-                    XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
-                }
-                in += odd ;
-                out+= odd ;
-                sz -= odd ;
-            }
-            odd = sz % AES_BLOCK_SIZE ;  /* if there is tail flagment */
-            if(sz / AES_BLOCK_SIZE) {
-                even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
-                ret = AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
-                if (ret != 0)
-                    return ret;
-                out += even ;
-                in  += even ;
-            }
-            if(odd) {
-                XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
-                XMEMCPY(tmp+aes->left, in, odd) ;
-                ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
-                           AES_CFG_DIR_ENCRYPT,
-                           AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
-                           );
-                if (ret != 0)
-                    return ret;
-                XMEMCPY(out, out_block+aes->left,odd) ;
-                aes->left += odd ;
-            }
-            return 0;
+int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    char out_block[AES_BLOCK_SIZE];
+    int odd;
+    int even;
+    char *tmp; /* (char *)aes->tmp, for short */
+    int ret;
+
+    tmp = (char *)aes->tmp;
+    if (aes->left) {
+        if ((aes->left + sz) >= AES_BLOCK_SIZE) {
+            odd = AES_BLOCK_SIZE - aes->left;
+        } else {
+            odd = sz;
+        }
+        XMEMCPY(tmp+aes->left, in, odd);
+        if ((odd+aes->left) == AES_BLOCK_SIZE) {
+            ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+                        AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
+            if (ret != 0)
+                return ret;
+            XMEMCPY(out, out_block+aes->left, odd);
+            aes->left = 0;
+            XMEMSET(tmp, 0x0, AES_BLOCK_SIZE);
+        }
+        in += odd;
+        out+= odd;
+        sz -= odd;
+    }
+    odd = sz % AES_BLOCK_SIZE;  /* if there is tail fragment */
+    if (sz / AES_BLOCK_SIZE) {
+        even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE;
+        ret = AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
+        if (ret != 0)
+            return ret;
+        out += even;
+        in  += even;
+    }
+    if (odd) {
+        XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left);
+        XMEMCPY(tmp+aes->left, in, odd);
+        ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+                    AES_CFG_DIR_ENCRYPT,
+                    AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
+                    );
+        if (ret != 0)
+            return ret;
+        XMEMCPY(out, out_block+aes->left,odd);
+        aes->left += odd;
+    }
+    return 0;
 }
-#endif
+#endif /* WOLFSSL_AES_COUNTER */
 
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)
-WOLFSSL_API int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT,
+        AES_CFG_MODE_CBC);
 }
-WOLFSSL_API int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT,
+        AES_CFG_MODE_CBC);
 }
-WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
-                                     const byte* iv, int dir)
+int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, const byte* iv,
+    int dir)
 {
-    return(wc_AesSetKey(aes, key, len, iv, dir)) ;
+    return wc_AesSetKey(aes, key, len, iv, dir);
 }
-#endif
+#endif /* WOLFSSL_AES_DIRECT */
 
 
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
 
-static int  AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
+#ifndef NO_RNG
+static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
+{
+    int i;
+    for (i = (int)ctrSz - 1; i >= 0; i--) {
+        if (++ctr[i])
+            break;
+    }
+}
+#endif
+
+static int AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
 {
     byte nonce[AES_BLOCK_SIZE];
 
     if ((aes == NULL) || (key == NULL))
-        return BAD_FUNC_ARG ;
+        return BAD_FUNC_ARG;
     if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
-        return BAD_FUNC_ARG ;
+        return BAD_FUNC_ARG;
 
     XMEMSET(nonce, 0, sizeof(nonce));
     return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
@@ -255,166 +324,231 @@ static int  AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
 
 
 static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz, word32 *M,  word32 *L)
+    const byte* nonce, word32 nonceSz,
+    const byte* authTag, word32 authTagSz,
+    word32 *M, word32 *L)
 {
-    (void) authInSz ;
-    if((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
+    if (aes == NULL || nonce == NULL || authTag == NULL)
         return BAD_FUNC_ARG;
-    if((inSz != 0) && ((out == NULL)||(in == NULL)))
+    if (inSz != 0 && (out == NULL || in == NULL))
         return BAD_FUNC_ARG;
 
-    switch(authTagSz){
-    case  4:
-        *M = AES_CFG_CCM_M_4; break ;
+    switch (authTagSz) {
+    case 4:
+        *M = AES_CFG_CCM_M_4; break;
     case 6:
-        *M = AES_CFG_CCM_M_6; break ;
+        *M = AES_CFG_CCM_M_6; break;
     case 8:
-        *M = AES_CFG_CCM_M_8; break ;
+        *M = AES_CFG_CCM_M_8; break;
     case 10:
-        *M = AES_CFG_CCM_M_10; break ;
+        *M = AES_CFG_CCM_M_10; break;
     case 12:
-        *M = AES_CFG_CCM_M_12; break ;
+        *M = AES_CFG_CCM_M_12; break;
     case 14:
-        *M = AES_CFG_CCM_M_14; break ;
+        *M = AES_CFG_CCM_M_14; break;
     case 16:
-        *M = AES_CFG_CCM_M_16; break ;
+        *M = AES_CFG_CCM_M_16; break;
     default:
-        return 1 ;
+        return 1;
     }
 
-    switch(nonceSz){
+    switch (nonceSz) {
     case 7:
-        *L = AES_CFG_CCM_L_8; break ;
+        *L = AES_CFG_CCM_L_8; break;
     case 8:
-        *L = AES_CFG_CCM_L_7; break ;
+        *L = AES_CFG_CCM_L_7; break;
     case 9:
-        *L = AES_CFG_CCM_L_6; break ;
+        *L = AES_CFG_CCM_L_6; break;
     case  10:
-        *L = AES_CFG_CCM_L_5; break ;
+        *L = AES_CFG_CCM_L_5; break;
     case 11:
-        *L = AES_CFG_CCM_L_4; break ;
+        *L = AES_CFG_CCM_L_4; break;
     case 12:
-        *L = AES_CFG_CCM_L_3; break ;
+        *L = AES_CFG_CCM_L_3; break;
     case 13:
-        *L = AES_CFG_CCM_L_2; break ;
+        *L = AES_CFG_CCM_L_2; break;
     case 14:
-        *L = AES_CFG_CCM_L_1; break ;
+        *L = AES_CFG_CCM_L_1; break;
     default:
         return 1;
     }
-    return 0 ;
-}
-
-static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, int mode) {
-
-  if(mode == AES_CFG_MODE_CCM){
-    XMEMSET(aes->reg, 0, 16) ;
-    switch(L){
-    case AES_CFG_CCM_L_8:
-      aes->reg[0] = 0x7; break ;
-    case AES_CFG_CCM_L_7:
-      aes->reg[0] = 0x6; break ;
-    case AES_CFG_CCM_L_6:
-      aes->reg[0] = 0x5; break ;
-    case AES_CFG_CCM_L_5:
-      aes->reg[0] = 0x4; break ;
-    case AES_CFG_CCM_L_4:
-      aes->reg[0] = 0x3; break ;
-    case AES_CFG_CCM_L_3:
-      aes->reg[0] = 0x2; break ;
-    case AES_CFG_CCM_L_2:
-      aes->reg[0] = 0x1; break ;
-    case AES_CFG_CCM_L_1:
-      aes->reg[0] = 0x0; break ;
-    }
-    XMEMCPY(((byte *)aes->reg)+1, nonce, len) ;
-  } else {
-    byte *b = (byte *)aes->reg ;
-    XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
-    XMEMCPY(aes->reg, nonce, len);
-    b[AES_BLOCK_SIZE-4] = 0 ;
-    b[AES_BLOCK_SIZE-3] = 0 ;
-    b[AES_BLOCK_SIZE-2] = 0 ;
-    b[AES_BLOCK_SIZE-1] = 1 ;
-  }
-}
-
-#define RoundUp16(n) ((n+15)&0xfffffff0)
-#define FREE_ALL \
-    if(in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return 0;
+}
+
+static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L,
+    int mode)
+{
+    if (mode == AES_CFG_MODE_CCM) {
+        XMEMSET(aes->reg, 0, 16);
+        switch (L) {
+        case AES_CFG_CCM_L_8:
+            aes->reg[0] = 0x7; break;
+        case AES_CFG_CCM_L_7:
+            aes->reg[0] = 0x6; break;
+        case AES_CFG_CCM_L_6:
+            aes->reg[0] = 0x5; break;
+        case AES_CFG_CCM_L_5:
+            aes->reg[0] = 0x4; break;
+        case AES_CFG_CCM_L_4:
+            aes->reg[0] = 0x3; break;
+        case AES_CFG_CCM_L_3:
+            aes->reg[0] = 0x2; break;
+        case AES_CFG_CCM_L_2:
+            aes->reg[0] = 0x1; break;
+        case AES_CFG_CCM_L_1:
+            aes->reg[0] = 0x0; break;
+        }
+        XMEMCPY(((byte*)aes->reg)+1, nonce, len);
+    }
+    else { /* GCM */
+        if (len == GCM_NONCE_MID_SZ) {
+            byte *b = (byte*)aes->reg;
+            if (nonce != NULL)
+                XMEMCPY(aes->reg, nonce, len);
+            b[AES_BLOCK_SIZE-4] = 0;
+            b[AES_BLOCK_SIZE-3] = 0;
+            b[AES_BLOCK_SIZE-2] = 0;
+            b[AES_BLOCK_SIZE-1] = 1;
+
+        }
+        else {
+            word32 zeros[AES_BLOCK_SIZE/sizeof(word32)];
+            word32 subkey[AES_BLOCK_SIZE/sizeof(word32)];
+            word32 nonce_padded[AES_BLOCK_SIZE/sizeof(word32)];
+            word32 i;
+
+            XMEMSET(zeros, 0, sizeof(zeros)); /* init to zero */
+
+            wolfSSL_TI_lockCCM();
+            /* Perform a basic GHASH operation with the hashsubkey and IV */
+            /* get subkey */
+            ROM_AESReset(AES_BASE);
+            ROM_AESConfigSet(AES_BASE, (aes->keylen-8) | AES_CFG_DIR_ENCRYPT | AES_CFG_MODE_ECB);
+            ROM_AESKey1Set(AES_BASE, aes->key, (aes->keylen-8));
+            ROM_AESDataProcess(AES_BASE, zeros, subkey, sizeof zeros);
+
+            /* GHASH */
+            ROM_AESReset(AES_BASE);
+            ROM_AESConfigSet(AES_BASE, AES_CFG_KEY_SIZE_128BIT | AES_CFG_MODE_GCM_HLY0ZERO);
+            ROM_AESKey2Set(AES_BASE, subkey, AES_CFG_KEY_SIZE_128BIT);
+
+            ROM_AESLengthSet(AES_BASE, len);
+            ROM_AESAuthLengthSet(AES_BASE, 0);
+
+            /* copy nonce */
+            for (i = 0; i < len; i += AES_BLOCK_SIZE) {
+                word32 nonceSz = len - i;
+                if (nonceSz > AES_BLOCK_SIZE)
+                    nonceSz = AES_BLOCK_SIZE;
+                XMEMSET(nonce_padded, 0, sizeof(nonce_padded));
+                XMEMCPY(nonce_padded, (word32*)(nonce + i), nonceSz);
+                ROM_AESDataWrite(AES_BASE, nonce_padded);
+            }
+
+            ROM_AESTagRead(AES_BASE, aes->reg);
+            wolfSSL_TI_unlockCCM();
+        }
+    }
+}
 
 static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                               const byte* nonce, word32 nonceSz,
                               byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz, int mode)
 {
-    word32 M, L ;
-    byte *in_a,     *in_save ;
-    byte *out_a,    *out_save ;
-    byte *authIn_a, *authIn_save ;
-    byte *nonce_a,    *nonce_save ;
-    word32 tmpTag[4] ;
-    int ret ;
-
-    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
-       == BAD_FUNC_ARG)return BAD_FUNC_ARG ;
-
-    /* 16 byte padding */
-    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
-    if((inSz%16)==0){
-        in_save = NULL ; in_a = (byte *)in ;
-        out_save = NULL ; out_a = out ;
-    } else {
-      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E ; }
-      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
-
-      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E ; }
-      out_a = out_save ;
-    }
-
-    if((authInSz%16)==0){
-        authIn_save = NULL ; authIn_a = (byte *)authIn ;
-    } else {
-      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E ; }
-      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
-    }
-
-    if((nonceSz%16)==0){
-        nonce_save = NULL ; nonce_a = (byte *)nonce ;
-    } else {
-      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E; }
-      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
-    }
-
-    /* do aes-ccm */
-    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    int ret;
+    word32 M, L;
+    byte *in_a,     *in_save = NULL;
+    byte *out_a,    *out_save = NULL;
+    byte *authIn_a, *authIn_save = NULL;
+    word32 tmpTag[AES_BLOCK_SIZE/sizeof(word32)];
+
+    ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
+        authTagSz, &M, &L);
+    if (ret == BAD_FUNC_ARG) {
+        return ret;
+    }
+
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode);
+
+    if (inSz == 0 && authInSz == 0) {
+        /* This is a special case that cannot use the GCM mode because the
+         * data and AAD lengths are both zero. The work around is to perform
+         * an ECB encryption on IV. */
+        wolfSSL_TI_lockCCM();
+        ROM_AESReset(AES_BASE);
+        ROM_AESConfigSet(AES_BASE, (aes->keylen-8) | AES_CFG_DIR_ENCRYPT | AES_CFG_MODE_ECB);
+        ROM_AESKey1Set(AES_BASE, aes->key, (aes->keylen-8));
+        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, AES_BLOCK_SIZE);
+        wolfSSL_TI_unlockCCM();
+        XMEMCPY(authTag, tmpTag, authTagSz);
+        return 0;
+    }
+
+    /* Make sure all pointers are 16 byte aligned */
+    if (IS_ALIGN16(inSz)) {
+        in_save = NULL; in_a = (byte*)in;
+        out_save = NULL; out_a = out;
+    }
+    else {
+        in_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (in_save == NULL) { ret = MEMORY_E; goto exit; }
+        in_a = in_save;
+        XMEMSET(in_a, 0, ROUNDUP_16(inSz));
+        XMEMCPY(in_a, in, inSz);
+
+        out_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (out_save == NULL) { ret = MEMORY_E; goto exit; }
+        out_a = out_save;
+    }
+
+    if (IS_ALIGN16(authInSz)) {
+        authIn_save = NULL; authIn_a = (byte*)authIn;
+    }
+    else {
+        authIn_save = XMALLOC(ROUNDUP_16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (authIn_save == NULL) { ret = MEMORY_E; goto exit; }
+
+        authIn_a = authIn_save;
+        XMEMSET(authIn_a, 0, ROUNDUP_16(authInSz));
+        XMEMCPY(authIn_a, authIn, authInSz);
+    }
+
+    /* Do AES-CCM/GCM Cipher with Auth */
+    wolfSSL_TI_lockCCM();
     ROM_AESReset(AES_BASE);
-    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_ENCRYPT |
-                                AES_CFG_CTR_WIDTH_128 |
-                                mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+    ROM_AESConfigSet(AES_BASE,
+        (aes->keylen-8 |
+        AES_CFG_DIR_ENCRYPT |
+        AES_CFG_CTR_WIDTH_128 |
+        mode |
+        ((mode == AES_CFG_MODE_CCM) ? (L | M) : 0 ))
+    );
     ROM_AESIVSet(AES_BASE, aes->reg);
-    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
-    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
-                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
-    if(ret == false){
-        XMEMSET(out, 0, inSz) ;
-        XMEMSET(authTag, 0, authTagSz) ;
-    } else {
-        XMEMCPY(out, out_a, inSz) ;
-        XMEMCPY(authTag, tmpTag, authTagSz) ;
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen-8);
+
+    ret = ROM_AESDataProcessAuth(AES_BASE,
+        (unsigned int*)in_a, (unsigned int*)out_a, inSz,
+        (unsigned int*)authIn_a, authInSz,
+        (unsigned int*)tmpTag);
+    wolfSSL_TI_unlockCCM();
+
+    if (ret == false) {
+        XMEMSET(out, 0, inSz);
+        XMEMSET(authTag, 0, authTagSz);
+        ret = AES_GCM_AUTH_E;
+    }
+    else {
+        XMEMCPY(out, out_a, inSz);
+        XMEMCPY(authTag, tmpTag, authTagSz);
+        ret = 0;
     }
 
-    FREE_ALL;
-    return 0 ;
+exit:
+    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
 }
 
 static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
@@ -422,78 +556,110 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                               const byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz, int mode)
 {
-    word32 M, L ;
-    byte *in_a,     *in_save ;
-    byte *out_a,    *out_save ;
-    byte *authIn_a, *authIn_save ;
-    byte *nonce_a,    *nonce_save ;
-    word32 tmpTag[4] ;
-    bool ret ;
-
-    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
-       == BAD_FUNC_ARG)return  BAD_FUNC_ARG ;
-
-    /* 16 byte padding */
-    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
-    if((inSz%16)==0){
-        in_save = NULL ; in_a = (byte *)in ;
-        out_save = NULL ; out_a = out ;
-    } else {
-      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E;}
-      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
-
-      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E;}
-      out_a = out_save ;
-    }
-
-    if((authInSz%16)==0){
-        authIn_save = NULL ; authIn_a = (byte *)authIn ;
-    } else {
-      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E; }
-      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
-    }
-
-    if((nonceSz%16)==0){
-        nonce_save = NULL ; nonce_a = (byte *)nonce ;
-    } else {
-      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E; }
-      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
-    }
-
-    /* do aes-ccm */
-    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    int ret;
+    word32 M, L;
+    byte *in_a,     *in_save = NULL;
+    byte *out_a,    *out_save = NULL;
+    byte *authIn_a, *authIn_save = NULL;
+    word32 tmpTag[AES_BLOCK_SIZE/sizeof(word32)];
+
+    ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
+        authTagSz, &M, &L);
+    if (ret == BAD_FUNC_ARG) {
+        return ret;
+    }
+
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode);
+
+    if (inSz == 0 && authInSz == 0) {
+        /* This is a special case that cannot use the GCM mode because the
+         * data and AAD lengths are both zero. The work around is to perform
+         * an ECB encryption on IV. */
+        wolfSSL_TI_lockCCM();
+        ROM_AESReset(AES_BASE);
+        ROM_AESConfigSet(AES_BASE, (aes->keylen-8) | AES_CFG_DIR_ENCRYPT | AES_CFG_MODE_ECB);
+        ROM_AESKey1Set(AES_BASE, aes->key, (aes->keylen-8));
+        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, AES_BLOCK_SIZE);
+        wolfSSL_TI_unlockCCM();
+
+        if (XMEMCMP(authTag, tmpTag, authTagSz) != 0) {
+            ret = AES_GCM_AUTH_E;
+        }
+        return ret;
+    }
+
+    /* Make sure all pointers are 16 byte aligned */
+    if (IS_ALIGN16(inSz)) {
+        in_save = NULL; in_a = (byte*)in;
+        out_save = NULL; out_a = out;
+    }
+    else {
+        in_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (in_save == NULL) { ret = MEMORY_E; goto exit; }
+        in_a = in_save;
+        XMEMSET(in_a, 0, ROUNDUP_16(inSz));
+        XMEMCPY(in_a, in, inSz);
+
+        out_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (out_save == NULL) { ret = MEMORY_E; goto exit; }
+        out_a = out_save;
+    }
+
+    if (IS_ALIGN16(authInSz)) {
+        authIn_save = NULL; authIn_a = (byte*)authIn;
+    }
+    else {
+        authIn_save = XMALLOC(ROUNDUP_16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (authIn_save == NULL) { ret = MEMORY_E; goto exit; }
+
+        authIn_a = authIn_save;
+        XMEMSET(authIn_a, 0, ROUNDUP_16(authInSz));
+        XMEMCPY(authIn_a, authIn, authInSz);
+    }
+
+    /* Do AES-CCM/GCM Cipher with Auth */
+    wolfSSL_TI_lockCCM();
     ROM_AESReset(AES_BASE);
-    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_DECRYPT |
-                                AES_CFG_CTR_WIDTH_128 |
-                                  mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+    ROM_AESConfigSet(AES_BASE,
+        (aes->keylen-8 |
+        AES_CFG_DIR_DECRYPT |
+        AES_CFG_CTR_WIDTH_128 |
+        mode |
+        ((mode == AES_CFG_MODE_CCM) ? (L | M) : 0 ))
+    );
     ROM_AESIVSet(AES_BASE, aes->reg);
-    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
-    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
-                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
-    if((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){
-        XMEMSET(out, 0, inSz) ;
-        ret = false ;
-    } else {
-        XMEMCPY(out, out_a, inSz) ;
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen-8);
+    ret = ROM_AESDataProcessAuth(AES_BASE,
+        (unsigned int*)in_a, (unsigned int*)out_a, inSz,
+        (unsigned int*)authIn_a, authInSz,
+        (unsigned int*)tmpTag);
+    wolfSSL_TI_unlockCCM();
+
+    if ((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)) {
+        XMEMSET(out, 0, inSz);
+        ret = AES_GCM_AUTH_E;
+    }
+    else {
+        XMEMCPY(out, out_a, inSz);
+        ret = 0;
     }
 
-    FREE_ALL ;
-    return ret==true ? 0 : 1 ;
-}
-#endif
+exit:
+    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
+    return ret;
+}
+#endif /* HAVE_AESGCM || HAVE_AESCCM */
 
 #ifdef HAVE_AESGCM
-WOLFSSL_API int  wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
+int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
-    return AesAuthSetKey(aes, key, len) ;
+    return AesAuthSetKey(aes, key, len);
 }
 
-WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                               const byte* iv, word32 ivSz,
                               byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
@@ -502,58 +668,301 @@ WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz
         return BAD_FUNC_ARG;
     }
     return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC);
 }
-WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT)
+int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                               const byte* iv, word32 ivSz,
                               const byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
 {
     return AesAuthDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC);
 }
+#endif
 
-WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
+int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
 {
-      return AesAuthSetKey(&gmac->aes, key, len) ;
+    return AesAuthSetKey(&gmac->aes, key, len);
 }
 
-WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
+int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
                               const byte* authIn, word32 authInSz,
                               byte* authTag, word32 authTagSz)
 {
     return AesAuthEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC);
+}
+
+#ifndef NO_RNG
+static WARN_UNUSED_RESULT WC_INLINE int CheckAesGcmIvSize(int ivSz) {
+    return (ivSz == GCM_NONCE_MIN_SZ ||
+            ivSz == GCM_NONCE_MID_SZ ||
+            ivSz == GCM_NONCE_MAX_SZ);
+}
+
+int wc_AesGcmSetIV(Aes* aes, word32 ivSz,
+                   const byte* ivFixed, word32 ivFixedSz,
+                   WC_RNG* rng)
+{
+    int ret = 0;
+
+    if (aes == NULL || rng == NULL || !CheckAesGcmIvSize((int)ivSz) ||
+        (ivFixed == NULL && ivFixedSz != 0) ||
+        (ivFixed != NULL && ivFixedSz != AES_IV_FIXED_SZ)) {
+
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        byte* iv = (byte*)aes->reg;
+
+        if (ivFixedSz)
+            XMEMCPY(iv, ivFixed, ivFixedSz);
+
+        ret = wc_RNG_GenerateBlock(rng, iv + ivFixedSz, ivSz - ivFixedSz);
+    }
+
+    if (ret == 0) {
+        /* If the IV is 96, allow for a 2^64 invocation counter.
+         * For any other size for the nonce, limit the invocation
+         * counter to 32-bits. (SP 800-38D 8.3) */
+        aes->invokeCtr[0] = 0;
+        aes->invokeCtr[1] = (ivSz == GCM_NONCE_MID_SZ) ? 0 : 0xFFFFFFFF;
+    #ifdef WOLFSSL_AESGCM_STREAM
+        aes->ctrSet = 1;
+    #endif
+        aes->nonceSz = ivSz;
+    }
+
+    return ret;
+}
+
+int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
+                        byte* ivOut, word32 ivOutSz,
+                        byte* authTag, word32 authTagSz,
+                        const byte* authIn, word32 authInSz)
+{
+    int ret = 0;
+
+    if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
+        ivOut == NULL || ivOutSz != aes->nonceSz ||
+        (authIn == NULL && authInSz != 0)) {
+
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        aes->invokeCtr[0]++;
+        if (aes->invokeCtr[0] == 0) {
+            aes->invokeCtr[1]++;
+            if (aes->invokeCtr[1] == 0)
+                ret = AES_GCM_OVERFLOW_E;
+        }
+    }
+
+    if (ret == 0) {
+        XMEMCPY(ivOut, aes->reg, ivOutSz);
+        ret = wc_AesGcmEncrypt(aes, out, in, sz,
+                               (byte*)aes->reg, ivOutSz,
+                               authTag, authTagSz,
+                               authIn, authInSz);
+        if (ret == 0)
+            IncCtr((byte*)aes->reg, ivOutSz);
+    }
+
+    return ret;
+}
+
+int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
+            const byte* authIn, word32 authInSz,
+            byte* authTag, word32 authTagSz, WC_RNG* rng)
+{
+#ifdef WOLFSSL_SMALL_STACK
+    Aes *aes = NULL;
+#else
+    Aes aes[1];
+#endif
+    int ret;
+
+    if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
+        authTag == NULL || authTagSz == 0 || rng == NULL) {
+
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                              DYNAMIC_TYPE_AES)) == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_AesGcmSetKey(aes, key, keySz);
+        if (ret == 0)
+            ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
+        if (ret == 0)
+            ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
+                                  authTag, authTagSz, authIn, authInSz);
+        wc_AesFree(aes);
+    }
+    ForceZero(aes, sizeof *aes);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+#endif
+
+    return ret;
 }
 
+int wc_GmacVerify(const byte* key, word32 keySz,
+                  const byte* iv, word32 ivSz,
+                  const byte* authIn, word32 authInSz,
+                  const byte* authTag, word32 authTagSz)
+{
+    int ret;
+#ifdef HAVE_AES_DECRYPT
+#ifdef WOLFSSL_SMALL_STACK
+    Aes *aes = NULL;
+#else
+    Aes aes[1];
+#endif
+
+    if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
+        authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) {
+
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                              DYNAMIC_TYPE_AES)) == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_AesGcmSetKey(aes, key, keySz);
+        if (ret == 0)
+            ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz,
+                                  authTag, authTagSz, authIn, authInSz);
+        wc_AesFree(aes);
+    }
+    ForceZero(aes, sizeof *aes);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+#endif
+#else
+    (void)key;
+    (void)keySz;
+    (void)iv;
+    (void)ivSz;
+    (void)authIn;
+    (void)authInSz;
+    (void)authTag;
+    (void)authTagSz;
+    ret = NOT_COMPILED_IN;
+#endif
+    return ret;
+}
+#endif /* !NO_RNG */
+
 #endif /* HAVE_AESGCM */
 
 #ifdef HAVE_AESCCM
-WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
 {
-    return AesAuthSetKey(aes, key, keySz) ;
+    return AesAuthSetKey(aes, key, keySz);
 }
 
-WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                               const byte* nonce, word32 nonceSz,
                               byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
 {
     return AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+                              authIn, authInSz, AES_CFG_MODE_CCM);
 }
 
-WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                               const byte* nonce, word32 nonceSz,
                               const byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
 {
     return AesAuthDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+                              authIn, authInSz, AES_CFG_MODE_CCM);
+}
+
+/* abstract functions that call lower level AESCCM functions */
+#ifndef WC_NO_RNG
+
+int wc_AesCcmSetNonce(Aes* aes, const byte* nonce, word32 nonceSz)
+{
+    int ret = 0;
+
+    if (aes == NULL || nonce == NULL ||
+        nonceSz < CCM_NONCE_MIN_SZ || nonceSz > CCM_NONCE_MAX_SZ) {
+
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        XMEMCPY(aes->reg, nonce, nonceSz);
+        aes->nonceSz = nonceSz;
+
+        /* Invocation counter should be 2^61 */
+        aes->invokeCtr[0] = 0;
+        aes->invokeCtr[1] = 0xE0000000;
+    }
+
+    return ret;
+}
+
+
+int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
+                        byte* ivOut, word32 ivOutSz,
+                        byte* authTag, word32 authTagSz,
+                        const byte* authIn, word32 authInSz)
+{
+    int ret = 0;
+
+    if (aes == NULL || out == NULL ||
+        (in == NULL && sz != 0) ||
+        ivOut == NULL ||
+        (authIn == NULL && authInSz != 0) ||
+        (ivOutSz != aes->nonceSz)) {
+
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        aes->invokeCtr[0]++;
+        if (aes->invokeCtr[0] == 0) {
+            aes->invokeCtr[1]++;
+            if (aes->invokeCtr[1] == 0)
+                ret = AES_CCM_OVERFLOW_E;
+        }
+    }
+
+    if (ret == 0) {
+        ret = wc_AesCcmEncrypt(aes, out, in, sz,
+                               (byte*)aes->reg, aes->nonceSz,
+                               authTag, authTagSz,
+                               authIn, authInSz);
+        if (ret == 0) {
+            XMEMCPY(ivOut, aes->reg, aes->nonceSz);
+            IncCtr((byte*)aes->reg, aes->nonceSz);
+        }
+    }
+
+    return ret;
 }
+#endif /* !WC_NO_RNG */
+
 #endif /* HAVE_AESCCM */
 
-WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId)
+int wc_AesInit(Aes* aes, void* heap, int devId)
 {
     if (aes == NULL)
         return BAD_FUNC_ARG;
@@ -564,14 +973,9 @@ WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId)
     return 0;
 }
 
-WOLFSSL_API void wc_AesFree(Aes* aes)
+void wc_AesFree(Aes* aes)
 {
     (void)aes;
 }
 
-#endif /* WOLFSSL_TI_CRYPT */
-
-#endif /* NO_AES */
-
-
-
+#endif /* !NO_AES && WOLFSSL_TI_CRYPT */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-hash.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-hash.c
index 92b2fe99..0077e96d 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-hash.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-hash.c
@@ -62,8 +62,10 @@
 #define SHAMD5_ALGO_SHA224 4
 #endif
 
-static int hashInit(wolfssl_TI_Hash *hash) {
-    if (!wolfSSL_TI_CCMInit())return 1;
+static int hashInit(wolfssl_TI_Hash *hash)
+{
+    if (!wolfSSL_TI_CCMInit())
+        return 1;
     hash->used = 0;
     hash->msg  = 0;
     hash->len  = 0;
@@ -115,8 +117,13 @@ static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32
     return 0;
 }
 
-static int hashCopy(wolfssl_TI_Hash *src, wolfssl_TI_Hash *dst) {
-    XMEMCPY(dst, src, sizeof(wolfssl_TI_Hash));
+static int hashCopy(wolfssl_TI_Hash *src, wolfssl_TI_Hash *dst)
+{
+    /* only copy hash, zero the rest of the struct to avoid double-free */
+    dst->msg = NULL;
+    dst->used = 0;
+    dst->len = 0;
+    XMEMCPY(dst->hash, src->hash, sizeof(dst->hash));
     return 0;
 }
 
@@ -194,11 +201,12 @@ WOLFSSL_API int wc_Md5GetHash(Md5* md5, byte* hash)
     return hashGetHash((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE);
 }
 
-WOLFSSL_API int wc_Md5Copy(Md5* src, Md5* dst) {
+WOLFSSL_API int wc_Md5Copy(Md5* src, Md5* dst)
+{
 	return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
 }
 
-WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
+WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte* hash)
 {
     return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE);
 }
@@ -239,11 +247,12 @@ WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash)
     return hashGetHash(sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE);
 }
 
-WOLFSSL_API int wc_ShaCopy(Sha* src, Sha* dst) {
+WOLFSSL_API int wc_ShaCopy(Sha* src, Sha* dst)
+{
 	return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
 }
 
-WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
+WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte* hash)
 {
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE);
 }
@@ -284,7 +293,12 @@ WOLFSSL_API int wc_Sha224GetHash(Sha224* sha224, byte* hash)
     return hashGetHash(sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE);
 }
 
-WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
+WOLFSSL_API int wc_Sha224Copy(Sha224* src, Sha224* dst)
+{
+    return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
+}
+
+WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte* hash)
 {
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE);
 }
@@ -326,7 +340,12 @@ WOLFSSL_API int wc_Sha256GetHash(Sha256* sha256, byte* hash)
     return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE);
 }
 
-WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
+WOLFSSL_API int wc_Sha256Copy(Sha256* src, Sha256* dst)
+{
+    return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
+}
+
+WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
 {
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE);
 }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c b/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c
index aabcbd37..e2dfc8af 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c
@@ -135,7 +135,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
     aes->xKeySize =
             len == AES_128_KEY_SIZE ? XSECURE_AES_KEY_SIZE_128 :
                                       XSECURE_AES_KEY_SIZE_256;
-    XMEMCPY(aes->keyInit, key, len);
+    if (key != NULL) {
+        XMEMCPY(aes->keyInit, key, len);
+    }
 
     return 0;
 }
@@ -478,7 +480,12 @@ int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
 {
     XCsuDma_Config* con;
 
-    if (aes == NULL || key == NULL) {
+    if (aes == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (kup == XSECURE_CSU_AES_KEY_SRC_KUP && key == NULL) {
+        WOLFSSL_MSG("Expecting key buffer passed in if using KUP");
         return BAD_FUNC_ARG;
     }
 
@@ -501,7 +508,9 @@ int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
 
     aes->keylen = len;
     aes->kup    = kup;
-    XMEMCPY((byte*)(aes->keyInit), key, len);
+    if (key != NULL) {
+        XMEMCPY((byte*)(aes->keyInit), key, len);
+    }
 
     return 0;
 }
@@ -538,18 +547,26 @@ int  wc_AesGcmEncrypt(Aes* aes, byte* out,
             return BAD_FUNC_ARG;
         }
 
+    #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
         tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             return MEMORY_E;
         }
+    #else
+        /* if NO_WOLFSSL_XILINX_TAG_MALLOC is defined than it is assumed that
+         * out buffer is large enough to hold both the cipher out and tag */
+        tmp = out;
+    #endif
 
         XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
             aes->keyInit);
         XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
-        XMEMCPY(out, tmp, sz);
         XMEMCPY(authTag, tmp + sz, authTagSz);
+    #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
+        XMEMCPY(out, tmp, sz);
         XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
     }
 
     /* handle completing tag with any additional data */
@@ -610,7 +627,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
     /* calls to hardened crypto */
     XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
                 (word32*)iv, aes->keyInit);
-    XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
+    ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
 
     /* account for additional data */
     if (authIn != NULL && authInSz > 0) {
@@ -623,6 +640,12 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
             return AES_GCM_AUTH_E;
         }
     }
+    else {
+        /* if no aad then check the result of the initial tag passed in */
+        if (ret != XST_SUCCESS) {
+            return AES_GCM_AUTH_E;
+        }
+    }
 
     return 0;
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/random.c b/extra/wolfssl/wolfssl/wolfcrypt/src/random.c
index cc47fab2..d44f2e2d 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/random.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/random.c
@@ -31,6 +31,9 @@ This library contains implementation for the random number generator.
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#if defined(DEBUG_WOLFSSL)
+    #include <wolfssl/wolfcrypt/logging.h>
+#endif
 
 /* on HPUX 11 you may need to install /dev/random see
    http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
@@ -89,9 +92,12 @@ This library contains implementation for the random number generator.
 #elif defined(HAVE_WNR)
     #include <wnr.h>
     #include <wolfssl/wolfcrypt/logging.h>
-    wolfSSL_Mutex wnr_mutex;    /* global netRandom mutex */
+    wolfSSL_Mutex wnr_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wnr_mutex);    /* global netRandom mutex */
     int wnr_timeout     = 0;    /* entropy timeout, milliseconds */
-    int wnr_mutex_init  = 0;    /* flag for mutex init */
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
+    int wnr_mutex_inited = 0;   /* flag for mutex init */
+    #endif
+    int wnr_inited = 0;    /* flag for whether wc_InitNetRandom() has been called */
     wnr_context*  wnr_ctx;      /* global netRandom context */
 #elif defined(FREESCALE_KSDK_2_0_TRNG)
     #include "fsl_trng.h"
@@ -311,7 +317,7 @@ enum {
 
 typedef struct DRBG_internal DRBG_internal;
 
-static int wc_RNG_HealthTestLocal(int reseed);
+static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId);
 
 /* Hash Derivation Function */
 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
@@ -809,6 +815,26 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
     );
     return cnt;
 }
+#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__)
+
+#define LPD_SCNTR_BASE_ADDRESS 0xFF250000
+
+/* Get the high resolution time counter.
+ * Collect ticks from LPD_SCNTR
+ * @return  64-bit tick count.
+ */
+static WC_INLINE word64 Entropy_TimeHiRes(void)
+{
+    word64 cnt;
+    word32 *ptr;
+
+    ptr = (word32*)LPD_SCNTR_BASE_ADDRESS;
+    cnt = *(ptr+1);
+    cnt = cnt << 32;
+    cnt |= *ptr;
+
+    return cnt;
+}
 #elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L)
 /* Get the high resolution time counter.
  *
@@ -1353,7 +1379,7 @@ static int Entropy_Condition(byte* output, word32 len, byte* noise,
 /* Mutex to prevent multiple callers requesting entropy operations at the
  * same time.
  */
-static wolfSSL_Mutex entropy_mutex;
+static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mutex);
 
 /* Get entropy of specified strength.
  *
@@ -1480,7 +1506,7 @@ int Entropy_Init()
 
     /* Check whether initialization has succeeded before. */
     if (!entropy_memuse_initialized) {
-    #ifndef SINGLE_THREADED
+    #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
         ret = wc_InitMutex(&entropy_mutex);
     #endif
         if (ret == 0) {
@@ -1517,7 +1543,7 @@ void Entropy_Final()
     if (entropy_memuse_initialized) {
         /* Dispose of the SHA3-356 hash object. */
         wc_Sha3_256_Free(&entropyHash);
-    #ifndef SINGLE_THREADED
+    #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
         wc_FreeMutex(&entropy_mutex);
     #endif
         /* Clear health test data. */
@@ -1615,11 +1641,21 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
 #ifdef CUSTOM_RAND_GENERATE_BLOCK
     ret = 0; /* success */
 #else
+
+ /* not CUSTOM_RAND_GENERATE_BLOCK follows */
 #ifdef HAVE_HASHDRBG
-    if (nonceSz == 0)
+    if (nonceSz == 0) {
         seedSz = MAX_SEED_SZ;
+    }
 
-    if (wc_RNG_HealthTestLocal(0) == 0) {
+    ret = wc_RNG_HealthTestLocal(0, rng->heap, devId);
+    if (ret != 0) {
+        #if defined(DEBUG_WOLFSSL)
+        WOLFSSL_MSG_EX("wc_RNG_HealthTestLocal failed err = %d", ret);
+        #endif
+        ret = DRBG_CONT_FAILURE;
+    }
+    else {
     #ifndef WOLFSSL_SMALL_STACK
         byte seed[MAX_SEED_SZ];
     #else
@@ -1634,13 +1670,23 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
                 (struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap,
                                                           DYNAMIC_TYPE_RNG);
         if (rng->drbg == NULL) {
+    #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG_EX("_InitRng XMALLOC failed to allocate %d bytes",
+                           sizeof(DRBG_internal));
+    #endif
             ret = MEMORY_E;
             rng->status = DRBG_FAILED;
         }
 #else
         rng->drbg = (struct DRBG*)&rng->drbg_data;
+#endif /* WOLFSSL_NO_MALLOC or WOLFSSL_STATIC_MEMORY */
+
+        if (ret != 0) {
+#if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG_EX("_InitRng failed. err = ", ret);
 #endif
-        if (ret == 0) {
+        }
+        else {
 #ifdef WC_RNG_SEED_CB
             if (seedCb == NULL) {
                 ret = DRBG_NO_SEED_CB;
@@ -1653,10 +1699,13 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
             }
 #else
             ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
-#endif
+#endif /* WC_RNG_SEED_CB */
             if (ret == 0)
                 ret = wc_RNG_TestSeed(seed, seedSz);
             else {
+    #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret);
+    #endif
                 ret = DRBG_FAILURE;
                 rng->status = DRBG_FAILED;
             }
@@ -1672,24 +1721,21 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
             #endif
                 rng->drbg = NULL;
             }
-        }
+        } /* ret == 0 */
 
         ForceZero(seed, seedSz);
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(seed, rng->heap, DYNAMIC_TYPE_SEED);
     #endif
-    }
-    else {
-        ret = DRBG_CONT_FAILURE;
-    }
+    } /* else swc_RNG_HealthTestLocal was successful */
 
     if (ret == DRBG_SUCCESS) {
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-#ifdef HAVE_HASHDRBG
+    #ifdef HAVE_HASHDRBG
         struct DRBG_internal* drbg = (struct DRBG_internal*)rng->drbg;
         wc_MemZero_Add("DRBG V", &drbg->V, sizeof(drbg->V));
         wc_MemZero_Add("DRBG C", &drbg->C, sizeof(drbg->C));
-#endif
+    #endif
 #endif
 
         rng->status = DRBG_OK;
@@ -1731,6 +1777,26 @@ WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 }
 
 
+int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz,
+                  void* heap, int devId)
+{
+    int ret;
+
+    *rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG);
+    if (*rng == NULL) {
+        return MEMORY_E;
+    }
+
+    ret = _InitRng(*rng, nonce, nonceSz, heap, devId);
+    if (ret != 0) {
+        XFREE(*rng, heap, DYNAMIC_TYPE_RNG);
+        *rng = NULL;
+    }
+
+    return ret;
+}
+
+
 WOLFSSL_ABI
 void wc_rng_free(WC_RNG* rng)
 {
@@ -1830,7 +1896,11 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 
     ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
     if (ret == DRBG_NEED_RESEED) {
-        if (wc_RNG_HealthTestLocal(1) == 0) {
+        int devId = INVALID_DEVID;
+    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
+        devId = rng->devId;
+    #endif
+        if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
         #ifndef WOLFSSL_SMALL_STACK
             byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
             ret = DRBG_SUCCESS;
@@ -2083,7 +2153,7 @@ const FLASH_QUALIFIER byte outputB_data[] = {
 };
 
 
-static int wc_RNG_HealthTestLocal(int reseed)
+static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
 {
     int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -2102,17 +2172,17 @@ static int wc_RNG_HealthTestLocal(int reseed)
 
     if (reseed) {
 #ifdef WOLFSSL_USE_FLASHMEM
-        byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL,
+        byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), heap,
                              DYNAMIC_TYPE_TMP_BUFFER);
-        byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL,
+        byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), heap,
                              DYNAMIC_TYPE_TMP_BUFFER);
-        byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL,
+        byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), heap,
                              DYNAMIC_TYPE_TMP_BUFFER);
 
         if (!seedA || !reseedSeedA || !outputA) {
-            XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(seedA, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(reseedSeedA, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(outputA, heap, DYNAMIC_TYPE_TMP_BUFFER);
             ret = MEMORY_E;
         }
         else {
@@ -2124,9 +2194,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
         const byte* reseedSeedA = reseedSeedA_data;
         const byte* outputA = outputA_data;
 #endif
-        ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data),
-                                reseedSeedA, sizeof(reseedSeedA_data),
-                                check, RNG_HEALTH_TEST_CHECK_SIZE);
+        ret = wc_RNG_HealthTest_ex(1, NULL, 0,
+                                   seedA, sizeof(seedA_data),
+                                   reseedSeedA, sizeof(reseedSeedA_data),
+                                   check, RNG_HEALTH_TEST_CHECK_SIZE,
+                                   heap, devId);
         if (ret == 0) {
             if (ConstantCompare(check, outputA,
                                 RNG_HEALTH_TEST_CHECK_SIZE) != 0)
@@ -2142,14 +2214,14 @@ static int wc_RNG_HealthTestLocal(int reseed)
     }
     else {
 #ifdef WOLFSSL_USE_FLASHMEM
-        byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL,
+        byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), heap,
                              DYNAMIC_TYPE_TMP_BUFFER);
-        byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL,
+        byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), heap,
                                DYNAMIC_TYPE_TMP_BUFFER);
 
         if (!seedB || !outputB) {
-            XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(seedB, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(outputB, heap, DYNAMIC_TYPE_TMP_BUFFER);
             ret = MEMORY_E;
         }
         else {
@@ -2159,13 +2231,31 @@ static int wc_RNG_HealthTestLocal(int reseed)
         const byte* seedB = seedB_data;
         const byte* outputB = outputB_data;
 #endif
-        ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data),
-                                NULL, 0,
-                                check, RNG_HEALTH_TEST_CHECK_SIZE);
-        if (ret == 0) {
-            if (ConstantCompare(check, outputB,
-                                RNG_HEALTH_TEST_CHECK_SIZE) != 0)
+#if defined(DEBUG_WOLFSSL)
+        WOLFSSL_MSG_EX("RNG_HEALTH_TEST_CHECK_SIZE = %d",
+                        RNG_HEALTH_TEST_CHECK_SIZE);
+        WOLFSSL_MSG_EX("sizeof(seedB_data)         = %d",
+                        (int)sizeof(outputB_data));
+#endif
+        ret = wc_RNG_HealthTest_ex(0, NULL, 0,
+                                   seedB, sizeof(seedB_data),
+                                   NULL, 0,
+                                   check, RNG_HEALTH_TEST_CHECK_SIZE,
+                                   heap, devId);
+        if (ret != 0) {
+            #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG_EX("RNG_HealthTest failed: err = %d", ret);
+            #endif
+        }
+        else {
+            ret = ConstantCompare(check, outputB,
+                                RNG_HEALTH_TEST_CHECK_SIZE);
+            if (ret != 0) {
+                #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG_EX("Random ConstantCompare failed: err = %d", ret);
+                #endif
                 ret = -1;
+            }
         }
 
         /* The previous test cases use a large seed instead of a seed and nonce.
@@ -2174,11 +2264,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
          * byte 32, feed them into the health test separately. */
         if (ret == 0) {
             ret = wc_RNG_HealthTest_ex(0,
-                                    seedB + 32, sizeof(seedB_data) - 32,
-                                    seedB, 32,
-                                    NULL, 0,
-                                    check, RNG_HEALTH_TEST_CHECK_SIZE,
-                                    NULL, INVALID_DEVID);
+                                       seedB + 32, sizeof(seedB_data) - 32,
+                                       seedB, 32,
+                                       NULL, 0,
+                                       check, RNG_HEALTH_TEST_CHECK_SIZE,
+                                       heap, devId);
             if (ret == 0) {
                 if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0)
                     ret = -1;
@@ -2186,8 +2276,8 @@ static int wc_RNG_HealthTestLocal(int reseed)
         }
 
 #ifdef WOLFSSL_USE_FLASHMEM
-            XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(seedB, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(outputB, heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
 #endif
     }
@@ -2210,10 +2300,13 @@ static int wc_RNG_HealthTestLocal(int reseed)
  */
 int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
 {
+    int ret;
+
     if (configFile == NULL || timeout < 0)
         return BAD_FUNC_ARG;
 
-    if (wnr_mutex_init > 0) {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    if (wnr_mutex_inited > 0) {
         WOLFSSL_MSG("netRandom context already created, skipping");
         return 0;
     }
@@ -2222,7 +2315,14 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         WOLFSSL_MSG("Bad Init Mutex wnr_mutex");
         return BAD_MUTEX_E;
     }
-    wnr_mutex_init = 1;
+
+    wnr_mutex_inited = 1;
+#endif
+
+    if (wnr_inited > 0) {
+        WOLFSSL_MSG("netRandom context already created, skipping");
+        return 0;
+    }
 
     if (wc_LockMutex(&wnr_mutex) != 0) {
         WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
@@ -2235,7 +2335,8 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
     /* create global wnr_context struct */
     if (wnr_create(&wnr_ctx) != WNR_ERROR_NONE) {
         WOLFSSL_MSG("Error creating global netRandom context");
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
     /* load config file */
@@ -2243,7 +2344,8 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         WOLFSSL_MSG("Error loading config file into netRandom context");
         wnr_destroy(wnr_ctx);
         wnr_ctx = NULL;
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
     /* create/init polling mechanism */
@@ -2251,7 +2353,8 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         WOLFSSL_MSG("Error initializing netRandom polling mechanism");
         wnr_destroy(wnr_ctx);
         wnr_ctx = NULL;
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
     /* validate config, set HMAC callback (optional) */
@@ -2260,12 +2363,17 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         wnr_destroy(wnr_ctx);
         wnr_ctx = NULL;
         wnr_poll_destroy();
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
+    wnr_inited = 1;
+
+out:
+
     wc_UnLockMutex(&wnr_mutex);
 
-    return 0;
+    return ret;
 }
 
 /*
@@ -2274,7 +2382,7 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
  */
 int wc_FreeNetRandom(void)
 {
-    if (wnr_mutex_init > 0) {
+    if (wnr_inited > 0) {
 
         if (wc_LockMutex(&wnr_mutex) != 0) {
             WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
@@ -2289,8 +2397,12 @@ int wc_FreeNetRandom(void)
 
         wc_UnLockMutex(&wnr_mutex);
 
+#ifndef WOLFSSL_MUTEX_INITIALIZER
         wc_FreeMutex(&wnr_mutex);
-        wnr_mutex_init = 0;
+        wnr_mutex_inited = 0;
+#endif
+
+        wnr_inited = 0;
     }
 
     return 0;
@@ -3387,6 +3499,79 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return 0;
     }
 
+#elif defined(ARDUINO)
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        int ret = 0;
+        word32 rand;
+        while (sz > 0) {
+            word32 len = sizeof(rand);
+            if (sz < len)
+                len = sz;
+        /* Get an Arduino framework random number */
+        #if defined(ARDUINO_SAMD_NANO_33_IOT) || \
+            defined(ARDUINO_ARCH_RP2040)
+            /* Known, tested boards working with random() */
+            rand = random();
+        #elif defined(ARDUINO_SAM_DUE)
+            /* See: https://github.com/avrxml/asf/tree/master/sam/utils/cmsis/sam3x/include */
+            #if defined(__SAM3A4C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3A8C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X4C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X4E__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X8C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X8E__)
+                /* This is the Arduino Due */
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif  defined(__SAM3A8H__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #else
+                #ifndef TRNG
+                    #error "Unknown TRNG for this device"
+                #endif
+            #endif
+
+            srand(analogRead(0));
+            rand = trng_read_output_data(TRNG);
+        #elif defined(__STM32__)
+            /* TODO: confirm this is proper random number on Arduino STM32 */
+            #warning "Not yet tested on STM32 targets"
+            rand = random();
+        #else
+            /* TODO: Pull requests appreciated for new targets.
+             * Do *all* other Arduino boards support random()?
+             * Probably not 100%, but most will likely work: */
+            rand = random();
+        #endif
+
+            XMEMCPY(output, &rand, len);
+            output += len;
+            sz -= len;
+        }
+
+        return ret;
+    }
+
 #elif defined(WOLFSSL_ESPIDF)
 
     /* Espressif */
@@ -3423,6 +3608,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
+    #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_ENTER("ESP8266 Random");
+    #endif
             word32 rand;
             while (sz > 0) {
                 word32 len = sizeof(rand);
@@ -3437,7 +3625,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
             return 0;
         }
-    #endif /* end WOLFSSL_ESP32 */
+    #endif /* end WOLFSSL_ESPIDF */
 
 #elif defined(WOLFSSL_LINUXKM)
     #include <linux/random.h>
@@ -3507,6 +3695,26 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
      * extern int myRngFunc(byte* output, word32 sz);
      */
 
+#elif defined(__MICROBLAZE__)
+    #warning weak source of entropy
+    #define LPD_SCNTR_BASE_ADDRESS 0xFF250000
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        word32* cnt;
+        word32 i;
+
+        /* using current time with srand */
+        cnt = (word32*)LPD_SCNTR_BASE_ADDRESS;
+        srand(*cnt | *(cnt+1));
+
+        for (i = 0; i < sz; i++)
+            output[i] = rand();
+
+        (void)os;
+        return 0;
+    }
+
 #elif defined(WOLFSSL_ZEPHYR)
 
         #include <version.h>
@@ -3585,7 +3793,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
                 output[i] = (byte)rand();
             return 0;
         }
+#elif defined(WOLFSSL_MAXQ108X) || defined(WOLFSSL_MAXQ1065)
 
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        (void)os;
+
+        return maxq10xx_random(output, sz);
+    }
 #elif defined(WOLFSSL_GETRANDOM)
 
     /* getrandom() was added to the Linux kernel in version 3.17.
@@ -3633,6 +3848,28 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
 #elif defined(NO_DEV_RANDOM)
 
+    /* Allow bare-metal targets to use cryptoCb as seed provider */
+    #if defined(WOLF_CRYPTO_CB)
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        int ret = WC_HW_E;
+
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (os->devId != INVALID_DEVID)
+        #endif
+        {
+            ret = wc_CryptoCb_RandomSeed(os, output, sz);
+            if (ret == CRYPTOCB_UNAVAILABLE) {
+                ret = WC_HW_E;
+            }
+        }
+
+        return ret;
+    }
+
+    #else /* defined(WOLF_CRYPTO_CB)*/
+
     #error "you need to write an os specific wc_GenerateSeed() here"
 
     /*
@@ -3642,6 +3879,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     }
     */
 
+   #endif  /* !defined(WOLF_CRYPTO_CB) */
+
 #else
 
     /* may block */
@@ -3696,15 +3935,23 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
     #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */
         os->fd = open("/dev/urandom", O_RDONLY);
+        #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG("opened /dev/urandom.");
+        #endif
         if (os->fd == -1)
     #endif
         {
             /* may still have /dev/random */
             os->fd = open("/dev/random", O_RDONLY);
+    #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG("opened /dev/random.");
+    #endif
             if (os->fd == -1)
                 return OPEN_RAN_E;
         }
-
+    #if defined(DEBUG_WOLFSSL)
+        WOLFSSL_MSG("rnd read...");
+    #endif
         while (sz) {
             int len = (int)read(os->fd, output, sz);
             if (len == -1) {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c b/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c
index 514ffb23..4299fd2f 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c
@@ -62,6 +62,14 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #include <wolfssl/wolfcrypt/sp.h>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 /*
 Possible RSA enable options:
  * NO_RSA:                Overall control of RSA                    default: on
@@ -267,8 +275,10 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
         ret = BUFFER_E;
 
 #if defined(HAVE_PKCS11)
-    XMEMSET(key, 0, sizeof(RsaKey));
-    key->isPkcs11 = 1;
+    if (ret == 0) {
+        XMEMSET(key, 0, sizeof(RsaKey));
+        key->isPkcs11 = 1;
+    }
 #endif
 
     if (ret == 0)
@@ -302,8 +312,10 @@ int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId)
     }
 
 #if defined(HAVE_PKCS11)
-    XMEMSET(key, 0, sizeof(RsaKey));
-    key->isPkcs11 = 1;
+    if (ret == 0) {
+        XMEMSET(key, 0, sizeof(RsaKey));
+        key->isPkcs11 = 1;
+    }
 #endif
 
     if (ret == 0)
@@ -708,8 +720,7 @@ int wc_CheckRsaKey(RsaKey* key)
 
     ret = wc_InitRng(rng);
 
-    if (ret == 0)
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+    SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
     if (ret == 0) {
         if (INIT_MP_INT_SIZE(tmp, mp_bitsused(&key->n)) != MP_OKAY)
@@ -2677,12 +2688,16 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 
     NEW_MP_INT_SIZE(tmp, mp_bitsused(&key->n), key->heap, DYNAMIC_TYPE_RSA);
 #ifdef MP_INT_SIZE_CHECK_NULL
-    if (tmp == NULL)
+    if (tmp == NULL) {
+        WOLFSSL_MSG("NEW_MP_INT_SIZE tmp is NULL, return MEMORY_E");
         return MEMORY_E;
+    }
 #endif
 
-    if (INIT_MP_INT_SIZE(tmp, mp_bitsused(&key->n)) != MP_OKAY)
+    if (INIT_MP_INT_SIZE(tmp, mp_bitsused(&key->n)) != MP_OKAY) {
+        WOLFSSL_MSG("INIT_MP_INT_SIZE failed.");
         ret = MP_INIT_E;
+    }
 
 #ifndef TEST_UNPAD_CONSTANT_TIME
     if (ret == 0 && mp_read_unsigned_bin(tmp, in, inLen) != MP_OKAY)
@@ -2706,8 +2721,10 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     #endif
         case RSA_PUBLIC_ENCRYPT:
         case RSA_PUBLIC_DECRYPT:
-            if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY)
+            if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) {
+                WOLFSSL_MSG("mp_exptmod_nct failed");
                 ret = MP_EXPTMOD_E;
+            }
             break;
         default:
             ret = RSA_WRONG_TYPE_E;
@@ -2716,9 +2733,23 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     }
 
     if (ret == 0) {
-        if (mp_to_unsigned_bin_len_ct(tmp, out, (int)*outLen) != MP_OKAY)
-             ret = MP_TO_E;
+        WOLFSSL_MSG("mp_to_unsigned_bin_len_ct...");
+        if (mp_to_unsigned_bin_len_ct(tmp, out, (int)*outLen) != MP_OKAY) {
+            WOLFSSL_MSG("mp_to_unsigned_bin_len_ct failed");
+            ret = MP_TO_E;
+        }
     }
+#ifdef WOLFSSL_RSA_CHECK_D_ON_DECRYPT
+    if ((ret == 0) && (type == RSA_PRIVATE_DECRYPT)) {
+        mp_sub(&key->n, &key->p, tmp);
+        mp_sub(tmp, &key->q, tmp);
+        mp_add_d(tmp, 1, tmp);
+        mp_mulmod(&key->d, &key->e, tmp, tmp);
+        if (!mp_isone(tmp)) {
+            ret = MP_EXPTMOD_E;
+        }
+    }
+#endif
 #else
     (void)type;
     (void)key;
@@ -2742,6 +2773,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 
     ret = wc_RsaEncryptSize(key);
     if (ret < 0) {
+        WOLFSSL_MSG_EX("wc_RsaEncryptSize failed err = %d", ret);
         return ret;
     }
     keyLen = (word32)ret;
@@ -2756,6 +2788,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     }
 
     if (mp_iseven(&key->n)) {
+        WOLFSSL_MSG("MP_VAL is even");
         return MP_VAL;
     }
 
@@ -2864,21 +2897,9 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */
 
 #if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
-/* Function that does the RSA operation directly with no padding.
- *
- * in       buffer to do operation on
- * inLen    length of input buffer
- * out      buffer to hold results
- * outSz    gets set to size of result buffer. Should be passed in as length
- *          of out buffer. If the pointer "out" is null then outSz gets set to
- *          the expected buffer size needed and LENGTH_ONLY_E gets returned.
- * key      RSA key to use for encrypt/decrypt
- * type     if using private or public key {RSA_PUBLIC_ENCRYPT,
- *          RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT}
- * rng      wolfSSL RNG to use if needed
- *
- * returns size of result on success
- */
+/* Performs direct RSA computation without padding. The input and output must
+ * match the key size (ex: 2048-bits = 256 bytes). Returns the size of the
+ * output on success or negative value on failure. */
 int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
         RsaKey* key, int type, WC_RNG* rng)
 {
@@ -3061,7 +3082,7 @@ int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
 #ifndef WOLF_CRYPTO_CB_ONLY_RSA
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) &&     !defined(NO_RSA_BOUNDS_CHECK)
 /* Check that 1 < in < n-1. (Requirement of 800-56B.) */
-static int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
+int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
     int checkSmallCt)
 {
     int ret = 0;
@@ -3138,7 +3159,9 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_RSA
+#ifdef WOLF_CRYPTO_CB_ONLY_RSA
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_RSA */
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \
@@ -3189,7 +3212,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
         wc_RsaCleanup(key);
     }
     return ret;
-#endif /* WOLF_CRYPTO_CB_ONLY_RSA */
+#endif /* !WOLF_CRYPTO_CB_ONLY_RSA */
 }
 
 int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
@@ -4825,7 +4848,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     #endif
         isPrime = 0;
         i = 0;
-        do {
+        for (;;) {
 #ifdef SHOW_GEN
             printf(".");
             fflush(stdout);
@@ -4848,9 +4871,15 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
             i++;
 #else
             /* Keep the old retry behavior in non-FIPS build. */
-            (void)i;
 #endif
-        } while (err == MP_OKAY && !isPrime && i < failCount);
+
+            if (err != MP_OKAY || isPrime || i >= failCount)
+                break;
+
+            /* linuxkm: release the kernel for a moment before iterating. */
+            RESTORE_VECTOR_REGISTERS();
+            SAVE_VECTOR_REGISTERS(err = _svr_ret; break;);
+        };
     }
 
     if (err == MP_OKAY && !isPrime)
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c
index 2629365f..eb0f932f 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c
@@ -44,6 +44,14 @@
 #include <wolfssl/wolfcrypt/sakke.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
     #define wc_ecc_key_get_priv(key) (&((key)->k))
@@ -6514,7 +6522,6 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len)
         key->i.table = table;
         key->i.tableLen = *len;
     }
-    (void)table;
 #endif
 
     return err;
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c
index 4a5f3e18..69990791 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c
@@ -644,9 +644,15 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
         #endif
 
         #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-            #if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6)) \
-              && defined(WOLFSSL_ESP32_CRYPT) && \
+            #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+                  defined(CONFIG_IDF_TARGET_ESP8684) || \
+                  defined(CONFIG_IDF_TARGET_ESP32C3) || \
+                  defined(CONFIG_IDF_TARGET_ESP32C6)    \
+                ) && \
+                 defined(WOLFSSL_ESP32_CRYPT) && \
                 !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+                /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+                 * depending on if HW is active or not. */
                 if (esp_sha_need_byte_reversal(&sha->ctx))
             #endif
             {
@@ -722,9 +728,15 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
     #endif
 
     #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-        #if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6)) && \
+        #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+              defined(CONFIG_IDF_TARGET_ESP8684) || \
+              defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32C6)    \
+            ) && \
              defined(WOLFSSL_ESP32_CRYPT) && \
             !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+            /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+             * depending on if HW is active or not. */
             if (esp_sha_need_byte_reversal(&sha->ctx))
         #endif
         {
@@ -765,9 +777,15 @@ int wc_ShaFinalRaw(wc_Sha* sha, byte* hash)
     }
 
 #ifdef LITTLE_ENDIAN_ORDER
-    #if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6)) && \
+    #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32C6)    \
+        ) && \
          defined(WOLFSSL_ESP32_CRYPT) && \
         !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+        /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+         * depending on if HW is active or not. */
         if (esp_sha_need_byte_reversal(&sha->ctx))
     #endif
     {
@@ -823,7 +841,10 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
 
     /* pad with zeros */
     if (sha->buffLen > WC_SHA_PAD_SIZE) {
-        XMEMSET(&local[sha->buffLen], 0, WC_SHA_BLOCK_SIZE - sha->buffLen);
+        if (sha->buffLen < WC_SHA_BLOCK_SIZE) {
+            XMEMSET(&local[sha->buffLen], 0, WC_SHA_BLOCK_SIZE - sha->buffLen);
+        }
+
         sha->buffLen += WC_SHA_BLOCK_SIZE - sha->buffLen;
 
     #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
@@ -834,9 +855,15 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
     #endif
 
     #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-        #if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6)) && \
+        #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+              defined(CONFIG_IDF_TARGET_ESP8684) || \
+              defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32C6)    \
+            ) && \
              defined(WOLFSSL_ESP32_CRYPT) && \
             !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+            /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+             * depending on if HW is active or not. */
             if (esp_sha_need_byte_reversal(&sha->ctx))
         #endif
         {
@@ -875,9 +902,15 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
 #endif
 
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-    #if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6)) && \
+    #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32C6)    \
+        ) && \
          defined(WOLFSSL_ESP32_CRYPT) && \
         !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+        /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+         * depending on if HW is active or not. */
         if (esp_sha_need_byte_reversal(&sha->ctx))
     #endif
     { /* reminder local also points to sha->buffer  */
@@ -902,8 +935,12 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
 #endif
 
 
-#if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6)) && \
-     defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+#if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684) || \
+      defined(CONFIG_IDF_TARGET_ESP32C3) || \
+      defined(CONFIG_IDF_TARGET_ESP32C6)    \
+    ) && \
+    defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
 if (sha->ctx.mode == ESP32_SHA_HW) {
     #if defined(WOLFSSL_SUPER_VERBOSE_DEBUG)
     {
@@ -938,9 +975,14 @@ if (sha->ctx.mode == ESP32_SHA_HW) {
 #endif
 
 #ifdef LITTLE_ENDIAN_ORDER
-    #if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6)) && \
-         defined(WOLFSSL_ESP32_CRYPT) && \
-        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+    #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32C6)    \
+        ) && \
+        defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
+        /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+         * depending on if HW is active or not. */
         if (esp_sha_need_byte_reversal(&sha->ctx))
     #endif
     {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c
index 50e5b1cc..0025e857 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c
@@ -105,11 +105,12 @@ on the specific device platform.
 #endif
 
 #ifdef WOLFSSL_ESPIDF
-    /* Define the ESP_LOGx(TAG, "" value for output messages here.
+    /* Define the ESP_LOGx(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE value for output messages here.
     **
     ** Beware of possible conflict in test.c (that one now named TEST_TAG)
     */
-    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
+    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
         static const char* TAG = "wc_sha256";
     #endif
 #endif
@@ -168,6 +169,38 @@ on the specific device platform.
 #endif
 
 
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
+    #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32C6)    \
+        ) && \
+        defined(WOLFSSL_ESP32_CRYPT) &&         \
+        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
+        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
+        /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+         * depending on if HW is active or not. */
+        #define SHA256_REV_BYTES(ctx) \
+            (esp_sha_need_byte_reversal(ctx))
+    #endif
+#endif
+#ifndef SHA256_REV_BYTES
+    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
+        #define SHA256_REV_BYTES(ctx)       1
+    #else
+        #define SHA256_REV_BYTES(ctx)       0
+    #endif
+#endif
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) && \
+        defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+    #define SHA256_UPDATE_REV_BYTES(ctx) \
+        (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
+#else
+    #define SHA256_UPDATE_REV_BYTES(ctx)    SHA256_REV_BYTES(ctx)
+#endif
+
+
 #if !defined(WOLFSSL_PIC32MZ_HASH) && !defined(STM32_HASH_SHA2) && \
     (!defined(WOLFSSL_IMX6_CAAM) || defined(NO_IMX6_CAAM_HASH) || \
      defined(WOLFSSL_QNX_CAAM)) && \
@@ -187,11 +220,6 @@ on the specific device platform.
 
 static int InitSha256(wc_Sha256* sha256)
 {
-    int ret = 0;
-
-    if (sha256 == NULL)
-        return BAD_FUNC_ARG;
-
     XMEMSET(sha256->digest, 0, sizeof(sha256->digest));
     sha256->digest[0] = 0x6A09E667L;
     sha256->digest[1] = 0xBB67AE85L;
@@ -226,7 +254,7 @@ static int InitSha256(wc_Sha256* sha256)
     sha256->hSession = NULL;
 #endif
 
-    return ret;
+    return 0;
 }
 #endif
 
@@ -301,7 +329,15 @@ static int InitSha256(wc_Sha256* sha256)
     extern "C" {
 #endif
 
+        extern int Transform_Sha256_SSE2_Sha(wc_Sha256 *sha256,
+                                             const byte* data);
+        extern int Transform_Sha256_SSE2_Sha_Len(wc_Sha256* sha256,
+                                                 const byte* data, word32 len);
     #if defined(HAVE_INTEL_AVX1)
+        extern int Transform_Sha256_AVX1_Sha(wc_Sha256 *sha256,
+                                             const byte* data);
+        extern int Transform_Sha256_AVX1_Sha_Len(wc_Sha256* sha256,
+                                                 const byte* data, word32 len);
         extern int Transform_Sha256_AVX1(wc_Sha256 *sha256, const byte* data);
         extern int Transform_Sha256_AVX1_Len(wc_Sha256* sha256,
                                              const byte* data, word32 len);
@@ -355,8 +391,24 @@ static int InitSha256(wc_Sha256* sha256)
 
         intel_flags = cpuid_get_flags();
 
+        if (IS_INTEL_SHA(intel_flags)) {
+        #ifdef HAVE_INTEL_AVX1
+            if (IS_INTEL_AVX1(intel_flags)) {
+                Transform_Sha256_p = Transform_Sha256_AVX1_Sha;
+                Transform_Sha256_Len_p = Transform_Sha256_AVX1_Sha_Len;
+                Transform_Sha256_is_vectorized = 1;
+            }
+            else
+        #endif
+            {
+                Transform_Sha256_p = Transform_Sha256_SSE2_Sha;
+                Transform_Sha256_Len_p = Transform_Sha256_SSE2_Sha_Len;
+                Transform_Sha256_is_vectorized = 1;
+            }
+        }
+        else
     #ifdef HAVE_INTEL_AVX2
-        if (1 && IS_INTEL_AVX2(intel_flags)) {
+        if (IS_INTEL_AVX2(intel_flags)) {
         #ifdef HAVE_INTEL_RORX
             if (IS_INTEL_BMI2(intel_flags)) {
                 Transform_Sha256_p = Transform_Sha256_AVX2_RORX;
@@ -365,27 +417,29 @@ static int InitSha256(wc_Sha256* sha256)
             }
             else
         #endif
-            if (1)
             {
                 Transform_Sha256_p = Transform_Sha256_AVX2;
                 Transform_Sha256_Len_p = Transform_Sha256_AVX2_Len;
                 Transform_Sha256_is_vectorized = 1;
             }
+        }
+        else
+    #endif
+    #ifdef HAVE_INTEL_AVX1
+        if (IS_INTEL_AVX1(intel_flags)) {
         #ifdef HAVE_INTEL_RORX
-            else {
+            if (IS_INTEL_BMI2(intel_flags)) {
                 Transform_Sha256_p = Transform_Sha256_AVX1_RORX;
                 Transform_Sha256_Len_p = Transform_Sha256_AVX1_RORX_Len;
                 Transform_Sha256_is_vectorized = 1;
             }
+            else
         #endif
-        }
-        else
-    #endif
-    #ifdef HAVE_INTEL_AVX1
-        if (IS_INTEL_AVX1(intel_flags)) {
-            Transform_Sha256_p = Transform_Sha256_AVX1;
-            Transform_Sha256_Len_p = Transform_Sha256_AVX1_Len;
-            Transform_Sha256_is_vectorized = 1;
+            {
+                Transform_Sha256_p = Transform_Sha256_AVX1;
+                Transform_Sha256_Len_p = Transform_Sha256_AVX1_Len;
+                Transform_Sha256_is_vectorized = 1;
+            }
         }
         else
     #endif
@@ -709,10 +763,6 @@ static int InitSha256(wc_Sha256* sha256)
     {
         int ret = 0; /* zero = success */
 
-        if (sha256 == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
         /* We may or may not need initial digest for HW.
          * Always needed for SW-only. */
         sha256->digest[0] = 0x6A09E667L;
@@ -729,7 +779,7 @@ static int InitSha256(wc_Sha256* sha256)
         sha256->hiLen   = 0;
 
 #ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256
-        ret = esp_sha_init(&(sha256->ctx), WC_HASH_TYPE_SHA256);
+        ret = esp_sha_init((WC_ESP32SHA*)&(sha256->ctx), WC_HASH_TYPE_SHA256);
 #endif
         return ret;
     }
@@ -746,15 +796,14 @@ static int InitSha256(wc_Sha256* sha256)
             return BAD_FUNC_ARG;
         }
 
-    #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
-#ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256
+    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
         /* We know this is a fresh, uninitialized item, so set to INIT */
         if (sha256->ctx.mode != ESP32_SHA_INIT) {
             ESP_LOGV(TAG, "Set ctx mode from prior value: "
                                "%d", sha256->ctx.mode);
         }
         sha256->ctx.mode = ESP32_SHA_INIT;
-#endif
     #endif
 
         return InitSha256(sha256);
@@ -1023,21 +1072,13 @@ static int InitSha256(wc_Sha256* sha256)
     }
 
     /* do block size increments/updates */
-    static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+    static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+        word32 len)
     {
         int ret = 0;
         word32 blocksLen;
         byte* local;
 
-        if (sha256 == NULL || (data == NULL && len > 0)) {
-            return BAD_FUNC_ARG;
-        }
-
-        if (data == NULL && len == 0) {
-            /* valid, but do nothing */
-            return 0;
-        }
-
         /* check that internal buffLen is valid */
         if (sha256->buffLen >= WC_SHA256_BLOCK_SIZE) {
             return BUFFER_E;
@@ -1066,29 +1107,13 @@ static int InitSha256(wc_Sha256* sha256)
                 }
             #endif
 
-
-            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-                #if defined(WOLFSSL_X86_64_BUILD) && \
-                          defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-                if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-                #endif
-                #if (defined(CONFIG_IDF_TARGET_ESP32C3) || \
-                     defined(CONFIG_IDF_TARGET_ESP32C6)) && \
-                    defined(WOLFSSL_ESP32_CRYPT) && \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-                    if (esp_sha_need_byte_reversal(&sha256->ctx))
-                #endif
-                {
-                    ByteReverseWords(sha256->buffer, sha256->buffer,
-                        WC_SHA256_BLOCK_SIZE);
-                }
-            #endif
+            if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+                ByteReverseWords(sha256->buffer, sha256->buffer,
+                    WC_SHA256_BLOCK_SIZE);
+            }
 
             #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
                !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-
                 if (sha256->ctx.mode == ESP32_SHA_SW) {
                     #if defined(WOLFSSL_DEBUG_MUTEX)
                     {
@@ -1115,7 +1140,6 @@ static int InitSha256(wc_Sha256* sha256)
                 /* Always SW */
                 ret = XTRANSFORM(sha256, (const byte*)local);
             #endif
-
                 if (ret == 0)
                     sha256->buffLen = 0;
                 else
@@ -1130,12 +1154,13 @@ static int InitSha256(wc_Sha256* sha256)
         if (Transform_Sha256_Len_p != NULL)
         #endif
         {
-            /* get number of blocks */
-            /* 64-1 = 0x3F (~ Inverted = 0xFFFFFFC0) */
-            /* len (masked by 0xFFFFFFC0) returns block aligned length */
-            blocksLen = len & ~((word32)WC_SHA256_BLOCK_SIZE-1);
-            if (blocksLen > 0) {
-                /* Byte reversal and alignment handled in function if required */
+            if (len >= WC_SHA256_BLOCK_SIZE) {
+                /* get number of blocks */
+                /* 64-1 = 0x3F (~ Inverted = 0xFFFFFFC0) */
+                /* len (masked by 0xFFFFFFC0) returns block aligned length */
+                blocksLen = len & ~((word32)WC_SHA256_BLOCK_SIZE-1);
+                /* Byte reversal and alignment handled in function if required
+                 */
                 XTRANSFORM_LEN(sha256, data, blocksLen);
                 data += blocksLen;
                 len  -= blocksLen;
@@ -1178,23 +1203,9 @@ static int InitSha256(wc_Sha256* sha256)
                 }
             #endif
 
-            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-                #if (defined(CONFIG_IDF_TARGET_ESP32C3) || \
-                     defined(CONFIG_IDF_TARGET_ESP32C6)) && \
-                    defined(WOLFSSL_ESP32_CRYPT) && \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-                    if (esp_sha_need_byte_reversal(&sha256->ctx))
-                #endif
-                #if defined(WOLFSSL_X86_64_BUILD) && \
-                          defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-                if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-                #endif
-                {
-                    ByteReverseWords(local32, local32, WC_SHA256_BLOCK_SIZE);
-                }
-            #endif
+            if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+                ByteReverseWords(local32, local32, WC_SHA256_BLOCK_SIZE);
+            }
 
             #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
                !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
@@ -1231,14 +1242,16 @@ static int InitSha256(wc_Sha256* sha256)
 #else
     int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
     {
-        if (sha256 == NULL || (data == NULL && len > 0)) {
+        if (sha256 == NULL) {
             return BAD_FUNC_ARG;
         }
-
         if (data == NULL && len == 0) {
             /* valid, but do nothing */
             return 0;
         }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
 
     #ifdef WOLF_CRYPTO_CB
         #ifndef WOLF_CRYPTO_CB_FIND
@@ -1265,14 +1278,9 @@ static int InitSha256(wc_Sha256* sha256)
 
     static WC_INLINE int Sha256Final(wc_Sha256* sha256)
     {
-
         int ret;
         byte* local;
 
-        if (sha256 == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
         /* we'll add a 0x80 byte at the end,
         ** so make sure we have appropriate buffer length. */
         if (sha256->buffLen > WC_SHA256_BLOCK_SIZE - 1) {
@@ -1285,9 +1293,10 @@ static int InitSha256(wc_Sha256* sha256)
 
         /* pad with zeros */
         if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
-            XMEMSET(&local[sha256->buffLen], 0,
-                WC_SHA256_BLOCK_SIZE - sha256->buffLen);
-            sha256->buffLen += WC_SHA256_BLOCK_SIZE - sha256->buffLen;
+            if (sha256->buffLen < WC_SHA256_BLOCK_SIZE) {
+                XMEMSET(&local[sha256->buffLen], 0,
+                    WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+            }
 
         #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
            !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
@@ -1296,23 +1305,10 @@ static int InitSha256(wc_Sha256* sha256)
             }
         #endif
 
-        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-            #if (defined(CONFIG_IDF_TARGET_ESP32C3) || \
-                 defined(CONFIG_IDF_TARGET_ESP32C6))  && \
-                defined(WOLFSSL_ESP32_CRYPT) && \
-               !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-               !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-                if (esp_sha_need_byte_reversal(&sha256->ctx))
-            #endif
-            #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-            if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-            #endif
-            {
-                ByteReverseWords(sha256->buffer, sha256->buffer,
-                                                      WC_SHA256_BLOCK_SIZE);
-            }
-        #endif
+        if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords(sha256->buffer, sha256->buffer,
+                WC_SHA256_BLOCK_SIZE);
+        }
 
         #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
            !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
@@ -1349,23 +1345,10 @@ static int InitSha256(wc_Sha256* sha256)
     #endif
 
         /* store lengths */
-    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-        #if (defined(CONFIG_IDF_TARGET_ESP32C3) || \
-             defined(CONFIG_IDF_TARGET_ESP32C6)) && \
-            defined(WOLFSSL_ESP32_CRYPT) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-            if (esp_sha_need_byte_reversal(&sha256->ctx))
-        #endif
-        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-        if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-        #endif
-        {
+        if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
             ByteReverseWords(sha256->buffer, sha256->buffer,
-                WC_SHA256_BLOCK_SIZE);
+                WC_SHA256_PAD_SIZE);
         }
-    #endif
         /* ! 64-bit length ordering dependent on digest endian type ! */
         XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
         XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
@@ -1373,11 +1356,16 @@ static int InitSha256(wc_Sha256* sha256)
 
     /* Only the ESP32-C3 with HW enabled may need pad size byte order reversal
      * depending on HW or SW mode */
-    #if (defined(CONFIG_IDF_TARGET_ESP32C3) || \
-         defined(CONFIG_IDF_TARGET_ESP32C6)) && \
-         defined(WOLFSSL_ESP32_CRYPT) && \
+    #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32C6)    \
+        ) && \
+        defined(WOLFSSL_ESP32_CRYPT) &&         \
        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
+        /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+         * depending on if HW is active or not. */
         if (sha256->ctx.mode == ESP32_SHA_HW) {
         #if defined(WOLFSSL_SUPER_VERBOSE_DEBUG)
             ESP_LOGV(TAG, "Start: Reverse PAD SIZE Endianness.");
@@ -1442,18 +1430,10 @@ static int InitSha256(wc_Sha256* sha256)
         }
 
     #ifdef LITTLE_ENDIAN_ORDER
-        #if (defined(CONFIG_IDF_TARGET_ESP32C3) || \
-             defined(CONFIG_IDF_TARGET_ESP32C6)) && \
-            defined(WOLFSSL_ESP32_CRYPT) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-            if (esp_sha_need_byte_reversal(&sha256->ctx))
-        #endif
-            {
-                ByteReverseWords((word32*)digest,
-                                 (word32*)sha256->digest,
-                                  WC_SHA256_DIGEST_SIZE);
-            }
+        if (SHA256_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords((word32*)digest, (word32*)sha256->digest,
+                              WC_SHA256_DIGEST_SIZE);
+        }
         XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE);
     #else
         XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
@@ -1497,16 +1477,10 @@ static int InitSha256(wc_Sha256* sha256)
         }
 
     #if defined(LITTLE_ENDIAN_ORDER)
-        #if (defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6))  && \
-            defined(WOLFSSL_ESP32_CRYPT) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-            if (esp_sha_need_byte_reversal(&sha256->ctx))
-        #endif
-            {
-                ByteReverseWords(sha256->digest, sha256->digest,
-                                 WC_SHA256_DIGEST_SIZE);
-            }
+        if (SHA256_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords(sha256->digest, sha256->digest,
+                WC_SHA256_DIGEST_SIZE);
+        }
     #endif
         XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
 
@@ -1518,18 +1492,115 @@ static int InitSha256(wc_Sha256* sha256)
 /* @param sha  a pointer to wc_Sha256 structure           */
 /* @param data data to be applied SHA256 transformation   */
 /* @return 0 on successful, otherwise non-zero on failure */
-    int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data)
+    int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
     {
-        if (sha == NULL || data == NULL) {
+        if (sha256 == NULL || data == NULL) {
             return BAD_FUNC_ARG;
         }
-        return (Transform_Sha256(sha, data));
+        return Transform_Sha256(sha256, data);
     }
-    #endif
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA || HAVE_CURL */
 
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+    /* One block will be used from data.
+     * hash must be big enough to hold all of digest output.
+     */
+    int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
+        unsigned char* hash)
+    {
+        int ret;
+
+        if ((sha256 == NULL) || (data == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords(sha256->buffer, (word32*)data,
+                WC_SHA256_BLOCK_SIZE);
+            data = (unsigned char*)sha256->buffer;
+        }
+        ret = XTRANSFORM(sha256, data);
+
+        if ((ret == 0) && (hash != NULL)) {
+            if (!SHA256_REV_BYTES(&sha256->ctx)) {
+                XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+            }
+            else {
+        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+                __asm__ __volatile__ (
+                    "mov    0x00(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x00(%[h])\n\t"
+                    "mov    0x04(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x04(%[h])\n\t"
+                    "mov    0x08(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x08(%[h])\n\t"
+                    "mov    0x0c(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x0c(%[h])\n\t"
+                    "mov    0x10(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x10(%[h])\n\t"
+                    "mov    0x14(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x14(%[h])\n\t"
+                    "mov    0x18(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x18(%[h])\n\t"
+                    "mov    0x1c(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x1c(%[h])\n\t"
+                    :
+                    : [d] "r" (sha256->digest), [h] "r" (hash)
+                    : "memory", "esi"
+                );
+        #else
+                word32* hash32 = (word32*)hash;
+                word32* digest = (word32*)sha256->digest;
+            #if WOLFSSL_GENERAL_ALIGNMENT < 4
+                ALIGN16 word32 buf[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
+
+                if (((size_t)digest & 0x3) != 0) {
+                    if (((size_t)hash32 & 0x3) != 0) {
+                        XMEMCPY(buf, digest, WC_SHA256_DIGEST_SIZE);
+                        hash32 = buf;
+                        digest = buf;
+                    }
+                    else {
+                        XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE);
+                        digest = hash32;
+                    }
+                }
+                else if (((size_t)hash32 & 0x3) != 0) {
+                    hash32 = digest;
+                }
+            #endif
+                hash32[0] = ByteReverseWord32(digest[0]);
+                hash32[1] = ByteReverseWord32(digest[1]);
+                hash32[2] = ByteReverseWord32(digest[2]);
+                hash32[3] = ByteReverseWord32(digest[3]);
+                hash32[4] = ByteReverseWord32(digest[4]);
+                hash32[5] = ByteReverseWord32(digest[5]);
+                hash32[6] = ByteReverseWord32(digest[6]);
+                hash32[7] = ByteReverseWord32(digest[7]);
+            #if WOLFSSL_GENERAL_ALIGNMENT < 4
+                if (hash != (byte*)hash32) {
+                    XMEMCPY(hash, hash32, WC_SHA256_DIGEST_SIZE);
+                }
+            #endif
+        #endif /* WOLFSSL_X86_64_BUILD && USE_INTEL_SPEEDUP */
+            }
+            sha256->digest[0] = 0x6A09E667L;
+            sha256->digest[1] = 0xBB67AE85L;
+            sha256->digest[2] = 0x3C6EF372L;
+            sha256->digest[3] = 0xA54FF53AL;
+            sha256->digest[4] = 0x510E527FL;
+            sha256->digest[5] = 0x9B05688CL;
+            sha256->digest[6] = 0x1F83D9ABL;
+            sha256->digest[7] = 0x5BE0CD19L;
+        }
+
+        return ret;
+    }
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
 #endif /* !WOLFSSL_KCAPI_HASH */
 
+#endif /* XTRANSFORM */
+
 
 #ifdef WOLFSSL_SHA224
 
@@ -1648,10 +1719,6 @@ static int InitSha256(wc_Sha256* sha256)
     {
         int ret = 0;
 
-        if (sha224 == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
         sha224->digest[0] = 0xc1059ed8;
         sha224->digest[1] = 0x367cd507;
         sha224->digest[2] = 0x3070dd17;
@@ -1752,7 +1819,14 @@ static int InitSha256(wc_Sha256* sha256)
     {
         int ret;
 
-        if (sha224 == NULL || (data == NULL && len > 0)) {
+        if (sha224 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
             return BAD_FUNC_ARG;
         }
 
@@ -1792,11 +1866,11 @@ static int InitSha256(wc_Sha256* sha256)
         }
     #endif /* WOLFSSL_ASYNC_CRYPT */
 
-    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
-       (!defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256) || \
-        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224))
+    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) &&      \
+       ( !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256) || \
+         !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224) )
 
-        /* nothing enabled here for C3 success */
+        /* nothing enabled here for RISC-V C2/C3/C6 success */
     #endif
 
         ret = Sha256Final((wc_Sha256*)sha224);
@@ -1804,14 +1878,7 @@ static int InitSha256(wc_Sha256* sha256)
             return ret;
 
     #if defined(LITTLE_ENDIAN_ORDER)
-        #if (defined(CONFIG_IDF_TARGET_ESP32C3) || \
-             defined(CONFIG_IDF_TARGET_ESP32C6))  && \
-            defined(WOLFSSL_ESP32_CRYPT) && \
-       (!defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256) || \
-        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224))
-            if (esp_sha_need_byte_reversal(&sha224->ctx))
-        #endif
-        {
+        if (SHA256_REV_BYTES(&sha224->ctx)) {
             ByteReverseWords(sha224->digest,
                              sha224->digest,
                              WC_SHA224_DIGEST_SIZE);
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S b/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S
index 6d1c8ea7..3f7f6cf2 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S
@@ -46,6 +46,439 @@
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_X86_64_BUILD
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_sse2_sha256_sha_k:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_sse2_sha256_shuf_mask:
+.quad	0x405060700010203, 0xc0d0e0f08090a0b
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_SSE2_Sha
+.type	Transform_Sha256_SSE2_Sha,@function
+.align	16
+Transform_Sha256_SSE2_Sha:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_SSE2_Sha
+.p2align	4
+_Transform_Sha256_SSE2_Sha:
+#endif /* __APPLE__ */
+        movdqa	L_sse2_sha256_shuf_mask(%rip), %xmm10
+        movq	(%rdi), %xmm1
+        movq	8(%rdi), %xmm2
+        movhpd	16(%rdi), %xmm1
+        movhpd	24(%rdi), %xmm2
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        movdqu	(%rsi), %xmm3
+        movdqu	16(%rsi), %xmm4
+        movdqu	32(%rsi), %xmm5
+        movdqu	48(%rsi), %xmm6
+        pshufb	%xmm10, %xmm3
+        movdqa	%xmm1, %xmm8
+        movdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        movdqa	%xmm3, %xmm0
+        paddd	0+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        pshufb	%xmm10, %xmm4
+        movdqa	%xmm4, %xmm0
+        paddd	16+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        pshufb	%xmm10, %xmm5
+        movdqa	%xmm5, %xmm0
+        paddd	32+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        pshufb	%xmm10, %xmm6
+        movdqa	%xmm6, %xmm0
+        paddd	48+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        movdqa	%xmm3, %xmm0
+        paddd	64+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        movdqa	%xmm4, %xmm0
+        paddd	80+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        movdqa	%xmm5, %xmm0
+        paddd	96+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        movdqa	%xmm6, %xmm0
+        paddd	112+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        movdqa	%xmm3, %xmm0
+        paddd	128+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        movdqa	%xmm4, %xmm0
+        paddd	144+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        movdqa	%xmm5, %xmm0
+        paddd	160+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        movdqa	%xmm6, %xmm0
+        paddd	176+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        movdqa	%xmm3, %xmm0
+        paddd	192+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        movdqa	%xmm4, %xmm0
+        paddd	208+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm5, %xmm0
+        paddd	224+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm6, %xmm0
+        paddd	240+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        paddd	%xmm8, %xmm1
+        paddd	%xmm9, %xmm2
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        movq	%xmm1, (%rdi)
+        movq	%xmm2, 8(%rdi)
+        movhpd	%xmm1, 16(%rdi)
+        movhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_SSE2_Sha,.-Transform_Sha256_SSE2_Sha
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_SSE2_Sha_Len
+.type	Transform_Sha256_SSE2_Sha_Len,@function
+.align	16
+Transform_Sha256_SSE2_Sha_Len:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_SSE2_Sha_Len
+.p2align	4
+_Transform_Sha256_SSE2_Sha_Len:
+#endif /* __APPLE__ */
+        movdqa	L_sse2_sha256_shuf_mask(%rip), %xmm10
+        movq	(%rdi), %xmm1
+        movq	8(%rdi), %xmm2
+        movhpd	16(%rdi), %xmm1
+        movhpd	24(%rdi), %xmm2
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        # Start of loop processing a block
+L_sha256_sha_len_sse2_start:
+        movdqu	(%rsi), %xmm3
+        movdqu	16(%rsi), %xmm4
+        movdqu	32(%rsi), %xmm5
+        movdqu	48(%rsi), %xmm6
+        pshufb	%xmm10, %xmm3
+        movdqa	%xmm1, %xmm8
+        movdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        movdqa	%xmm3, %xmm0
+        paddd	0+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        pshufb	%xmm10, %xmm4
+        movdqa	%xmm4, %xmm0
+        paddd	16+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        pshufb	%xmm10, %xmm5
+        movdqa	%xmm5, %xmm0
+        paddd	32+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        pshufb	%xmm10, %xmm6
+        movdqa	%xmm6, %xmm0
+        paddd	48+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        movdqa	%xmm3, %xmm0
+        paddd	64+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        movdqa	%xmm4, %xmm0
+        paddd	80+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        movdqa	%xmm5, %xmm0
+        paddd	96+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        movdqa	%xmm6, %xmm0
+        paddd	112+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        movdqa	%xmm3, %xmm0
+        paddd	128+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        movdqa	%xmm4, %xmm0
+        paddd	144+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        movdqa	%xmm5, %xmm0
+        paddd	160+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        movdqa	%xmm6, %xmm0
+        paddd	176+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        movdqa	%xmm3, %xmm0
+        paddd	192+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        movdqa	%xmm4, %xmm0
+        paddd	208+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm5, %xmm0
+        paddd	224+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm6, %xmm0
+        paddd	240+L_sse2_sha256_sha_k(%rip), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        addq	$0x40, %rsi
+        subl	$0x40, %edx
+        paddd	%xmm8, %xmm1
+        paddd	%xmm9, %xmm2
+        jnz	L_sha256_sha_len_sse2_start
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        movq	%xmm1, (%rdi)
+        movq	%xmm2, 8(%rdi)
+        movhpd	%xmm1, 16(%rdi)
+        movhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_SSE2_Sha_Len,.-Transform_Sha256_SSE2_Sha_Len
+#endif /* __APPLE__ */
 #ifdef HAVE_INTEL_AVX1
 #ifndef __APPLE__
 .data
@@ -123,7 +556,6 @@ _Transform_Sha256_AVX1:
         pushq	%r14
         pushq	%r15
         subq	$0x40, %rsp
-        leaq	32(%rdi), %rax
         vmovdqa	L_avx1_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_sha256_shuf_00BA(%rip), %xmm11
         vmovdqa	L_avx1_sha256_shuf_DC00(%rip), %xmm12
@@ -136,12 +568,12 @@ _Transform_Sha256_AVX1:
         movl	24(%rdi), %r14d
         movl	28(%rdi), %r15d
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	%r9d, %ebx
@@ -2513,8 +2945,7 @@ _Transform_Sha256_AVX1_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
+        movq	%rdx, %rbp
         subq	$0x40, %rsp
         vmovdqa	L_avx1_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_sha256_shuf_00BA(%rip), %xmm11
@@ -2530,12 +2961,12 @@ _Transform_Sha256_AVX1_Len:
         # Start of loop processing a block
 L_sha256_len_avx1_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	%r9d, %ebx
@@ -4877,8 +5308,8 @@ L_sha256_len_avx1_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, %ebp
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
@@ -4980,14 +5411,13 @@ _Transform_Sha256_AVX1_RORX:
         vmovdqa	L_avx1_rorx_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_rorx_sha256_shuf_00BA(%rip), %xmm11
         vmovdqa	L_avx1_rorx_sha256_shuf_DC00(%rip), %xmm12
-        leaq	32(%rdi), %rax
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	(%rdi), %r8d
@@ -7325,8 +7755,7 @@ _Transform_Sha256_AVX1_RORX_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
+        movq	%rdx, %rbp
         subq	$0x40, %rsp
         vmovdqa	L_avx1_rorx_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_rorx_sha256_shuf_00BA(%rip), %xmm11
@@ -7342,12 +7771,12 @@ _Transform_Sha256_AVX1_RORX_Len:
         # Start of loop processing a block
 L_sha256_len_avx1_len_rorx_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         # set_w_k_xfer_4: 0
@@ -9648,8 +10077,8 @@ L_sha256_len_avx1_len_rorx_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, %ebp
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
@@ -9672,6 +10101,383 @@ L_sha256_len_avx1_len_rorx_start:
 #ifndef __APPLE__
 .size	Transform_Sha256_AVX1_RORX_Len,.-Transform_Sha256_AVX1_RORX_Len
 #endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_avx1_sha256_sha_k:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_avx1_sha256_shuf_mask:
+.quad	0x405060700010203, 0xc0d0e0f08090a0b
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_AVX1_Sha
+.type	Transform_Sha256_AVX1_Sha,@function
+.align	16
+Transform_Sha256_AVX1_Sha:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_AVX1_Sha
+.p2align	4
+_Transform_Sha256_AVX1_Sha:
+#endif /* __APPLE__ */
+        vmovdqa	L_avx1_sha256_shuf_mask(%rip), %xmm10
+        vmovq	(%rdi), %xmm1
+        vmovq	8(%rdi), %xmm2
+        vmovhpd	16(%rdi), %xmm1, %xmm1
+        vmovhpd	24(%rdi), %xmm2, %xmm2
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        vmovdqu	(%rsi), %xmm3
+        vmovdqu	16(%rsi), %xmm4
+        vmovdqu	32(%rsi), %xmm5
+        vmovdqu	48(%rsi), %xmm6
+        vpshufb	%xmm10, %xmm3, %xmm3
+        vmovdqa	%xmm1, %xmm8
+        vmovdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        vpaddd	0+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        vpshufb	%xmm10, %xmm4, %xmm4
+        vpaddd	16+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        vpshufb	%xmm10, %xmm5, %xmm5
+        vpaddd	32+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        vpshufb	%xmm10, %xmm6, %xmm6
+        vpaddd	48+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        vpaddd	64+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        vpaddd	80+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        vpaddd	96+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        vpaddd	112+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        vpaddd	128+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        vpaddd	144+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        vpaddd	160+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        vpaddd	176+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        vpaddd	192+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        vpaddd	208+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	224+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	240+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	%xmm8, %xmm1, %xmm1
+        vpaddd	%xmm9, %xmm2, %xmm2
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        vmovq	%xmm1, (%rdi)
+        vmovq	%xmm2, 8(%rdi)
+        vmovhpd	%xmm1, 16(%rdi)
+        vmovhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_AVX1_Sha,.-Transform_Sha256_AVX1_Sha
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_AVX1_Sha_Len
+.type	Transform_Sha256_AVX1_Sha_Len,@function
+.align	16
+Transform_Sha256_AVX1_Sha_Len:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_AVX1_Sha_Len
+.p2align	4
+_Transform_Sha256_AVX1_Sha_Len:
+#endif /* __APPLE__ */
+        vmovdqa	L_avx1_sha256_shuf_mask(%rip), %xmm10
+        vmovq	(%rdi), %xmm1
+        vmovq	8(%rdi), %xmm2
+        vmovhpd	16(%rdi), %xmm1, %xmm1
+        vmovhpd	24(%rdi), %xmm2, %xmm2
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        # Start of loop processing a block
+L_sha256_sha_len_avx1_start:
+        vmovdqu	(%rsi), %xmm3
+        vmovdqu	16(%rsi), %xmm4
+        vmovdqu	32(%rsi), %xmm5
+        vmovdqu	48(%rsi), %xmm6
+        vpshufb	%xmm10, %xmm3, %xmm3
+        vmovdqa	%xmm1, %xmm8
+        vmovdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        vpaddd	0+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        vpshufb	%xmm10, %xmm4, %xmm4
+        vpaddd	16+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        vpshufb	%xmm10, %xmm5, %xmm5
+        vpaddd	32+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        vpshufb	%xmm10, %xmm6, %xmm6
+        vpaddd	48+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        vpaddd	64+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        vpaddd	80+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        vpaddd	96+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        vpaddd	112+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        vpaddd	128+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        vpaddd	144+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        vpaddd	160+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        vpaddd	176+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        vpaddd	192+L_avx1_sha256_sha_k(%rip), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        vpaddd	208+L_avx1_sha256_sha_k(%rip), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	224+L_avx1_sha256_sha_k(%rip), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	240+L_avx1_sha256_sha_k(%rip), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        addq	$0x40, %rsi
+        subl	$0x40, %edx
+        vpaddd	%xmm8, %xmm1, %xmm1
+        vpaddd	%xmm9, %xmm2, %xmm2
+        jnz	L_sha256_sha_len_avx1_start
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        vmovq	%xmm1, (%rdi)
+        vmovq	%xmm2, 8(%rdi)
+        vmovhpd	%xmm1, 16(%rdi)
+        vmovhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_AVX1_Sha_Len,.-Transform_Sha256_AVX1_Sha_Len
+#endif /* __APPLE__ */
 #endif /* HAVE_INTEL_AVX1 */
 #ifdef HAVE_INTEL_AVX2
 #ifndef __APPLE__
@@ -9769,7 +10575,6 @@ _Transform_Sha256_AVX2:
         pushq	%r14
         pushq	%r15
         subq	$0x200, %rsp
-        leaq	32(%rdi), %rax
         vmovdqa	L_avx2_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx2_sha256_shuf_00BA(%rip), %ymm11
         vmovdqa	L_avx2_sha256_shuf_DC00(%rip), %ymm12
@@ -9782,12 +10587,12 @@ _Transform_Sha256_AVX2:
         movl	24(%rdi), %r14d
         movl	28(%rdi), %r15d
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	%r9d, %ebx
@@ -12159,13 +12964,12 @@ _Transform_Sha256_AVX2_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
+        movq	%rdx, %rbp
         subq	$0x200, %rsp
-        testb	$0x40, %sil
+        testb	$0x40, %bpl
         je	L_sha256_len_avx2_block
-        vmovdqu	(%rbp), %ymm0
-        vmovdqu	32(%rbp), %ymm1
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
         vmovups	%ymm0, 32(%rdi)
         vmovups	%ymm1, 64(%rdi)
 #ifndef __APPLE__
@@ -12173,8 +12977,8 @@ _Transform_Sha256_AVX2_Len:
 #else
         call	_Transform_Sha256_AVX2
 #endif /* __APPLE__ */
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, %ebp
         jz	L_sha256_len_avx2_done
 L_sha256_len_avx2_block:
         vmovdqa	L_avx2_sha256_flip_mask(%rip), %ymm13
@@ -12191,18 +12995,18 @@ L_sha256_len_avx2_block:
         # Start of loop processing two blocks
 L_sha256_len_avx2_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
-        vmovdqu	64(%rbp), %xmm4
-        vmovdqu	80(%rbp), %xmm5
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vmovdqu	64(%rsi), %xmm4
+        vmovdqu	80(%rsi), %xmm5
         vinserti128	$0x01, %xmm4, %ymm0, %ymm0
         vinserti128	$0x01, %xmm5, %ymm1, %ymm1
         vpshufb	%ymm13, %ymm0, %ymm0
         vpshufb	%ymm13, %ymm1, %ymm1
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
-        vmovdqu	96(%rbp), %xmm6
-        vmovdqu	112(%rbp), %xmm7
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vmovdqu	96(%rsi), %xmm6
+        vmovdqu	112(%rsi), %xmm7
         vinserti128	$0x01, %xmm6, %ymm2, %ymm2
         vinserti128	$0x01, %xmm7, %ymm3, %ymm3
         vpshufb	%ymm13, %ymm2, %ymm2
@@ -16245,8 +17049,8 @@ L_sha256_len_avx2_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        addq	$0x80, %rbp
-        subl	$0x80, %esi
+        addq	$0x80, %rsi
+        subl	$0x80, %ebp
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
@@ -16365,21 +17169,20 @@ _Transform_Sha256_AVX2_RORX:
         pushq	%r14
         pushq	%r15
         subq	$0x200, %rsp
-        leaq	32(%rdi), %rax
         vmovdqa	L_avx2_rorx_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx2_rorx_sha256_shuf_00BA(%rip), %ymm11
         vmovdqa	L_avx2_rorx_sha256_shuf_DC00(%rip), %ymm12
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
         vpaddd	0+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
         vpaddd	32+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm5
         vmovdqu	%ymm4, (%rsp)
         vmovdqu	%ymm5, 32(%rsp)
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         vpaddd	64+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
@@ -18730,13 +19533,12 @@ _Transform_Sha256_AVX2_RORX_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
+        movq	%rdx, %rbp
         subq	$0x200, %rsp
-        testb	$0x40, %sil
+        testb	$0x40, %bpl
         je	L_sha256_len_avx2_rorx_block
-        vmovdqu	(%rbp), %ymm0
-        vmovdqu	32(%rbp), %ymm1
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
         vmovups	%ymm0, 32(%rdi)
         vmovups	%ymm1, 64(%rdi)
 #ifndef __APPLE__
@@ -18744,8 +19546,8 @@ _Transform_Sha256_AVX2_RORX_Len:
 #else
         call	_Transform_Sha256_AVX2_RORX
 #endif /* __APPLE__ */
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, %ebp
         jz	L_sha256_len_avx2_rorx_done
 L_sha256_len_avx2_rorx_block:
         vmovdqa	L_avx2_rorx_sha256_flip_mask(%rip), %ymm13
@@ -18762,20 +19564,20 @@ L_sha256_len_avx2_rorx_block:
         # Start of loop processing two blocks
 L_sha256_len_avx2_rorx_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
-        vinserti128	$0x01, 64(%rbp), %ymm0, %ymm0
-        vinserti128	$0x01, 80(%rbp), %ymm1, %ymm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vinserti128	$0x01, 64(%rsi), %ymm0, %ymm0
+        vinserti128	$0x01, 80(%rsi), %ymm1, %ymm1
         vpshufb	%ymm13, %ymm0, %ymm0
         vpshufb	%ymm13, %ymm1, %ymm1
         vpaddd	0+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
         vpaddd	32+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm5
         vmovdqu	%ymm4, (%rsp)
         vmovdqu	%ymm5, 32(%rsp)
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
-        vinserti128	$0x01, 96(%rbp), %ymm2, %ymm2
-        vinserti128	$0x01, 112(%rbp), %ymm3, %ymm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vinserti128	$0x01, 96(%rsi), %ymm2, %ymm2
+        vinserti128	$0x01, 112(%rsi), %ymm3, %ymm3
         vpshufb	%ymm13, %ymm2, %ymm2
         vpshufb	%ymm13, %ymm3, %ymm3
         vpaddd	64+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
@@ -22637,7 +23439,7 @@ L_sha256_len_avx2_rorx_start:
         addl	%edx, %r8d
         xorl	%r10d, %eax
         addl	%eax, %r8d
-        addq	$0x80, %rbp
+        addq	$0x80, %rsi
         addl	(%rdi), %r8d
         addl	4(%rdi), %r9d
         addl	8(%rdi), %r10d
@@ -22646,7 +23448,7 @@ L_sha256_len_avx2_rorx_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        subl	$0x80, %esi
+        subl	$0x80, %ebp
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c
index c6968162..91bf1e5b 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c
@@ -39,8 +39,8 @@
      * By default the HW acceleration is on for ESP32 Chipsets,
      * but individual components can be turned off. See user_settings.h
      */
+    #define TAG "wc_sha_512"
     #define WOLFSSL_USE_ESP32_CRYPT_HASH_HW
-    static const char* TAG = "wc_sha_512";
 #else
     #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
 #endif
@@ -87,7 +87,7 @@
 #endif
 
 
-#if defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
     #if defined(__GNUC__) && ((__GNUC__ < 4) || \
                               (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
         #undef  NO_AVX2_SUPPORT
@@ -318,11 +318,9 @@ static int InitSha512_256(wc_Sha512* sha512)
 #endif /* WOLFSSL_SHA512 */
 
 /* Hardware Acceleration */
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
 
-#ifdef WOLFSSL_SHA512
-
     /*****
     Intel AVX1/AVX2 Macro Control Structure
 
@@ -452,37 +450,40 @@ static int InitSha512_256(wc_Sha512* sha512)
             }
             else
         #endif
-            if (1) {
+            {
                 Transform_Sha512_p = Transform_Sha512_AVX2;
                 Transform_Sha512_Len_p = Transform_Sha512_AVX2_Len;
                 Transform_Sha512_is_vectorized = 1;
             }
+        }
+        else
+    #endif
+    #if defined(HAVE_INTEL_AVX1)
+        if (IS_INTEL_AVX1(intel_flags)) {
         #ifdef HAVE_INTEL_RORX
-            else {
+            if (IS_INTEL_BMI2(intel_flags)) {
                 Transform_Sha512_p = Transform_Sha512_AVX1_RORX;
                 Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len;
                 Transform_Sha512_is_vectorized = 1;
             }
+            else
         #endif
-        }
-        else
-    #endif
-    #if defined(HAVE_INTEL_AVX1)
-        if (IS_INTEL_AVX1(intel_flags)) {
-            Transform_Sha512_p = Transform_Sha512_AVX1;
-            Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len;
-            Transform_Sha512_is_vectorized = 1;
+            {
+                Transform_Sha512_p = Transform_Sha512_AVX1;
+                Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len;
+                Transform_Sha512_is_vectorized = 1;
+            }
         }
         else
     #endif
         {
             Transform_Sha512_p = _Transform_Sha512;
-            Transform_Sha512_is_vectorized = 1;
+            Transform_Sha512_Len_p = NULL;
+            Transform_Sha512_is_vectorized = 0;
         }
 
         transform_check = 1;
     }
-#endif /* WOLFSSL_SHA512 */
 
 #else
     #define Transform_Sha512(sha512) _Transform_Sha512(sha512)
@@ -515,7 +516,7 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
     if (ret != 0)
         return ret;
 
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
     Sha512_SetTransform();
 #endif
@@ -756,7 +757,7 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
 
         if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
     #if defined(LITTLE_ENDIAN_ORDER)
-        #if defined(USE_INTEL_SPEEDUP) && \
+        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
             (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
             if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
         #endif
@@ -791,7 +792,7 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
         }
     }
 
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
     if (Transform_Sha512_Len_p != NULL) {
         word32 blocksLen = len & ~((word32)WC_SHA512_BLOCK_SIZE-1);
@@ -806,8 +807,9 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
     }
     else
 #endif
-#if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \
-        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
+#if !defined(LITTLE_ENDIAN_ORDER) || (defined(WOLFSSL_X86_64_BUILD) && \
+        defined(USE_INTEL_SPEEDUP) && (defined(HAVE_INTEL_AVX1) || \
+        defined(HAVE_INTEL_AVX2)))
     {
         while (len >= WC_SHA512_BLOCK_SIZE) {
             XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
@@ -815,7 +817,7 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
             data += WC_SHA512_BLOCK_SIZE;
             len  -= WC_SHA512_BLOCK_SIZE;
 
-        #if defined(USE_INTEL_SPEEDUP) && \
+        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
             (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
             if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
             {
@@ -938,10 +940,14 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
 
     /* pad with zeros */
     if (sha512->buffLen > WC_SHA512_PAD_SIZE) {
-        XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+        if (sha512->buffLen < WC_SHA512_BLOCK_SIZE ) {
+            XMEMSET(&local[sha512->buffLen], 0,
+                WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+        }
+
         sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen;
 #if defined(LITTLE_ENDIAN_ORDER)
-    #if defined(USE_INTEL_SPEEDUP) && \
+    #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
         (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
         if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
     #endif
@@ -987,7 +993,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
 
     /* store lengths */
 #if defined(LITTLE_ENDIAN_ORDER)
-    #if defined(USE_INTEL_SPEEDUP) && \
+    #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
         (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
         if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
     #endif
@@ -1006,7 +1012,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
     sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
 #endif
 
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
     if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
         ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
@@ -1211,13 +1217,13 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
         return MEMORY_E;
 #endif
 
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
     Sha512_SetTransform();
 #endif
 
 #if defined(LITTLE_ENDIAN_ORDER)
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
     if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
 #endif
@@ -1454,7 +1460,7 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
         return ret;
     }
 
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
     Sha512_SetTransform();
 #endif
@@ -1613,20 +1619,23 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
     if (ret == 0) {
         ret = esp_sha512_ctx_copy(src, dst);
     }
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+    #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
           defined(CONFIG_IDF_TARGET_ESP32C6)
         ESP_LOGV(TAG, "No SHA-512 HW on the ESP32-C3");
+
     #elif defined(CONFIG_IDF_TARGET_ESP32S2) || \
           defined(CONFIG_IDF_TARGET_ESP32S3)
-    if (ret == 0) {
-        ret = esp_sha512_ctx_copy(src, dst);
-    }
+        if (ret == 0) {
+            ret = esp_sha512_ctx_copy(src, dst);
+        }
     #else
         ESP_LOGW(TAG, "No SHA384 HW or not yet implemented for %s",
                        CONFIG_IDF_TARGET);
     #endif
 
-#endif
+#endif /* WOLFSSL_USE_ESP32_CRYPT_HASH_HW */
 
 #ifdef WOLFSSL_HASH_FLAGS
      dst->flags |= WC_HASH_FLAG_ISCOPY;
@@ -1893,7 +1902,9 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
 #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
     #if defined(CONFIG_IDF_TARGET_ESP32)
         esp_sha384_ctx_copy(src, dst);
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+    #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
           defined(CONFIG_IDF_TARGET_ESP32C6)
         ESP_LOGV(TAG, "No SHA-384 HW on the ESP32-C3");
     #elif defined(CONFIG_IDF_TARGET_ESP32S2) || \
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c b/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c
index 0fc27218..173b9148 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c
@@ -468,7 +468,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 
         : [in] "+r" (in), [inSz] "+r" (inSz), [k0] "+r" (k0), [k1] "+r" (k1),
           [v0] "+r" (v0), [v1] "+r" (v1), [v2] "+r" (v2), [v3] "+r" (v3)
-        : [key] "r" (key), [out] "r" (out) , [outSz] "r" (outSz)
+        : [out] "r" (out) , [outSz] "r" (outSz)
         : "memory"
     );
 
@@ -515,16 +515,16 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 #endif
         "xorq   %[k1], %[v0]\n\t"
 
-        "cmp    $8, %[outSz]\n\t"
-        "je     L_siphash_8_end\n\t"
-
         : [in] "+r" (in), [inSz] "+r" (inSz), [k0] "+r" (k0), [k1] "+r" (k1),
           [v0] "+r" (v0), [v1] "+r" (v1), [v2] "+r" (v2), [v3] "+r" (v3)
-        : [key] "r" (key), [out] "r" (out) , [outSz] "r" (outSz)
+        : [out] "r" (out) , [outSz] "r" (outSz)
         : "memory"
     );
 
     __asm__ __volatile__ (
+        "cmp    $8, %[outSz]\n\t"
+        "je     L_siphash_8_end\n\t"
+
         "xor    $0xee, %b[v2]\n\t"
 #if WOLFSSL_SIPHASH_DROUNDS == 2
         SIPHASH_ROUND(%[v0], %[v1], %[v2], %[v3])
@@ -575,7 +575,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 
         : [in] "+r" (in), [inSz] "+r" (inSz), [k0] "+r" (k0), [k1] "+r" (k1),
           [v0] "+r" (v0), [v1] "+r" (v1), [v2] "+r" (v2), [v3] "+r" (v3)
-        : [key] "r" (key), [out] "r" (out) , [outSz] "r" (outSz)
+        : [out] "r" (out) , [outSz] "r" (outSz)
         : "memory"
     );
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c
index 2014da43..8529e419 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c
@@ -74076,8 +74076,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74175,10 +74177,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -74496,8 +74500,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74595,10 +74601,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -91837,8 +91845,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -91936,10 +91946,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -92273,8 +92285,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -92372,10 +92386,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -119032,8 +119048,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -119131,10 +119149,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -119488,8 +119508,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -119587,10 +119609,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -148716,8 +148740,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -148815,10 +148841,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -149071,8 +149099,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -149170,10 +149200,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c
index ed66e6d1..ea3ce392 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c
@@ -24939,8 +24939,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -25038,10 +25040,12 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -25368,8 +25372,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -25467,10 +25473,12 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -45888,8 +45896,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -45987,10 +45997,12 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46317,8 +46329,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46416,10 +46430,12 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -74312,8 +74328,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74411,10 +74429,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -74759,8 +74779,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74858,10 +74880,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -118234,8 +118258,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -118333,10 +118359,12 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c
index c73f69ab..c7cb418c 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c
@@ -101578,8 +101578,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -101677,10 +101679,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -101998,8 +102002,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -102097,10 +102103,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -112446,8 +112454,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -112545,10 +112555,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -112882,8 +112894,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -112981,10 +112995,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -126089,8 +126105,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -126188,10 +126206,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -126545,8 +126565,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -126644,10 +126666,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -210707,8 +210731,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -210806,10 +210832,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -211062,8 +211090,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -211161,10 +211191,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c
index 468e0fcf..21a9e0ef 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c
@@ -23120,8 +23120,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -23219,10 +23221,12 @@ static int sp_256_ecc_mulmod_9(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -30674,8 +30678,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -30773,10 +30779,12 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -38277,8 +38285,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -38376,10 +38386,12 @@ static int sp_521_ecc_mulmod_21(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46862,8 +46874,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46961,10 +46975,12 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c
index a2b97d81..93fd140b 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c
@@ -24027,8 +24027,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -24126,10 +24128,12 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -31008,8 +31012,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -31107,10 +31113,12 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -38449,8 +38457,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -38548,10 +38558,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46216,8 +46228,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46315,10 +46329,12 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c
index 3ab1accb..07a3112b 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c
@@ -36403,8 +36403,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -36502,10 +36504,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -36823,8 +36827,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -36922,10 +36928,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46272,8 +46280,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46371,10 +46381,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46708,8 +46720,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46807,10 +46821,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -58262,8 +58278,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -58361,10 +58379,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -58718,8 +58738,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -58817,10 +58839,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -72587,8 +72611,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -72686,10 +72712,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -72942,8 +72970,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -73041,10 +73071,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c
index fd7b88c4..d3b1745d 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c
@@ -2620,8 +2620,10 @@ static THREAD_LS_T int sp_cache_last = -1;
 static THREAD_LS_T int sp_cache_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    static wolfSSL_Mutex sp_cache_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_lock);
+#ifdef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex = 0;
-    static wolfSSL_Mutex sp_cache_lock;
+#endif
 #endif
 
 static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
@@ -2701,10 +2703,12 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
     int err = MP_OKAY;
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (initCacheMutex == 0) {
          wc_InitMutex(&sp_cache_lock);
          initCacheMutex = 1;
     }
+#endif
     if (wc_LockMutex(&sp_cache_lock) != 0)
        err = BAD_MUTEX_E;
 #endif /* HAVE_THREAD_LS */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c
index 94fc01c3..83a1306b 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c
@@ -115,6 +115,14 @@ This library provides single precision (SP) integer math functions.
 
 #include <wolfssl/wolfcrypt/sp_int.h>
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 /* DECL_SP_INT: Declare one variable of type 'sp_int'. */
 #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
     !defined(WOLFSSL_SP_NO_MALLOC)
@@ -854,7 +862,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "bsr	%[a], %[i]	\n\t"                    \
         : [i] "=r" (vi)                                  \
         : [a] "r" (va)                                   \
-        : "cC"                                           \
+        : "cc"                                           \
     )
 
 #ifndef WOLFSSL_SP_DIV_WORD_HALF
@@ -4851,7 +4859,7 @@ static void _sp_init_size(sp_int* a, unsigned int size)
 #endif
     _sp_zero((sp_int*)am);
 
-    am->size = size;
+    a->size = size;
 }
 
 /* Initialize the multi-precision number to be zero with a given max size.
@@ -5408,7 +5416,8 @@ int sp_cmp_mag(const sp_int* a, const sp_int* b)
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) || !defined(NO_DSA) || \
     defined(OPENSSL_EXTRA) || !defined(NO_DH) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
+    (!defined(NO_RSA) && (!defined(WOLFSSL_RSA_VERIFY_ONLY) || \
+     defined(WOLFSSL_KEY_GEN)))
 /* Compare two multi-precision numbers.
  *
  * Assumes a and b are not NULL.
@@ -7031,7 +7040,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r)
 
 #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_SP_INVMOD)
 /* Divides a by 2 and stores in r: r = a >> 1
  *
  * @param  [in]   a  SP integer to divide.
@@ -17135,18 +17144,21 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     bits = sp_count_bits(m);
 
     /* Adding numbers into m->used * 2 digits - zero out unused digits. */
-    if (!ct) {
-        for (i = a->used; i < m->used * 2; i++) {
-            a->dp[i] = 0;
-        }
-    }
-    else {
+#ifndef WOLFSSL_NO_CT_OPS
+    if (ct) {
         for (i = 0; i < m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
         }
     }
+    else
+#endif /* !WOLFSSL_NO_CT_OPS */
+    {
+        for (i = a->used; i < m->used * 2; i++) {
+            a->dp[i] = 0;
+        }
+    }
 
     /* Special case when modulus is 1 digit or less. */
     if (m->used <= 1) {
@@ -17260,18 +17272,21 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     bits = sp_count_bits(m);
     mask = ((sp_int_digit)1 << (bits & (SP_WORD_SIZE - 1))) - 1;
 
-    if (!ct) {
-        for (i = a->used; i < m->used * 2; i++) {
-            a->dp[i] = 0;
-        }
-    }
-    else {
+#ifndef WOLFSSL_NO_CT_OPS
+    if (ct) {
         for (i = 0; i < m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
         }
     }
+    else
+#endif
+    {
+        for (i = a->used; i < m->used * 2; i++) {
+            a->dp[i] = 0;
+        }
+    }
 
     if (m->used <= 1) {
         sp_int_digit l;
@@ -18061,6 +18076,8 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
     unsigned int s = 0;
     unsigned int j = 0;
     sp_int_digit d;
+    /* Skip whitespace at end of line */
+    int eol_done = 0;
 
     /* Make all nibbles in digit 0. */
     d = 0;
@@ -18071,9 +18088,12 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
         int ch = (int)HexCharToByte(in[i]);
         /* Check for invalid character. */
         if (ch < 0) {
+            if (!eol_done && CharIsWhiteSpace(in[i]))
+                continue;
             err = MP_VAL;
             break;
         }
+        eol_done = 1;
 
         /* Check whether we have filled the digit. */
         if (s == SP_WORD_SIZE) {
@@ -18143,6 +18163,8 @@ static int _sp_read_radix_10(sp_int* a, const char* in)
             ch -= '0';
         }
         else {
+            if (CharIsWhiteSpace(ch))
+                continue;
             /* Return error on invalid character. */
             err = MP_VAL;
             break;
@@ -19422,7 +19444,7 @@ int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r)
     return err;
 }
 
-#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
+#endif /* !NO_RSA && WOLFSSL_KEY_GEN */
 
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
     (!defined(WC_RSA_BLINDING) || defined(HAVE_FIPS) || defined(HAVE_SELFTEST))
@@ -19548,7 +19570,8 @@ int sp_lcm(const sp_int* a, const sp_int* b, sp_int* r)
     return err;
 }
 
-#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
+#endif /* !NO_RSA && WOLFSSL_KEY_GEN && (!WC_RSA_BLINDING || HAVE_FIPS ||
+        * HAVE_SELFTEST) */
 
 /* Returns the run time settings.
  *
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c
index 990a999c..b57f5a3a 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c
@@ -10979,8 +10979,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -11078,10 +11080,12 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -11459,10 +11463,12 @@ static int sp_256_ecc_mulmod_avx2_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -30167,8 +30173,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -30266,10 +30274,12 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -30650,10 +30660,12 @@ static int sp_384_ecc_mulmod_avx2_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -55045,8 +55057,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -55144,10 +55158,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -55528,10 +55544,12 @@ static int sp_521_ecc_mulmod_avx2_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -96245,8 +96263,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -96344,10 +96364,12 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -96711,10 +96733,12 @@ static int sp_1024_ecc_mulmod_avx2_16(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c b/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c
index 65bb57a9..a0196ce3 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c
@@ -58,7 +58,7 @@
  *          0 otherwise.
  */
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key)
+                        sphincs_key* key, WC_RNG* rng)
 {
     int ret = 0;
 #ifdef HAVE_LIBOQS
@@ -135,6 +135,10 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
         localOutLen = *outLen;
     }
 
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
@@ -145,6 +149,8 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
         *outLen = (word32)localOutLen;
     }
 
+    wolfSSL_liboqsRngMutexUnlock();
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }
@@ -237,7 +243,7 @@ int wc_sphincs_init(sphincs_key* key)
         return BAD_FUNC_ARG;
     }
 
-    ForceZero(key, sizeof(key));
+    ForceZero(key, sizeof(*key));
     return 0;
 }
 
@@ -302,7 +308,7 @@ int wc_sphincs_get_level_and_optim(sphincs_key* key, byte* level, byte* optim)
 void wc_sphincs_free(sphincs_key* key)
 {
     if (key != NULL) {
-        ForceZero(key, sizeof(key));
+        ForceZero(key, sizeof(*key));
     }
 }
 
@@ -851,7 +857,7 @@ int wc_Sphincs_PrivateKeyDecode(const byte* input, word32* inOutIdx,
     else if ((key->level == 5) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL5k;
     }
-    if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
+    else if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
         keytype = SPHINCS_SMALL_LEVEL1k;
     }
     else if ((key->level == 3) && (key->optim == SMALL_VARIANT)) {
@@ -890,6 +896,11 @@ int wc_Sphincs_PublicKeyDecode(const byte* input, word32* inOutIdx,
         return BAD_FUNC_ARG;
     }
 
+    ret = wc_sphincs_import_public(input, inSz, key);
+    if (ret == 0) {
+        return 0;
+    }
+
     if ((key->level == 1) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL1k;
     }
@@ -899,7 +910,7 @@ int wc_Sphincs_PublicKeyDecode(const byte* input, word32* inOutIdx,
     else if ((key->level == 5) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL5k;
     }
-    if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
+    else if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
         keytype = SPHINCS_SMALL_LEVEL1k;
     }
     else if ((key->level == 3) && (key->optim == SMALL_VARIANT)) {
@@ -954,7 +965,7 @@ int wc_Sphincs_PublicKeyToDer(sphincs_key* key, byte* output, word32 inLen,
     else if ((key->level == 5) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL5k;
     }
-    if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
+    else if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
         keytype = SPHINCS_SMALL_LEVEL1k;
     }
     else if ((key->level == 3) && (key->optim == SMALL_VARIANT)) {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c b/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c
index 1b07f5d5..07cd1fed 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c
@@ -1104,9 +1104,9 @@ void fp_mod_2d(fp_int *a, int b, fp_int *c)
 
    bmax = ((unsigned int)b + DIGIT_BIT - 1) / DIGIT_BIT;
 
-   /* If a is negative and bmax is larger than FP_SIZE, then the
+   /* If a is negative and bmax is greater than or equal to FP_SIZE, then the
     * result can't fit within c. Just return. */
-   if (c->sign == FP_NEG && bmax > FP_SIZE) {
+   if (c->sign == FP_NEG && bmax >= FP_SIZE) {
       return;
    }
 
@@ -4589,10 +4589,11 @@ void fp_clear(fp_int *a)
 
 void fp_forcezero (mp_int * a)
 {
+    int size;
+
     if (a == NULL)
       return;
 
-    int size;
     a->used = 0;
     a->sign = FP_ZPOS;
 #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
@@ -5945,6 +5946,8 @@ static int fp_read_radix_16(fp_int *a, const char *str)
 {
   int     i, j, k, neg;
   int     ch;
+  /* Skip whitespace at end of line */
+  int     eol_done = 0;
 
   /* if the leading digit is a
    * minus set the sign to negative.
@@ -5961,8 +5964,11 @@ static int fp_read_radix_16(fp_int *a, const char *str)
   for (i = (int)(XSTRLEN(str) - 1); i >= 0; i--) {
       ch = (int)HexCharToByte(str[i]);
       if (ch < 0) {
+        if (!eol_done && CharIsWhiteSpace(str[i]))
+          continue;
         return FP_VAL;
       }
+      eol_done = 1;
 
       k += j == DIGIT_BIT;
       j &= DIGIT_BIT - 1;
@@ -6024,7 +6030,13 @@ static int fp_read_radix(fp_int *a, const char *str, int radix)
       }
     }
     if (y >= radix) {
-      return FP_VAL;
+      /* Check if whitespace at end of line */
+      while (CharIsWhiteSpace(*str))
+        ++str;
+      if (*str)
+        return FP_VAL;
+      else
+        break;
     }
 
     /* if the char was found in the map
@@ -6080,14 +6092,14 @@ int mp_montgomery_setup(fp_int *a, fp_digit *rho)
 
 #endif /* HAVE_ECC || (!NO_RSA && WC_RSA_BLINDING) */
 
-#ifdef HAVE_ECC
-
 /* fast math conversion */
 int mp_sqr(fp_int *A, fp_int *B)
 {
     return fp_sqr(A, B);
 }
 
+#ifdef HAVE_ECC
+
 /* fast math conversion */
 int mp_div_2(fp_int * a, fp_int * b)
 {
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c
index 95dfed64..c31c62b1 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c
@@ -38,7 +38,7 @@
 #include "rpcmem.h"
 static wolfSSL_DSP_Handle_cb handle_function = NULL;
 static remote_handle64 defaultHandle;
-static wolfSSL_Mutex handle_mutex; /* mutex for access to single default handle */
+static wolfSSL_Mutex handle_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(handle_mutex); /* mutex for access to single default handle */
 
 #define WOLFSSL_HANDLE_DONE 1
 #define WOLFSSL_HANDLE_GET 0
@@ -95,11 +95,13 @@ int wolfSSL_InitHandle()
         return -1;
     }
     wolfSSL_SetHandleCb(default_handle_cb);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     ret = wc_InitMutex(&handle_mutex);
     if (ret != 0) {
         WOLFSSL_MSG("Unable to init handle mutex");
         return -1;
     }
+#endif
     return 0;
 }
 
@@ -108,7 +110,9 @@ int wolfSSL_InitHandle()
 void wolfSSL_CleanupHandle()
 {
     wolfSSL_close(defaultHandle);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_FreeMutex(&handle_mutex);
+#endif
 }
 #if defined(WOLFSSL_HAVE_SP_ECC)
 
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber.c b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber.c
index 8d516c89..b0b358f0 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber.c
@@ -1,6 +1,6 @@
 /* wc_kyber.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,1249 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* Implementation based on NIST 3rd Round submission package.
+ * See link at:
+ *   https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/kyber.h>
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/memory.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLFSSL_WC_KYBER
+
+/******************************************************************************/
+
+/* Use SHA3-256 to generate 32-bytes of hash. */
+#define KYBER_HASH_H            wc_Sha3_256Hash
+/* Use SHA3-512 to generate 64-bytes of hash. */
+#define KYBER_HASH_G            wc_Sha3_512Hash
+/* Use SHAKE-256 as a key derivation function (KDF). */
+#ifdef USE_INTEL_SPEEDUP
+#define KYBER_KDF               kyber_kdf
+#else
+#define KYBER_KDF               wc_Shake256Hash
+#endif
+
+/******************************************************************************/
+
+/**
+ * Initialize the Kyber key.
+ *
+ * @param  [in]   type   Type of key: KYBER512, KYBER768, KYBER1024.
+ * @param  [out]  key    Kyber key object to initialize.
+ * @param  [in]   heap   Dynamic memory hint.
+ * @param  [in]   devId  Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL or type is unrecognized.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
+{
+    int ret = 0;
+
+    /* Validate key. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Validate type. */
+        switch (type) {
+        case KYBER512:
+        #ifndef WOLFSSL_KYBER512
+            /* Code not compiled in for Kyber-512. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case KYBER768:
+        #ifndef WOLFSSL_KYBER768
+            /* Code not compiled in for Kyber-768. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case KYBER1024:
+        #ifndef WOLFSSL_KYBER1024
+            /* Code not compiled in for Kyber-1024. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        default:
+            /* No other values supported. */
+            ret = BAD_FUNC_ARG;
+            break;
+        }
+    }
+    if (ret == 0) {
+        /* Zero out all data. */
+        XMEMSET(key, 0, sizeof(*key));
+
+        /* Keep type for parameters. */
+        key->type = type;
+        /* Cache heap pointer. */
+        key->heap = heap;
+    #ifdef WOLF_CRYPTO_CB
+        /* Cache device id - not used in for this algorithm yet. */
+        key->devId = devId;
+    #endif
+
+        /* Initialize the PRF algorithm object. */
+        ret = kyber_prf_new(&key->prf, heap, devId);
+    }
+    if (ret == 0) {
+        kyber_init();
+    }
+
+    (void)devId;
+
+    return ret;
+}
+
+/**
+ * Free the Kyber key object.
+ *
+ * @param  [in, out]  key   Kyber key object to dispose of.
+ */
+void wc_KyberKey_Free(KyberKey* key)
+{
+    if (key != NULL) {
+        /* Dispose of PRF object. */
+        kyber_prf_free(&key->prf);
+        /* Ensure all private data is zeroed. */
+        ForceZero(key, sizeof(*key));
+    }
+}
+
+/******************************************************************************/
+
+/**
+ * Make a Kyber key object using a random number generator.
+ *
+ * @param  [in, out]  key   Kyber key object.
+ * @param  [in]       rng   Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or rng is NULL.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
+{
+    int ret = 0;
+    unsigned char rand[KYBER_MAKEKEY_RAND_SZ];
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Generate random to with PRFs. */
+        ret = wc_RNG_GenerateBlock(rng, rand, KYBER_SYM_SZ);
+    }
+    if (ret == 0) {
+        /* Generate random to with PRFs. */
+        ret = wc_RNG_GenerateBlock(rng, rand + KYBER_SYM_SZ, KYBER_SYM_SZ);
+    }
+    if (ret == 0) {
+        /* Make a key pair from the random. */
+        ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
+    }
+
+    /* Ensure seeds are zeroized. */
+    ForceZero((void*)rand, (word32)sizeof(rand));
+
+    return ret;
+}
+
+/**
+ * Make a Kyber key object using random data.
+ *
+ * @param  [in, out]  key   Kyber key ovject.
+ * @param  [in]       rng   Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or rand is NULL.
+ * @return  BUFFER_E when length is not KYBER_MAKEKEY_RAND_SZ.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
+    int len)
+{
+    byte buf[2 * KYBER_SYM_SZ + 1];
+    byte* pubSeed = buf;
+    byte* noiseSeed = buf + KYBER_SYM_SZ;
+    sword16* a = NULL;
+    sword16* e;
+    int ret = 0;
+    int kp = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rand == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (len != KYBER_MAKEKEY_RAND_SZ)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            kp = KYBER512_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            kp = KYBER768_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            kp = KYBER1024_K;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    if (ret == 0) {
+        /* Allocate dynamic memory for matrix and error vector. */
+        a = (sword16*)XMALLOC((kp + 1) * kp * KYBER_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (a == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 0) {
+        /* Error vector allocated at end of a. */
+        e = a + (kp * kp * KYBER_N);
+
+        /* Expand 16 bytes of random to 32. */
+        ret = KYBER_HASH_G(rand, KYBER_SYM_SZ, buf);
+    }
+    if (ret == 0) {
+        /* Cache the public seed for use in encapsulation and encoding public
+         * key. */
+        XMEMCPY(key->pubSeed, pubSeed, KYBER_SYM_SZ);
+        /* Cache the z value for decapsulation and encoding private key. */
+        XMEMCPY(key->z, rand + KYBER_SYM_SZ, sizeof(key->z));
+
+        /* Generate the matrix A. */
+        ret = kyber_gen_matrix(&key->prf, a, kp, pubSeed, 0);
+    }
+
+    if (ret == 0) {
+        /* Initialize PRF for use in noise generation. */
+        kyber_prf_init(&key->prf);
+        /* Generate noise using PRF. */
+        ret = kyber_get_noise(&key->prf, kp, key->priv, e, NULL, noiseSeed);
+    }
+    if (ret == 0) {
+        /* Generate key pair from random data. */
+        kyber_keygen(key->priv, key->pub, e, a, kp);
+
+        /* Private and public key are set/available. */
+        key->flags |= KYBER_FLAG_PRIV_SET | KYBER_FLAG_PUB_SET;
+    }
+
+    /* Free dynamic memory allocated in function. */
+    XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return ret;
+}
+
+/******************************************************************************/
+
+/**
+ * Get the size in bytes of cipher text for key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of cipher text in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the cipher text for the type of this key. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Size of a shared secret in bytes. Always KYBER_SS_SZ.
+ *
+ * @param  [in]   key  Kyber key object. Not used.
+ * @param  [out]  Size of the shared secret created with a Kyber key.
+ * @return  0 on success.
+ * @return  0 to indicate success.
+ */
+int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
+{
+    (void)key;
+
+    *len = KYBER_SS_SZ;
+
+    return 0;
+}
+
+/* Encapsulate data and derive secret.
+ *
+ * @param  [in]  key    Kyber key object.
+ * @param  [in]  msg    Message to encapsulate.
+ * @param  [in]  coins  Coins (seed) to feed to PRF.
+ * @param  [in]  ct     Calculated cipher text.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
+    unsigned char* ct)
+{
+    int ret = 0;
+    sword16* sp;
+    sword16* ep;
+    sword16* k;
+    sword16* epp;
+    unsigned int kp;
+    unsigned int compVecSz;
+#ifndef USE_INTEL_SPEEDUP
+    sword16* at = NULL;
+#else
+    sword16 at[((KYBER_MAX_K + 3) * KYBER_MAX_K + 3) * KYBER_N];
+#endif
+
+    /* Establish parameters based on key type. */
+    switch (key->type) {
+#ifdef WOLFSSL_KYBER512
+    case KYBER512:
+        kp = KYBER512_K;
+        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER768
+    case KYBER768:
+        kp = KYBER768_K;
+        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER1024
+    case KYBER1024:
+        kp = KYBER1024_K;
+        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+    default:
+        /* No other values supported. */
+        ret = NOT_COMPILED_IN;
+        break;
+    }
+
+#ifndef USE_INTEL_SPEEDUP
+    if (ret == 0) {
+        /* Allocate dynamic memory for all matrices, vectors and polynomials. */
+        at = (sword16*)XMALLOC(((kp + 3) * kp + 3) * KYBER_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (at == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Assign allocated dynamic memory to pointers.
+         * at (m) | k (p) | sp (v) | sp (v) | epp (v) | bp (p) | v (v) */
+        k   = at  + KYBER_N * kp * kp;
+        sp  = k   + KYBER_N;
+        ep  = sp  + KYBER_N * kp;
+        epp = ep  + KYBER_N * kp;
+
+        /* Convert msg to a polynomial. */
+        kyber_from_msg(k, msg);
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #error "Contact wolfSSL to get the implementation of this file"
+        /* Generate the transposed matrix. */
+        ret = kyber_gen_matrix(&key->prf, at, kp, key->pubSeed, 1);
+    }
+    if (ret == 0) {
+        /* Initialize the PRF for use in the noise generation. */
+        kyber_prf_init(&key->prf);
+        /* Generate noise using PRF. */
+        ret = kyber_get_noise(&key->prf, kp, sp, ep, epp, coins);
+    }
+    if (ret == 0) {
+        sword16* bp;
+        sword16* v;
+
+        /* Assign remaining allocated dynamic memory to pointers.
+         * at (m) | k (p) | sp (v) | sp (v) | epp (v) | bp (p) | v (v)*/
+        bp  = epp + KYBER_N;
+        v   = bp  + KYBER_N * kp;
+
+        /* Perform encapsulation maths. */
+        kyber_encapsulate(key->pub, bp, v, at, sp, ep, epp, k, kp);
+
+    #ifdef WOLFSSL_KYBER512
+        if (kp == KYBER512_K) {
+            kyber_vec_compress_10(ct, bp, kp);
+            kyber_compress_4(ct + compVecSz, v);
+        }
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        if (kp == KYBER768_K) {
+            kyber_vec_compress_10(ct, bp, kp);
+            kyber_compress_4(ct + compVecSz, v);
+        }
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        if (kp == KYBER1024_K) {
+            kyber_vec_compress_11(ct, bp);
+            kyber_compress_5(ct + compVecSz, v);
+        }
+    #endif
+    }
+
+#ifndef USE_INTEL_SPEEDUP
+    /* Dispose of dynamic memory allocated in function. */
+    XFREE(at, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
+
+    return ret;
+}
+
+/**
+ * Encapsulate with random number generator and derive secret.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  ct   Cipher text.
+ * @param  [out]  ss   Shared secret generated.
+ * @param  [in]   rng  Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, ct, ss or RNG is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
+    WC_RNG* rng)
+{
+    int ret = 0;
+    unsigned char rand[KYBER_ENC_RAND_SZ];
+
+    /* Validate parameters. */
+    if ((key == NULL) || (ct == NULL) || (ss == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Generate seed for use with PRFs. */
+        ret = wc_RNG_GenerateBlock(rng, rand, sizeof(rand));
+    }
+    if (ret == 0) {
+        /* Encapsulate with the random. */
+        ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, rand,
+            sizeof(rand));
+    }
+
+    return ret;
+}
+
+/**
+ * Encapsulate with random data and derive secret.
+ *
+ * @param  [out]  ct    Cipher text.
+ * @param  [out]  ss    Shared secret generated.
+ * @param  [in]   rand  Random data.
+ * @param  [in]   len   Random data.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, ct, ss or RNG is NULL.
+ * @return  BUFFER_E when len is not KYBER_ENC_RAND_SZ.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
+    unsigned char* ss, const unsigned char* rand, int len)
+{
+    byte msg[2 * KYBER_SYM_SZ];
+    byte kr[2 * KYBER_SYM_SZ + 1];
+    int ret = 0;
+    unsigned int ctSz;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (ct == NULL) || (ss == NULL) || (rand == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (len != KYBER_ENC_RAND_SZ)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            ctSz = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            ctSz = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            ctSz = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    /* If public hash (h) is not stored against key, calculate it. */
+    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
+        byte* pubKey = NULL;
+        word32 pubKeyLen;
+
+        /* Determine how big an encoded public key will be. */
+        ret = wc_KyberKey_PublicKeySize(key, &pubKeyLen);
+        if (ret == 0) {
+            /* Allocate dynamic memory for encoded public key. */
+            pubKey = (byte*)XMALLOC(pubKeyLen, key->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (pubKey == NULL) {
+                ret = MEMORY_E;
+            }
+        }
+        if (ret == 0) {
+            /* Encode public key - h is hash of encoded public key. */
+            ret = wc_KyberKey_EncodePublicKey(key, pubKey, pubKeyLen);
+        }
+        /* Dispose of encoded public key. */
+        XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
+        /* Implementation issue if h not cached and flag set. */
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Hash random to anonymize as seed data. */
+        ret = KYBER_HASH_H(rand, KYBER_SYM_SZ, msg);
+    }
+    if (ret == 0) {
+        /* Copy the hash of the public key into msg. */
+        XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
+
+        /* Hash message into seed buffer. */
+        ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
+    }
+
+    if (ret == 0) {
+        /* Encapsulate the message using the key and the seed (coins). */
+        ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct);
+    }
+
+    if (ret == 0) {
+        /* Hash the cipher text after the seed. */
+        ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
+    }
+    if (ret == 0) {
+        /* Derive the secret from the seed and hash of cipher text. */
+        ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
+    }
+
+    return ret;
+}
+
+/******************************************************************************/
+
+/* Decapsulate cipher text to the message using key.
+ *
+ * @param  [in]   Kyber key object.
+ * @param  [out]  Message than was encapsulated.
+ * @param  [in]   Cipher text.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
+    unsigned char* msg, const unsigned char* ct)
+{
+    int ret = 0;
+    sword16* v;
+    sword16* mp;
+    unsigned int kp;
+    unsigned int compVecSz;
+#ifndef USE_INTEL_SPEEDUP
+    sword16* bp = NULL;
+#else
+    sword16 bp[(KYBER_MAX_K + 2) * KYBER_N];
+#endif
+
+    /* Establish parameters based on key type. */
+    switch (key->type) {
+#ifdef WOLFSSL_KYBER512
+    case KYBER512:
+        kp = KYBER512_K;
+        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER768
+    case KYBER768:
+        kp = KYBER768_K;
+        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER1024
+    case KYBER1024:
+        kp = KYBER1024_K;
+        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+    default:
+        /* No other values supported. */
+        ret = NOT_COMPILED_IN;
+        break;
+    }
+
+#ifndef USE_INTEL_SPEEDUP
+    if (ret == 0) {
+        /* Allocate dynamic memory for a vector and two polynomials. */
+        bp = (sword16*)XMALLOC((kp + 2) * KYBER_N * sizeof(sword16), key->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (bp == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Assign allocated dynamic memory to pointers.
+         * bp (v) | v (p) | mp (p) */
+        v = bp + kp * KYBER_N;
+        mp = v + KYBER_N;
+
+    #ifdef WOLFSSL_KYBER512
+        if (kp == KYBER512_K) {
+            kyber_vec_decompress_10(bp, ct, kp);
+            kyber_decompress_4(v, ct + compVecSz);
+        }
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        if (kp == KYBER768_K) {
+            kyber_vec_decompress_10(bp, ct, kp);
+            kyber_decompress_4(v, ct + compVecSz);
+        }
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        if (kp == KYBER1024_K) {
+            kyber_vec_decompress_11(bp, ct);
+            kyber_decompress_5(v, ct + compVecSz);
+        }
+    #endif
+
+        /* Decapsulate the cipher text into polynomial. */
+        kyber_decapsulate(key->priv, mp, bp, v, kp);
+
+        /* Convert the polynomial into a array of bytes (message). */
+        kyber_to_msg(msg, mp);
+    }
+
+#ifndef USE_INTEL_SPEEDUP
+    /* Dispose of dynamically memory allocated in function. */
+    XFREE(bp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+/**
+ * Decapsulate the cipher text to calculate the shared secret.
+ *
+ * Validates the cipher text by encapsulating and comparing with data passed in.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  ss   Shared secret.
+ * @param  [in]   ct   Cipher text.
+ * @param  [in]   len  Length of cipher text.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, ss or cr are NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the length of cipher text for the key type.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
+    const unsigned char* ct, word32 len)
+{
+    byte msg[2 * KYBER_SYM_SZ];
+    byte kr[2 * KYBER_SYM_SZ + 1];
+    int ret = 0;
+    unsigned int ctSz;
+    unsigned int i;
+    int fail;
+#ifndef USE_INTEL_SPEEDUP
+    byte* cmp = NULL;
+#else
+    byte cmp[KYBER_MAX_CIPHER_TEXT_SIZE];
+#endif
+
+    /* Validate parameters. */
+    if ((key == NULL) || (ss == NULL) || (ct == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish cipher text size based on key type. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            ctSz = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            ctSz = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            ctSz = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    /* Ensure the cipher text passed in is the correct size. */
+    if ((ret == 0) && (len != ctSz)) {
+        ret = BUFFER_E;
+    }
+
+#ifndef USE_INTEL_SPEEDUP
+    if (ret == 0) {
+        /* Allocate memory for cipher text that is generated. */
+        cmp = (byte*)XMALLOC(ctSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cmp == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Decapsulate the cipher text. */
+        ret = kyberkey_decapsulate(key, msg, ct);
+    }
+    if (ret == 0) {
+        /* Copy public hash over after the seed. */
+        XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
+        /* Hash message into seed buffer. */
+        ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
+    }
+    if (ret == 0) {
+        /* Encapsulate the message. */
+        ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, cmp);
+    }
+    if (ret == 0) {
+        /* Compare generated cipher text with that passed in. */
+        fail = kyber_cmp(ct, cmp, ctSz);
+
+        /* Hash the cipher text after the seed. */
+        ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
+    }
+    if (ret == 0) {
+        /* Change seed to z on comparison failure. */
+        for (i = 0; i < KYBER_SYM_SZ; i++) {
+            kr[i] ^= (kr[i] ^ key->z[i]) & fail;
+        }
+
+        /* Derive the secret from the seed and hash of cipher text. */
+        ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
+    }
+
+#ifndef USE_INTEL_SPEEDUP
+    /* Dispose of dynamic memory allocated in function. */
+    XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+/******************************************************************************/
+
+/**
+ * Decode the private key.
+ *
+ * Private Vector | Public Key | Public Hash | Randomizer
+ *
+ * @param  [in, out]  key  Kyber key object.
+ * @param  [in]       in   Buffer holding encoded key.
+ * @param  [in]       len  Length of data in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or in is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the correct size.
+ */
+int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, word32 len)
+{
+    int ret = 0;
+    word32 privLen = 0;
+    word32 pubLen = 0;
+    unsigned int k = 0;
+    unsigned char* p = in;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            privLen = KYBER512_PRIVATE_KEY_SIZE;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            privLen = KYBER768_PRIVATE_KEY_SIZE;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            privLen = KYBER1024_PRIVATE_KEY_SIZE;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Ensure the data is the correct length for the key type. */
+    if ((ret == 0) && (len != privLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Decode private key that is vector of polynomials. */
+        kyber_from_bytes(key->priv, p, k);
+        p += k * KYBER_POLY_SIZE;
+
+        /* Decode the public key that is after the private key. */
+        ret = wc_KyberKey_DecodePublicKey(key, p, pubLen);
+    }
+    if (ret == 0) {
+        /* Skip over public key. */
+        p += pubLen;
+        /* Copy the hash of the encoded public key that is after public key. */
+        XMEMCPY(key->h, p, sizeof(key->h));
+        p += KYBER_SYM_SZ;
+        /* Copy the z (randomizer) that is after hash. */
+        XMEMCPY(key->z, p, sizeof(key->z));
+        /* Set that private and public keys, and public hash are set. */
+        key->flags |= KYBER_FLAG_H_SET | KYBER_FLAG_BOTH_SET;
+    }
+
+    return ret;
+}
+
+/**
+ * Decode public key.
+ *
+ * Public vector | Public Seed
+ *
+ * @param  [in, out]  key  Kyber key object.
+ * @param  [in]       in   Buffer holding encoded key.
+ * @param  [in]       len  Length of data in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or in is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the correct size.
+ */
+int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in, word32 len)
+{
+    int ret = 0;
+    word32 pubLen = 0;
+    unsigned int k = 0;
+    unsigned char* p = in;
+
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Ensure the data is the correct length for the key type. */
+    if ((ret == 0) && (len != pubLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        unsigned int i;
+
+        /* Decode public key that is vector of polynomials. */
+        kyber_from_bytes(key->pub, p, k);
+        p += k * KYBER_POLY_SIZE;
+
+        /* Read public key seed. */
+        for (i = 0; i < KYBER_SYM_SZ; i++) {
+            key->pubSeed[i] = p[i];
+        }
+        /* Calculate public hash. */
+        ret = KYBER_HASH_H(in, len, key->h);
+    }
+    if (ret == 0) {
+        /* Record public key and public hash set. */
+        key->flags |= KYBER_FLAG_PUB_SET | KYBER_FLAG_H_SET;
+    }
+
+    return ret;
+}
+
+/**
+ * Get the size in bytes of encoded private key for the key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of encoded private key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the encoded private key for the type of this
+         * key. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Get the size in bytes of encoded public key for the key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of encoded public key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the encoded public key for the type of this
+         * key. */
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Encode the private key.
+ *
+ * Private Vector | Public Key | Public Hash | Randomizer
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  out  Buffer to hold data.
+ * @param  [in]   len  Size of buffer in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or out is NULL or private/public key not
+ * available.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
+{
+    int ret = 0;
+    unsigned int k = 0;
+    unsigned int pubLen = 0;
+    unsigned int privLen = 0;
+    unsigned char* p = out;
+
+    if ((key == NULL) || (out == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) &&
+            ((key->flags & KYBER_FLAG_BOTH_SET) != KYBER_FLAG_BOTH_SET)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            privLen = KYBER512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            privLen = KYBER768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            privLen = KYBER1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Check buffer is big enough for encoding. */
+    if ((ret == 0) && (len != privLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Encode private key that is vector of polynomials. */
+        kyber_to_bytes(p, key->priv, k);
+        p += KYBER_POLY_SIZE * k;
+
+        /* Encode public key. */
+        ret = wc_KyberKey_EncodePublicKey(key, p, pubLen);
+        p += pubLen;
+    }
+    /* Ensure hash of public key is available. */
+    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
+        ret = KYBER_HASH_H(p - pubLen, pubLen, key->h);
+    }
+    if (ret == 0) {
+        /* Public hash is available. */
+        key->flags |= KYBER_FLAG_H_SET;
+        /* Append public hash. */
+        XMEMCPY(p, key->h, sizeof(key->h));
+        p += KYBER_SYM_SZ;
+        /* Append z (randomizer). */
+        XMEMCPY(p, key->z, sizeof(key->z));
+    }
+
+    return ret;
+}
+
+/**
+ * Encode the public key.
+ *
+ * Public vector | Public Seed
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  out  Buffer to hold data.
+ * @param  [in]   len  Size of buffer in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or out is NULL or public key not available.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
+{
+    int ret = 0;
+    unsigned int k = 0;
+    unsigned int pubLen = 0;
+    unsigned char* p = out;
+
+    if ((key == NULL) || (out == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) &&
+            ((key->flags & KYBER_FLAG_PUB_SET) != KYBER_FLAG_PUB_SET)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (key->type) {
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Check buffer is big enough for encoding. */
+    if ((ret == 0) && (len != pubLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        int i;
+
+        /* Encode public key polynomial by polynomial. */
+        kyber_to_bytes(p, key->pub, k);
+        p += k * KYBER_POLY_SIZE;
+
+        /* Append public seed. */
+        for (i = 0; i < KYBER_SYM_SZ; i++) {
+            p[i] = key->pubSeed[i];
+        }
+
+        /* Make sure public hash is set. */
+        if ((key->flags & KYBER_FLAG_H_SET) == 0) {
+            ret = KYBER_HASH_H(out, len, key->h);
+        }
+    }
+    if (ret == 0) {
+        /* Public hash is set. */
+        key->flags |= KYBER_FLAG_H_SET;
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_WC_KYBER */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_asm.S b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_asm.S
index 599400b3..9dff0f7b 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_asm.S
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_asm.S
@@ -1,6 +1,6 @@
-/* wc_kyber_asm.S
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+/* wc_kyber_asm.S */
+/*
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,9 +19,27807 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_USER_SETTINGS
+#ifdef WOLFSSL_USER_SETTINGS_ASM
+/*
+ * user_settings_asm.h is a file generated by the script user_settings_asm.sh.
+ * The script takes in a user_settings.h and produces user_settings_asm.h, which
+ * is a stripped down version of user_settings.h containing only preprocessor
+ * directives. This makes the header safe to include in assembly (.S) files.
+ */
+#include "user_settings_asm.h"
+#else
+/*
+ * Note: if user_settings.h contains any C code (e.g. a typedef or function
+ * prototype), including it here in an assembly (.S) file will cause an
+ * assembler failure. See user_settings_asm.h above.
+ */
+#include "user_settings.h"
+#endif /* WOLFSSL_USER_SETTINGS_ASM */
+#endif /* WOLFSSL_USER_SETTINGS */
+
+#ifndef HAVE_INTEL_AVX1
+#define HAVE_INTEL_AVX1
+#endif /* HAVE_INTEL_AVX1 */
+#ifndef NO_AVX2_SUPPORT
+#define HAVE_INTEL_AVX2
+#endif /* NO_AVX2_SUPPORT */
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #error "Contact wolfSSL to get the implementation of this file"
-#endif
+#ifdef WOLFSSL_WC_KYBER
+#ifdef HAVE_INTEL_AVX2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_qinv:
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_f:
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_f_qinv:
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_avx2_zetas:
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0x23d,0x23d
+.value	0x23d,0x23d
+.value	0x23d,0x23d
+.value	0x23d,0x23d
+.value	0x7d4,0x7d4
+.value	0x7d4,0x7d4
+.value	0x7d4,0x7d4
+.value	0x7d4,0x7d4
+.value	0xe93d,0xe93d
+.value	0xe93d,0xe93d
+.value	0xe93d,0xe93d
+.value	0xe93d,0xe93d
+.value	0x43d4,0x43d4
+.value	0x43d4,0x43d4
+.value	0x43d4,0x43d4
+.value	0x43d4,0x43d4
+.value	0x108,0x108
+.value	0x108,0x108
+.value	0x108,0x108
+.value	0x108,0x108
+.value	0x17f,0x17f
+.value	0x17f,0x17f
+.value	0x17f,0x17f
+.value	0x17f,0x17f
+.value	0x9908,0x9908
+.value	0x9908,0x9908
+.value	0x9908,0x9908
+.value	0x9908,0x9908
+.value	0x8e7f,0x8e7f
+.value	0x8e7f,0x8e7f
+.value	0x8e7f,0x8e7f
+.value	0x8e7f,0x8e7f
+.value	0x4c7,0x4c7
+.value	0x4c7,0x4c7
+.value	0x28c,0x28c
+.value	0x28c,0x28c
+.value	0xad9,0xad9
+.value	0xad9,0xad9
+.value	0x3f7,0x3f7
+.value	0x3f7,0x3f7
+.value	0xe9c7,0xe9c7
+.value	0xe9c7,0xe9c7
+.value	0xe68c,0xe68c
+.value	0xe68c,0xe68c
+.value	0x5d9,0x5d9
+.value	0x5d9,0x5d9
+.value	0x78f7,0x78f7
+.value	0x78f7,0x78f7
+.value	0x7f4,0x7f4
+.value	0x7f4,0x7f4
+.value	0x5d3,0x5d3
+.value	0x5d3,0x5d3
+.value	0xbe7,0xbe7
+.value	0xbe7,0xbe7
+.value	0x6f9,0x6f9
+.value	0x6f9,0x6f9
+.value	0xa3f4,0xa3f4
+.value	0xa3f4,0xa3f4
+.value	0x4ed3,0x4ed3
+.value	0x4ed3,0x4ed3
+.value	0x50e7,0x50e7
+.value	0x50e7,0x50e7
+.value	0x61f9,0x61f9
+.value	0x61f9,0x61f9
+.value	0x9c4,0x9c4
+.value	0x9c4,0x9c4
+.value	0x9c4,0x9c4
+.value	0x9c4,0x9c4
+.value	0x5b2,0x5b2
+.value	0x5b2,0x5b2
+.value	0x5b2,0x5b2
+.value	0x5b2,0x5b2
+.value	0x15c4,0x15c4
+.value	0x15c4,0x15c4
+.value	0x15c4,0x15c4
+.value	0x15c4,0x15c4
+.value	0xfbb2,0xfbb2
+.value	0xfbb2,0xfbb2
+.value	0xfbb2,0xfbb2
+.value	0xfbb2,0xfbb2
+.value	0x6bf,0x6bf
+.value	0x6bf,0x6bf
+.value	0x6bf,0x6bf
+.value	0x6bf,0x6bf
+.value	0xc7f,0xc7f
+.value	0xc7f,0xc7f
+.value	0xc7f,0xc7f
+.value	0xc7f,0xc7f
+.value	0x53bf,0x53bf
+.value	0x53bf,0x53bf
+.value	0x53bf,0x53bf
+.value	0x53bf,0x53bf
+.value	0x997f,0x997f
+.value	0x997f,0x997f
+.value	0x997f,0x997f
+.value	0x997f,0x997f
+.value	0x204,0x204
+.value	0x204,0x204
+.value	0xcf9,0xcf9
+.value	0xcf9,0xcf9
+.value	0xbc1,0xbc1
+.value	0xbc1,0xbc1
+.value	0xa67,0xa67
+.value	0xa67,0xa67
+.value	0xce04,0xce04
+.value	0xce04,0xce04
+.value	0x67f9,0x67f9
+.value	0x67f9,0x67f9
+.value	0x3ec1,0x3ec1
+.value	0x3ec1,0x3ec1
+.value	0xcf67,0xcf67
+.value	0xcf67,0xcf67
+.value	0x6af,0x6af
+.value	0x6af,0x6af
+.value	0x877,0x877
+.value	0x877,0x877
+.value	0x7e,0x7e
+.value	0x7e,0x7e
+.value	0x5bd,0x5bd
+.value	0x5bd,0x5bd
+.value	0x23af,0x23af
+.value	0x23af,0x23af
+.value	0xfd77,0xfd77
+.value	0xfd77,0xfd77
+.value	0x9a7e,0x9a7e
+.value	0x9a7e,0x9a7e
+.value	0x6cbd,0x6cbd
+.value	0x6cbd,0x6cbd
+.value	0x8b2,0x8b2
+.value	0x1ae,0x1ae
+.value	0x22b,0x22b
+.value	0x34b,0x34b
+.value	0x81e,0x81e
+.value	0x367,0x367
+.value	0x60e,0x60e
+.value	0x69,0x69
+.value	0xfeb2,0xfeb2
+.value	0x2bae,0x2bae
+.value	0xd32b,0xd32b
+.value	0x344b,0x344b
+.value	0x821e,0x821e
+.value	0xc867,0xc867
+.value	0x500e,0x500e
+.value	0xab69,0xab69
+.value	0x1a6,0x1a6
+.value	0x24b,0x24b
+.value	0xb1,0xb1
+.value	0xc16,0xc16
+.value	0xbde,0xbde
+.value	0xb35,0xb35
+.value	0x626,0x626
+.value	0x675,0x675
+.value	0x93a6,0x93a6
+.value	0x334b,0x334b
+.value	0x3b1,0x3b1
+.value	0xee16,0xee16
+.value	0xc5de,0xc5de
+.value	0x5a35,0x5a35
+.value	0x1826,0x1826
+.value	0x1575,0x1575
+.value	0xc0b,0xc0b
+.value	0x30a,0x30a
+.value	0x487,0x487
+.value	0xc6e,0xc6e
+.value	0x9f8,0x9f8
+.value	0x5cb,0x5cb
+.value	0xaa7,0xaa7
+.value	0x45f,0x45f
+.value	0x7d0b,0x7d0b
+.value	0x810a,0x810a
+.value	0x2987,0x2987
+.value	0x766e,0x766e
+.value	0x71f8,0x71f8
+.value	0xb6cb,0xb6cb
+.value	0x8fa7,0x8fa7
+.value	0x315f,0x315f
+.value	0x6cb,0x6cb
+.value	0x284,0x284
+.value	0x999,0x999
+.value	0x15d,0x15d
+.value	0x1a2,0x1a2
+.value	0x149,0x149
+.value	0xc65,0xc65
+.value	0xcb6,0xcb6
+.value	0xb7cb,0xb7cb
+.value	0x4e84,0x4e84
+.value	0x4499,0x4499
+.value	0x485d,0x485d
+.value	0xc7a2,0xc7a2
+.value	0x4c49,0x4c49
+.value	0xeb65,0xeb65
+.value	0xceb6,0xceb6
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0xa58,0xa58
+.value	0xa58,0xa58
+.value	0xa58,0xa58
+.value	0xa58,0xa58
+.value	0x3f9,0x3f9
+.value	0x3f9,0x3f9
+.value	0x3f9,0x3f9
+.value	0x3f9,0x3f9
+.value	0x9258,0x9258
+.value	0x9258,0x9258
+.value	0x9258,0x9258
+.value	0x9258,0x9258
+.value	0x5ef9,0x5ef9
+.value	0x5ef9,0x5ef9
+.value	0x5ef9,0x5ef9
+.value	0x5ef9,0x5ef9
+.value	0x2dc,0x2dc
+.value	0x2dc,0x2dc
+.value	0x2dc,0x2dc
+.value	0x2dc,0x2dc
+.value	0x260,0x260
+.value	0x260,0x260
+.value	0x260,0x260
+.value	0x260,0x260
+.value	0xd6dc,0xd6dc
+.value	0xd6dc,0xd6dc
+.value	0xd6dc,0xd6dc
+.value	0xd6dc,0xd6dc
+.value	0x2260,0x2260
+.value	0x2260,0x2260
+.value	0x2260,0x2260
+.value	0x2260,0x2260
+.value	0x9ac,0x9ac
+.value	0x9ac,0x9ac
+.value	0xca7,0xca7
+.value	0xca7,0xca7
+.value	0xbf2,0xbf2
+.value	0xbf2,0xbf2
+.value	0x33e,0x33e
+.value	0x33e,0x33e
+.value	0x4dac,0x4dac
+.value	0x4dac,0x4dac
+.value	0x91a7,0x91a7
+.value	0x91a7,0x91a7
+.value	0xc1f2,0xc1f2
+.value	0xc1f2,0xc1f2
+.value	0xdd3e,0xdd3e
+.value	0xdd3e,0xdd3e
+.value	0x6b,0x6b
+.value	0x6b,0x6b
+.value	0x774,0x774
+.value	0x774,0x774
+.value	0xc0a,0xc0a
+.value	0xc0a,0xc0a
+.value	0x94a,0x94a
+.value	0x94a,0x94a
+.value	0x916b,0x916b
+.value	0x916b,0x916b
+.value	0x2374,0x2374
+.value	0x2374,0x2374
+.value	0x8a0a,0x8a0a
+.value	0x8a0a,0x8a0a
+.value	0x474a,0x474a
+.value	0x474a,0x474a
+.value	0x6fb,0x6fb
+.value	0x6fb,0x6fb
+.value	0x6fb,0x6fb
+.value	0x6fb,0x6fb
+.value	0x19b,0x19b
+.value	0x19b,0x19b
+.value	0x19b,0x19b
+.value	0x19b,0x19b
+.value	0x47fb,0x47fb
+.value	0x47fb,0x47fb
+.value	0x47fb,0x47fb
+.value	0x47fb,0x47fb
+.value	0x229b,0x229b
+.value	0x229b,0x229b
+.value	0x229b,0x229b
+.value	0x229b,0x229b
+.value	0xc34,0xc34
+.value	0xc34,0xc34
+.value	0xc34,0xc34
+.value	0xc34,0xc34
+.value	0x6de,0x6de
+.value	0x6de,0x6de
+.value	0x6de,0x6de
+.value	0x6de,0x6de
+.value	0x6834,0x6834
+.value	0x6834,0x6834
+.value	0x6834,0x6834
+.value	0x6834,0x6834
+.value	0xc0de,0xc0de
+.value	0xc0de,0xc0de
+.value	0xc0de,0xc0de
+.value	0xc0de,0xc0de
+.value	0xb73,0xb73
+.value	0xb73,0xb73
+.value	0x3c1,0x3c1
+.value	0x3c1,0x3c1
+.value	0x71d,0x71d
+.value	0x71d,0x71d
+.value	0xa2c,0xa2c
+.value	0xa2c,0xa2c
+.value	0x3473,0x3473
+.value	0x3473,0x3473
+.value	0x36c1,0x36c1
+.value	0x36c1,0x36c1
+.value	0x8e1d,0x8e1d
+.value	0x8e1d,0x8e1d
+.value	0xce2c,0xce2c
+.value	0xce2c,0xce2c
+.value	0x1c0,0x1c0
+.value	0x1c0,0x1c0
+.value	0x8d8,0x8d8
+.value	0x8d8,0x8d8
+.value	0x2a5,0x2a5
+.value	0x2a5,0x2a5
+.value	0x806,0x806
+.value	0x806,0x806
+.value	0x41c0,0x41c0
+.value	0x41c0,0x41c0
+.value	0x10d8,0x10d8
+.value	0x10d8,0x10d8
+.value	0xa1a5,0xa1a5
+.value	0xa1a5,0xa1a5
+.value	0xba06,0xba06
+.value	0xba06,0xba06
+.value	0x331,0x331
+.value	0x449,0x449
+.value	0x25b,0x25b
+.value	0x262,0x262
+.value	0x52a,0x52a
+.value	0x7fc,0x7fc
+.value	0x748,0x748
+.value	0x180,0x180
+.value	0x8631,0x8631
+.value	0x4f49,0x4f49
+.value	0x635b,0x635b
+.value	0x862,0x862
+.value	0xe32a,0xe32a
+.value	0x3bfc,0x3bfc
+.value	0x5f48,0x5f48
+.value	0x8180,0x8180
+.value	0x842,0x842
+.value	0xc79,0xc79
+.value	0x4c2,0x4c2
+.value	0x7ca,0x7ca
+.value	0x997,0x997
+.value	0xdc,0xdc
+.value	0x85e,0x85e
+.value	0x686,0x686
+.value	0xae42,0xae42
+.value	0xe779,0xe779
+.value	0x2ac2,0x2ac2
+.value	0xc5ca,0xc5ca
+.value	0x5e97,0x5e97
+.value	0xd4dc,0xd4dc
+.value	0x425e,0x425e
+.value	0x3886,0x3886
+.value	0x860,0x860
+.value	0x707,0x707
+.value	0x803,0x803
+.value	0x31a,0x31a
+.value	0x71b,0x71b
+.value	0x9ab,0x9ab
+.value	0x99b,0x99b
+.value	0x1de,0x1de
+.value	0x2860,0x2860
+.value	0xac07,0xac07
+.value	0xe103,0xe103
+.value	0xb11a,0xb11a
+.value	0xa81b,0xa81b
+.value	0x5aab,0x5aab
+.value	0x2a9b,0x2a9b
+.value	0xbbde,0xbbde
+.value	0xc95,0xc95
+.value	0xbcd,0xbcd
+.value	0x3e4,0x3e4
+.value	0x3df,0x3df
+.value	0x3be,0x3be
+.value	0x74d,0x74d
+.value	0x5f2,0x5f2
+.value	0x65c,0x65c
+.value	0x7b95,0x7b95
+.value	0xa2cd,0xa2cd
+.value	0x6fe4,0x6fe4
+.value	0xb0df,0xb0df
+.value	0x5dbe,0x5dbe
+.value	0x1e4d,0x1e4d
+.value	0xbbf2,0xbbf2
+.value	0x5a5c,0x5a5c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_avx2_zetas_basemul:
+.value	0x8b2,0x81e
+.value	0xf74e,0xf7e2
+.value	0x1ae,0x367
+.value	0xfe52,0xfc99
+.value	0x22b,0x60e
+.value	0xfdd5,0xf9f2
+.value	0x34b,0x69
+.value	0xfcb5,0xff97
+.value	0xfeb2,0x821e
+.value	0x14e,0x7de2
+.value	0x2bae,0xc867
+.value	0xd452,0x3799
+.value	0xd32b,0x500e
+.value	0x2cd5,0xaff2
+.value	0x344b,0xab69
+.value	0xcbb5,0x5497
+.value	0x1a6,0xbde
+.value	0xfe5a,0xf422
+.value	0x24b,0xb35
+.value	0xfdb5,0xf4cb
+.value	0xb1,0x626
+.value	0xff4f,0xf9da
+.value	0xc16,0x675
+.value	0xf3ea,0xf98b
+.value	0x93a6,0xc5de
+.value	0x6c5a,0x3a22
+.value	0x334b,0x5a35
+.value	0xccb5,0xa5cb
+.value	0x3b1,0x1826
+.value	0xfc4f,0xe7da
+.value	0xee16,0x1575
+.value	0x11ea,0xea8b
+.value	0xc0b,0x9f8
+.value	0xf3f5,0xf608
+.value	0x30a,0x5cb
+.value	0xfcf6,0xfa35
+.value	0x487,0xaa7
+.value	0xfb79,0xf559
+.value	0xc6e,0x45f
+.value	0xf392,0xfba1
+.value	0x7d0b,0x71f8
+.value	0x82f5,0x8e08
+.value	0x810a,0xb6cb
+.value	0x7ef6,0x4935
+.value	0x2987,0x8fa7
+.value	0xd679,0x7059
+.value	0x766e,0x315f
+.value	0x8992,0xcea1
+.value	0x6cb,0x1a2
+.value	0xf935,0xfe5e
+.value	0x284,0x149
+.value	0xfd7c,0xfeb7
+.value	0x999,0xc65
+.value	0xf667,0xf39b
+.value	0x15d,0xcb6
+.value	0xfea3,0xf34a
+.value	0xb7cb,0xc7a2
+.value	0x4835,0x385e
+.value	0x4e84,0x4c49
+.value	0xb17c,0xb3b7
+.value	0x4499,0xeb65
+.value	0xbb67,0x149b
+.value	0x485d,0xceb6
+.value	0xb7a3,0x314a
+.value	0x331,0x52a
+.value	0xfccf,0xfad6
+.value	0x449,0x7fc
+.value	0xfbb7,0xf804
+.value	0x25b,0x748
+.value	0xfda5,0xf8b8
+.value	0x262,0x180
+.value	0xfd9e,0xfe80
+.value	0x8631,0xe32a
+.value	0x79cf,0x1cd6
+.value	0x4f49,0x3bfc
+.value	0xb0b7,0xc404
+.value	0x635b,0x5f48
+.value	0x9ca5,0xa0b8
+.value	0x862,0x8180
+.value	0xf79e,0x7e80
+.value	0x842,0x997
+.value	0xf7be,0xf669
+.value	0xc79,0xdc
+.value	0xf387,0xff24
+.value	0x4c2,0x85e
+.value	0xfb3e,0xf7a2
+.value	0x7ca,0x686
+.value	0xf836,0xf97a
+.value	0xae42,0x5e97
+.value	0x51be,0xa169
+.value	0xe779,0xd4dc
+.value	0x1887,0x2b24
+.value	0x2ac2,0x425e
+.value	0xd53e,0xbda2
+.value	0xc5ca,0x3886
+.value	0x3a36,0xc77a
+.value	0x860,0x71b
+.value	0xf7a0,0xf8e5
+.value	0x707,0x9ab
+.value	0xf8f9,0xf655
+.value	0x803,0x99b
+.value	0xf7fd,0xf665
+.value	0x31a,0x1de
+.value	0xfce6,0xfe22
+.value	0x2860,0xa81b
+.value	0xd7a0,0x57e5
+.value	0xac07,0x5aab
+.value	0x53f9,0xa555
+.value	0xe103,0x2a9b
+.value	0x1efd,0xd565
+.value	0xb11a,0xbbde
+.value	0x4ee6,0x4422
+.value	0xc95,0x3be
+.value	0xf36b,0xfc42
+.value	0xbcd,0x74d
+.value	0xf433,0xf8b3
+.value	0x3e4,0x5f2
+.value	0xfc1c,0xfa0e
+.value	0x3df,0x65c
+.value	0xfc21,0xf9a4
+.value	0x7b95,0x5dbe
+.value	0x846b,0xa242
+.value	0xa2cd,0x1e4d
+.value	0x5d33,0xe1b3
+.value	0x6fe4,0xbbf2
+.value	0x901c,0x440e
+.value	0xb0df,0x5a5c
+.value	0x4f21,0xa5a4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_avx2_zetas_inv:
+.value	0x6a5,0x6a5
+.value	0x5b4,0x5b4
+.value	0x70f,0x70f
+.value	0x943,0x943
+.value	0x922,0x922
+.value	0x134,0x134
+.value	0x91d,0x91d
+.value	0x6c,0x6c
+.value	0xa5a5,0xa5a5
+.value	0xe1b4,0xe1b4
+.value	0x440f,0x440f
+.value	0xa243,0xa243
+.value	0x4f22,0x4f22
+.value	0x5d34,0x5d34
+.value	0x901d,0x901d
+.value	0x846c,0x846c
+.value	0xb23,0xb23
+.value	0x356,0x356
+.value	0x366,0x366
+.value	0x5e6,0x5e6
+.value	0x9e7,0x9e7
+.value	0x5fa,0x5fa
+.value	0x4fe,0x4fe
+.value	0x4a1,0x4a1
+.value	0x4423,0x4423
+.value	0xa556,0xa556
+.value	0xd566,0xd566
+.value	0x57e6,0x57e6
+.value	0x4ee7,0x4ee7
+.value	0x53fa,0x53fa
+.value	0x1efe,0x1efe
+.value	0xd7a1,0xd7a1
+.value	0x4fb,0x4fb
+.value	0x4fb,0x4fb
+.value	0xa5c,0xa5c
+.value	0xa5c,0xa5c
+.value	0x429,0x429
+.value	0x429,0x429
+.value	0xb41,0xb41
+.value	0xb41,0xb41
+.value	0x45fb,0x45fb
+.value	0x45fb,0x45fb
+.value	0x5e5c,0x5e5c
+.value	0x5e5c,0x5e5c
+.value	0xef29,0xef29
+.value	0xef29,0xef29
+.value	0xbe41,0xbe41
+.value	0xbe41,0xbe41
+.value	0x2d5,0x2d5
+.value	0x2d5,0x2d5
+.value	0x5e4,0x5e4
+.value	0x5e4,0x5e4
+.value	0x940,0x940
+.value	0x940,0x940
+.value	0x18e,0x18e
+.value	0x18e,0x18e
+.value	0x31d5,0x31d5
+.value	0x31d5,0x31d5
+.value	0x71e4,0x71e4
+.value	0x71e4,0x71e4
+.value	0xc940,0xc940
+.value	0xc940,0xc940
+.value	0xcb8e,0xcb8e
+.value	0xcb8e,0xcb8e
+.value	0x623,0x623
+.value	0x623,0x623
+.value	0x623,0x623
+.value	0x623,0x623
+.value	0xcd,0xcd
+.value	0xcd,0xcd
+.value	0xcd,0xcd
+.value	0xcd,0xcd
+.value	0x3f23,0x3f23
+.value	0x3f23,0x3f23
+.value	0x3f23,0x3f23
+.value	0x3f23,0x3f23
+.value	0x97cd,0x97cd
+.value	0x97cd,0x97cd
+.value	0x97cd,0x97cd
+.value	0x97cd,0x97cd
+.value	0xb66,0xb66
+.value	0xb66,0xb66
+.value	0xb66,0xb66
+.value	0xb66,0xb66
+.value	0x606,0x606
+.value	0x606,0x606
+.value	0x606,0x606
+.value	0x606,0x606
+.value	0xdd66,0xdd66
+.value	0xdd66,0xdd66
+.value	0xdd66,0xdd66
+.value	0xdd66,0xdd66
+.value	0xb806,0xb806
+.value	0xb806,0xb806
+.value	0xb806,0xb806
+.value	0xb806,0xb806
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x67b,0x67b
+.value	0xc25,0xc25
+.value	0x4a3,0x4a3
+.value	0x36a,0x36a
+.value	0x537,0x537
+.value	0x88,0x88
+.value	0x83f,0x83f
+.value	0x4bf,0x4bf
+.value	0xc77b,0xc77b
+.value	0x2b25,0x2b25
+.value	0xbda3,0xbda3
+.value	0xa16a,0xa16a
+.value	0x3a37,0x3a37
+.value	0x1888,0x1888
+.value	0xd53f,0xd53f
+.value	0x51bf,0x51bf
+.value	0xb81,0xb81
+.value	0x505,0x505
+.value	0x5b9,0x5b9
+.value	0x7d7,0x7d7
+.value	0xa9f,0xa9f
+.value	0x8b8,0x8b8
+.value	0xaa6,0xaa6
+.value	0x9d0,0x9d0
+.value	0x7e81,0x7e81
+.value	0xc405,0xc405
+.value	0xa0b9,0xa0b9
+.value	0x1cd7,0x1cd7
+.value	0xf79f,0xf79f
+.value	0xb0b8,0xb0b8
+.value	0x9ca6,0x9ca6
+.value	0x79d0,0x79d0
+.value	0x3b7,0x3b7
+.value	0x3b7,0x3b7
+.value	0xf7,0xf7
+.value	0xf7,0xf7
+.value	0x58d,0x58d
+.value	0x58d,0x58d
+.value	0xc96,0xc96
+.value	0xc96,0xc96
+.value	0xb8b7,0xb8b7
+.value	0xb8b7,0xb8b7
+.value	0x75f7,0x75f7
+.value	0x75f7,0x75f7
+.value	0xdc8d,0xdc8d
+.value	0xdc8d,0xdc8d
+.value	0x6e96,0x6e96
+.value	0x6e96,0x6e96
+.value	0x9c3,0x9c3
+.value	0x9c3,0x9c3
+.value	0x10f,0x10f
+.value	0x10f,0x10f
+.value	0x5a,0x5a
+.value	0x5a,0x5a
+.value	0x355,0x355
+.value	0x355,0x355
+.value	0x22c3,0x22c3
+.value	0x22c3,0x22c3
+.value	0x3e0f,0x3e0f
+.value	0x3e0f,0x3e0f
+.value	0x6e5a,0x6e5a
+.value	0x6e5a,0x6e5a
+.value	0xb255,0xb255
+.value	0xb255,0xb255
+.value	0xaa1,0xaa1
+.value	0xaa1,0xaa1
+.value	0xaa1,0xaa1
+.value	0xaa1,0xaa1
+.value	0xa25,0xa25
+.value	0xa25,0xa25
+.value	0xa25,0xa25
+.value	0xa25,0xa25
+.value	0xdda1,0xdda1
+.value	0xdda1,0xdda1
+.value	0xdda1,0xdda1
+.value	0xdda1,0xdda1
+.value	0x2925,0x2925
+.value	0x2925,0x2925
+.value	0x2925,0x2925
+.value	0x2925,0x2925
+.value	0x908,0x908
+.value	0x908,0x908
+.value	0x908,0x908
+.value	0x908,0x908
+.value	0x2a9,0x2a9
+.value	0x2a9,0x2a9
+.value	0x2a9,0x2a9
+.value	0x2a9,0x2a9
+.value	0xa108,0xa108
+.value	0xa108,0xa108
+.value	0xa108,0xa108
+.value	0xa108,0xa108
+.value	0x6da9,0x6da9
+.value	0x6da9,0x6da9
+.value	0x6da9,0x6da9
+.value	0x6da9,0x6da9
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0x4b,0x4b
+.value	0xbb8,0xbb8
+.value	0x9c,0x9c
+.value	0xb5f,0xb5f
+.value	0xba4,0xba4
+.value	0xa7d,0xa7d
+.value	0x368,0x368
+.value	0x636,0x636
+.value	0x314b,0x314b
+.value	0xb3b8,0xb3b8
+.value	0x149c,0x149c
+.value	0x385f,0x385f
+.value	0xb7a4,0xb7a4
+.value	0xb17d,0xb17d
+.value	0xbb68,0xbb68
+.value	0x4836,0x4836
+.value	0x8a2,0x8a2
+.value	0x736,0x736
+.value	0x25a,0x25a
+.value	0x309,0x309
+.value	0x93,0x93
+.value	0x9f7,0x9f7
+.value	0x87a,0x87a
+.value	0xf6,0xf6
+.value	0xcea2,0xcea2
+.value	0x4936,0x4936
+.value	0x705a,0x705a
+.value	0x8e09,0x8e09
+.value	0x8993,0x8993
+.value	0x7ef7,0x7ef7
+.value	0xd67a,0xd67a
+.value	0x82f6,0x82f6
+.value	0x744,0x744
+.value	0x744,0x744
+.value	0xc83,0xc83
+.value	0xc83,0xc83
+.value	0x48a,0x48a
+.value	0x48a,0x48a
+.value	0x652,0x652
+.value	0x652,0x652
+.value	0x9344,0x9344
+.value	0x9344,0x9344
+.value	0x6583,0x6583
+.value	0x6583,0x6583
+.value	0x28a,0x28a
+.value	0x28a,0x28a
+.value	0xdc52,0xdc52
+.value	0xdc52,0xdc52
+.value	0x29a,0x29a
+.value	0x29a,0x29a
+.value	0x140,0x140
+.value	0x140,0x140
+.value	0x8,0x8
+.value	0x8,0x8
+.value	0xafd,0xafd
+.value	0xafd,0xafd
+.value	0x309a,0x309a
+.value	0x309a,0x309a
+.value	0xc140,0xc140
+.value	0xc140,0xc140
+.value	0x9808,0x9808
+.value	0x9808,0x9808
+.value	0x31fd,0x31fd
+.value	0x31fd,0x31fd
+.value	0x82,0x82
+.value	0x82,0x82
+.value	0x82,0x82
+.value	0x82,0x82
+.value	0x642,0x642
+.value	0x642,0x642
+.value	0x642,0x642
+.value	0x642,0x642
+.value	0x6682,0x6682
+.value	0x6682,0x6682
+.value	0x6682,0x6682
+.value	0x6682,0x6682
+.value	0xac42,0xac42
+.value	0xac42,0xac42
+.value	0xac42,0xac42
+.value	0xac42,0xac42
+.value	0x74f,0x74f
+.value	0x74f,0x74f
+.value	0x74f,0x74f
+.value	0x74f,0x74f
+.value	0x33d,0x33d
+.value	0x33d,0x33d
+.value	0x33d,0x33d
+.value	0x33d,0x33d
+.value	0x44f,0x44f
+.value	0x44f,0x44f
+.value	0x44f,0x44f
+.value	0x44f,0x44f
+.value	0xea3d,0xea3d
+.value	0xea3d,0xea3d
+.value	0xea3d,0xea3d
+.value	0xea3d,0xea3d
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x68c,0x68c
+.value	0x1cc,0x1cc
+.value	0x6db,0x6db
+.value	0x123,0x123
+.value	0xeb,0xeb
+.value	0xab6,0xab6
+.value	0xc50,0xc50
+.value	0xb5b,0xb5b
+.value	0xea8c,0xea8c
+.value	0xa5cc,0xa5cc
+.value	0xe7db,0xe7db
+.value	0x3a23,0x3a23
+.value	0x11eb,0x11eb
+.value	0xccb6,0xccb6
+.value	0xfc50,0xfc50
+.value	0x6c5b,0x6c5b
+.value	0xc98,0xc98
+.value	0x99a,0x99a
+.value	0x6f3,0x6f3
+.value	0x4e3,0x4e3
+.value	0x9b6,0x9b6
+.value	0xb53,0xb53
+.value	0xad6,0xad6
+.value	0x44f,0x44f
+.value	0x5498,0x5498
+.value	0x379a,0x379a
+.value	0xaff3,0xaff3
+.value	0x7de3,0x7de3
+.value	0xcbb6,0xcbb6
+.value	0xd453,0xd453
+.value	0x2cd6,0x2cd6
+.value	0x14f,0x14f
+.value	0x608,0x608
+.value	0x608,0x608
+.value	0x11a,0x11a
+.value	0x11a,0x11a
+.value	0x72e,0x72e
+.value	0x72e,0x72e
+.value	0x50d,0x50d
+.value	0x50d,0x50d
+.value	0x9e08,0x9e08
+.value	0x9e08,0x9e08
+.value	0xaf1a,0xaf1a
+.value	0xaf1a,0xaf1a
+.value	0xb12e,0xb12e
+.value	0xb12e,0xb12e
+.value	0x5c0d,0x5c0d
+.value	0x5c0d,0x5c0d
+.value	0x90a,0x90a
+.value	0x90a,0x90a
+.value	0x228,0x228
+.value	0x228,0x228
+.value	0xa75,0xa75
+.value	0xa75,0xa75
+.value	0x83a,0x83a
+.value	0x83a,0x83a
+.value	0x870a,0x870a
+.value	0x870a,0x870a
+.value	0xfa28,0xfa28
+.value	0xfa28,0xfa28
+.value	0x1975,0x1975
+.value	0x1975,0x1975
+.value	0x163a,0x163a
+.value	0x163a,0x163a
+.value	0xb82,0xb82
+.value	0xb82,0xb82
+.value	0xb82,0xb82
+.value	0xb82,0xb82
+.value	0xbf9,0xbf9
+.value	0xbf9,0xbf9
+.value	0xbf9,0xbf9
+.value	0xbf9,0xbf9
+.value	0x7182,0x7182
+.value	0x7182,0x7182
+.value	0x7182,0x7182
+.value	0x7182,0x7182
+.value	0x66f9,0x66f9
+.value	0x66f9,0x66f9
+.value	0x66f9,0x66f9
+.value	0x66f9,0x66f9
+.value	0x52d,0x52d
+.value	0x52d,0x52d
+.value	0x52d,0x52d
+.value	0x52d,0x52d
+.value	0xac4,0xac4
+.value	0xac4,0xac4
+.value	0xac4,0xac4
+.value	0xac4,0xac4
+.value	0xbc2d,0xbc2d
+.value	0xbc2d,0xbc2d
+.value	0xbc2d,0xbc2d
+.value	0xbc2d,0xbc2d
+.value	0x16c4,0x16c4
+.value	0x16c4,0x16c4
+.value	0x16c4,0x16c4
+.value	0x16c4,0x16c4
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+#ifndef __APPLE__
+.text
+.globl	kyber_keygen_avx2
+.type	kyber_keygen_avx2,@function
+.align	16
+kyber_keygen_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_keygen_avx2
+.p2align	4
+_kyber_keygen_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm14
+        vmovdqu	kyber_v(%rip), %ymm15
+        movq	%r8, %r9
+        movq	%rdi, %r10
+L_kyber_keygen_avx2_priv:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r11
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm12
+        vmovdqu	128(%r10), %ymm0
+        vmovdqu	160(%r10), %ymm1
+        vmovdqu	192(%r10), %ymm2
+        vmovdqu	224(%r10), %ymm3
+        vmovdqu	384(%r10), %ymm4
+        vmovdqu	416(%r10), %ymm5
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	%ymm2, 192(%r10)
+        vmovdqu	%ymm3, 224(%r10)
+        vmovdqu	%ymm4, 384(%r10)
+        vmovdqu	%ymm5, 416(%r10)
+        vmovdqu	%ymm6, 448(%r10)
+        vmovdqu	%ymm7, 480(%r10)
+        vmovdqu	(%r10), %ymm0
+        vmovdqu	32(%r10), %ymm1
+        vmovdqu	64(%r10), %ymm2
+        vmovdqu	96(%r10), %ymm3
+        vmovdqu	256(%r10), %ymm4
+        vmovdqu	288(%r10), %ymm5
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%r10)
+        vmovdqu	%ymm5, 288(%r10)
+        vmovdqu	%ymm6, 320(%r10)
+        vmovdqu	%ymm7, 352(%r10)
+        vmovdqu	128(%r10), %ymm4
+        vmovdqu	160(%r10), %ymm5
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm12
+        vmovdqu	320(%r11), %ymm11
+        vmovdqu	352(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm12
+        vmovdqu	448(%r11), %ymm11
+        vmovdqu	480(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r11), %ymm10
+        vmovdqu	672(%r11), %ymm12
+        vmovdqu	704(%r11), %ymm11
+        vmovdqu	736(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r11), %ymm10
+        vmovdqu	928(%r11), %ymm12
+        vmovdqu	960(%r11), %ymm11
+        vmovdqu	992(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r11), %ymm10
+        vmovdqu	1056(%r11), %ymm12
+        vmovdqu	1088(%r11), %ymm11
+        vmovdqu	1120(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r11), %ymm10
+        vmovdqu	1184(%r11), %ymm12
+        vmovdqu	1216(%r11), %ymm11
+        vmovdqu	1248(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, (%r10)
+        vmovdqu	%ymm9, 32(%r10)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 64(%r10)
+        vmovdqu	%ymm9, 96(%r10)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 128(%r10)
+        vmovdqu	%ymm9, 160(%r10)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 192(%r10)
+        vmovdqu	%ymm9, 224(%r10)
+        vmovdqu	256(%r10), %ymm0
+        vmovdqu	288(%r10), %ymm1
+        vmovdqu	320(%r10), %ymm2
+        vmovdqu	352(%r10), %ymm3
+        vmovdqu	384(%r10), %ymm4
+        vmovdqu	416(%r10), %ymm5
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r11), %ymm10
+        vmovdqu	1312(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r11), %ymm10
+        vmovdqu	1376(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r11), %ymm10
+        vmovdqu	1440(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r11), %ymm10
+        vmovdqu	1504(%r11), %ymm12
+        vmovdqu	1536(%r11), %ymm11
+        vmovdqu	1568(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r11), %ymm10
+        vmovdqu	1632(%r11), %ymm12
+        vmovdqu	1664(%r11), %ymm11
+        vmovdqu	1696(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r11), %ymm10
+        vmovdqu	1888(%r11), %ymm12
+        vmovdqu	1920(%r11), %ymm11
+        vmovdqu	1952(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r11), %ymm10
+        vmovdqu	2144(%r11), %ymm12
+        vmovdqu	2176(%r11), %ymm11
+        vmovdqu	2208(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r11), %ymm10
+        vmovdqu	2272(%r11), %ymm12
+        vmovdqu	2304(%r11), %ymm11
+        vmovdqu	2336(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r11), %ymm10
+        vmovdqu	2400(%r11), %ymm12
+        vmovdqu	2432(%r11), %ymm11
+        vmovdqu	2464(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, 256(%r10)
+        vmovdqu	%ymm9, 288(%r10)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 320(%r10)
+        vmovdqu	%ymm9, 352(%r10)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 384(%r10)
+        vmovdqu	%ymm9, 416(%r10)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 448(%r10)
+        vmovdqu	%ymm9, 480(%r10)
+        addq	$0x200, %r10
+        subq	$0x01, %r9
+        jg	L_kyber_keygen_avx2_priv
+        vmovdqu	kyber_qinv(%rip), %ymm13
+        movq	%r8, %rax
+        movq	%rsi, %r10
+L_kyber_keygen_avx2_acc:
+        # Pointwise acc mont
+        movq	%r8, %r9
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdi), %ymm4
+        vmovdqu	32(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm4
+        vmovdqu	96(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%r10)
+        vmovdqu	%ymm1, 96(%r10)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm4
+        vmovdqu	224(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%r10)
+        vmovdqu	%ymm1, 224(%r10)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm4
+        vmovdqu	288(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm4
+        vmovdqu	352(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r11), %ymm10
+        vmovdqu	352(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%r10)
+        vmovdqu	%ymm1, 352(%r10)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm4
+        vmovdqu	480(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r11), %ymm10
+        vmovdqu	480(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%r10)
+        vmovdqu	%ymm1, 480(%r10)
+        addq	$0x200, %rcx
+        addq	$0x200, %rdi
+        subq	$2, %r9
+        jz	L_pointwise_acc_mont_end_keygen
+L_pointwise_acc_mont_start_keygen:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdi), %ymm4
+        vmovdqu	32(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%r10), %ymm6
+        vmovdqu	32(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm4
+        vmovdqu	96(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%r10), %ymm6
+        vmovdqu	96(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%r10)
+        vmovdqu	%ymm1, 96(%r10)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%r10), %ymm6
+        vmovdqu	160(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm4
+        vmovdqu	224(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%r10)
+        vmovdqu	%ymm1, 224(%r10)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm4
+        vmovdqu	288(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%r10), %ymm6
+        vmovdqu	288(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm4
+        vmovdqu	352(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r11), %ymm10
+        vmovdqu	352(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%r10)
+        vmovdqu	%ymm1, 352(%r10)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%r10), %ymm6
+        vmovdqu	416(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm4
+        vmovdqu	480(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r11), %ymm10
+        vmovdqu	480(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%r10)
+        vmovdqu	%ymm1, 480(%r10)
+        addq	$0x200, %rcx
+        addq	$0x200, %rdi
+        subq	$0x01, %r9
+        jg	L_pointwise_acc_mont_start_keygen
+L_pointwise_acc_mont_end_keygen:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdi), %ymm4
+        vmovdqu	32(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%r10), %ymm6
+        vmovdqu	32(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm4
+        vmovdqu	96(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%r10), %ymm6
+        vmovdqu	96(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%r10)
+        vmovdqu	%ymm1, 96(%r10)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%r10), %ymm6
+        vmovdqu	160(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm4
+        vmovdqu	224(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%r10)
+        vmovdqu	%ymm1, 224(%r10)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm4
+        vmovdqu	288(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%r10), %ymm6
+        vmovdqu	288(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm4
+        vmovdqu	352(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r11), %ymm10
+        vmovdqu	352(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%r10)
+        vmovdqu	%ymm1, 352(%r10)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%r10), %ymm6
+        vmovdqu	416(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm4
+        vmovdqu	480(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r11), %ymm10
+        vmovdqu	480(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%r10)
+        vmovdqu	%ymm1, 480(%r10)
+        addq	$0x200, %rcx
+        addq	$0x200, %rdi
+        movq	%r8, %r9
+        shl	$9, %r9d
+        subq	%r9, %rdi
+        addq	$0x200, %r10
+        subq	$0x01, %rax
+        jg	L_kyber_keygen_avx2_acc
+        movq	%r8, %rax
+        vmovdqu	kyber_f(%rip), %ymm12
+        vmovdqu	kyber_f_qinv(%rip), %ymm13
+        movq	%r8, %rax
+        movq	%rsi, %r10
+L_kyber_keygen_avx2_to_mont:
+        # To Mont
+        vmovdqu	(%r10), %ymm0
+        vmovdqu	32(%r10), %ymm1
+        vmovdqu	64(%r10), %ymm2
+        vmovdqu	96(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	%ymm2, 64(%r10)
+        vmovdqu	%ymm3, 96(%r10)
+        vmovdqu	128(%r10), %ymm0
+        vmovdqu	160(%r10), %ymm1
+        vmovdqu	192(%r10), %ymm2
+        vmovdqu	224(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	%ymm2, 192(%r10)
+        vmovdqu	%ymm3, 224(%r10)
+        vmovdqu	256(%r10), %ymm0
+        vmovdqu	288(%r10), %ymm1
+        vmovdqu	320(%r10), %ymm2
+        vmovdqu	352(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	%ymm2, 320(%r10)
+        vmovdqu	%ymm3, 352(%r10)
+        vmovdqu	384(%r10), %ymm0
+        vmovdqu	416(%r10), %ymm1
+        vmovdqu	448(%r10), %ymm2
+        vmovdqu	480(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	%ymm2, 448(%r10)
+        vmovdqu	%ymm3, 480(%r10)
+        addq	$0x200, %r10
+        subq	$0x01, %rax
+        jg	L_kyber_keygen_avx2_to_mont
+        movq	%r8, %rax
+L_kyber_keygen_avx2_to_mont_ntt_err:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r11
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm12
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	%ymm4, 384(%rdx)
+        vmovdqu	%ymm5, 416(%rdx)
+        vmovdqu	%ymm6, 448(%rdx)
+        vmovdqu	%ymm7, 480(%rdx)
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%rdx)
+        vmovdqu	%ymm5, 288(%rdx)
+        vmovdqu	%ymm6, 320(%rdx)
+        vmovdqu	%ymm7, 352(%rdx)
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm12
+        vmovdqu	320(%r11), %ymm11
+        vmovdqu	352(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm12
+        vmovdqu	448(%r11), %ymm11
+        vmovdqu	480(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r11), %ymm10
+        vmovdqu	672(%r11), %ymm12
+        vmovdqu	704(%r11), %ymm11
+        vmovdqu	736(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r11), %ymm10
+        vmovdqu	928(%r11), %ymm12
+        vmovdqu	960(%r11), %ymm11
+        vmovdqu	992(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r11), %ymm10
+        vmovdqu	1056(%r11), %ymm12
+        vmovdqu	1088(%r11), %ymm11
+        vmovdqu	1120(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r11), %ymm10
+        vmovdqu	1184(%r11), %ymm12
+        vmovdqu	1216(%r11), %ymm11
+        vmovdqu	1248(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	%ymm4, 128(%rdx)
+        vmovdqu	%ymm5, 160(%rdx)
+        vmovdqu	%ymm6, 192(%rdx)
+        vmovdqu	%ymm7, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r11), %ymm10
+        vmovdqu	1312(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r11), %ymm10
+        vmovdqu	1376(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r11), %ymm10
+        vmovdqu	1440(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r11), %ymm10
+        vmovdqu	1504(%r11), %ymm12
+        vmovdqu	1536(%r11), %ymm11
+        vmovdqu	1568(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r11), %ymm10
+        vmovdqu	1632(%r11), %ymm12
+        vmovdqu	1664(%r11), %ymm11
+        vmovdqu	1696(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r11), %ymm10
+        vmovdqu	1888(%r11), %ymm12
+        vmovdqu	1920(%r11), %ymm11
+        vmovdqu	1952(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r11), %ymm10
+        vmovdqu	2144(%r11), %ymm12
+        vmovdqu	2176(%r11), %ymm11
+        vmovdqu	2208(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r11), %ymm10
+        vmovdqu	2272(%r11), %ymm12
+        vmovdqu	2304(%r11), %ymm11
+        vmovdqu	2336(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r11), %ymm10
+        vmovdqu	2400(%r11), %ymm12
+        vmovdqu	2432(%r11), %ymm11
+        vmovdqu	2464(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        vmovdqu	%ymm4, 384(%rdx)
+        vmovdqu	%ymm5, 416(%rdx)
+        vmovdqu	%ymm6, 448(%rdx)
+        vmovdqu	%ymm7, 480(%rdx)
+        # Add Errors
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	96(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vmovdqu	448(%rsi), %ymm2
+        vmovdqu	480(%rsi), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	%ymm2, 448(%rsi)
+        vmovdqu	%ymm3, 480(%rsi)
+        addq	$0x200, %rdx
+        addq	$0x200, %rsi
+        subq	$0x01, %rax
+        jg	L_kyber_keygen_avx2_to_mont_ntt_err
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_keygen_avx2,.-kyber_keygen_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_encapsulate_avx2
+.type	kyber_encapsulate_avx2,@function
+.align	16
+kyber_encapsulate_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_encapsulate_avx2
+.p2align	4
+_kyber_encapsulate_avx2:
+#endif /* __APPLE__ */
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        pushq	%r15
+        movq	40(%rsp), %rax
+        movq	48(%rsp), %r10
+        movq	56(%rsp), %r11
+        subq	$48, %rsp
+        vmovdqu	kyber_q(%rip), %ymm14
+        vmovdqu	kyber_v(%rip), %ymm15
+        movq	%r11, %r13
+        movq	%r8, %r14
+L_kyber_encapsulate_avx2_trans:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r15
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm12
+        vmovdqu	128(%r14), %ymm0
+        vmovdqu	160(%r14), %ymm1
+        vmovdqu	192(%r14), %ymm2
+        vmovdqu	224(%r14), %ymm3
+        vmovdqu	384(%r14), %ymm4
+        vmovdqu	416(%r14), %ymm5
+        vmovdqu	448(%r14), %ymm6
+        vmovdqu	480(%r14), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%r14)
+        vmovdqu	%ymm1, 160(%r14)
+        vmovdqu	%ymm2, 192(%r14)
+        vmovdqu	%ymm3, 224(%r14)
+        vmovdqu	%ymm4, 384(%r14)
+        vmovdqu	%ymm5, 416(%r14)
+        vmovdqu	%ymm6, 448(%r14)
+        vmovdqu	%ymm7, 480(%r14)
+        vmovdqu	(%r14), %ymm0
+        vmovdqu	32(%r14), %ymm1
+        vmovdqu	64(%r14), %ymm2
+        vmovdqu	96(%r14), %ymm3
+        vmovdqu	256(%r14), %ymm4
+        vmovdqu	288(%r14), %ymm5
+        vmovdqu	320(%r14), %ymm6
+        vmovdqu	352(%r14), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%r14)
+        vmovdqu	%ymm5, 288(%r14)
+        vmovdqu	%ymm6, 320(%r14)
+        vmovdqu	%ymm7, 352(%r14)
+        vmovdqu	128(%r14), %ymm4
+        vmovdqu	160(%r14), %ymm5
+        vmovdqu	192(%r14), %ymm6
+        vmovdqu	224(%r14), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm12
+        vmovdqu	320(%r15), %ymm11
+        vmovdqu	352(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm12
+        vmovdqu	448(%r15), %ymm11
+        vmovdqu	480(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r15), %ymm10
+        vmovdqu	672(%r15), %ymm12
+        vmovdqu	704(%r15), %ymm11
+        vmovdqu	736(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r15), %ymm10
+        vmovdqu	928(%r15), %ymm12
+        vmovdqu	960(%r15), %ymm11
+        vmovdqu	992(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r15), %ymm10
+        vmovdqu	1056(%r15), %ymm12
+        vmovdqu	1088(%r15), %ymm11
+        vmovdqu	1120(%r15), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r15), %ymm10
+        vmovdqu	1184(%r15), %ymm12
+        vmovdqu	1216(%r15), %ymm11
+        vmovdqu	1248(%r15), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, (%r14)
+        vmovdqu	%ymm1, 32(%r14)
+        vmovdqu	%ymm2, 64(%r14)
+        vmovdqu	%ymm3, 96(%r14)
+        vmovdqu	%ymm4, 128(%r14)
+        vmovdqu	%ymm5, 160(%r14)
+        vmovdqu	%ymm6, 192(%r14)
+        vmovdqu	%ymm7, 224(%r14)
+        vmovdqu	256(%r14), %ymm0
+        vmovdqu	288(%r14), %ymm1
+        vmovdqu	320(%r14), %ymm2
+        vmovdqu	352(%r14), %ymm3
+        vmovdqu	384(%r14), %ymm4
+        vmovdqu	416(%r14), %ymm5
+        vmovdqu	448(%r14), %ymm6
+        vmovdqu	480(%r14), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r15), %ymm10
+        vmovdqu	1312(%r15), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r15), %ymm10
+        vmovdqu	1376(%r15), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r15), %ymm10
+        vmovdqu	1440(%r15), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r15), %ymm10
+        vmovdqu	1504(%r15), %ymm12
+        vmovdqu	1536(%r15), %ymm11
+        vmovdqu	1568(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r15), %ymm10
+        vmovdqu	1632(%r15), %ymm12
+        vmovdqu	1664(%r15), %ymm11
+        vmovdqu	1696(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r15), %ymm10
+        vmovdqu	1888(%r15), %ymm12
+        vmovdqu	1920(%r15), %ymm11
+        vmovdqu	1952(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r15), %ymm10
+        vmovdqu	2144(%r15), %ymm12
+        vmovdqu	2176(%r15), %ymm11
+        vmovdqu	2208(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r15), %ymm10
+        vmovdqu	2272(%r15), %ymm12
+        vmovdqu	2304(%r15), %ymm11
+        vmovdqu	2336(%r15), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r15), %ymm10
+        vmovdqu	2400(%r15), %ymm12
+        vmovdqu	2432(%r15), %ymm11
+        vmovdqu	2464(%r15), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, 256(%r14)
+        vmovdqu	%ymm1, 288(%r14)
+        vmovdqu	%ymm2, 320(%r14)
+        vmovdqu	%ymm3, 352(%r14)
+        vmovdqu	%ymm4, 384(%r14)
+        vmovdqu	%ymm5, 416(%r14)
+        vmovdqu	%ymm6, 448(%r14)
+        vmovdqu	%ymm7, 480(%r14)
+        addq	$0x200, %r14
+        subq	$0x01, %r13
+        jg	L_kyber_encapsulate_avx2_trans
+        movq	%r11, %r12
+L_kyber_encapsulate_avx2_calc:
+        vmovdqu	kyber_qinv(%rip), %ymm12
+        # Pointwise acc mont
+        movq	%r11, %r13
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rcx
+        addq	$0x200, %r8
+        subq	$2, %r13
+        jz	L_pointwise_acc_mont_end_encap_bp
+L_pointwise_acc_mont_start_encap_bp:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rcx
+        addq	$0x200, %r8
+        subq	$0x01, %r13
+        jg	L_pointwise_acc_mont_start_encap_bp
+L_pointwise_acc_mont_end_encap_bp:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rcx
+        addq	$0x200, %r8
+        movq	%r11, %r13
+        shl	$9, %r13d
+        subq	%r13, %r8
+        # invntt
+        leaq	L_kyber_avx2_zetas_inv(%rip), %r15
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        # 2: 1/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	32(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	64(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	96(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm12
+        vmovdqu	192(%r15), %ymm11
+        vmovdqu	224(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm12
+        vmovdqu	320(%r15), %ymm11
+        vmovdqu	352(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 1/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 1/2
+        vmovdqu	512(%r15), %ymm10
+        vmovdqu	544(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 1/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	576(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	608(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	640(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	672(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%r15), %ymm10
+        vmovdqu	736(%r15), %ymm12
+        vmovdqu	768(%r15), %ymm11
+        vmovdqu	800(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%r15), %ymm10
+        vmovdqu	864(%r15), %ymm12
+        vmovdqu	896(%r15), %ymm11
+        vmovdqu	928(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 1/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 1/2
+        vmovdqu	1088(%r15), %ymm10
+        vmovdqu	1120(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 1/2
+        vmovdqu	1152(%r15), %ymm10
+        vmovdqu	1184(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        vmovdqu	%ymm5, 160(%rsi)
+        vmovdqu	%ymm6, 192(%rsi)
+        vmovdqu	%ymm7, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	384(%rsi), %ymm4
+        vmovdqu	416(%rsi), %ymm5
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        # 2: 2/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1216(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	1248(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	1280(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	1312(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%r15), %ymm10
+        vmovdqu	1376(%r15), %ymm12
+        vmovdqu	1408(%r15), %ymm11
+        vmovdqu	1440(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%r15), %ymm10
+        vmovdqu	1504(%r15), %ymm12
+        vmovdqu	1536(%r15), %ymm11
+        vmovdqu	1568(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 2/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 2/2
+        vmovdqu	1728(%r15), %ymm10
+        vmovdqu	1760(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 2/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1792(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	1824(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	1856(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	1888(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%r15), %ymm10
+        vmovdqu	1952(%r15), %ymm12
+        vmovdqu	1984(%r15), %ymm11
+        vmovdqu	2016(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%r15), %ymm10
+        vmovdqu	2080(%r15), %ymm12
+        vmovdqu	2112(%r15), %ymm11
+        vmovdqu	2144(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 2/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 2/2
+        vmovdqu	2304(%r15), %ymm10
+        vmovdqu	2336(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 2/2
+        vmovdqu	2368(%r15), %ymm10
+        vmovdqu	2400(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        # 128
+        vmovdqu	2432(%r15), %ymm10
+        vmovdqu	2464(%r15), %ymm12
+        vmovdqu	2496(%r15), %ymm11
+        vmovdqu	2528(%r15), %ymm13
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	%ymm4, 384(%rsi)
+        vmovdqu	%ymm5, 416(%rsi)
+        vmovdqu	%ymm6, 448(%rsi)
+        vmovdqu	%ymm7, 480(%rsi)
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	256(%rsi), %ymm4
+        vmovdqu	288(%rsi), %ymm5
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 256(%rsi)
+        vmovdqu	%ymm5, 288(%rsi)
+        vmovdqu	%ymm6, 320(%rsi)
+        vmovdqu	%ymm7, 352(%rsi)
+        # Add Errors
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	(%r9), %ymm4
+        vmovdqu	32(%r9), %ymm5
+        vmovdqu	64(%r9), %ymm6
+        vmovdqu	96(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vmovdqu	128(%r9), %ymm4
+        vmovdqu	160(%r9), %ymm5
+        vmovdqu	192(%r9), %ymm6
+        vmovdqu	224(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	256(%r9), %ymm4
+        vmovdqu	288(%r9), %ymm5
+        vmovdqu	320(%r9), %ymm6
+        vmovdqu	352(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vmovdqu	448(%rsi), %ymm2
+        vmovdqu	480(%rsi), %ymm3
+        vmovdqu	384(%r9), %ymm4
+        vmovdqu	416(%r9), %ymm5
+        vmovdqu	448(%r9), %ymm6
+        vmovdqu	480(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	%ymm2, 448(%rsi)
+        vmovdqu	%ymm3, 480(%rsi)
+        addq	$0x200, %r9
+        addq	$0x200, %rsi
+        subq	$0x01, %r12
+        jg	L_kyber_encapsulate_avx2_calc
+        vmovdqu	kyber_qinv(%rip), %ymm12
+        # Pointwise acc mont
+        movq	%r11, %r13
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rdx)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rdx)
+        vmovdqu	%ymm1, 224(%rdx)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rdx)
+        vmovdqu	%ymm1, 352(%rdx)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rdx)
+        vmovdqu	%ymm1, 480(%rdx)
+        addq	$0x200, %rdi
+        addq	$0x200, %r8
+        subq	$2, %r13
+        jz	L_pointwise_acc_mont_end_encap_v
+L_pointwise_acc_mont_start_encap_v:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rdx), %ymm6
+        vmovdqu	32(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	96(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rdx)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rdx), %ymm6
+        vmovdqu	160(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rdx)
+        vmovdqu	%ymm1, 224(%rdx)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rdx), %ymm6
+        vmovdqu	288(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rdx)
+        vmovdqu	%ymm1, 352(%rdx)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rdx), %ymm6
+        vmovdqu	416(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rdx)
+        vmovdqu	%ymm1, 480(%rdx)
+        addq	$0x200, %rdi
+        addq	$0x200, %r8
+        subq	$0x01, %r13
+        jg	L_pointwise_acc_mont_start_encap_v
+L_pointwise_acc_mont_end_encap_v:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rdx), %ymm6
+        vmovdqu	32(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	96(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rdx)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rdx), %ymm6
+        vmovdqu	160(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rdx)
+        vmovdqu	%ymm1, 224(%rdx)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rdx), %ymm6
+        vmovdqu	288(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rdx)
+        vmovdqu	%ymm1, 352(%rdx)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rdx), %ymm6
+        vmovdqu	416(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rdx)
+        vmovdqu	%ymm1, 480(%rdx)
+        addq	$0x200, %rdi
+        addq	$0x200, %r8
+        movq	%r11, %r13
+        shl	$9, %r13d
+        subq	%r13, %r8
+        # invntt
+        leaq	L_kyber_avx2_zetas_inv(%rip), %r15
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        # 2: 1/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	32(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	64(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	96(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm12
+        vmovdqu	192(%r15), %ymm11
+        vmovdqu	224(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm12
+        vmovdqu	320(%r15), %ymm11
+        vmovdqu	352(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 1/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 1/2
+        vmovdqu	512(%r15), %ymm10
+        vmovdqu	544(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 1/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	576(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	608(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	640(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	672(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%r15), %ymm10
+        vmovdqu	736(%r15), %ymm12
+        vmovdqu	768(%r15), %ymm11
+        vmovdqu	800(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%r15), %ymm10
+        vmovdqu	864(%r15), %ymm12
+        vmovdqu	896(%r15), %ymm11
+        vmovdqu	928(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 1/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 1/2
+        vmovdqu	1088(%r15), %ymm10
+        vmovdqu	1120(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 1/2
+        vmovdqu	1152(%r15), %ymm10
+        vmovdqu	1184(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	%ymm4, 128(%rdx)
+        vmovdqu	%ymm5, 160(%rdx)
+        vmovdqu	%ymm6, 192(%rdx)
+        vmovdqu	%ymm7, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        # 2: 2/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1216(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	1248(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	1280(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	1312(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%r15), %ymm10
+        vmovdqu	1376(%r15), %ymm12
+        vmovdqu	1408(%r15), %ymm11
+        vmovdqu	1440(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%r15), %ymm10
+        vmovdqu	1504(%r15), %ymm12
+        vmovdqu	1536(%r15), %ymm11
+        vmovdqu	1568(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 2/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 2/2
+        vmovdqu	1728(%r15), %ymm10
+        vmovdqu	1760(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 2/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1792(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	1824(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	1856(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	1888(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%r15), %ymm10
+        vmovdqu	1952(%r15), %ymm12
+        vmovdqu	1984(%r15), %ymm11
+        vmovdqu	2016(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%r15), %ymm10
+        vmovdqu	2080(%r15), %ymm12
+        vmovdqu	2112(%r15), %ymm11
+        vmovdqu	2144(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 2/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 2/2
+        vmovdqu	2304(%r15), %ymm10
+        vmovdqu	2336(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 2/2
+        vmovdqu	2368(%r15), %ymm10
+        vmovdqu	2400(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        # 128
+        vmovdqu	2432(%r15), %ymm10
+        vmovdqu	2464(%r15), %ymm12
+        vmovdqu	2496(%r15), %ymm11
+        vmovdqu	2528(%r15), %ymm13
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	%ymm4, 384(%rdx)
+        vmovdqu	%ymm5, 416(%rdx)
+        vmovdqu	%ymm6, 448(%rdx)
+        vmovdqu	%ymm7, 480(%rdx)
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	%ymm4, 256(%rdx)
+        vmovdqu	%ymm5, 288(%rdx)
+        vmovdqu	%ymm6, 320(%rdx)
+        vmovdqu	%ymm7, 352(%rdx)
+        # Add Errors
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	(%rax), %ymm4
+        vmovdqu	32(%rax), %ymm5
+        vmovdqu	64(%rax), %ymm6
+        vmovdqu	96(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vmovdqu	128(%rax), %ymm4
+        vmovdqu	160(%rax), %ymm5
+        vmovdqu	192(%rax), %ymm6
+        vmovdqu	224(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	256(%rax), %ymm4
+        vmovdqu	288(%rax), %ymm5
+        vmovdqu	320(%rax), %ymm6
+        vmovdqu	352(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        vmovdqu	384(%rdx), %ymm0
+        vmovdqu	416(%rdx), %ymm1
+        vmovdqu	448(%rdx), %ymm2
+        vmovdqu	480(%rdx), %ymm3
+        vmovdqu	384(%rax), %ymm4
+        vmovdqu	416(%rax), %ymm5
+        vmovdqu	448(%rax), %ymm6
+        vmovdqu	480(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	%ymm2, 448(%rdx)
+        vmovdqu	%ymm3, 480(%rdx)
+        # Add Errors
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	(%r10), %ymm4
+        vmovdqu	32(%r10), %ymm5
+        vmovdqu	64(%r10), %ymm6
+        vmovdqu	96(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vmovdqu	128(%r10), %ymm4
+        vmovdqu	160(%r10), %ymm5
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	256(%r10), %ymm4
+        vmovdqu	288(%r10), %ymm5
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        vmovdqu	384(%rdx), %ymm0
+        vmovdqu	416(%rdx), %ymm1
+        vmovdqu	448(%rdx), %ymm2
+        vmovdqu	480(%rdx), %ymm3
+        vmovdqu	384(%r10), %ymm4
+        vmovdqu	416(%r10), %ymm5
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	%ymm2, 448(%rdx)
+        vmovdqu	%ymm3, 480(%rdx)
+        vzeroupper
+        addq	$48, %rsp
+        popq	%r15
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        repz retq
+#ifndef __APPLE__
+.size	kyber_encapsulate_avx2,.-kyber_encapsulate_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_decapsulate_avx2
+.type	kyber_decapsulate_avx2,@function
+.align	16
+kyber_decapsulate_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decapsulate_avx2
+.p2align	4
+_kyber_decapsulate_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm14
+        vmovdqu	kyber_v(%rip), %ymm15
+        movq	%r8, %rax
+        movq	%rdx, %r9
+L_kyber_decapsulate_avx2_trans:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r10
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm12
+        vmovdqu	128(%r9), %ymm0
+        vmovdqu	160(%r9), %ymm1
+        vmovdqu	192(%r9), %ymm2
+        vmovdqu	224(%r9), %ymm3
+        vmovdqu	384(%r9), %ymm4
+        vmovdqu	416(%r9), %ymm5
+        vmovdqu	448(%r9), %ymm6
+        vmovdqu	480(%r9), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%r9)
+        vmovdqu	%ymm1, 160(%r9)
+        vmovdqu	%ymm2, 192(%r9)
+        vmovdqu	%ymm3, 224(%r9)
+        vmovdqu	%ymm4, 384(%r9)
+        vmovdqu	%ymm5, 416(%r9)
+        vmovdqu	%ymm6, 448(%r9)
+        vmovdqu	%ymm7, 480(%r9)
+        vmovdqu	(%r9), %ymm0
+        vmovdqu	32(%r9), %ymm1
+        vmovdqu	64(%r9), %ymm2
+        vmovdqu	96(%r9), %ymm3
+        vmovdqu	256(%r9), %ymm4
+        vmovdqu	288(%r9), %ymm5
+        vmovdqu	320(%r9), %ymm6
+        vmovdqu	352(%r9), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%r9)
+        vmovdqu	%ymm5, 288(%r9)
+        vmovdqu	%ymm6, 320(%r9)
+        vmovdqu	%ymm7, 352(%r9)
+        vmovdqu	128(%r9), %ymm4
+        vmovdqu	160(%r9), %ymm5
+        vmovdqu	192(%r9), %ymm6
+        vmovdqu	224(%r9), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm12
+        vmovdqu	320(%r10), %ymm11
+        vmovdqu	352(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm12
+        vmovdqu	448(%r10), %ymm11
+        vmovdqu	480(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r10), %ymm10
+        vmovdqu	672(%r10), %ymm12
+        vmovdqu	704(%r10), %ymm11
+        vmovdqu	736(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r10), %ymm10
+        vmovdqu	928(%r10), %ymm12
+        vmovdqu	960(%r10), %ymm11
+        vmovdqu	992(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r10), %ymm10
+        vmovdqu	1056(%r10), %ymm12
+        vmovdqu	1088(%r10), %ymm11
+        vmovdqu	1120(%r10), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r10), %ymm10
+        vmovdqu	1184(%r10), %ymm12
+        vmovdqu	1216(%r10), %ymm11
+        vmovdqu	1248(%r10), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, (%r9)
+        vmovdqu	%ymm9, 32(%r9)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 64(%r9)
+        vmovdqu	%ymm9, 96(%r9)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 128(%r9)
+        vmovdqu	%ymm9, 160(%r9)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 192(%r9)
+        vmovdqu	%ymm9, 224(%r9)
+        vmovdqu	256(%r9), %ymm0
+        vmovdqu	288(%r9), %ymm1
+        vmovdqu	320(%r9), %ymm2
+        vmovdqu	352(%r9), %ymm3
+        vmovdqu	384(%r9), %ymm4
+        vmovdqu	416(%r9), %ymm5
+        vmovdqu	448(%r9), %ymm6
+        vmovdqu	480(%r9), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r10), %ymm10
+        vmovdqu	1312(%r10), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r10), %ymm10
+        vmovdqu	1376(%r10), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r10), %ymm10
+        vmovdqu	1440(%r10), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r10), %ymm10
+        vmovdqu	1504(%r10), %ymm12
+        vmovdqu	1536(%r10), %ymm11
+        vmovdqu	1568(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r10), %ymm10
+        vmovdqu	1632(%r10), %ymm12
+        vmovdqu	1664(%r10), %ymm11
+        vmovdqu	1696(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r10), %ymm10
+        vmovdqu	1888(%r10), %ymm12
+        vmovdqu	1920(%r10), %ymm11
+        vmovdqu	1952(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r10), %ymm10
+        vmovdqu	2144(%r10), %ymm12
+        vmovdqu	2176(%r10), %ymm11
+        vmovdqu	2208(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r10), %ymm10
+        vmovdqu	2272(%r10), %ymm12
+        vmovdqu	2304(%r10), %ymm11
+        vmovdqu	2336(%r10), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r10), %ymm10
+        vmovdqu	2400(%r10), %ymm12
+        vmovdqu	2432(%r10), %ymm11
+        vmovdqu	2464(%r10), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, 256(%r9)
+        vmovdqu	%ymm9, 288(%r9)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 320(%r9)
+        vmovdqu	%ymm9, 352(%r9)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 384(%r9)
+        vmovdqu	%ymm9, 416(%r9)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 448(%r9)
+        vmovdqu	%ymm9, 480(%r9)
+        addq	$0x200, %r9
+        subq	$0x01, %rax
+        jg	L_kyber_decapsulate_avx2_trans
+        vmovdqu	kyber_qinv(%rip), %ymm12
+        # Pointwise acc mont
+        movq	%r8, %rax
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdx), %ymm4
+        vmovdqu	96(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdx), %ymm4
+        vmovdqu	224(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdx), %ymm4
+        vmovdqu	352(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r10), %ymm10
+        vmovdqu	352(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdx), %ymm4
+        vmovdqu	480(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r10), %ymm10
+        vmovdqu	480(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rdi
+        addq	$0x200, %rdx
+        subq	$2, %rax
+        jz	L_pointwise_acc_mont_end_decap
+L_pointwise_acc_mont_start_decap:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdx), %ymm4
+        vmovdqu	96(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdx), %ymm4
+        vmovdqu	224(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdx), %ymm4
+        vmovdqu	352(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r10), %ymm10
+        vmovdqu	352(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdx), %ymm4
+        vmovdqu	480(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r10), %ymm10
+        vmovdqu	480(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rdi
+        addq	$0x200, %rdx
+        subq	$0x01, %rax
+        jg	L_pointwise_acc_mont_start_decap
+L_pointwise_acc_mont_end_decap:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdx), %ymm4
+        vmovdqu	96(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdx), %ymm4
+        vmovdqu	224(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdx), %ymm4
+        vmovdqu	352(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r10), %ymm10
+        vmovdqu	352(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdx), %ymm4
+        vmovdqu	480(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r10), %ymm10
+        vmovdqu	480(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rdi
+        addq	$0x200, %rdx
+        movq	%r8, %rax
+        shl	$9, %eax
+        subq	%rax, %rdx
+        # invntt
+        leaq	L_kyber_avx2_zetas_inv(%rip), %r10
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        # 2: 1/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	32(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	64(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	96(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm12
+        vmovdqu	192(%r10), %ymm11
+        vmovdqu	224(%r10), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm12
+        vmovdqu	320(%r10), %ymm11
+        vmovdqu	352(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 1/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%r10), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 1/2
+        vmovdqu	512(%r10), %ymm10
+        vmovdqu	544(%r10), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 1/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	576(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	608(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	640(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	672(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%r10), %ymm10
+        vmovdqu	736(%r10), %ymm12
+        vmovdqu	768(%r10), %ymm11
+        vmovdqu	800(%r10), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%r10), %ymm10
+        vmovdqu	864(%r10), %ymm12
+        vmovdqu	896(%r10), %ymm11
+        vmovdqu	928(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 1/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%r10), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 1/2
+        vmovdqu	1088(%r10), %ymm10
+        vmovdqu	1120(%r10), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 1/2
+        vmovdqu	1152(%r10), %ymm10
+        vmovdqu	1184(%r10), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        vmovdqu	%ymm5, 160(%rsi)
+        vmovdqu	%ymm6, 192(%rsi)
+        vmovdqu	%ymm7, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	384(%rsi), %ymm4
+        vmovdqu	416(%rsi), %ymm5
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        # 2: 2/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1216(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	1248(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	1280(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	1312(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%r10), %ymm10
+        vmovdqu	1376(%r10), %ymm12
+        vmovdqu	1408(%r10), %ymm11
+        vmovdqu	1440(%r10), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%r10), %ymm10
+        vmovdqu	1504(%r10), %ymm12
+        vmovdqu	1536(%r10), %ymm11
+        vmovdqu	1568(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 2/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%r10), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 2/2
+        vmovdqu	1728(%r10), %ymm10
+        vmovdqu	1760(%r10), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 2/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1792(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	1824(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	1856(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	1888(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%r10), %ymm10
+        vmovdqu	1952(%r10), %ymm12
+        vmovdqu	1984(%r10), %ymm11
+        vmovdqu	2016(%r10), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%r10), %ymm10
+        vmovdqu	2080(%r10), %ymm12
+        vmovdqu	2112(%r10), %ymm11
+        vmovdqu	2144(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 2/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%r10), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 2/2
+        vmovdqu	2304(%r10), %ymm10
+        vmovdqu	2336(%r10), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 2/2
+        vmovdqu	2368(%r10), %ymm10
+        vmovdqu	2400(%r10), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        # 128
+        vmovdqu	2432(%r10), %ymm10
+        vmovdqu	2464(%r10), %ymm12
+        vmovdqu	2496(%r10), %ymm11
+        vmovdqu	2528(%r10), %ymm13
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	%ymm4, 384(%rsi)
+        vmovdqu	%ymm5, 416(%rsi)
+        vmovdqu	%ymm6, 448(%rsi)
+        vmovdqu	%ymm7, 480(%rsi)
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	256(%rsi), %ymm4
+        vmovdqu	288(%rsi), %ymm5
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 256(%rsi)
+        vmovdqu	%ymm5, 288(%rsi)
+        vmovdqu	%ymm6, 320(%rsi)
+        vmovdqu	%ymm7, 352(%rsi)
+        # Sub Errors
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	(%rcx), %ymm4
+        vmovdqu	32(%rcx), %ymm5
+        vmovdqu	64(%rcx), %ymm6
+        vmovdqu	96(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vmovdqu	128(%rcx), %ymm4
+        vmovdqu	160(%rcx), %ymm5
+        vmovdqu	192(%rcx), %ymm6
+        vmovdqu	224(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	256(%rcx), %ymm4
+        vmovdqu	288(%rcx), %ymm5
+        vmovdqu	320(%rcx), %ymm6
+        vmovdqu	352(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vmovdqu	448(%rsi), %ymm2
+        vmovdqu	480(%rsi), %ymm3
+        vmovdqu	384(%rcx), %ymm4
+        vmovdqu	416(%rcx), %ymm5
+        vmovdqu	448(%rcx), %ymm6
+        vmovdqu	480(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	%ymm2, 448(%rsi)
+        vmovdqu	%ymm3, 480(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decapsulate_avx2,.-kyber_decapsulate_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_csubq_avx2
+.type	kyber_csubq_avx2,@function
+.align	16
+kyber_csubq_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_csubq_avx2
+.p2align	4
+_kyber_csubq_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm12
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_csubq_avx2,.-kyber_csubq_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_rej_idx:
+.quad	0xffffffffffffffff,0xffffffffffffff00
+.quad	0xffffffffffffff02,0xffffffffffff0200
+.quad	0xffffffffffffff04,0xffffffffffff0400
+.quad	0xffffffffffff0402,0xffffffffff040200
+.quad	0xffffffffffffff06,0xffffffffffff0600
+.quad	0xffffffffffff0602,0xffffffffff060200
+.quad	0xffffffffffff0604,0xffffffffff060400
+.quad	0xffffffffff060402,0xffffffff06040200
+.quad	0xffffffffffffff08,0xffffffffffff0800
+.quad	0xffffffffffff0802,0xffffffffff080200
+.quad	0xffffffffffff0804,0xffffffffff080400
+.quad	0xffffffffff080402,0xffffffff08040200
+.quad	0xffffffffffff0806,0xffffffffff080600
+.quad	0xffffffffff080602,0xffffffff08060200
+.quad	0xffffffffff080604,0xffffffff08060400
+.quad	0xffffffff08060402,0xffffff0806040200
+.quad	0xffffffffffffff0a,0xffffffffffff0a00
+.quad	0xffffffffffff0a02,0xffffffffff0a0200
+.quad	0xffffffffffff0a04,0xffffffffff0a0400
+.quad	0xffffffffff0a0402,0xffffffff0a040200
+.quad	0xffffffffffff0a06,0xffffffffff0a0600
+.quad	0xffffffffff0a0602,0xffffffff0a060200
+.quad	0xffffffffff0a0604,0xffffffff0a060400
+.quad	0xffffffff0a060402,0xffffff0a06040200
+.quad	0xffffffffffff0a08,0xffffffffff0a0800
+.quad	0xffffffffff0a0802,0xffffffff0a080200
+.quad	0xffffffffff0a0804,0xffffffff0a080400
+.quad	0xffffffff0a080402,0xffffff0a08040200
+.quad	0xffffffffff0a0806,0xffffffff0a080600
+.quad	0xffffffff0a080602,0xffffff0a08060200
+.quad	0xffffffff0a080604,0xffffff0a08060400
+.quad	0xffffff0a08060402,0xffff0a0806040200
+.quad	0xffffffffffffff0c,0xffffffffffff0c00
+.quad	0xffffffffffff0c02,0xffffffffff0c0200
+.quad	0xffffffffffff0c04,0xffffffffff0c0400
+.quad	0xffffffffff0c0402,0xffffffff0c040200
+.quad	0xffffffffffff0c06,0xffffffffff0c0600
+.quad	0xffffffffff0c0602,0xffffffff0c060200
+.quad	0xffffffffff0c0604,0xffffffff0c060400
+.quad	0xffffffff0c060402,0xffffff0c06040200
+.quad	0xffffffffffff0c08,0xffffffffff0c0800
+.quad	0xffffffffff0c0802,0xffffffff0c080200
+.quad	0xffffffffff0c0804,0xffffffff0c080400
+.quad	0xffffffff0c080402,0xffffff0c08040200
+.quad	0xffffffffff0c0806,0xffffffff0c080600
+.quad	0xffffffff0c080602,0xffffff0c08060200
+.quad	0xffffffff0c080604,0xffffff0c08060400
+.quad	0xffffff0c08060402,0xffff0c0806040200
+.quad	0xffffffffffff0c0a,0xffffffffff0c0a00
+.quad	0xffffffffff0c0a02,0xffffffff0c0a0200
+.quad	0xffffffffff0c0a04,0xffffffff0c0a0400
+.quad	0xffffffff0c0a0402,0xffffff0c0a040200
+.quad	0xffffffffff0c0a06,0xffffffff0c0a0600
+.quad	0xffffffff0c0a0602,0xffffff0c0a060200
+.quad	0xffffffff0c0a0604,0xffffff0c0a060400
+.quad	0xffffff0c0a060402,0xffff0c0a06040200
+.quad	0xffffffffff0c0a08,0xffffffff0c0a0800
+.quad	0xffffffff0c0a0802,0xffffff0c0a080200
+.quad	0xffffffff0c0a0804,0xffffff0c0a080400
+.quad	0xffffff0c0a080402,0xffff0c0a08040200
+.quad	0xffffffff0c0a0806,0xffffff0c0a080600
+.quad	0xffffff0c0a080602,0xffff0c0a08060200
+.quad	0xffffff0c0a080604,0xffff0c0a08060400
+.quad	0xffff0c0a08060402,0xff0c0a0806040200
+.quad	0xffffffffffffff0e,0xffffffffffff0e00
+.quad	0xffffffffffff0e02,0xffffffffff0e0200
+.quad	0xffffffffffff0e04,0xffffffffff0e0400
+.quad	0xffffffffff0e0402,0xffffffff0e040200
+.quad	0xffffffffffff0e06,0xffffffffff0e0600
+.quad	0xffffffffff0e0602,0xffffffff0e060200
+.quad	0xffffffffff0e0604,0xffffffff0e060400
+.quad	0xffffffff0e060402,0xffffff0e06040200
+.quad	0xffffffffffff0e08,0xffffffffff0e0800
+.quad	0xffffffffff0e0802,0xffffffff0e080200
+.quad	0xffffffffff0e0804,0xffffffff0e080400
+.quad	0xffffffff0e080402,0xffffff0e08040200
+.quad	0xffffffffff0e0806,0xffffffff0e080600
+.quad	0xffffffff0e080602,0xffffff0e08060200
+.quad	0xffffffff0e080604,0xffffff0e08060400
+.quad	0xffffff0e08060402,0xffff0e0806040200
+.quad	0xffffffffffff0e0a,0xffffffffff0e0a00
+.quad	0xffffffffff0e0a02,0xffffffff0e0a0200
+.quad	0xffffffffff0e0a04,0xffffffff0e0a0400
+.quad	0xffffffff0e0a0402,0xffffff0e0a040200
+.quad	0xffffffffff0e0a06,0xffffffff0e0a0600
+.quad	0xffffffff0e0a0602,0xffffff0e0a060200
+.quad	0xffffffff0e0a0604,0xffffff0e0a060400
+.quad	0xffffff0e0a060402,0xffff0e0a06040200
+.quad	0xffffffffff0e0a08,0xffffffff0e0a0800
+.quad	0xffffffff0e0a0802,0xffffff0e0a080200
+.quad	0xffffffff0e0a0804,0xffffff0e0a080400
+.quad	0xffffff0e0a080402,0xffff0e0a08040200
+.quad	0xffffffff0e0a0806,0xffffff0e0a080600
+.quad	0xffffff0e0a080602,0xffff0e0a08060200
+.quad	0xffffff0e0a080604,0xffff0e0a08060400
+.quad	0xffff0e0a08060402,0xff0e0a0806040200
+.quad	0xffffffffffff0e0c,0xffffffffff0e0c00
+.quad	0xffffffffff0e0c02,0xffffffff0e0c0200
+.quad	0xffffffffff0e0c04,0xffffffff0e0c0400
+.quad	0xffffffff0e0c0402,0xffffff0e0c040200
+.quad	0xffffffffff0e0c06,0xffffffff0e0c0600
+.quad	0xffffffff0e0c0602,0xffffff0e0c060200
+.quad	0xffffffff0e0c0604,0xffffff0e0c060400
+.quad	0xffffff0e0c060402,0xffff0e0c06040200
+.quad	0xffffffffff0e0c08,0xffffffff0e0c0800
+.quad	0xffffffff0e0c0802,0xffffff0e0c080200
+.quad	0xffffffff0e0c0804,0xffffff0e0c080400
+.quad	0xffffff0e0c080402,0xffff0e0c08040200
+.quad	0xffffffff0e0c0806,0xffffff0e0c080600
+.quad	0xffffff0e0c080602,0xffff0e0c08060200
+.quad	0xffffff0e0c080604,0xffff0e0c08060400
+.quad	0xffff0e0c08060402,0xff0e0c0806040200
+.quad	0xffffffffff0e0c0a,0xffffffff0e0c0a00
+.quad	0xffffffff0e0c0a02,0xffffff0e0c0a0200
+.quad	0xffffffff0e0c0a04,0xffffff0e0c0a0400
+.quad	0xffffff0e0c0a0402,0xffff0e0c0a040200
+.quad	0xffffffff0e0c0a06,0xffffff0e0c0a0600
+.quad	0xffffff0e0c0a0602,0xffff0e0c0a060200
+.quad	0xffffff0e0c0a0604,0xffff0e0c0a060400
+.quad	0xffff0e0c0a060402,0xff0e0c0a06040200
+.quad	0xffffffff0e0c0a08,0xffffff0e0c0a0800
+.quad	0xffffff0e0c0a0802,0xffff0e0c0a080200
+.quad	0xffffff0e0c0a0804,0xffff0e0c0a080400
+.quad	0xffff0e0c0a080402,0xff0e0c0a08040200
+.quad	0xffffff0e0c0a0806,0xffff0e0c0a080600
+.quad	0xffff0e0c0a080602,0xff0e0c0a08060200
+.quad	0xffff0e0c0a080604,0xff0e0c0a08060400
+.quad	0xff0e0c0a08060402,0xe0c0a0806040200
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_q:
+.quad	0xd010d010d010d01, 0xd010d010d010d01
+.quad	0xd010d010d010d01, 0xd010d010d010d01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_ones:
+.quad	0x101010101010101, 0x101010101010101
+.quad	0x101010101010101, 0x101010101010101
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_mask:
+.quad	0xfff0fff0fff0fff, 0xfff0fff0fff0fff
+.quad	0xfff0fff0fff0fff, 0xfff0fff0fff0fff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_shuffle:
+.quad	0x504040302010100, 0xb0a0a0908070706
+.quad	0x908080706050504, 0xf0e0e0d0c0b0b0a
+#ifndef __APPLE__
+.text
+.globl	kyber_rej_uniform_n_avx2
+.type	kyber_rej_uniform_n_avx2,@function
+.align	16
+kyber_rej_uniform_n_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rej_uniform_n_avx2
+.p2align	4
+_kyber_rej_uniform_n_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        pushq	%r15
+        pushq	%rbp
+        movq	%rcx, %r8
+        movl	%esi, %eax
+        vmovdqu	L_kyber_rej_q(%rip), %ymm6
+        vmovdqu	L_kyber_rej_ones(%rip), %ymm7
+        vmovdqu	L_kyber_rej_mask(%rip), %ymm8
+        vmovdqu	L_kyber_rej_shuffle(%rip), %ymm9
+        leaq	L_kyber_rej_idx(%rip), %r9
+        movq	$0x1111111111111111, %r14
+        movq	$0xe0c0a0806040200, %rbp
+        movq	$0x101010101010101, %r13
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 48(%rdx), %ymm0
+        vpermq	$0x94, 72(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 96(%rdx), %ymm0
+        vpermq	$0x94, 120(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 144(%rdx), %ymm0
+        vpermq	$0x94, 168(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 192(%rdx), %ymm0
+        vpermq	$0x94, 216(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 240(%rdx), %ymm0
+        vpermq	$0x94, 264(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 288(%rdx), %ymm0
+        vpermq	$0x94, 312(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$0x150, %rdx
+        subl	$0x150, %r8d
+L_kyber_rej_uniform_n_avx2_start_256:
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$48, %r8d
+        jl	L_kyber_rej_uniform_n_avx2_done_256
+        cmpl	$32, %esi
+        jge	L_kyber_rej_uniform_n_avx2_start_256
+L_kyber_rej_uniform_n_avx2_done_256:
+        cmpl	$8, %esi
+        jl	L_kyber_rej_uniform_n_avx2_done_128
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_n_avx2_done_128
+L_kyber_rej_uniform_n_avx2_start_128:
+        vmovdqu	(%rdx), %xmm0
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsrlw	$4, %xmm0, %xmm2
+        vpblendw	$0xaa, %xmm2, %xmm0, %xmm0
+        vpand	%xmm8, %xmm0, %xmm0
+        vpcmpgtw	%xmm0, %xmm6, %xmm2
+        vpmovmskb	%xmm2, %rbx
+        movq	$0x5555, %r10
+        pextl	%r10d, %ebx, %ebx
+        movq	(%r9,%rbx,8), %xmm3
+        vpaddb	%xmm7, %xmm3, %xmm4
+        vpunpcklbw	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm3, %xmm0, %xmm0
+        vmovdqu	%xmm0, (%rdi)
+        popcntl	%ebx, %ecx
+        leaq	(%rdi,%rcx,2), %rdi
+        subl	%ecx, %esi
+        addq	$12, %rdx
+        subl	$12, %r8d
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_n_avx2_done_128
+        cmpl	$8, %esi
+        jge	L_kyber_rej_uniform_n_avx2_start_128
+L_kyber_rej_uniform_n_avx2_done_128:
+        cmpl	$0x00, %r8d
+        je	L_kyber_rej_uniform_n_avx2_done_64
+        cmpl	$0x00, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+        movq	$0xfff0fff0fff0fff, %r15
+        movq	$0x2000200020002000, %r10
+        movq	$0xd010d010d010d01, %r11
+        movq	$0x1000100010001000, %r12
+L_kyber_rej_uniform_n_avx2_start_64:
+        movq	(%rdx), %rcx
+        pdepq	%r15, %rcx, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_0
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_0:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_1
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_1:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_2
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_2:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_3
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_3:
+        addq	$6, %rdx
+        subl	$6, %r8d
+        jle	L_kyber_rej_uniform_n_avx2_done_64
+        cmpl	$0x00, %esi
+        jg	L_kyber_rej_uniform_n_avx2_start_64
+L_kyber_rej_uniform_n_avx2_done_64:
+        vzeroupper
+        subl	%esi, %eax
+        popq	%rbp
+        popq	%r15
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	kyber_rej_uniform_n_avx2,.-kyber_rej_uniform_n_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_rej_uniform_avx2
+.type	kyber_rej_uniform_avx2,@function
+.align	16
+kyber_rej_uniform_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rej_uniform_avx2
+.p2align	4
+_kyber_rej_uniform_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        pushq	%r15
+        pushq	%rbp
+        movq	%rcx, %r8
+        movl	%esi, %eax
+        cmpl	$0x00, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+        cmpl	$8, %esi
+        jl	L_kyber_rej_uniform_avx2_done_128
+        vmovdqu	L_kyber_rej_q(%rip), %ymm6
+        vmovdqu	L_kyber_rej_ones(%rip), %ymm7
+        vmovdqu	L_kyber_rej_mask(%rip), %ymm8
+        vmovdqu	L_kyber_rej_shuffle(%rip), %ymm9
+        leaq	L_kyber_rej_idx(%rip), %r9
+        movq	$0x1111111111111111, %r14
+        movq	$0xe0c0a0806040200, %rbp
+        movq	$0x101010101010101, %r13
+        cmpl	$32, %esi
+        jl	L_kyber_rej_uniform_avx2_done_256
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$32, %esi
+        jl	L_kyber_rej_uniform_avx2_done_256
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$32, %esi
+        jl	L_kyber_rej_uniform_avx2_done_256
+L_kyber_rej_uniform_avx2_start_256:
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$48, %r8d
+        jl	L_kyber_rej_uniform_avx2_done_256
+        cmpl	$32, %esi
+        jge	L_kyber_rej_uniform_avx2_start_256
+L_kyber_rej_uniform_avx2_done_256:
+        cmpl	$8, %esi
+        jl	L_kyber_rej_uniform_avx2_done_128
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_avx2_done_128
+L_kyber_rej_uniform_avx2_start_128:
+        vmovdqu	(%rdx), %xmm0
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsrlw	$4, %xmm0, %xmm2
+        vpblendw	$0xaa, %xmm2, %xmm0, %xmm0
+        vpand	%xmm8, %xmm0, %xmm0
+        vpcmpgtw	%xmm0, %xmm6, %xmm2
+        vpmovmskb	%xmm2, %rbx
+        movq	$0x5555, %r10
+        pextl	%r10d, %ebx, %ebx
+        movq	(%r9,%rbx,8), %xmm3
+        vpaddb	%xmm7, %xmm3, %xmm4
+        vpunpcklbw	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm3, %xmm0, %xmm0
+        vmovdqu	%xmm0, (%rdi)
+        popcntl	%ebx, %ecx
+        leaq	(%rdi,%rcx,2), %rdi
+        subl	%ecx, %esi
+        addq	$12, %rdx
+        subl	$12, %r8d
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_avx2_done_128
+        cmpl	$8, %esi
+        jge	L_kyber_rej_uniform_avx2_start_128
+L_kyber_rej_uniform_avx2_done_128:
+        cmpl	$0x00, %r8d
+        je	L_kyber_rej_uniform_avx2_done_64
+        cmpl	$0x00, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+        movq	$0xfff0fff0fff0fff, %r15
+        movq	$0x2000200020002000, %r10
+        movq	$0xd010d010d010d01, %r11
+        movq	$0x1000100010001000, %r12
+L_kyber_rej_uniform_avx2_start_64:
+        movq	(%rdx), %rcx
+        pdepq	%r15, %rcx, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_0
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_0:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_1
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_1:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_2
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_2:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_3
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_3:
+        addq	$6, %rdx
+        subl	$6, %r8d
+        jle	L_kyber_rej_uniform_avx2_done_64
+        cmpl	$0x00, %esi
+        jg	L_kyber_rej_uniform_avx2_start_64
+L_kyber_rej_uniform_avx2_done_64:
+        vzeroupper
+        subl	%esi, %eax
+        popq	%rbp
+        popq	%r15
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	kyber_rej_uniform_avx2,.-kyber_rej_uniform_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_249:
+.quad	0x24924900249249, 0x24924900249249
+.quad	0x24924900249249, 0x24924900249249
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_6db:
+.quad	0x6db6db006db6db, 0x6db6db006db6db
+.quad	0x6db6db006db6db, 0x6db6db006db6db
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_07:
+.quad	0x700000007, 0x700000007
+.quad	0x700000007, 0x700000007
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_70:
+.quad	0x7000000070000, 0x7000000070000
+.quad	0x7000000070000, 0x7000000070000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_3:
+.quad	0x3000300030003, 0x3000300030003
+.quad	0x3000300030003, 0x3000300030003
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_shuff:
+.quad	0xff050403ff020100, 0xff0b0a09ff080706
+.quad	0xff090807ff060504, 0xff0f0e0dff0c0b0a
+#ifndef __APPLE__
+.text
+.globl	kyber_cbd_eta3_avx2
+.type	kyber_cbd_eta3_avx2,@function
+.align	16
+kyber_cbd_eta3_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cbd_eta3_avx2
+.p2align	4
+_kyber_cbd_eta3_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_mask_249(%rip), %ymm8
+        vmovdqu	L_kyber_mask_6db(%rip), %ymm9
+        vmovdqu	L_kyber_mask_07(%rip), %ymm10
+        vmovdqu	L_kyber_mask_70(%rip), %ymm11
+        vmovdqu	L_kyber_mask_3(%rip), %ymm12
+        vmovdqu	L_kyber_shuff(%rip), %ymm13
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	24(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	48(%rsi), %ymm0
+        vmovdqu	72(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm2, 160(%rdi)
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vmovdqu	96(%rsi), %ymm0
+        vmovdqu	120(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm2, 288(%rdi)
+        vmovdqu	%ymm1, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	144(%rsi), %ymm0
+        vmovdqu	168(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm2, 416(%rdi)
+        vmovdqu	%ymm1, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_cbd_eta3_avx2,.-kyber_cbd_eta3_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_55:
+.quad	0x5555555555555555, 0x5555555555555555
+.quad	0x5555555555555555, 0x5555555555555555
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_33:
+.quad	0x3333333333333333, 0x3333333333333333
+.quad	0x3333333333333333, 0x3333333333333333
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_03:
+.quad	0x303030303030303, 0x303030303030303
+.quad	0x303030303030303, 0x303030303030303
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_0f:
+.quad	0xf0f0f0f0f0f0f0f, 0xf0f0f0f0f0f0f0f
+.quad	0xf0f0f0f0f0f0f0f, 0xf0f0f0f0f0f0f0f
+#ifndef __APPLE__
+.text
+.globl	kyber_cbd_eta2_avx2
+.type	kyber_cbd_eta2_avx2,@function
+.align	16
+kyber_cbd_eta2_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cbd_eta2_avx2
+.p2align	4
+_kyber_cbd_eta2_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_mask_55(%rip), %ymm8
+        vmovdqu	L_kyber_mask_33(%rip), %ymm9
+        vmovdqu	L_kyber_mask_03(%rip), %ymm10
+        vmovdqu	L_kyber_mask_0f(%rip), %ymm11
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vpsrlw	$0x01, %ymm0, %ymm2
+        vpsrlw	$0x01, %ymm1, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddb	%ymm2, %ymm0, %ymm0
+        vpaddb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$2, %ymm0, %ymm2
+        vpsrlw	$2, %ymm1, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpaddb	%ymm9, %ymm0, %ymm0
+        vpaddb	%ymm9, %ymm1, %ymm1
+        vpsubb	%ymm2, %ymm0, %ymm0
+        vpsubb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpand	%ymm11, %ymm0, %ymm0
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpsubb	%ymm10, %ymm0, %ymm0
+        vpsubb	%ymm10, %ymm1, %ymm1
+        vpsubb	%ymm10, %ymm2, %ymm2
+        vpsubb	%ymm10, %ymm3, %ymm3
+        vpunpcklbw	%ymm2, %ymm0, %ymm4
+        vpunpcklbw	%ymm3, %ymm1, %ymm5
+        vpunpckhbw	%ymm2, %ymm0, %ymm6
+        vpunpckhbw	%ymm3, %ymm1, %ymm7
+        vpmovsxbw	%xmm4, %ymm0
+        vpmovsxbw	%xmm5, %ymm1
+        vextracti128	$0x01, %ymm4, %xmm2
+        vextracti128	$0x01, %ymm5, %xmm3
+        vpmovsxbw	%xmm2, %ymm2
+        vpmovsxbw	%xmm3, %ymm3
+        vpmovsxbw	%xmm6, %ymm4
+        vpmovsxbw	%xmm7, %ymm5
+        vextracti128	$0x01, %ymm6, %xmm6
+        vextracti128	$0x01, %ymm7, %xmm7
+        vpmovsxbw	%xmm6, %ymm6
+        vpmovsxbw	%xmm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm3, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	96(%rsi), %ymm1
+        vpsrlw	$0x01, %ymm0, %ymm2
+        vpsrlw	$0x01, %ymm1, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddb	%ymm2, %ymm0, %ymm0
+        vpaddb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$2, %ymm0, %ymm2
+        vpsrlw	$2, %ymm1, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpaddb	%ymm9, %ymm0, %ymm0
+        vpaddb	%ymm9, %ymm1, %ymm1
+        vpsubb	%ymm2, %ymm0, %ymm0
+        vpsubb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpand	%ymm11, %ymm0, %ymm0
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpsubb	%ymm10, %ymm0, %ymm0
+        vpsubb	%ymm10, %ymm1, %ymm1
+        vpsubb	%ymm10, %ymm2, %ymm2
+        vpsubb	%ymm10, %ymm3, %ymm3
+        vpunpcklbw	%ymm2, %ymm0, %ymm4
+        vpunpcklbw	%ymm3, %ymm1, %ymm5
+        vpunpckhbw	%ymm2, %ymm0, %ymm6
+        vpunpckhbw	%ymm3, %ymm1, %ymm7
+        vpmovsxbw	%xmm4, %ymm0
+        vpmovsxbw	%xmm5, %ymm1
+        vextracti128	$0x01, %ymm4, %xmm2
+        vextracti128	$0x01, %ymm5, %xmm3
+        vpmovsxbw	%xmm2, %ymm2
+        vpmovsxbw	%xmm3, %ymm3
+        vpmovsxbw	%xmm6, %ymm4
+        vpmovsxbw	%xmm7, %ymm5
+        vextracti128	$0x01, %ymm6, %xmm6
+        vextracti128	$0x01, %ymm7, %xmm7
+        vpmovsxbw	%xmm6, %ymm6
+        vpmovsxbw	%xmm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm4, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm6, 352(%rdi)
+        vmovdqu	%ymm1, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_cbd_eta2_avx2,.-kyber_cbd_eta2_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_mask:
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shift:
+.quad	0x400000104000001, 0x400000104000001
+.quad	0x400000104000001, 0x400000104000001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shlv:
+.quad	0xc, 0xc
+.quad	0xc, 0xc
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shuf:
+.value	0x100,0x302
+.value	0x804,0xa09
+.value	0xc0b,0xffff
+.value	0xffff,0xffff
+.value	0xa09,0xc0b
+.value	0xffff,0xffff
+.value	0xffff,0x100
+.value	0x302,0x804
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_offset:
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shift12:
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_10_avx2
+.type	kyber_compress_10_avx2,@function
+.align	16
+kyber_compress_10_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_10_avx2
+.p2align	4
+_kyber_compress_10_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_compress_10_avx2_mask(%rip), %ymm9
+        vmovdqu	L_kyber_compress_10_avx2_shift(%rip), %ymm8
+        vmovdqu	L_kyber_compress_10_avx2_shlv(%rip), %ymm10
+        vmovdqu	L_kyber_compress_10_avx2_shuf(%rip), %ymm11
+        vmovdqu	L_kyber_compress_10_avx2_v(%rip), %ymm6
+        vmovdqu	L_kyber_compress_10_avx2_offset(%rip), %ymm12
+        vmovdqu	L_kyber_compress_10_avx2_shift12(%rip), %ymm13
+        vpsllw	$3, %ymm6, %ymm7
+L_kyber_compress_10_avx2_start:
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, (%rdi)
+        vmovdqu	%xmm1, 20(%rdi)
+        vmovss	%xmm2, 16(%rdi)
+        vmovss	%xmm4, 36(%rdi)
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	96(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 40(%rdi)
+        vmovdqu	%xmm1, 60(%rdi)
+        vmovss	%xmm2, 56(%rdi)
+        vmovss	%xmm4, 76(%rdi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 80(%rdi)
+        vmovdqu	%xmm1, 100(%rdi)
+        vmovss	%xmm2, 96(%rdi)
+        vmovss	%xmm4, 116(%rdi)
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	224(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 120(%rdi)
+        vmovdqu	%xmm1, 140(%rdi)
+        vmovss	%xmm2, 136(%rdi)
+        vmovss	%xmm4, 156(%rdi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 160(%rdi)
+        vmovdqu	%xmm1, 180(%rdi)
+        vmovss	%xmm2, 176(%rdi)
+        vmovss	%xmm4, 196(%rdi)
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	352(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 200(%rdi)
+        vmovdqu	%xmm1, 220(%rdi)
+        vmovss	%xmm2, 216(%rdi)
+        vmovss	%xmm4, 236(%rdi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 240(%rdi)
+        vmovdqu	%xmm1, 260(%rdi)
+        vmovss	%xmm2, 256(%rdi)
+        vmovss	%xmm4, 276(%rdi)
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	480(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 280(%rdi)
+        vmovdqu	%xmm1, 300(%rdi)
+        vmovss	%xmm2, 296(%rdi)
+        vmovss	%xmm4, 316(%rdi)
+        addq	$0x140, %rdi
+        addq	$0x200, %rsi
+        subl	$0x01, %edx
+        jg	L_kyber_compress_10_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_10_avx2,.-kyber_compress_10_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_mask:
+.long	0x7fe01ff8,0x7fe01ff8,0x7fe01ff8,0x7fe01ff8
+.long	0x7fe01ff8,0x7fe01ff8,0x7fe01ff8,0x7fe01ff8
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_sllv:
+.quad	0x4, 0x4
+.quad	0x4, 0x4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_q:
+.long	0xd013404,0xd013404,0xd013404,0xd013404
+.long	0xd013404,0xd013404,0xd013404,0xd013404
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_shuf:
+.value	0x100,0x201
+.value	0x302,0x403
+.value	0x605,0x706
+.value	0x807,0x908
+.value	0x302,0x403
+.value	0x504,0x605
+.value	0x807,0x908
+.value	0xa09,0xb0a
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_10_avx2
+.type	kyber_decompress_10_avx2,@function
+.align	16
+kyber_decompress_10_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_10_avx2
+.p2align	4
+_kyber_decompress_10_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_10_avx2_mask(%rip), %ymm4
+        vmovdqu	L_kyber_decompress_10_avx2_q(%rip), %ymm5
+        vmovdqu	L_kyber_decompress_10_avx2_shuf(%rip), %ymm6
+        vmovdqu	L_kyber_decompress_10_avx2_sllv(%rip), %ymm7
+L_kyber_decompress_10_avx2_start:
+        vpermq	$0x94, (%rsi), %ymm0
+        vpermq	$0x94, 20(%rsi), %ymm1
+        vpermq	$0x94, 40(%rsi), %ymm2
+        vpermq	$0x94, 60(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vpermq	$0x94, 80(%rsi), %ymm0
+        vpermq	$0x94, 100(%rsi), %ymm1
+        vpermq	$0x94, 120(%rsi), %ymm2
+        vpermq	$0x94, 140(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vpermq	$0x94, 160(%rsi), %ymm0
+        vpermq	$0x94, 180(%rsi), %ymm1
+        vpermq	$0x94, 200(%rsi), %ymm2
+        vpermq	$0x94, 220(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vpermq	$0x94, 240(%rsi), %ymm0
+        vpermq	$0x94, 260(%rsi), %ymm1
+        vpermq	$0x94, 280(%rsi), %ymm2
+        vpermq	$0x94, 300(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm1, 416(%rdi)
+        vmovdqu	%ymm2, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        addq	$0x140, %rsi
+        addq	$0x200, %rdi
+        subl	$0x01, %edx
+        jg	L_kyber_decompress_10_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_10_avx2,.-kyber_decompress_10_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_off:
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_shift13:
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_mask:
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_shift:
+.quad	0x800000108000001, 0x800000108000001
+.quad	0x800000108000001, 0x800000108000001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_sllvd:
+.long	0xa,0x0,0xa,0x0
+.long	0xa,0x0,0xa,0x0
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_srlvq:
+.quad	0xa, 0x1e
+.quad	0xa, 0x1e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_shuf:
+.value	0x100,0x302
+.value	0x504,0x706
+.value	0x908,0xff0a
+.value	0xffff,0xffff
+.value	0x605,0x807
+.value	0xa09,0xffff
+.value	0xffff,0x0
+.value	0x201,0x403
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_11_avx2
+.type	kyber_compress_11_avx2,@function
+.align	16
+kyber_compress_11_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_11_avx2
+.p2align	4
+_kyber_compress_11_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_compress_11_avx2_v(%rip), %ymm7
+        vmovdqu	L_kyber_compress_11_avx2_off(%rip), %ymm8
+        vmovdqu	L_kyber_compress_11_avx2_shift13(%rip), %ymm9
+        vmovdqu	L_kyber_compress_11_avx2_mask(%rip), %ymm10
+        vmovdqu	L_kyber_compress_11_avx2_shift(%rip), %ymm11
+        vmovdqu	L_kyber_compress_11_avx2_sllvd(%rip), %ymm12
+        vmovdqu	L_kyber_compress_11_avx2_srlvq(%rip), %ymm13
+        vmovdqu	L_kyber_compress_11_avx2_shuf(%rip), %ymm14
+        vpsllw	$3, %ymm7, %ymm6
+L_kyber_compress_11_avx2_start:
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, (%rdi)
+        vmovq	%xmm1, 16(%rdi)
+        vmovdqu	%xmm3, 22(%rdi)
+        vmovq	%xmm4, 38(%rdi)
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	96(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 44(%rdi)
+        vmovq	%xmm1, 60(%rdi)
+        vmovdqu	%xmm3, 66(%rdi)
+        vmovq	%xmm4, 82(%rdi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 88(%rdi)
+        vmovq	%xmm1, 104(%rdi)
+        vmovdqu	%xmm3, 110(%rdi)
+        vmovq	%xmm4, 126(%rdi)
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	224(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 132(%rdi)
+        vmovq	%xmm1, 148(%rdi)
+        vmovdqu	%xmm3, 154(%rdi)
+        vmovq	%xmm4, 170(%rdi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 176(%rdi)
+        vmovq	%xmm1, 192(%rdi)
+        vmovdqu	%xmm3, 198(%rdi)
+        vmovq	%xmm4, 214(%rdi)
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	352(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 220(%rdi)
+        vmovq	%xmm1, 236(%rdi)
+        vmovdqu	%xmm3, 242(%rdi)
+        vmovq	%xmm4, 258(%rdi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 264(%rdi)
+        vmovq	%xmm1, 280(%rdi)
+        vmovdqu	%xmm3, 286(%rdi)
+        vmovq	%xmm4, 302(%rdi)
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	480(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 308(%rdi)
+        vmovq	%xmm1, 324(%rdi)
+        vmovdqu	%xmm3, 330(%rdi)
+        vmovq	%xmm4, 346(%rdi)
+        addq	$0x160, %rdi
+        addq	$0x200, %rsi
+        subl	$0x01, %edx
+        jg	L_kyber_compress_11_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_11_avx2,.-kyber_compress_11_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_shuf:
+.value	0x100,0x201
+.value	0x302,0x504
+.value	0x605,0x706
+.value	0x908,0xa09
+.value	0x403,0x504
+.value	0x605,0x807
+.value	0x908,0xa09
+.value	0xc0b,0xd0c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_sllv:
+.long	0x0,0x1,0x0,0x0
+.long	0x0,0x1,0x0,0x0
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_srlv:
+.quad	0x0, 0x2
+.quad	0x0, 0x2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_shift:
+.value	0x20,0x4
+.value	0x1,0x20
+.value	0x8,0x1
+.value	0x20,0x4
+.value	0x20,0x4
+.value	0x1,0x20
+.value	0x8,0x1
+.value	0x20,0x4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_mask:
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_11_avx2
+.type	kyber_decompress_11_avx2,@function
+.align	16
+kyber_decompress_11_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_11_avx2
+.p2align	4
+_kyber_decompress_11_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_11_avx2_q(%rip), %ymm4
+        vmovdqu	L_kyber_decompress_11_avx2_shuf(%rip), %ymm5
+        vmovdqu	L_kyber_decompress_11_avx2_sllv(%rip), %ymm6
+        vmovdqu	L_kyber_decompress_11_avx2_srlv(%rip), %ymm7
+        vmovdqu	L_kyber_decompress_11_avx2_shift(%rip), %ymm8
+        vmovdqu	L_kyber_decompress_11_avx2_mask(%rip), %ymm9
+L_kyber_decompress_11_avx2_start:
+        vpermq	$0x94, (%rsi), %ymm0
+        vpermq	$0x94, 22(%rsi), %ymm1
+        vpermq	$0x94, 44(%rsi), %ymm2
+        vpermq	$0x94, 66(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vpermq	$0x94, 88(%rsi), %ymm0
+        vpermq	$0x94, 110(%rsi), %ymm1
+        vpermq	$0x94, 132(%rsi), %ymm2
+        vpermq	$0x94, 154(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vpermq	$0x94, 176(%rsi), %ymm0
+        vpermq	$0x94, 198(%rsi), %ymm1
+        vpermq	$0x94, 220(%rsi), %ymm2
+        vpermq	$0x94, 242(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vpermq	$0x94, 264(%rsi), %ymm0
+        vpermq	$0x94, 286(%rsi), %ymm1
+        vpermq	$0x94, 308(%rsi), %ymm2
+        vpermq	$0x94, 330(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm1, 416(%rdi)
+        vmovdqu	%ymm2, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        addq	$0x160, %rsi
+        addq	$0x200, %rdi
+        subl	$0x01, %edx
+        jg	L_kyber_decompress_11_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_11_avx2,.-kyber_decompress_11_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_mask:
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_shift:
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_perm:
+.long	0x0,0x4,0x1,0x5
+.long	0x2,0x6,0x3,0x7
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_shift12:
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_4_avx2
+.type	kyber_compress_4_avx2,@function
+.align	16
+kyber_compress_4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_4_avx2
+.p2align	4
+_kyber_compress_4_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_compress_4_avx2_mask(%rip), %ymm8
+        vmovdqu	L_kyber_compress_4_avx2_shift(%rip), %ymm9
+        vmovdqu	L_kyber_compress_4_avx2_perm(%rip), %ymm10
+        vmovdqu	L_kyber_compress_4_avx2_v(%rip), %ymm11
+        vmovdqu	L_kyber_compress_4_avx2_shift12(%rip), %ymm12
+        vpmulhw	(%rsi), %ymm11, %ymm0
+        vpmulhw	32(%rsi), %ymm11, %ymm1
+        vpmulhw	64(%rsi), %ymm11, %ymm2
+        vpmulhw	96(%rsi), %ymm11, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm1, %ymm1
+        vpmulhrsw	%ymm9, %ymm2, %ymm2
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpackuswb	%ymm3, %ymm2, %ymm2
+        vpmaddubsw	%ymm12, %ymm0, %ymm0
+        vpmaddubsw	%ymm12, %ymm2, %ymm2
+        vpackuswb	%ymm2, %ymm0, %ymm0
+        vpmulhw	128(%rsi), %ymm11, %ymm4
+        vpmulhw	160(%rsi), %ymm11, %ymm5
+        vpmulhw	192(%rsi), %ymm11, %ymm6
+        vpmulhw	224(%rsi), %ymm11, %ymm7
+        vpmulhrsw	%ymm9, %ymm4, %ymm4
+        vpmulhrsw	%ymm9, %ymm5, %ymm5
+        vpmulhrsw	%ymm9, %ymm6, %ymm6
+        vpmulhrsw	%ymm9, %ymm7, %ymm7
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpand	%ymm8, %ymm6, %ymm6
+        vpand	%ymm8, %ymm7, %ymm7
+        vpackuswb	%ymm5, %ymm4, %ymm4
+        vpackuswb	%ymm7, %ymm6, %ymm6
+        vpmaddubsw	%ymm12, %ymm4, %ymm4
+        vpmaddubsw	%ymm12, %ymm6, %ymm6
+        vpackuswb	%ymm6, %ymm4, %ymm4
+        vpermd	%ymm0, %ymm10, %ymm0
+        vpermd	%ymm4, %ymm10, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        vpmulhw	256(%rsi), %ymm11, %ymm0
+        vpmulhw	288(%rsi), %ymm11, %ymm1
+        vpmulhw	320(%rsi), %ymm11, %ymm2
+        vpmulhw	352(%rsi), %ymm11, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm1, %ymm1
+        vpmulhrsw	%ymm9, %ymm2, %ymm2
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpackuswb	%ymm3, %ymm2, %ymm2
+        vpmaddubsw	%ymm12, %ymm0, %ymm0
+        vpmaddubsw	%ymm12, %ymm2, %ymm2
+        vpackuswb	%ymm2, %ymm0, %ymm0
+        vpmulhw	384(%rsi), %ymm11, %ymm4
+        vpmulhw	416(%rsi), %ymm11, %ymm5
+        vpmulhw	448(%rsi), %ymm11, %ymm6
+        vpmulhw	480(%rsi), %ymm11, %ymm7
+        vpmulhrsw	%ymm9, %ymm4, %ymm4
+        vpmulhrsw	%ymm9, %ymm5, %ymm5
+        vpmulhrsw	%ymm9, %ymm6, %ymm6
+        vpmulhrsw	%ymm9, %ymm7, %ymm7
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpand	%ymm8, %ymm6, %ymm6
+        vpand	%ymm8, %ymm7, %ymm7
+        vpackuswb	%ymm5, %ymm4, %ymm4
+        vpackuswb	%ymm7, %ymm6, %ymm6
+        vpmaddubsw	%ymm12, %ymm4, %ymm4
+        vpmaddubsw	%ymm12, %ymm6, %ymm6
+        vpackuswb	%ymm6, %ymm4, %ymm4
+        vpermd	%ymm0, %ymm10, %ymm0
+        vpermd	%ymm4, %ymm10, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm4, 96(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_4_avx2,.-kyber_compress_4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_mask:
+.long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
+.long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_shift:
+.long	0x800800,0x800800,0x800800,0x800800
+.long	0x800800,0x800800,0x800800,0x800800
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_shuf:
+.value	0x0,0x0
+.value	0x101,0x101
+.value	0x202,0x202
+.value	0x303,0x303
+.value	0x404,0x404
+.value	0x505,0x505
+.value	0x606,0x606
+.value	0x707,0x707
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_4_avx2
+.type	kyber_decompress_4_avx2,@function
+.align	16
+kyber_decompress_4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_4_avx2
+.p2align	4
+_kyber_decompress_4_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_4_avx2_mask(%rip), %ymm4
+        vmovdqu	L_kyber_decompress_4_avx2_shift(%rip), %ymm5
+        vmovdqu	L_kyber_decompress_4_avx2_shuf(%rip), %ymm6
+        vmovdqu	L_kyber_decompress_4_avx2_q(%rip), %ymm7
+        vpbroadcastq	(%rsi), %ymm0
+        vpbroadcastq	8(%rsi), %ymm1
+        vpbroadcastq	16(%rsi), %ymm2
+        vpbroadcastq	24(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vpbroadcastq	32(%rsi), %ymm0
+        vpbroadcastq	40(%rsi), %ymm1
+        vpbroadcastq	48(%rsi), %ymm2
+        vpbroadcastq	56(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vpbroadcastq	64(%rsi), %ymm0
+        vpbroadcastq	72(%rsi), %ymm1
+        vpbroadcastq	80(%rsi), %ymm2
+        vpbroadcastq	88(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vpbroadcastq	96(%rsi), %ymm0
+        vpbroadcastq	104(%rsi), %ymm1
+        vpbroadcastq	112(%rsi), %ymm2
+        vpbroadcastq	120(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm1, 416(%rdi)
+        vmovdqu	%ymm2, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_4_avx2,.-kyber_decompress_4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shift:
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_mask:
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shift1:
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shift2:
+.long	0x4000001,0x4000001,0x4000001,0x4000001
+.long	0x4000001,0x4000001,0x4000001,0x4000001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shlv:
+.quad	0xc, 0xc
+.quad	0xc, 0xc
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shuffle:
+.value	0x100,0x302
+.value	0xff04,0xffff
+.value	0xffff,0x908
+.value	0xb0a,0xff0c
+.value	0xa09,0xc0b
+.value	0xff,0x201
+.value	0x403,0xffff
+.value	0xffff,0x8ff
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_5_avx2
+.type	kyber_compress_5_avx2,@function
+.align	16
+kyber_compress_5_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_5_avx2
+.p2align	4
+_kyber_compress_5_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_compress_5_avx2_v(%rip), %ymm2
+        vmovdqu	L_kyber_compress_5_avx2_shift(%rip), %ymm3
+        vmovdqu	L_kyber_compress_5_avx2_mask(%rip), %ymm4
+        vmovdqu	L_kyber_compress_5_avx2_shift1(%rip), %ymm5
+        vmovdqu	L_kyber_compress_5_avx2_shift2(%rip), %ymm6
+        vmovdqu	L_kyber_compress_5_avx2_shlv(%rip), %ymm7
+        vmovdqu	L_kyber_compress_5_avx2_shuffle(%rip), %ymm8
+        vpmulhw	(%rsi), %ymm2, %ymm0
+        vpmulhw	32(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, (%rdi)
+        movss	%xmm1, 16(%rdi)
+        vpmulhw	64(%rsi), %ymm2, %ymm0
+        vpmulhw	96(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 20(%rdi)
+        movss	%xmm1, 36(%rdi)
+        vpmulhw	128(%rsi), %ymm2, %ymm0
+        vpmulhw	160(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 40(%rdi)
+        movss	%xmm1, 56(%rdi)
+        vpmulhw	192(%rsi), %ymm2, %ymm0
+        vpmulhw	224(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 60(%rdi)
+        movss	%xmm1, 76(%rdi)
+        vpmulhw	256(%rsi), %ymm2, %ymm0
+        vpmulhw	288(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 80(%rdi)
+        movss	%xmm1, 96(%rdi)
+        vpmulhw	320(%rsi), %ymm2, %ymm0
+        vpmulhw	352(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 100(%rdi)
+        movss	%xmm1, 116(%rdi)
+        vpmulhw	384(%rsi), %ymm2, %ymm0
+        vpmulhw	416(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 120(%rdi)
+        movss	%xmm1, 136(%rdi)
+        vpmulhw	448(%rsi), %ymm2, %ymm0
+        vpmulhw	480(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 140(%rdi)
+        movss	%xmm1, 156(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_5_avx2,.-kyber_compress_5_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_shuf:
+.value	0x0,0x100
+.value	0x101,0x201
+.value	0x302,0x303
+.value	0x403,0x404
+.value	0x505,0x605
+.value	0x606,0x706
+.value	0x807,0x808
+.value	0x908,0x909
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_mask:
+.value	0x1f,0x3e0
+.value	0x7c,0xf80
+.value	0x1f0,0x3e
+.value	0x7c0,0xfb
+.value	0x1f,0x3e0
+.value	0x7c,0xf80
+.value	0x1f0,0x3e
+.value	0x7c0,0xfb
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_shift:
+.value	0x400,0x20
+.value	0x100,0x8
+.value	0x40,0x200
+.value	0x10,0x80
+.value	0x400,0x20
+.value	0x100,0x8
+.value	0x40,0x200
+.value	0x10,0x80
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_5_avx2
+.type	kyber_decompress_5_avx2,@function
+.align	16
+kyber_decompress_5_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_5_avx2
+.p2align	4
+_kyber_decompress_5_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_5_avx2_q(%rip), %ymm1
+        vmovdqu	L_kyber_decompress_5_avx2_shuf(%rip), %ymm2
+        vmovdqu	L_kyber_decompress_5_avx2_mask(%rip), %ymm3
+        vmovdqu	L_kyber_decompress_5_avx2_shift(%rip), %ymm4
+        vbroadcasti128	(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, (%rdi)
+        vbroadcasti128	10(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 32(%rdi)
+        vbroadcasti128	20(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 64(%rdi)
+        vbroadcasti128	30(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 96(%rdi)
+        vbroadcasti128	40(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 128(%rdi)
+        vbroadcasti128	50(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 160(%rdi)
+        vbroadcasti128	60(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 192(%rdi)
+        vbroadcasti128	70(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 224(%rdi)
+        vbroadcasti128	80(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 256(%rdi)
+        vbroadcasti128	90(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 288(%rdi)
+        vbroadcasti128	100(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 320(%rdi)
+        vbroadcasti128	110(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 352(%rdi)
+        vbroadcasti128	120(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 384(%rdi)
+        vbroadcasti128	130(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 416(%rdi)
+        vbroadcasti128	140(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 448(%rdi)
+        vbroadcasti128	150(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_5_avx2,.-kyber_decompress_5_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_from_msg_avx2_shift:
+.long	0x3,0x2,0x1,0x0
+.long	0x3,0x2,0x1,0x0
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_from_msg_avx2_shuf:
+.value	0x100,0x504
+.value	0x908,0xd0c
+.value	0x302,0x706
+.value	0xb0a,0xf0e
+.value	0x100,0x504
+.value	0x908,0xd0c
+.value	0x302,0x706
+.value	0xb0a,0xf0e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_from_msg_avx2_hqs:
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+#ifndef __APPLE__
+.text
+.globl	kyber_from_msg_avx2
+.type	kyber_from_msg_avx2,@function
+.align	16
+kyber_from_msg_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_from_msg_avx2
+.p2align	4
+_kyber_from_msg_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_from_msg_avx2_shift(%rip), %ymm9
+        vmovdqu	L_kyber_from_msg_avx2_shuf(%rip), %ymm10
+        vmovdqu	L_kyber_from_msg_avx2_hqs(%rip), %ymm11
+        vpshufd	$0x00, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 256(%rdi)
+        vmovdqu	%ymm4, 288(%rdi)
+        vpshufd	$0x55, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 320(%rdi)
+        vmovdqu	%ymm4, 352(%rdi)
+        vpshufd	$0xaa, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 160(%rdi)
+        vmovdqu	%ymm3, 384(%rdi)
+        vmovdqu	%ymm4, 416(%rdi)
+        vpshufd	$0xff, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm2, 224(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm4, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_from_msg_avx2,.-kyber_from_msg_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_to_msg_avx2_hqs:
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_to_msg_avx2_hhqs:
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+#ifndef __APPLE__
+.text
+.globl	kyber_to_msg_avx2
+.type	kyber_to_msg_avx2,@function
+.align	16
+kyber_to_msg_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_msg_avx2
+.p2align	4
+_kyber_to_msg_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_to_msg_avx2_hqs(%rip), %ymm8
+        vmovdqu	L_kyber_to_msg_avx2_hhqs(%rip), %ymm9
+        vpsubw	(%rsi), %ymm8, %ymm0
+        vpsubw	32(%rsi), %ymm8, %ymm1
+        vpsubw	64(%rsi), %ymm8, %ymm2
+        vpsubw	96(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, (%rdi)
+        movl	%eax, 4(%rdi)
+        vpsubw	128(%rsi), %ymm8, %ymm0
+        vpsubw	160(%rsi), %ymm8, %ymm1
+        vpsubw	192(%rsi), %ymm8, %ymm2
+        vpsubw	224(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, 8(%rdi)
+        movl	%eax, 12(%rdi)
+        vpsubw	256(%rsi), %ymm8, %ymm0
+        vpsubw	288(%rsi), %ymm8, %ymm1
+        vpsubw	320(%rsi), %ymm8, %ymm2
+        vpsubw	352(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, 16(%rdi)
+        movl	%eax, 20(%rdi)
+        vpsubw	384(%rsi), %ymm8, %ymm0
+        vpsubw	416(%rsi), %ymm8, %ymm1
+        vpsubw	448(%rsi), %ymm8, %ymm2
+        vpsubw	480(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, 24(%rdi)
+        movl	%eax, 28(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_to_msg_avx2,.-kyber_to_msg_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_from_bytes_avx2_shuf:
+.value	0x100,0xff02
+.value	0x403,0xff05
+.value	0x706,0xff08
+.value	0xa09,0xff0b
+.value	0x504,0xff06
+.value	0x807,0xff09
+.value	0xb0a,0xff0c
+.value	0xe0d,0xff0f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_from_bytes_avx2_mask:
+.long	0xfff,0xfff,0xfff,0xfff
+.long	0xfff,0xfff,0xfff,0xfff
+#ifndef __APPLE__
+.text
+.globl	kyber_from_bytes_avx2
+.type	kyber_from_bytes_avx2,@function
+.align	16
+kyber_from_bytes_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_from_bytes_avx2
+.p2align	4
+_kyber_from_bytes_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_from_bytes_avx2_shuf(%rip), %ymm12
+        vmovdqu	L_kyber_from_bytes_avx2_mask(%rip), %ymm13
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vpermq	$0xe9, %ymm5, %ymm7
+        vpermq	$0x00, %ymm5, %ymm8
+        vpermq	$62, %ymm4, %ymm6
+        vpermq	$0x40, %ymm4, %ymm9
+        vpermq	$3, %ymm3, %ymm5
+        vpermq	$0x94, %ymm3, %ymm4
+        vpermq	$0xe9, %ymm2, %ymm3
+        vpermq	$0x00, %ymm2, %ymm10
+        vpermq	$62, %ymm1, %ymm2
+        vpermq	$0x40, %ymm1, %ymm11
+        vpermq	$3, %ymm0, %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpblendd	$0xc0, %ymm8, %ymm6, %ymm6
+        vpblendd	$0xfc, %ymm9, %ymm5, %ymm5
+        vpblendd	$0xc0, %ymm10, %ymm2, %ymm2
+        vpblendd	$0xfc, %ymm11, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm0, %ymm0
+        vpshufb	%ymm12, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm2, %ymm2
+        vpshufb	%ymm12, %ymm3, %ymm3
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpshufb	%ymm12, %ymm6, %ymm6
+        vpshufb	%ymm12, %ymm7, %ymm7
+        vpandn	%ymm0, %ymm13, %ymm8
+        vpandn	%ymm1, %ymm13, %ymm9
+        vpandn	%ymm2, %ymm13, %ymm10
+        vpandn	%ymm3, %ymm13, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpandn	%ymm4, %ymm13, %ymm8
+        vpandn	%ymm5, %ymm13, %ymm9
+        vpandn	%ymm6, %ymm13, %ymm10
+        vpandn	%ymm7, %ymm13, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	224(%rsi), %ymm1
+        vmovdqu	256(%rsi), %ymm2
+        vmovdqu	288(%rsi), %ymm3
+        vmovdqu	320(%rsi), %ymm4
+        vmovdqu	352(%rsi), %ymm5
+        vpermq	$0xe9, %ymm5, %ymm7
+        vpermq	$0x00, %ymm5, %ymm8
+        vpermq	$62, %ymm4, %ymm6
+        vpermq	$0x40, %ymm4, %ymm9
+        vpermq	$3, %ymm3, %ymm5
+        vpermq	$0x94, %ymm3, %ymm4
+        vpermq	$0xe9, %ymm2, %ymm3
+        vpermq	$0x00, %ymm2, %ymm10
+        vpermq	$62, %ymm1, %ymm2
+        vpermq	$0x40, %ymm1, %ymm11
+        vpermq	$3, %ymm0, %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpblendd	$0xc0, %ymm8, %ymm6, %ymm6
+        vpblendd	$0xfc, %ymm9, %ymm5, %ymm5
+        vpblendd	$0xc0, %ymm10, %ymm2, %ymm2
+        vpblendd	$0xfc, %ymm11, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm0, %ymm0
+        vpshufb	%ymm12, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm2, %ymm2
+        vpshufb	%ymm12, %ymm3, %ymm3
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpshufb	%ymm12, %ymm6, %ymm6
+        vpshufb	%ymm12, %ymm7, %ymm7
+        vpandn	%ymm0, %ymm13, %ymm8
+        vpandn	%ymm1, %ymm13, %ymm9
+        vpandn	%ymm2, %ymm13, %ymm10
+        vpandn	%ymm3, %ymm13, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpandn	%ymm4, %ymm13, %ymm8
+        vpandn	%ymm5, %ymm13, %ymm9
+        vpandn	%ymm6, %ymm13, %ymm10
+        vpandn	%ymm7, %ymm13, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_from_bytes_avx2,.-kyber_from_bytes_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_to_bytes_avx2_mask:
+.long	0xfff,0xfff,0xfff,0xfff
+.long	0xfff,0xfff,0xfff,0xfff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_to_bytes_avx2_shuf:
+.value	0x100,0x402
+.value	0x605,0x908
+.value	0xc0a,0xe0d
+.value	0xffff,0xffff
+.value	0x605,0x908
+.value	0xc0a,0xe0d
+.value	0xffff,0xffff
+.value	0x100,0x402
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_to_bytes_avx2_perm:
+.long	0x0,0x1,0x2,0x7
+.long	0x4,0x5,0x3,0x6
+#ifndef __APPLE__
+.text
+.globl	kyber_to_bytes_avx2
+.type	kyber_to_bytes_avx2,@function
+.align	16
+kyber_to_bytes_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_bytes_avx2
+.p2align	4
+_kyber_to_bytes_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm12
+        vmovdqu	L_kyber_to_bytes_avx2_mask(%rip), %ymm13
+        vmovdqu	L_kyber_to_bytes_avx2_shuf(%rip), %ymm14
+        vmovdqu	L_kyber_to_bytes_avx2_perm(%rip), %ymm15
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vpsrld	$16, %ymm0, %ymm8
+        vpsrld	$16, %ymm1, %ymm9
+        vpsrld	$16, %ymm2, %ymm10
+        vpsrld	$16, %ymm3, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpsrld	$16, %ymm4, %ymm8
+        vpsrld	$16, %ymm5, %ymm9
+        vpsrld	$16, %ymm6, %ymm10
+        vpsrld	$16, %ymm7, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm1, %ymm1
+        vpshufb	%ymm14, %ymm2, %ymm2
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm4, %ymm4
+        vpshufb	%ymm14, %ymm5, %ymm5
+        vpshufb	%ymm14, %ymm6, %ymm6
+        vpshufb	%ymm14, %ymm7, %ymm7
+        vpermd	%ymm0, %ymm15, %ymm0
+        vpermd	%ymm1, %ymm15, %ymm1
+        vpermd	%ymm2, %ymm15, %ymm2
+        vpermd	%ymm3, %ymm15, %ymm3
+        vpermd	%ymm4, %ymm15, %ymm4
+        vpermd	%ymm5, %ymm15, %ymm5
+        vpermd	%ymm6, %ymm15, %ymm6
+        vpermd	%ymm7, %ymm15, %ymm7
+        vpermq	$2, %ymm6, %ymm8
+        vpermq	$0x90, %ymm7, %ymm7
+        vpermq	$9, %ymm5, %ymm9
+        vpermq	$0x40, %ymm6, %ymm6
+        vpermq	$0x00, %ymm5, %ymm5
+        vpblendd	$63, %ymm4, %ymm5, %ymm5
+        vpermq	$2, %ymm2, %ymm10
+        vpermq	$0x90, %ymm3, %ymm4
+        vpermq	$9, %ymm1, %ymm11
+        vpermq	$0x40, %ymm2, %ymm3
+        vpermq	$0x00, %ymm1, %ymm2
+        vpblendd	$63, %ymm0, %ymm2, %ymm2
+        vpblendd	$3, %ymm8, %ymm7, %ymm7
+        vpblendd	$15, %ymm9, %ymm6, %ymm6
+        vpblendd	$3, %ymm10, %ymm4, %ymm4
+        vpblendd	$15, %ymm11, %ymm3, %ymm3
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        vmovdqu	%ymm5, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm7, 160(%rdi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	384(%rsi), %ymm4
+        vmovdqu	416(%rsi), %ymm5
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vpsrld	$16, %ymm0, %ymm8
+        vpsrld	$16, %ymm1, %ymm9
+        vpsrld	$16, %ymm2, %ymm10
+        vpsrld	$16, %ymm3, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpsrld	$16, %ymm4, %ymm8
+        vpsrld	$16, %ymm5, %ymm9
+        vpsrld	$16, %ymm6, %ymm10
+        vpsrld	$16, %ymm7, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm1, %ymm1
+        vpshufb	%ymm14, %ymm2, %ymm2
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm4, %ymm4
+        vpshufb	%ymm14, %ymm5, %ymm5
+        vpshufb	%ymm14, %ymm6, %ymm6
+        vpshufb	%ymm14, %ymm7, %ymm7
+        vpermd	%ymm0, %ymm15, %ymm0
+        vpermd	%ymm1, %ymm15, %ymm1
+        vpermd	%ymm2, %ymm15, %ymm2
+        vpermd	%ymm3, %ymm15, %ymm3
+        vpermd	%ymm4, %ymm15, %ymm4
+        vpermd	%ymm5, %ymm15, %ymm5
+        vpermd	%ymm6, %ymm15, %ymm6
+        vpermd	%ymm7, %ymm15, %ymm7
+        vpermq	$2, %ymm6, %ymm8
+        vpermq	$0x90, %ymm7, %ymm7
+        vpermq	$9, %ymm5, %ymm9
+        vpermq	$0x40, %ymm6, %ymm6
+        vpermq	$0x00, %ymm5, %ymm5
+        vpblendd	$63, %ymm4, %ymm5, %ymm5
+        vpermq	$2, %ymm2, %ymm10
+        vpermq	$0x90, %ymm3, %ymm4
+        vpermq	$9, %ymm1, %ymm11
+        vpermq	$0x40, %ymm2, %ymm3
+        vpermq	$0x00, %ymm1, %ymm2
+        vpblendd	$63, %ymm0, %ymm2, %ymm2
+        vpblendd	$3, %ymm8, %ymm7, %ymm7
+        vpblendd	$15, %ymm9, %ymm6, %ymm6
+        vpblendd	$3, %ymm10, %ymm4, %ymm4
+        vpblendd	$15, %ymm11, %ymm3, %ymm3
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vmovdqu	%ymm4, 256(%rdi)
+        vmovdqu	%ymm5, 288(%rdi)
+        vmovdqu	%ymm6, 320(%rdi)
+        vmovdqu	%ymm7, 352(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_to_bytes_avx2,.-kyber_to_bytes_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_cmp_avx2
+.type	kyber_cmp_avx2,@function
+.align	16
+kyber_cmp_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cmp_avx2
+.p2align	4
+_kyber_cmp_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm2, %ymm2, %ymm2
+        vpxor	%ymm3, %ymm3, %ymm3
+        movl	$0x00, %ecx
+        movl	$-1, %r8d
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vpxor	(%rsi), %ymm0, %ymm0
+        vpxor	32(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	96(%rdi), %ymm1
+        vpxor	64(%rsi), %ymm0, %ymm0
+        vpxor	96(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vpxor	128(%rsi), %ymm0, %ymm0
+        vpxor	160(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vpxor	192(%rsi), %ymm0, %ymm0
+        vpxor	224(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vpxor	256(%rsi), %ymm0, %ymm0
+        vpxor	288(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vpxor	320(%rsi), %ymm0, %ymm0
+        vpxor	352(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vpxor	384(%rsi), %ymm0, %ymm0
+        vpxor	416(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm0
+        vmovdqu	480(%rdi), %ymm1
+        vpxor	448(%rsi), %ymm0, %ymm0
+        vpxor	480(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vpxor	512(%rsi), %ymm0, %ymm0
+        vpxor	544(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	576(%rdi), %ymm0
+        vmovdqu	608(%rdi), %ymm1
+        vpxor	576(%rsi), %ymm0, %ymm0
+        vpxor	608(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vpxor	640(%rsi), %ymm0, %ymm0
+        vpxor	672(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	704(%rdi), %ymm0
+        vmovdqu	736(%rdi), %ymm1
+        vpxor	704(%rsi), %ymm0, %ymm0
+        vpxor	736(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        subl	$0x300, %edx
+        jz	L_kyber_cmp_avx2_done
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vpxor	768(%rsi), %ymm0, %ymm0
+        vpxor	800(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	832(%rdi), %ymm0
+        vmovdqu	864(%rdi), %ymm1
+        vpxor	832(%rsi), %ymm0, %ymm0
+        vpxor	864(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vpxor	896(%rsi), %ymm0, %ymm0
+        vpxor	928(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	960(%rdi), %ymm0
+        vmovdqu	992(%rdi), %ymm1
+        vpxor	960(%rsi), %ymm0, %ymm0
+        vpxor	992(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1024(%rdi), %ymm0
+        vmovdqu	1056(%rdi), %ymm1
+        vpxor	1024(%rsi), %ymm0, %ymm0
+        vpxor	1056(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        subl	$0x140, %edx
+        jz	L_kyber_cmp_avx2_done
+        vmovdqu	1088(%rdi), %ymm0
+        vmovdqu	1120(%rdi), %ymm1
+        vpxor	1088(%rsi), %ymm0, %ymm0
+        vpxor	1120(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1152(%rdi), %ymm0
+        vmovdqu	1184(%rdi), %ymm1
+        vpxor	1152(%rsi), %ymm0, %ymm0
+        vpxor	1184(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1216(%rdi), %ymm0
+        vmovdqu	1248(%rdi), %ymm1
+        vpxor	1216(%rsi), %ymm0, %ymm0
+        vpxor	1248(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1280(%rdi), %ymm0
+        vmovdqu	1312(%rdi), %ymm1
+        vpxor	1280(%rsi), %ymm0, %ymm0
+        vpxor	1312(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1344(%rdi), %ymm0
+        vmovdqu	1376(%rdi), %ymm1
+        vpxor	1344(%rsi), %ymm0, %ymm0
+        vpxor	1376(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1408(%rdi), %ymm0
+        vmovdqu	1440(%rdi), %ymm1
+        vpxor	1408(%rsi), %ymm0, %ymm0
+        vpxor	1440(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1472(%rdi), %ymm0
+        vmovdqu	1504(%rdi), %ymm1
+        vpxor	1472(%rsi), %ymm0, %ymm0
+        vpxor	1504(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+L_kyber_cmp_avx2_done:
+        vpor	%ymm3, %ymm2, %ymm2
+        vptest	%ymm2, %ymm2
+        cmovzl	%ecx, %eax
+        cmovnzl	%r8d, %eax
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_cmp_avx2,.-kyber_cmp_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_21_rand_avx2
+.type	kyber_redistribute_21_rand_avx2,@function
+.align	16
+kyber_redistribute_21_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_21_rand_avx2
+.p2align	4
+_kyber_redistribute_21_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vmovdqu	256(%rdi), %ymm8
+        vmovdqu	288(%rdi), %ymm9
+        vmovdqu	320(%rdi), %ymm10
+        vmovdqu	352(%rdi), %ymm11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm12
+        vpunpckhqdq	%ymm1, %ymm0, %ymm13
+        vpunpcklqdq	%ymm3, %ymm2, %ymm14
+        vpunpckhqdq	%ymm3, %ymm2, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm0
+        vperm2i128	$32, %ymm15, %ymm13, %ymm1
+        vperm2i128	$49, %ymm14, %ymm12, %ymm2
+        vperm2i128	$49, %ymm15, %ymm13, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm12
+        vpunpckhqdq	%ymm5, %ymm4, %ymm13
+        vpunpcklqdq	%ymm7, %ymm6, %ymm14
+        vpunpckhqdq	%ymm7, %ymm6, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm4
+        vperm2i128	$32, %ymm15, %ymm13, %ymm5
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm7
+        vpunpcklqdq	%ymm9, %ymm8, %ymm12
+        vpunpckhqdq	%ymm9, %ymm8, %ymm13
+        vpunpcklqdq	%ymm11, %ymm10, %ymm14
+        vpunpckhqdq	%ymm11, %ymm10, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm8
+        vperm2i128	$32, %ymm15, %ymm13, %ymm9
+        vperm2i128	$49, %ymm14, %ymm12, %ymm10
+        vperm2i128	$49, %ymm15, %ymm13, %ymm11
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm8, 64(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm9, 64(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm10, 64(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	%ymm11, 64(%r8)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vmovdqu	512(%rdi), %ymm4
+        vmovdqu	544(%rdi), %ymm5
+        vmovdqu	576(%rdi), %ymm6
+        vmovdqu	608(%rdi), %ymm7
+        movq	640(%rdi), %rax
+        movq	648(%rdi), %r9
+        movq	656(%rdi), %r10
+        movq	664(%rdi), %r11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm12
+        vpunpckhqdq	%ymm1, %ymm0, %ymm13
+        vpunpcklqdq	%ymm3, %ymm2, %ymm14
+        vpunpckhqdq	%ymm3, %ymm2, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm0
+        vperm2i128	$32, %ymm15, %ymm13, %ymm1
+        vperm2i128	$49, %ymm14, %ymm12, %ymm2
+        vperm2i128	$49, %ymm15, %ymm13, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm12
+        vpunpckhqdq	%ymm5, %ymm4, %ymm13
+        vpunpcklqdq	%ymm7, %ymm6, %ymm14
+        vpunpckhqdq	%ymm7, %ymm6, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm4
+        vperm2i128	$32, %ymm15, %ymm13, %ymm5
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm7
+        vmovdqu	%ymm0, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        movq	%rax, 160(%rsi)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	%ymm5, 128(%rdx)
+        movq	%r9, 160(%rdx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        movq	%r10, 160(%rcx)
+        vmovdqu	%ymm3, 96(%r8)
+        vmovdqu	%ymm7, 128(%r8)
+        movq	%r11, 160(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_21_rand_avx2,.-kyber_redistribute_21_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_17_rand_avx2
+.type	kyber_redistribute_17_rand_avx2,@function
+.align	16
+kyber_redistribute_17_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_17_rand_avx2
+.p2align	4
+_kyber_redistribute_17_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        movq	512(%rdi), %rax
+        movq	520(%rdi), %r9
+        movq	528(%rdi), %r10
+        movq	536(%rdi), %r11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm4, 96(%rsi)
+        movq	%rax, 128(%rsi)
+        vmovdqu	%ymm1, 64(%rdx)
+        vmovdqu	%ymm5, 96(%rdx)
+        movq	%r9, 128(%rdx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        movq	%r10, 128(%rcx)
+        vmovdqu	%ymm3, 64(%r8)
+        vmovdqu	%ymm7, 96(%r8)
+        movq	%r11, 128(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_17_rand_avx2,.-kyber_redistribute_17_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_16_rand_avx2
+.type	kyber_redistribute_16_rand_avx2,@function
+.align	16
+kyber_redistribute_16_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_16_rand_avx2
+.p2align	4
+_kyber_redistribute_16_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm4, 96(%rsi)
+        vmovdqu	%ymm1, 64(%rdx)
+        vmovdqu	%ymm5, 96(%rdx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm3, 64(%r8)
+        vmovdqu	%ymm7, 96(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_16_rand_avx2,.-kyber_redistribute_16_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_8_rand_avx2
+.type	kyber_redistribute_8_rand_avx2,@function
+.align	16
+kyber_redistribute_8_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_8_rand_avx2
+.p2align	4
+_kyber_redistribute_8_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_8_rand_avx2,.-kyber_redistribute_8_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_sha3_parallel_4_r:
+.quad	0x1,0x1
+.quad	0x1,0x1
+.quad	0x8082,0x8082
+.quad	0x8082,0x8082
+.quad	0x800000000000808a,0x800000000000808a
+.quad	0x800000000000808a,0x800000000000808a
+.quad	0x8000000080008000,0x8000000080008000
+.quad	0x8000000080008000,0x8000000080008000
+.quad	0x808b,0x808b
+.quad	0x808b,0x808b
+.quad	0x80000001,0x80000001
+.quad	0x80000001,0x80000001
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000000008009,0x8000000000008009
+.quad	0x8000000000008009,0x8000000000008009
+.quad	0x8a,0x8a
+.quad	0x8a,0x8a
+.quad	0x88,0x88
+.quad	0x88,0x88
+.quad	0x80008009,0x80008009
+.quad	0x80008009,0x80008009
+.quad	0x8000000a,0x8000000a
+.quad	0x8000000a,0x8000000a
+.quad	0x8000808b,0x8000808b
+.quad	0x8000808b,0x8000808b
+.quad	0x800000000000008b,0x800000000000008b
+.quad	0x800000000000008b,0x800000000000008b
+.quad	0x8000000000008089,0x8000000000008089
+.quad	0x8000000000008089,0x8000000000008089
+.quad	0x8000000000008003,0x8000000000008003
+.quad	0x8000000000008003,0x8000000000008003
+.quad	0x8000000000008002,0x8000000000008002
+.quad	0x8000000000008002,0x8000000000008002
+.quad	0x8000000000000080,0x8000000000000080
+.quad	0x8000000000000080,0x8000000000000080
+.quad	0x800a,0x800a
+.quad	0x800a,0x800a
+.quad	0x800000008000000a,0x800000008000000a
+.quad	0x800000008000000a,0x800000008000000a
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000000008080,0x8000000000008080
+.quad	0x8000000000008080,0x8000000000008080
+.quad	0x80000001,0x80000001
+.quad	0x80000001,0x80000001
+.quad	0x8000000080008008,0x8000000080008008
+.quad	0x8000000080008008,0x8000000080008008
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_sha3_128_blockx4_seed_avx2_end_mark:
+.quad	0x8000000000000000, 0x8000000000000000
+.quad	0x8000000000000000, 0x8000000000000000
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_128_blocksx4_seed_avx2
+.type	kyber_sha3_128_blocksx4_seed_avx2,@function
+.align	16
+kyber_sha3_128_blocksx4_seed_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_128_blocksx4_seed_avx2
+.p2align	4
+_kyber_sha3_128_blocksx4_seed_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_parallel_4_r(%rip), %rdx
+        movq	%rdi, %rax
+        movq	%rdi, %rcx
+        vpbroadcastq	(%rsi), %ymm15
+        addq	$0x80, %rdi
+        vpbroadcastq	8(%rsi), %ymm11
+        addq	$0x180, %rax
+        vpbroadcastq	16(%rsi), %ymm12
+        addq	$0x280, %rcx
+        vpbroadcastq	24(%rsi), %ymm13
+        vmovdqu	L_sha3_128_blockx4_seed_avx2_end_mark(%rip), %ymm5
+        vpxor	%ymm6, %ymm6, %ymm6
+        vmovdqu	%ymm11, -96(%rdi)
+        vmovdqu	%ymm12, -64(%rdi)
+        vmovdqu	%ymm13, -32(%rdi)
+        vmovdqu	(%rdi), %ymm14
+        vmovdqu	%ymm6, 32(%rdi)
+        vmovdqu	%ymm6, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm6, -96(%rax)
+        vmovdqu	%ymm6, -64(%rax)
+        vmovdqu	%ymm6, -32(%rax)
+        vmovdqu	%ymm6, (%rax)
+        vmovdqu	%ymm6, 32(%rax)
+        vmovdqu	%ymm6, 64(%rax)
+        vmovdqu	%ymm6, 96(%rax)
+        vmovdqu	%ymm6, 128(%rax)
+        vmovdqu	%ymm6, -96(%rcx)
+        vmovdqu	%ymm6, -64(%rcx)
+        vmovdqu	%ymm6, -32(%rcx)
+        vmovdqu	%ymm5, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm6, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        vpxor	%ymm5, %ymm15, %ymm10
+        # Round 0
+        # Calc b[0..4]
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rdi), %ymm6, %ymm11
+        vpxor	(%rax), %ymm7, %ymm12
+        vpxor	-64(%rcx), %ymm8, %ymm13
+        vpxor	128(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 1
+        vpxor	-32(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rax), %ymm9, %ymm11
+        vpxor	-64(%rax), %ymm5, %ymm12
+        vpxor	128(%rax), %ymm6, %ymm13
+        vpxor	64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 2
+        vpxor	-96(%rdi), %ymm6, %ymm10
+        vpxor	96(%rdi), %ymm7, %ymm11
+        vpxor	32(%rax), %ymm8, %ymm12
+        vpxor	-32(%rcx), %ymm9, %ymm13
+        vpxor	(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 3
+        vpxor	(%rdi), %ymm9, %ymm10
+        vpxor	32(%rdi), %ymm5, %ymm11
+        vpxor	-32(%rax), %ymm6, %ymm12
+        vpxor	-96(%rcx), %ymm7, %ymm13
+        vpxor	96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 4
+        vpxor	-64(%rdi), %ymm7, %ymm10
+        vpxor	128(%rdi), %ymm8, %ymm11
+        vpxor	64(%rax), %ymm9, %ymm12
+        vpxor	96(%rax), %ymm5, %ymm13
+        vpxor	32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Round 1
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm2, %ymm12
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm3, %ymm13
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm4, %ymm14
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rax), %ymm6, %ymm11
+        vpxor	32(%rax), %ymm7, %ymm12
+        vpxor	-96(%rcx), %ymm8, %ymm13
+        vpxor	32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	32(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 1
+        vpxor	-64(%rcx), %ymm8, %ymm10
+        vpxor	64(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rdi), %ymm5, %ymm12
+        vpxor	32(%rdi), %ymm6, %ymm13
+        vpxor	64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 2
+        vpxor	64(%rdi), %ymm6, %ymm10
+        vpxor	-64(%rax), %ymm7, %ymm11
+        vpxor	-32(%rcx), %ymm8, %ymm12
+        vpxor	96(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 3
+        vpxor	128(%rcx), %ymm9, %ymm10
+        vpxor	-32(%rdi), %ymm5, %ymm11
+        vpxor	96(%rdi), %ymm6, %ymm12
+        vpxor	-32(%rax), %ymm7, %ymm13
+        vpxor	96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 4
+        vpxor	(%rax), %ymm7, %ymm10
+        vpxor	128(%rax), %ymm8, %ymm11
+        vpxor	(%rcx), %ymm9, %ymm12
+        vpxor	(%rdi), %ymm5, %ymm13
+        vpxor	128(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Round 2
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rcx), %ymm6, %ymm11
+        vpxor	-32(%rcx), %ymm7, %ymm12
+        vpxor	-32(%rax), %ymm8, %ymm13
+        vpxor	128(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	64(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 1
+        vpxor	-96(%rcx), %ymm8, %ymm10
+        vpxor	64(%rax), %ymm9, %ymm11
+        vpxor	64(%rdi), %ymm5, %ymm12
+        vpxor	-32(%rdi), %ymm6, %ymm13
+        vpxor	(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 2
+        vpxor	-96(%rax), %ymm6, %ymm10
+        vpxor	-96(%rdi), %ymm7, %ymm11
+        vpxor	96(%rcx), %ymm8, %ymm12
+        vpxor	96(%rax), %ymm9, %ymm13
+        vpxor	(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Row 3
+        vpxor	32(%rcx), %ymm9, %ymm10
+        vpxor	-64(%rcx), %ymm5, %ymm11
+        vpxor	-64(%rax), %ymm6, %ymm12
+        vpxor	96(%rdi), %ymm7, %ymm13
+        vpxor	(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 4
+        vpxor	32(%rax), %ymm7, %ymm10
+        vpxor	32(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rdi), %ymm9, %ymm12
+        vpxor	128(%rcx), %ymm5, %ymm13
+        vpxor	128(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Round 3
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm2, %ymm12
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rax), %ymm6, %ymm11
+        vpxor	96(%rcx), %ymm7, %ymm12
+        vpxor	96(%rdi), %ymm8, %ymm13
+        vpxor	128(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	96(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 1
+        vpxor	-32(%rax), %ymm8, %ymm10
+        vpxor	(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rax), %ymm5, %ymm12
+        vpxor	-64(%rcx), %ymm6, %ymm13
+        vpxor	-64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 2
+        vpxor	64(%rcx), %ymm6, %ymm10
+        vpxor	64(%rdi), %ymm7, %ymm11
+        vpxor	96(%rax), %ymm8, %ymm12
+        vpxor	(%rdi), %ymm9, %ymm13
+        vpxor	32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 3
+        vpxor	128(%rdi), %ymm9, %ymm10
+        vpxor	-96(%rcx), %ymm5, %ymm11
+        vpxor	-96(%rdi), %ymm6, %ymm12
+        vpxor	-64(%rax), %ymm7, %ymm13
+        vpxor	128(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 4
+        vpxor	-32(%rcx), %ymm7, %ymm10
+        vpxor	-32(%rdi), %ymm8, %ymm11
+        vpxor	(%rax), %ymm9, %ymm12
+        vpxor	32(%rcx), %ymm5, %ymm13
+        vpxor	32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Round 4
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm1, %ymm11
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rcx), %ymm6, %ymm11
+        vpxor	96(%rax), %ymm7, %ymm12
+        vpxor	-64(%rax), %ymm8, %ymm13
+        vpxor	32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	128(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 1
+        vpxor	96(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rdi), %ymm9, %ymm11
+        vpxor	64(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rcx), %ymm6, %ymm13
+        vpxor	(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 2
+        vpxor	64(%rax), %ymm6, %ymm10
+        vpxor	-96(%rax), %ymm7, %ymm11
+        vpxor	(%rdi), %ymm8, %ymm12
+        vpxor	128(%rcx), %ymm9, %ymm13
+        vpxor	-32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 3
+        vpxor	128(%rax), %ymm9, %ymm10
+        vpxor	-32(%rax), %ymm5, %ymm11
+        vpxor	64(%rdi), %ymm6, %ymm12
+        vpxor	-96(%rdi), %ymm7, %ymm13
+        vpxor	32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 4
+        vpxor	96(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rcx), %ymm8, %ymm11
+        vpxor	32(%rax), %ymm9, %ymm12
+        vpxor	128(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Round 5
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rdi), %ymm6, %ymm11
+        vpxor	(%rdi), %ymm7, %ymm12
+        vpxor	-96(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	160(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 1
+        vpxor	-64(%rax), %ymm8, %ymm10
+        vpxor	(%rax), %ymm9, %ymm11
+        vpxor	64(%rax), %ymm5, %ymm12
+        vpxor	-32(%rax), %ymm6, %ymm13
+        vpxor	32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 2
+        vpxor	(%rcx), %ymm6, %ymm10
+        vpxor	64(%rcx), %ymm7, %ymm11
+        vpxor	128(%rcx), %ymm8, %ymm12
+        vpxor	32(%rcx), %ymm9, %ymm13
+        vpxor	96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 3
+        vpxor	32(%rdi), %ymm9, %ymm10
+        vpxor	96(%rdi), %ymm5, %ymm11
+        vpxor	-96(%rax), %ymm6, %ymm12
+        vpxor	64(%rdi), %ymm7, %ymm13
+        vpxor	128(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 4
+        vpxor	96(%rax), %ymm7, %ymm10
+        vpxor	-96(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rcx), %ymm9, %ymm12
+        vpxor	128(%rax), %ymm5, %ymm13
+        vpxor	-64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Round 6
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rax), %ymm6, %ymm11
+        vpxor	128(%rcx), %ymm7, %ymm12
+        vpxor	64(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	192(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 1
+        vpxor	-96(%rdi), %ymm8, %ymm10
+        vpxor	32(%rax), %ymm9, %ymm11
+        vpxor	(%rcx), %ymm5, %ymm12
+        vpxor	96(%rdi), %ymm6, %ymm13
+        vpxor	-32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 2
+        vpxor	-64(%rdi), %ymm6, %ymm10
+        vpxor	64(%rax), %ymm7, %ymm11
+        vpxor	32(%rcx), %ymm8, %ymm12
+        vpxor	128(%rdi), %ymm9, %ymm13
+        vpxor	96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 3
+        vpxor	-32(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rax), %ymm5, %ymm11
+        vpxor	64(%rcx), %ymm6, %ymm12
+        vpxor	-96(%rax), %ymm7, %ymm13
+        vpxor	128(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 4
+        vpxor	(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rax), %ymm8, %ymm11
+        vpxor	96(%rcx), %ymm9, %ymm12
+        vpxor	32(%rdi), %ymm5, %ymm13
+        vpxor	-96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Round 7
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm3, %ymm13
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm1, %ymm11
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm4, %ymm14
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm2, %ymm12
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rax), %ymm6, %ymm11
+        vpxor	32(%rcx), %ymm7, %ymm12
+        vpxor	-96(%rax), %ymm8, %ymm13
+        vpxor	-96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	224(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 1
+        vpxor	64(%rdi), %ymm8, %ymm10
+        vpxor	-32(%rcx), %ymm9, %ymm11
+        vpxor	-64(%rdi), %ymm5, %ymm12
+        vpxor	-64(%rax), %ymm6, %ymm13
+        vpxor	96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 2
+        vpxor	(%rax), %ymm6, %ymm10
+        vpxor	(%rcx), %ymm7, %ymm11
+        vpxor	128(%rdi), %ymm8, %ymm12
+        vpxor	128(%rax), %ymm9, %ymm13
+        vpxor	(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 3
+        vpxor	-64(%rcx), %ymm9, %ymm10
+        vpxor	-96(%rdi), %ymm5, %ymm11
+        vpxor	64(%rax), %ymm6, %ymm12
+        vpxor	64(%rcx), %ymm7, %ymm13
+        vpxor	32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 4
+        vpxor	128(%rcx), %ymm7, %ymm10
+        vpxor	96(%rdi), %ymm8, %ymm11
+        vpxor	96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Round 8
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm3, %ymm13
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rcx), %ymm6, %ymm11
+        vpxor	128(%rdi), %ymm7, %ymm12
+        vpxor	64(%rcx), %ymm8, %ymm13
+        vpxor	-32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	256(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 1
+        vpxor	-96(%rax), %ymm8, %ymm10
+        vpxor	96(%rcx), %ymm9, %ymm11
+        vpxor	(%rax), %ymm5, %ymm12
+        vpxor	-96(%rdi), %ymm6, %ymm13
+        vpxor	96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 2
+        vpxor	32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rdi), %ymm7, %ymm11
+        vpxor	128(%rax), %ymm8, %ymm12
+        vpxor	32(%rdi), %ymm9, %ymm13
+        vpxor	128(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 3
+        vpxor	-96(%rcx), %ymm9, %ymm10
+        vpxor	64(%rdi), %ymm5, %ymm11
+        vpxor	(%rcx), %ymm6, %ymm12
+        vpxor	64(%rax), %ymm7, %ymm13
+        vpxor	-32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 4
+        vpxor	32(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rax), %ymm8, %ymm11
+        vpxor	(%rdi), %ymm9, %ymm12
+        vpxor	-64(%rcx), %ymm5, %ymm13
+        vpxor	96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Round 9
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm2, %ymm12
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rcx), %ymm6, %ymm11
+        vpxor	128(%rax), %ymm7, %ymm12
+        vpxor	64(%rax), %ymm8, %ymm13
+        vpxor	96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	288(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 1
+        vpxor	64(%rcx), %ymm8, %ymm10
+        vpxor	96(%rax), %ymm9, %ymm11
+        vpxor	32(%rax), %ymm5, %ymm12
+        vpxor	64(%rdi), %ymm6, %ymm13
+        vpxor	(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 2
+        vpxor	-32(%rcx), %ymm6, %ymm10
+        vpxor	(%rax), %ymm7, %ymm11
+        vpxor	32(%rdi), %ymm8, %ymm12
+        vpxor	-32(%rdi), %ymm9, %ymm13
+        vpxor	32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 3
+        vpxor	-32(%rax), %ymm9, %ymm10
+        vpxor	-96(%rax), %ymm5, %ymm11
+        vpxor	-64(%rdi), %ymm6, %ymm12
+        vpxor	(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 4
+        vpxor	128(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rdi), %ymm8, %ymm11
+        vpxor	128(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Round 10
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm1, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rax), %ymm6, %ymm11
+        vpxor	32(%rdi), %ymm7, %ymm12
+        vpxor	(%rcx), %ymm8, %ymm13
+        vpxor	-64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	320(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 1
+        vpxor	64(%rax), %ymm8, %ymm10
+        vpxor	(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rax), %ymm6, %ymm13
+        vpxor	128(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 2
+        vpxor	96(%rcx), %ymm6, %ymm10
+        vpxor	32(%rax), %ymm7, %ymm11
+        vpxor	-32(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rcx), %ymm9, %ymm13
+        vpxor	128(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 3
+        vpxor	96(%rdi), %ymm9, %ymm10
+        vpxor	64(%rcx), %ymm5, %ymm11
+        vpxor	(%rax), %ymm6, %ymm12
+        vpxor	-64(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 4
+        vpxor	128(%rax), %ymm7, %ymm10
+        vpxor	64(%rdi), %ymm8, %ymm11
+        vpxor	32(%rcx), %ymm9, %ymm12
+        vpxor	-32(%rax), %ymm5, %ymm13
+        vpxor	-96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Round 11
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm4, %ymm14
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rdi), %ymm7, %ymm12
+        vpxor	-64(%rdi), %ymm8, %ymm13
+        vpxor	-96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	352(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 1
+        vpxor	(%rcx), %ymm8, %ymm10
+        vpxor	128(%rcx), %ymm9, %ymm11
+        vpxor	96(%rcx), %ymm5, %ymm12
+        vpxor	64(%rcx), %ymm6, %ymm13
+        vpxor	32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 2
+        vpxor	96(%rax), %ymm6, %ymm10
+        vpxor	-32(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rcx), %ymm8, %ymm12
+        vpxor	-96(%rcx), %ymm9, %ymm13
+        vpxor	128(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 3
+        vpxor	-64(%rax), %ymm9, %ymm10
+        vpxor	64(%rax), %ymm5, %ymm11
+        vpxor	32(%rax), %ymm6, %ymm12
+        vpxor	(%rax), %ymm7, %ymm13
+        vpxor	-32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 4
+        vpxor	32(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rax), %ymm8, %ymm11
+        vpxor	128(%rdi), %ymm9, %ymm12
+        vpxor	96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Round 12
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rcx), %ymm6, %ymm11
+        vpxor	-64(%rcx), %ymm7, %ymm12
+        vpxor	(%rax), %ymm8, %ymm13
+        vpxor	64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	384(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 1
+        vpxor	-64(%rdi), %ymm8, %ymm10
+        vpxor	32(%rcx), %ymm9, %ymm11
+        vpxor	96(%rax), %ymm5, %ymm12
+        vpxor	64(%rax), %ymm6, %ymm13
+        vpxor	128(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 2
+        vpxor	(%rdi), %ymm6, %ymm10
+        vpxor	96(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rcx), %ymm8, %ymm12
+        vpxor	-32(%rax), %ymm9, %ymm13
+        vpxor	32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 3
+        vpxor	-96(%rdi), %ymm9, %ymm10
+        vpxor	(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rcx), %ymm6, %ymm12
+        vpxor	32(%rax), %ymm7, %ymm13
+        vpxor	96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 4
+        vpxor	-32(%rdi), %ymm7, %ymm10
+        vpxor	64(%rcx), %ymm8, %ymm11
+        vpxor	128(%rax), %ymm9, %ymm12
+        vpxor	-64(%rax), %ymm5, %ymm13
+        vpxor	-96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Round 13
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm3, %ymm13
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm2, %ymm12
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm1, %ymm11
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rcx), %ymm7, %ymm12
+        vpxor	32(%rax), %ymm8, %ymm13
+        vpxor	-96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	416(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 1
+        vpxor	(%rax), %ymm8, %ymm10
+        vpxor	128(%rdi), %ymm9, %ymm11
+        vpxor	(%rdi), %ymm5, %ymm12
+        vpxor	(%rcx), %ymm6, %ymm13
+        vpxor	128(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 2
+        vpxor	128(%rcx), %ymm6, %ymm10
+        vpxor	96(%rax), %ymm7, %ymm11
+        vpxor	-32(%rax), %ymm8, %ymm12
+        vpxor	96(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 3
+        vpxor	64(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rdi), %ymm5, %ymm11
+        vpxor	96(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 4
+        vpxor	-64(%rcx), %ymm7, %ymm10
+        vpxor	64(%rax), %ymm8, %ymm11
+        vpxor	32(%rdi), %ymm9, %ymm12
+        vpxor	-96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Round 14
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm3, %ymm13
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rax), %ymm7, %ymm12
+        vpxor	-32(%rcx), %ymm8, %ymm13
+        vpxor	64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	448(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 1
+        vpxor	32(%rax), %ymm8, %ymm10
+        vpxor	128(%rax), %ymm9, %ymm11
+        vpxor	128(%rcx), %ymm5, %ymm12
+        vpxor	-64(%rdi), %ymm6, %ymm13
+        vpxor	32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 2
+        vpxor	32(%rcx), %ymm6, %ymm10
+        vpxor	(%rdi), %ymm7, %ymm11
+        vpxor	96(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rax), %ymm9, %ymm13
+        vpxor	-64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 3
+        vpxor	-96(%rax), %ymm9, %ymm10
+        vpxor	(%rax), %ymm5, %ymm11
+        vpxor	96(%rax), %ymm6, %ymm12
+        vpxor	96(%rcx), %ymm7, %ymm13
+        vpxor	-96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 4
+        vpxor	-96(%rcx), %ymm7, %ymm10
+        vpxor	(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rdi), %ymm9, %ymm12
+        vpxor	64(%rdi), %ymm5, %ymm13
+        vpxor	64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Round 15
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm2, %ymm12
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rax), %ymm6, %ymm11
+        vpxor	96(%rdi), %ymm7, %ymm12
+        vpxor	96(%rcx), %ymm8, %ymm13
+        vpxor	64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	480(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 1
+        vpxor	-32(%rcx), %ymm8, %ymm10
+        vpxor	32(%rdi), %ymm9, %ymm11
+        vpxor	32(%rcx), %ymm5, %ymm12
+        vpxor	(%rax), %ymm6, %ymm13
+        vpxor	-32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 2
+        vpxor	128(%rdi), %ymm6, %ymm10
+        vpxor	128(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rax), %ymm8, %ymm12
+        vpxor	-96(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 3
+        vpxor	64(%rcx), %ymm9, %ymm10
+        vpxor	32(%rax), %ymm5, %ymm11
+        vpxor	(%rdi), %ymm6, %ymm12
+        vpxor	96(%rax), %ymm7, %ymm13
+        vpxor	64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 4
+        vpxor	-32(%rax), %ymm7, %ymm10
+        vpxor	-64(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rax), %ymm5, %ymm13
+        vpxor	(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Round 16
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rax), %ymm7, %ymm12
+        vpxor	96(%rax), %ymm8, %ymm13
+        vpxor	(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	512(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 1
+        vpxor	96(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rdi), %ymm9, %ymm11
+        vpxor	128(%rdi), %ymm5, %ymm12
+        vpxor	32(%rax), %ymm6, %ymm13
+        vpxor	-64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 2
+        vpxor	128(%rax), %ymm6, %ymm10
+        vpxor	32(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rdi), %ymm8, %ymm12
+        vpxor	64(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 3
+        vpxor	64(%rax), %ymm9, %ymm10
+        vpxor	-32(%rcx), %ymm5, %ymm11
+        vpxor	128(%rcx), %ymm6, %ymm12
+        vpxor	(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 4
+        vpxor	96(%rdi), %ymm7, %ymm10
+        vpxor	(%rax), %ymm8, %ymm11
+        vpxor	-96(%rcx), %ymm9, %ymm12
+        vpxor	64(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Round 17
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm4, %ymm14
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rdi), %ymm6, %ymm11
+        vpxor	-96(%rdi), %ymm7, %ymm12
+        vpxor	(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	544(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 1
+        vpxor	96(%rax), %ymm8, %ymm10
+        vpxor	-64(%rcx), %ymm9, %ymm11
+        vpxor	128(%rax), %ymm5, %ymm12
+        vpxor	-32(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 2
+        vpxor	32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rdi), %ymm7, %ymm11
+        vpxor	64(%rdi), %ymm8, %ymm12
+        vpxor	-96(%rax), %ymm9, %ymm13
+        vpxor	96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 3
+        vpxor	(%rcx), %ymm9, %ymm10
+        vpxor	96(%rcx), %ymm5, %ymm11
+        vpxor	32(%rcx), %ymm6, %ymm12
+        vpxor	128(%rcx), %ymm7, %ymm13
+        vpxor	64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 4
+        vpxor	-64(%rax), %ymm7, %ymm10
+        vpxor	32(%rax), %ymm8, %ymm11
+        vpxor	-32(%rax), %ymm9, %ymm12
+        vpxor	64(%rax), %ymm5, %ymm13
+        vpxor	(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Round 18
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rcx), %ymm6, %ymm11
+        vpxor	64(%rdi), %ymm7, %ymm12
+        vpxor	128(%rcx), %ymm8, %ymm13
+        vpxor	(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	576(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 1
+        vpxor	(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rcx), %ymm9, %ymm11
+        vpxor	32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rcx), %ymm6, %ymm13
+        vpxor	-32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 2
+        vpxor	-32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rax), %ymm7, %ymm11
+        vpxor	-96(%rax), %ymm8, %ymm12
+        vpxor	64(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 3
+        vpxor	-64(%rdi), %ymm9, %ymm10
+        vpxor	96(%rax), %ymm5, %ymm11
+        vpxor	128(%rdi), %ymm6, %ymm12
+        vpxor	32(%rcx), %ymm7, %ymm13
+        vpxor	64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 4
+        vpxor	-96(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rcx), %ymm8, %ymm11
+        vpxor	96(%rdi), %ymm9, %ymm12
+        vpxor	(%rcx), %ymm5, %ymm13
+        vpxor	32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Round 19
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm4, %ymm14
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm1, %ymm11
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm3, %ymm13
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rax), %ymm7, %ymm12
+        vpxor	32(%rcx), %ymm8, %ymm13
+        vpxor	32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	608(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 1
+        vpxor	128(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rax), %ymm9, %ymm11
+        vpxor	-32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rax), %ymm6, %ymm13
+        vpxor	96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 2
+        vpxor	-64(%rcx), %ymm6, %ymm10
+        vpxor	32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rcx), %ymm8, %ymm12
+        vpxor	64(%rax), %ymm9, %ymm13
+        vpxor	-96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 3
+        vpxor	(%rax), %ymm9, %ymm10
+        vpxor	(%rdi), %ymm5, %ymm11
+        vpxor	128(%rax), %ymm6, %ymm12
+        vpxor	128(%rdi), %ymm7, %ymm13
+        vpxor	(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 4
+        vpxor	64(%rdi), %ymm7, %ymm10
+        vpxor	96(%rcx), %ymm8, %ymm11
+        vpxor	-64(%rax), %ymm9, %ymm12
+        vpxor	-64(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Round 20
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm3, %ymm13
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rax), %ymm6, %ymm11
+        vpxor	64(%rcx), %ymm7, %ymm12
+        vpxor	128(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	640(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 1
+        vpxor	32(%rcx), %ymm8, %ymm10
+        vpxor	96(%rdi), %ymm9, %ymm11
+        vpxor	-64(%rcx), %ymm5, %ymm12
+        vpxor	(%rdi), %ymm6, %ymm13
+        vpxor	-64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 2
+        vpxor	-96(%rcx), %ymm6, %ymm10
+        vpxor	-32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rax), %ymm8, %ymm12
+        vpxor	(%rcx), %ymm9, %ymm13
+        vpxor	64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 3
+        vpxor	32(%rax), %ymm9, %ymm10
+        vpxor	128(%rcx), %ymm5, %ymm11
+        vpxor	32(%rdi), %ymm6, %ymm12
+        vpxor	128(%rax), %ymm7, %ymm13
+        vpxor	-64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 4
+        vpxor	-96(%rax), %ymm7, %ymm10
+        vpxor	96(%rax), %ymm8, %ymm11
+        vpxor	-96(%rdi), %ymm9, %ymm12
+        vpxor	(%rax), %ymm5, %ymm13
+        vpxor	96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Round 21
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rdi), %ymm6, %ymm11
+        vpxor	64(%rax), %ymm7, %ymm12
+        vpxor	128(%rax), %ymm8, %ymm13
+        vpxor	96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	672(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 1
+        vpxor	128(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rax), %ymm9, %ymm11
+        vpxor	-96(%rcx), %ymm5, %ymm12
+        vpxor	128(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 2
+        vpxor	-32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rcx), %ymm7, %ymm11
+        vpxor	(%rcx), %ymm8, %ymm12
+        vpxor	-64(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 3
+        vpxor	-32(%rcx), %ymm9, %ymm10
+        vpxor	32(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rdi), %ymm6, %ymm12
+        vpxor	32(%rdi), %ymm7, %ymm13
+        vpxor	(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, (%rax)
+        # Row 4
+        vpxor	64(%rcx), %ymm7, %ymm10
+        vpxor	(%rdi), %ymm8, %ymm11
+        vpxor	64(%rdi), %ymm9, %ymm12
+        vpxor	32(%rax), %ymm5, %ymm13
+        vpxor	96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Round 22
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm1, %ymm11
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rax), %ymm6, %ymm11
+        vpxor	(%rcx), %ymm7, %ymm12
+        vpxor	32(%rdi), %ymm8, %ymm13
+        vpxor	96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	704(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 1
+        vpxor	128(%rax), %ymm8, %ymm10
+        vpxor	-96(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rax), %ymm5, %ymm12
+        vpxor	32(%rcx), %ymm6, %ymm13
+        vpxor	64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 2
+        vpxor	96(%rdi), %ymm6, %ymm10
+        vpxor	-96(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rdi), %ymm8, %ymm12
+        vpxor	(%rax), %ymm9, %ymm13
+        vpxor	64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 3
+        vpxor	96(%rcx), %ymm9, %ymm10
+        vpxor	128(%rdi), %ymm5, %ymm11
+        vpxor	-64(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rdi), %ymm7, %ymm13
+        vpxor	32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 4
+        vpxor	64(%rax), %ymm7, %ymm10
+        vpxor	128(%rcx), %ymm8, %ymm11
+        vpxor	-96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rcx), %ymm5, %ymm13
+        vpxor	(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rdi)
+        # Round 23
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm4, %ymm14
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rdi), %ymm7, %ymm12
+        vpxor	-32(%rdi), %ymm8, %ymm13
+        vpxor	(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	736(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 1
+        vpxor	32(%rdi), %ymm8, %ymm10
+        vpxor	64(%rdi), %ymm9, %ymm11
+        vpxor	96(%rdi), %ymm5, %ymm12
+        vpxor	128(%rdi), %ymm6, %ymm13
+        vpxor	-96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 2
+        vpxor	-64(%rax), %ymm6, %ymm10
+        vpxor	-32(%rax), %ymm7, %ymm11
+        vpxor	(%rax), %ymm8, %ymm12
+        vpxor	32(%rax), %ymm9, %ymm13
+        vpxor	64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 3
+        vpxor	96(%rax), %ymm9, %ymm10
+        vpxor	128(%rax), %ymm5, %ymm11
+        vpxor	-96(%rcx), %ymm6, %ymm12
+        vpxor	-64(%rcx), %ymm7, %ymm13
+        vpxor	-32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 4
+        vpxor	(%rcx), %ymm7, %ymm10
+        vpxor	32(%rcx), %ymm8, %ymm11
+        vpxor	64(%rcx), %ymm9, %ymm12
+        vpxor	96(%rcx), %ymm5, %ymm13
+        vpxor	128(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        subq	$0x80, %rdi
+        vmovdqu	%ymm15, (%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_sha3_128_blocksx4_seed_avx2,.-kyber_sha3_128_blocksx4_seed_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_sha3_256_blockx4_seed_avx2_end_mark:
+.quad	0x8000000000000000, 0x8000000000000000
+.quad	0x8000000000000000, 0x8000000000000000
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_256_blocksx4_seed_avx2
+.type	kyber_sha3_256_blocksx4_seed_avx2,@function
+.align	16
+kyber_sha3_256_blocksx4_seed_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_256_blocksx4_seed_avx2
+.p2align	4
+_kyber_sha3_256_blocksx4_seed_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_parallel_4_r(%rip), %rdx
+        movq	%rdi, %rax
+        movq	%rdi, %rcx
+        vpbroadcastq	(%rsi), %ymm15
+        addq	$0x80, %rdi
+        vpbroadcastq	8(%rsi), %ymm11
+        addq	$0x180, %rax
+        vpbroadcastq	16(%rsi), %ymm12
+        addq	$0x280, %rcx
+        vpbroadcastq	24(%rsi), %ymm13
+        vmovdqu	L_sha3_256_blockx4_seed_avx2_end_mark(%rip), %ymm5
+        vpxor	%ymm6, %ymm6, %ymm6
+        vmovdqu	%ymm11, -96(%rdi)
+        vmovdqu	%ymm12, -64(%rdi)
+        vmovdqu	%ymm13, -32(%rdi)
+        vmovdqu	(%rdi), %ymm14
+        vmovdqu	%ymm6, 32(%rdi)
+        vmovdqu	%ymm6, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm6, -96(%rax)
+        vmovdqu	%ymm6, -64(%rax)
+        vmovdqu	%ymm6, -32(%rax)
+        vmovdqu	%ymm6, (%rax)
+        vmovdqu	%ymm6, 32(%rax)
+        vmovdqu	%ymm6, 64(%rax)
+        vmovdqu	%ymm6, 96(%rax)
+        vmovdqu	%ymm5, 128(%rax)
+        vmovdqu	%ymm6, -96(%rcx)
+        vmovdqu	%ymm6, -64(%rcx)
+        vmovdqu	%ymm6, -32(%rcx)
+        vmovdqu	%ymm6, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm6, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        vmovdqu	%ymm15, %ymm10
+        vpxor	%ymm5, %ymm11, %ymm11
+        # Round 0
+        # Calc b[0..4]
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rdi), %ymm6, %ymm11
+        vpxor	(%rax), %ymm7, %ymm12
+        vpxor	-64(%rcx), %ymm8, %ymm13
+        vpxor	128(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 1
+        vpxor	-32(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rax), %ymm9, %ymm11
+        vpxor	-64(%rax), %ymm5, %ymm12
+        vpxor	128(%rax), %ymm6, %ymm13
+        vpxor	64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 2
+        vpxor	-96(%rdi), %ymm6, %ymm10
+        vpxor	96(%rdi), %ymm7, %ymm11
+        vpxor	32(%rax), %ymm8, %ymm12
+        vpxor	-32(%rcx), %ymm9, %ymm13
+        vpxor	(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 3
+        vpxor	(%rdi), %ymm9, %ymm10
+        vpxor	32(%rdi), %ymm5, %ymm11
+        vpxor	-32(%rax), %ymm6, %ymm12
+        vpxor	-96(%rcx), %ymm7, %ymm13
+        vpxor	96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 4
+        vpxor	-64(%rdi), %ymm7, %ymm10
+        vpxor	128(%rdi), %ymm8, %ymm11
+        vpxor	64(%rax), %ymm9, %ymm12
+        vpxor	96(%rax), %ymm5, %ymm13
+        vpxor	32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Round 1
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm2, %ymm12
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm3, %ymm13
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm4, %ymm14
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rax), %ymm6, %ymm11
+        vpxor	32(%rax), %ymm7, %ymm12
+        vpxor	-96(%rcx), %ymm8, %ymm13
+        vpxor	32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	32(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 1
+        vpxor	-64(%rcx), %ymm8, %ymm10
+        vpxor	64(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rdi), %ymm5, %ymm12
+        vpxor	32(%rdi), %ymm6, %ymm13
+        vpxor	64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 2
+        vpxor	64(%rdi), %ymm6, %ymm10
+        vpxor	-64(%rax), %ymm7, %ymm11
+        vpxor	-32(%rcx), %ymm8, %ymm12
+        vpxor	96(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 3
+        vpxor	128(%rcx), %ymm9, %ymm10
+        vpxor	-32(%rdi), %ymm5, %ymm11
+        vpxor	96(%rdi), %ymm6, %ymm12
+        vpxor	-32(%rax), %ymm7, %ymm13
+        vpxor	96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 4
+        vpxor	(%rax), %ymm7, %ymm10
+        vpxor	128(%rax), %ymm8, %ymm11
+        vpxor	(%rcx), %ymm9, %ymm12
+        vpxor	(%rdi), %ymm5, %ymm13
+        vpxor	128(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Round 2
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rcx), %ymm6, %ymm11
+        vpxor	-32(%rcx), %ymm7, %ymm12
+        vpxor	-32(%rax), %ymm8, %ymm13
+        vpxor	128(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	64(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 1
+        vpxor	-96(%rcx), %ymm8, %ymm10
+        vpxor	64(%rax), %ymm9, %ymm11
+        vpxor	64(%rdi), %ymm5, %ymm12
+        vpxor	-32(%rdi), %ymm6, %ymm13
+        vpxor	(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 2
+        vpxor	-96(%rax), %ymm6, %ymm10
+        vpxor	-96(%rdi), %ymm7, %ymm11
+        vpxor	96(%rcx), %ymm8, %ymm12
+        vpxor	96(%rax), %ymm9, %ymm13
+        vpxor	(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Row 3
+        vpxor	32(%rcx), %ymm9, %ymm10
+        vpxor	-64(%rcx), %ymm5, %ymm11
+        vpxor	-64(%rax), %ymm6, %ymm12
+        vpxor	96(%rdi), %ymm7, %ymm13
+        vpxor	(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 4
+        vpxor	32(%rax), %ymm7, %ymm10
+        vpxor	32(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rdi), %ymm9, %ymm12
+        vpxor	128(%rcx), %ymm5, %ymm13
+        vpxor	128(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Round 3
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm2, %ymm12
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rax), %ymm6, %ymm11
+        vpxor	96(%rcx), %ymm7, %ymm12
+        vpxor	96(%rdi), %ymm8, %ymm13
+        vpxor	128(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	96(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 1
+        vpxor	-32(%rax), %ymm8, %ymm10
+        vpxor	(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rax), %ymm5, %ymm12
+        vpxor	-64(%rcx), %ymm6, %ymm13
+        vpxor	-64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 2
+        vpxor	64(%rcx), %ymm6, %ymm10
+        vpxor	64(%rdi), %ymm7, %ymm11
+        vpxor	96(%rax), %ymm8, %ymm12
+        vpxor	(%rdi), %ymm9, %ymm13
+        vpxor	32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 3
+        vpxor	128(%rdi), %ymm9, %ymm10
+        vpxor	-96(%rcx), %ymm5, %ymm11
+        vpxor	-96(%rdi), %ymm6, %ymm12
+        vpxor	-64(%rax), %ymm7, %ymm13
+        vpxor	128(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 4
+        vpxor	-32(%rcx), %ymm7, %ymm10
+        vpxor	-32(%rdi), %ymm8, %ymm11
+        vpxor	(%rax), %ymm9, %ymm12
+        vpxor	32(%rcx), %ymm5, %ymm13
+        vpxor	32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Round 4
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm1, %ymm11
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rcx), %ymm6, %ymm11
+        vpxor	96(%rax), %ymm7, %ymm12
+        vpxor	-64(%rax), %ymm8, %ymm13
+        vpxor	32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	128(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 1
+        vpxor	96(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rdi), %ymm9, %ymm11
+        vpxor	64(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rcx), %ymm6, %ymm13
+        vpxor	(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 2
+        vpxor	64(%rax), %ymm6, %ymm10
+        vpxor	-96(%rax), %ymm7, %ymm11
+        vpxor	(%rdi), %ymm8, %ymm12
+        vpxor	128(%rcx), %ymm9, %ymm13
+        vpxor	-32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 3
+        vpxor	128(%rax), %ymm9, %ymm10
+        vpxor	-32(%rax), %ymm5, %ymm11
+        vpxor	64(%rdi), %ymm6, %ymm12
+        vpxor	-96(%rdi), %ymm7, %ymm13
+        vpxor	32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 4
+        vpxor	96(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rcx), %ymm8, %ymm11
+        vpxor	32(%rax), %ymm9, %ymm12
+        vpxor	128(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Round 5
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rdi), %ymm6, %ymm11
+        vpxor	(%rdi), %ymm7, %ymm12
+        vpxor	-96(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	160(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 1
+        vpxor	-64(%rax), %ymm8, %ymm10
+        vpxor	(%rax), %ymm9, %ymm11
+        vpxor	64(%rax), %ymm5, %ymm12
+        vpxor	-32(%rax), %ymm6, %ymm13
+        vpxor	32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 2
+        vpxor	(%rcx), %ymm6, %ymm10
+        vpxor	64(%rcx), %ymm7, %ymm11
+        vpxor	128(%rcx), %ymm8, %ymm12
+        vpxor	32(%rcx), %ymm9, %ymm13
+        vpxor	96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 3
+        vpxor	32(%rdi), %ymm9, %ymm10
+        vpxor	96(%rdi), %ymm5, %ymm11
+        vpxor	-96(%rax), %ymm6, %ymm12
+        vpxor	64(%rdi), %ymm7, %ymm13
+        vpxor	128(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 4
+        vpxor	96(%rax), %ymm7, %ymm10
+        vpxor	-96(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rcx), %ymm9, %ymm12
+        vpxor	128(%rax), %ymm5, %ymm13
+        vpxor	-64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Round 6
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rax), %ymm6, %ymm11
+        vpxor	128(%rcx), %ymm7, %ymm12
+        vpxor	64(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	192(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 1
+        vpxor	-96(%rdi), %ymm8, %ymm10
+        vpxor	32(%rax), %ymm9, %ymm11
+        vpxor	(%rcx), %ymm5, %ymm12
+        vpxor	96(%rdi), %ymm6, %ymm13
+        vpxor	-32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 2
+        vpxor	-64(%rdi), %ymm6, %ymm10
+        vpxor	64(%rax), %ymm7, %ymm11
+        vpxor	32(%rcx), %ymm8, %ymm12
+        vpxor	128(%rdi), %ymm9, %ymm13
+        vpxor	96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 3
+        vpxor	-32(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rax), %ymm5, %ymm11
+        vpxor	64(%rcx), %ymm6, %ymm12
+        vpxor	-96(%rax), %ymm7, %ymm13
+        vpxor	128(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 4
+        vpxor	(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rax), %ymm8, %ymm11
+        vpxor	96(%rcx), %ymm9, %ymm12
+        vpxor	32(%rdi), %ymm5, %ymm13
+        vpxor	-96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Round 7
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm3, %ymm13
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm1, %ymm11
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm4, %ymm14
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm2, %ymm12
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rax), %ymm6, %ymm11
+        vpxor	32(%rcx), %ymm7, %ymm12
+        vpxor	-96(%rax), %ymm8, %ymm13
+        vpxor	-96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	224(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 1
+        vpxor	64(%rdi), %ymm8, %ymm10
+        vpxor	-32(%rcx), %ymm9, %ymm11
+        vpxor	-64(%rdi), %ymm5, %ymm12
+        vpxor	-64(%rax), %ymm6, %ymm13
+        vpxor	96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 2
+        vpxor	(%rax), %ymm6, %ymm10
+        vpxor	(%rcx), %ymm7, %ymm11
+        vpxor	128(%rdi), %ymm8, %ymm12
+        vpxor	128(%rax), %ymm9, %ymm13
+        vpxor	(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 3
+        vpxor	-64(%rcx), %ymm9, %ymm10
+        vpxor	-96(%rdi), %ymm5, %ymm11
+        vpxor	64(%rax), %ymm6, %ymm12
+        vpxor	64(%rcx), %ymm7, %ymm13
+        vpxor	32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 4
+        vpxor	128(%rcx), %ymm7, %ymm10
+        vpxor	96(%rdi), %ymm8, %ymm11
+        vpxor	96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Round 8
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm3, %ymm13
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rcx), %ymm6, %ymm11
+        vpxor	128(%rdi), %ymm7, %ymm12
+        vpxor	64(%rcx), %ymm8, %ymm13
+        vpxor	-32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	256(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 1
+        vpxor	-96(%rax), %ymm8, %ymm10
+        vpxor	96(%rcx), %ymm9, %ymm11
+        vpxor	(%rax), %ymm5, %ymm12
+        vpxor	-96(%rdi), %ymm6, %ymm13
+        vpxor	96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 2
+        vpxor	32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rdi), %ymm7, %ymm11
+        vpxor	128(%rax), %ymm8, %ymm12
+        vpxor	32(%rdi), %ymm9, %ymm13
+        vpxor	128(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 3
+        vpxor	-96(%rcx), %ymm9, %ymm10
+        vpxor	64(%rdi), %ymm5, %ymm11
+        vpxor	(%rcx), %ymm6, %ymm12
+        vpxor	64(%rax), %ymm7, %ymm13
+        vpxor	-32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 4
+        vpxor	32(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rax), %ymm8, %ymm11
+        vpxor	(%rdi), %ymm9, %ymm12
+        vpxor	-64(%rcx), %ymm5, %ymm13
+        vpxor	96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Round 9
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm2, %ymm12
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rcx), %ymm6, %ymm11
+        vpxor	128(%rax), %ymm7, %ymm12
+        vpxor	64(%rax), %ymm8, %ymm13
+        vpxor	96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	288(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 1
+        vpxor	64(%rcx), %ymm8, %ymm10
+        vpxor	96(%rax), %ymm9, %ymm11
+        vpxor	32(%rax), %ymm5, %ymm12
+        vpxor	64(%rdi), %ymm6, %ymm13
+        vpxor	(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 2
+        vpxor	-32(%rcx), %ymm6, %ymm10
+        vpxor	(%rax), %ymm7, %ymm11
+        vpxor	32(%rdi), %ymm8, %ymm12
+        vpxor	-32(%rdi), %ymm9, %ymm13
+        vpxor	32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 3
+        vpxor	-32(%rax), %ymm9, %ymm10
+        vpxor	-96(%rax), %ymm5, %ymm11
+        vpxor	-64(%rdi), %ymm6, %ymm12
+        vpxor	(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 4
+        vpxor	128(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rdi), %ymm8, %ymm11
+        vpxor	128(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Round 10
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm1, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rax), %ymm6, %ymm11
+        vpxor	32(%rdi), %ymm7, %ymm12
+        vpxor	(%rcx), %ymm8, %ymm13
+        vpxor	-64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	320(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 1
+        vpxor	64(%rax), %ymm8, %ymm10
+        vpxor	(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rax), %ymm6, %ymm13
+        vpxor	128(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 2
+        vpxor	96(%rcx), %ymm6, %ymm10
+        vpxor	32(%rax), %ymm7, %ymm11
+        vpxor	-32(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rcx), %ymm9, %ymm13
+        vpxor	128(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 3
+        vpxor	96(%rdi), %ymm9, %ymm10
+        vpxor	64(%rcx), %ymm5, %ymm11
+        vpxor	(%rax), %ymm6, %ymm12
+        vpxor	-64(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 4
+        vpxor	128(%rax), %ymm7, %ymm10
+        vpxor	64(%rdi), %ymm8, %ymm11
+        vpxor	32(%rcx), %ymm9, %ymm12
+        vpxor	-32(%rax), %ymm5, %ymm13
+        vpxor	-96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Round 11
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm4, %ymm14
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rdi), %ymm7, %ymm12
+        vpxor	-64(%rdi), %ymm8, %ymm13
+        vpxor	-96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	352(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 1
+        vpxor	(%rcx), %ymm8, %ymm10
+        vpxor	128(%rcx), %ymm9, %ymm11
+        vpxor	96(%rcx), %ymm5, %ymm12
+        vpxor	64(%rcx), %ymm6, %ymm13
+        vpxor	32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 2
+        vpxor	96(%rax), %ymm6, %ymm10
+        vpxor	-32(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rcx), %ymm8, %ymm12
+        vpxor	-96(%rcx), %ymm9, %ymm13
+        vpxor	128(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 3
+        vpxor	-64(%rax), %ymm9, %ymm10
+        vpxor	64(%rax), %ymm5, %ymm11
+        vpxor	32(%rax), %ymm6, %ymm12
+        vpxor	(%rax), %ymm7, %ymm13
+        vpxor	-32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 4
+        vpxor	32(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rax), %ymm8, %ymm11
+        vpxor	128(%rdi), %ymm9, %ymm12
+        vpxor	96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Round 12
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rcx), %ymm6, %ymm11
+        vpxor	-64(%rcx), %ymm7, %ymm12
+        vpxor	(%rax), %ymm8, %ymm13
+        vpxor	64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	384(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 1
+        vpxor	-64(%rdi), %ymm8, %ymm10
+        vpxor	32(%rcx), %ymm9, %ymm11
+        vpxor	96(%rax), %ymm5, %ymm12
+        vpxor	64(%rax), %ymm6, %ymm13
+        vpxor	128(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 2
+        vpxor	(%rdi), %ymm6, %ymm10
+        vpxor	96(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rcx), %ymm8, %ymm12
+        vpxor	-32(%rax), %ymm9, %ymm13
+        vpxor	32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 3
+        vpxor	-96(%rdi), %ymm9, %ymm10
+        vpxor	(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rcx), %ymm6, %ymm12
+        vpxor	32(%rax), %ymm7, %ymm13
+        vpxor	96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 4
+        vpxor	-32(%rdi), %ymm7, %ymm10
+        vpxor	64(%rcx), %ymm8, %ymm11
+        vpxor	128(%rax), %ymm9, %ymm12
+        vpxor	-64(%rax), %ymm5, %ymm13
+        vpxor	-96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Round 13
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm3, %ymm13
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm2, %ymm12
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm1, %ymm11
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rcx), %ymm7, %ymm12
+        vpxor	32(%rax), %ymm8, %ymm13
+        vpxor	-96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	416(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 1
+        vpxor	(%rax), %ymm8, %ymm10
+        vpxor	128(%rdi), %ymm9, %ymm11
+        vpxor	(%rdi), %ymm5, %ymm12
+        vpxor	(%rcx), %ymm6, %ymm13
+        vpxor	128(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 2
+        vpxor	128(%rcx), %ymm6, %ymm10
+        vpxor	96(%rax), %ymm7, %ymm11
+        vpxor	-32(%rax), %ymm8, %ymm12
+        vpxor	96(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 3
+        vpxor	64(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rdi), %ymm5, %ymm11
+        vpxor	96(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 4
+        vpxor	-64(%rcx), %ymm7, %ymm10
+        vpxor	64(%rax), %ymm8, %ymm11
+        vpxor	32(%rdi), %ymm9, %ymm12
+        vpxor	-96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Round 14
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm3, %ymm13
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rax), %ymm7, %ymm12
+        vpxor	-32(%rcx), %ymm8, %ymm13
+        vpxor	64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	448(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 1
+        vpxor	32(%rax), %ymm8, %ymm10
+        vpxor	128(%rax), %ymm9, %ymm11
+        vpxor	128(%rcx), %ymm5, %ymm12
+        vpxor	-64(%rdi), %ymm6, %ymm13
+        vpxor	32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 2
+        vpxor	32(%rcx), %ymm6, %ymm10
+        vpxor	(%rdi), %ymm7, %ymm11
+        vpxor	96(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rax), %ymm9, %ymm13
+        vpxor	-64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 3
+        vpxor	-96(%rax), %ymm9, %ymm10
+        vpxor	(%rax), %ymm5, %ymm11
+        vpxor	96(%rax), %ymm6, %ymm12
+        vpxor	96(%rcx), %ymm7, %ymm13
+        vpxor	-96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 4
+        vpxor	-96(%rcx), %ymm7, %ymm10
+        vpxor	(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rdi), %ymm9, %ymm12
+        vpxor	64(%rdi), %ymm5, %ymm13
+        vpxor	64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Round 15
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm2, %ymm12
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rax), %ymm6, %ymm11
+        vpxor	96(%rdi), %ymm7, %ymm12
+        vpxor	96(%rcx), %ymm8, %ymm13
+        vpxor	64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	480(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 1
+        vpxor	-32(%rcx), %ymm8, %ymm10
+        vpxor	32(%rdi), %ymm9, %ymm11
+        vpxor	32(%rcx), %ymm5, %ymm12
+        vpxor	(%rax), %ymm6, %ymm13
+        vpxor	-32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 2
+        vpxor	128(%rdi), %ymm6, %ymm10
+        vpxor	128(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rax), %ymm8, %ymm12
+        vpxor	-96(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 3
+        vpxor	64(%rcx), %ymm9, %ymm10
+        vpxor	32(%rax), %ymm5, %ymm11
+        vpxor	(%rdi), %ymm6, %ymm12
+        vpxor	96(%rax), %ymm7, %ymm13
+        vpxor	64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 4
+        vpxor	-32(%rax), %ymm7, %ymm10
+        vpxor	-64(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rax), %ymm5, %ymm13
+        vpxor	(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Round 16
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rax), %ymm7, %ymm12
+        vpxor	96(%rax), %ymm8, %ymm13
+        vpxor	(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	512(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 1
+        vpxor	96(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rdi), %ymm9, %ymm11
+        vpxor	128(%rdi), %ymm5, %ymm12
+        vpxor	32(%rax), %ymm6, %ymm13
+        vpxor	-64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 2
+        vpxor	128(%rax), %ymm6, %ymm10
+        vpxor	32(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rdi), %ymm8, %ymm12
+        vpxor	64(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 3
+        vpxor	64(%rax), %ymm9, %ymm10
+        vpxor	-32(%rcx), %ymm5, %ymm11
+        vpxor	128(%rcx), %ymm6, %ymm12
+        vpxor	(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 4
+        vpxor	96(%rdi), %ymm7, %ymm10
+        vpxor	(%rax), %ymm8, %ymm11
+        vpxor	-96(%rcx), %ymm9, %ymm12
+        vpxor	64(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Round 17
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm4, %ymm14
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rdi), %ymm6, %ymm11
+        vpxor	-96(%rdi), %ymm7, %ymm12
+        vpxor	(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	544(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 1
+        vpxor	96(%rax), %ymm8, %ymm10
+        vpxor	-64(%rcx), %ymm9, %ymm11
+        vpxor	128(%rax), %ymm5, %ymm12
+        vpxor	-32(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 2
+        vpxor	32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rdi), %ymm7, %ymm11
+        vpxor	64(%rdi), %ymm8, %ymm12
+        vpxor	-96(%rax), %ymm9, %ymm13
+        vpxor	96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 3
+        vpxor	(%rcx), %ymm9, %ymm10
+        vpxor	96(%rcx), %ymm5, %ymm11
+        vpxor	32(%rcx), %ymm6, %ymm12
+        vpxor	128(%rcx), %ymm7, %ymm13
+        vpxor	64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 4
+        vpxor	-64(%rax), %ymm7, %ymm10
+        vpxor	32(%rax), %ymm8, %ymm11
+        vpxor	-32(%rax), %ymm9, %ymm12
+        vpxor	64(%rax), %ymm5, %ymm13
+        vpxor	(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Round 18
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rcx), %ymm6, %ymm11
+        vpxor	64(%rdi), %ymm7, %ymm12
+        vpxor	128(%rcx), %ymm8, %ymm13
+        vpxor	(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	576(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 1
+        vpxor	(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rcx), %ymm9, %ymm11
+        vpxor	32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rcx), %ymm6, %ymm13
+        vpxor	-32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 2
+        vpxor	-32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rax), %ymm7, %ymm11
+        vpxor	-96(%rax), %ymm8, %ymm12
+        vpxor	64(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 3
+        vpxor	-64(%rdi), %ymm9, %ymm10
+        vpxor	96(%rax), %ymm5, %ymm11
+        vpxor	128(%rdi), %ymm6, %ymm12
+        vpxor	32(%rcx), %ymm7, %ymm13
+        vpxor	64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 4
+        vpxor	-96(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rcx), %ymm8, %ymm11
+        vpxor	96(%rdi), %ymm9, %ymm12
+        vpxor	(%rcx), %ymm5, %ymm13
+        vpxor	32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Round 19
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm4, %ymm14
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm1, %ymm11
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm3, %ymm13
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rax), %ymm7, %ymm12
+        vpxor	32(%rcx), %ymm8, %ymm13
+        vpxor	32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	608(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 1
+        vpxor	128(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rax), %ymm9, %ymm11
+        vpxor	-32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rax), %ymm6, %ymm13
+        vpxor	96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 2
+        vpxor	-64(%rcx), %ymm6, %ymm10
+        vpxor	32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rcx), %ymm8, %ymm12
+        vpxor	64(%rax), %ymm9, %ymm13
+        vpxor	-96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 3
+        vpxor	(%rax), %ymm9, %ymm10
+        vpxor	(%rdi), %ymm5, %ymm11
+        vpxor	128(%rax), %ymm6, %ymm12
+        vpxor	128(%rdi), %ymm7, %ymm13
+        vpxor	(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 4
+        vpxor	64(%rdi), %ymm7, %ymm10
+        vpxor	96(%rcx), %ymm8, %ymm11
+        vpxor	-64(%rax), %ymm9, %ymm12
+        vpxor	-64(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Round 20
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm3, %ymm13
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rax), %ymm6, %ymm11
+        vpxor	64(%rcx), %ymm7, %ymm12
+        vpxor	128(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	640(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 1
+        vpxor	32(%rcx), %ymm8, %ymm10
+        vpxor	96(%rdi), %ymm9, %ymm11
+        vpxor	-64(%rcx), %ymm5, %ymm12
+        vpxor	(%rdi), %ymm6, %ymm13
+        vpxor	-64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 2
+        vpxor	-96(%rcx), %ymm6, %ymm10
+        vpxor	-32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rax), %ymm8, %ymm12
+        vpxor	(%rcx), %ymm9, %ymm13
+        vpxor	64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 3
+        vpxor	32(%rax), %ymm9, %ymm10
+        vpxor	128(%rcx), %ymm5, %ymm11
+        vpxor	32(%rdi), %ymm6, %ymm12
+        vpxor	128(%rax), %ymm7, %ymm13
+        vpxor	-64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 4
+        vpxor	-96(%rax), %ymm7, %ymm10
+        vpxor	96(%rax), %ymm8, %ymm11
+        vpxor	-96(%rdi), %ymm9, %ymm12
+        vpxor	(%rax), %ymm5, %ymm13
+        vpxor	96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Round 21
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rdi), %ymm6, %ymm11
+        vpxor	64(%rax), %ymm7, %ymm12
+        vpxor	128(%rax), %ymm8, %ymm13
+        vpxor	96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	672(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 1
+        vpxor	128(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rax), %ymm9, %ymm11
+        vpxor	-96(%rcx), %ymm5, %ymm12
+        vpxor	128(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 2
+        vpxor	-32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rcx), %ymm7, %ymm11
+        vpxor	(%rcx), %ymm8, %ymm12
+        vpxor	-64(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 3
+        vpxor	-32(%rcx), %ymm9, %ymm10
+        vpxor	32(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rdi), %ymm6, %ymm12
+        vpxor	32(%rdi), %ymm7, %ymm13
+        vpxor	(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, (%rax)
+        # Row 4
+        vpxor	64(%rcx), %ymm7, %ymm10
+        vpxor	(%rdi), %ymm8, %ymm11
+        vpxor	64(%rdi), %ymm9, %ymm12
+        vpxor	32(%rax), %ymm5, %ymm13
+        vpxor	96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Round 22
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm1, %ymm11
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rax), %ymm6, %ymm11
+        vpxor	(%rcx), %ymm7, %ymm12
+        vpxor	32(%rdi), %ymm8, %ymm13
+        vpxor	96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	704(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 1
+        vpxor	128(%rax), %ymm8, %ymm10
+        vpxor	-96(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rax), %ymm5, %ymm12
+        vpxor	32(%rcx), %ymm6, %ymm13
+        vpxor	64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 2
+        vpxor	96(%rdi), %ymm6, %ymm10
+        vpxor	-96(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rdi), %ymm8, %ymm12
+        vpxor	(%rax), %ymm9, %ymm13
+        vpxor	64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 3
+        vpxor	96(%rcx), %ymm9, %ymm10
+        vpxor	128(%rdi), %ymm5, %ymm11
+        vpxor	-64(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rdi), %ymm7, %ymm13
+        vpxor	32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 4
+        vpxor	64(%rax), %ymm7, %ymm10
+        vpxor	128(%rcx), %ymm8, %ymm11
+        vpxor	-96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rcx), %ymm5, %ymm13
+        vpxor	(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rdi)
+        # Round 23
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm4, %ymm14
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rdi), %ymm7, %ymm12
+        vpxor	-32(%rdi), %ymm8, %ymm13
+        vpxor	(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	736(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 1
+        vpxor	32(%rdi), %ymm8, %ymm10
+        vpxor	64(%rdi), %ymm9, %ymm11
+        vpxor	96(%rdi), %ymm5, %ymm12
+        vpxor	128(%rdi), %ymm6, %ymm13
+        vpxor	-96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 2
+        vpxor	-64(%rax), %ymm6, %ymm10
+        vpxor	-32(%rax), %ymm7, %ymm11
+        vpxor	(%rax), %ymm8, %ymm12
+        vpxor	32(%rax), %ymm9, %ymm13
+        vpxor	64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 3
+        vpxor	96(%rax), %ymm9, %ymm10
+        vpxor	128(%rax), %ymm5, %ymm11
+        vpxor	-96(%rcx), %ymm6, %ymm12
+        vpxor	-64(%rcx), %ymm7, %ymm13
+        vpxor	-32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 4
+        vpxor	(%rcx), %ymm7, %ymm10
+        vpxor	32(%rcx), %ymm8, %ymm11
+        vpxor	64(%rcx), %ymm9, %ymm12
+        vpxor	96(%rcx), %ymm5, %ymm13
+        vpxor	128(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        subq	$0x80, %rdi
+        vmovdqu	%ymm15, (%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_sha3_256_blocksx4_seed_avx2,.-kyber_sha3_256_blocksx4_seed_avx2
+#endif /* __APPLE__ */
+#endif /* HAVE_INTEL_AVX2 */
+#endif /* WOLFSSL_WC_KYBER */
 
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_poly.c b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_poly.c
index dfb10ace..fe140f40 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_poly.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_kyber_poly.c
@@ -1,6 +1,6 @@
 /* wc_kyber_poly.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,3020 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include <wolfssl/wolfcrypt/settings.h>
+/* Implementation based on NIST 3rd Round submission package.
+ * See link at:
+ *   https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
+ */
+
+/* Implementation of the functions that operate on polynomials or vectors of
+ * polynomials.
+ */
+
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_WC_KYBER
+
+#ifdef USE_INTEL_SPEEDUP
+static word32 cpuid_flags = 0;
+#endif
+
+/* Half of Q plus one. Converted message bit value of 1. */
+#define KYBER_Q_1_HALF      ((KYBER_Q + 1) / 2)
+/* Half of Q */
+#define KYBER_Q_HALF        (KYBER_Q / 2)
+
+
+/* q^-1 mod 2^16 (inverse of 3329 mod 16384) */
+#define KYBER_QINV       62209
+
+/* Used in Barrett Reduction:
+ *    r = a mod q
+ * => r = a - ((V * a) >> 26) * q), as V based on 2^26
+ * V is the mulitplier that gets the quotient after shifting.
+ */
+#define KYBER_V          (((1U << 26) + (KYBER_Q / 2)) / KYBER_Q)
+
+/* Used in converting to Montgomery form.
+ * f is the normalizer = 2^k % m.
+ * 16-bit value cast to sword32 in use.
+ */
+#define KYBER_F          ((1ULL << 32) % KYBER_Q)
+
+/* Number of bytes in an output block of SHA-3-128 */
+#define SHA3_128_BYTES   (WC_SHA3_128_COUNT * 8)
+/* Number of bytes in an output block of SHA-3-256 */
+#define SHA3_256_BYTES   (WC_SHA3_256_COUNT * 8)
+
+/* Number of blocks to generate for matrix. */
+#define GEN_MATRIX_NBLOCKS \
+    ((12 * KYBER_N / 8 * (1 << 12) / KYBER_Q + XOF_BLOCK_SIZE) / XOF_BLOCK_SIZE)
+/* Number of bytes to generate for matrix. */
+#define GEN_MATRIX_SIZE     GEN_MATRIX_NBLOCKS * XOF_BLOCK_SIZE
+
+
+/* Number of random bytes to generate for ETA3. */
+#define ETA3_RAND_SIZE     ((3 * KYBER_N) / 4)
+/* Number of random bytes to generate for ETA2. */
+#define ETA2_RAND_SIZE     ((2 * KYBER_N) / 4)
+
+
+/* Montgomery reduce a.
+ *
+ * @param  [in]  a  32-bit value to be reduced.
+ * @return  Montgomery reduction result.
+ */
+#define KYBER_MONT_RED(a) \
+    (sword16)(((a) - (sword32)(((sword16)((sword16)(a) * \
+                                (sword16)KYBER_QINV)) * \
+                               (sword32)KYBER_Q)) >> 16)
+
+/* Barrett reduce a. r = a mod q.
+ *
+ * Converted division to multiplication.
+ *
+ * @param  [in]  a  16-bit value to be reduced to range of q.
+ * @return  Modulo result.
+ */
+#define KYBER_BARRETT_RED(a) \
+    (sword16)((sword16)(a) - (sword16)((sword16)( \
+        ((sword32)((sword32)KYBER_V * (sword16)(a))) >> 26) * (word16)KYBER_Q))
+
+
+/* Zetas for NTT. */
+const sword16 zetas[KYBER_N / 2] = {
+    2285, 2571, 2970, 1812, 1493, 1422,  287,  202, 3158,  622, 1577,  182,
+     962, 2127, 1855, 1468,  573, 2004,  264,  383, 2500, 1458, 1727, 3199,
+    2648, 1017,  732,  608, 1787,  411, 3124, 1758, 1223,  652, 2777, 1015,
+    2036, 1491, 3047, 1785,  516, 3321, 3009, 2663, 1711, 2167,  126, 1469,
+    2476, 3239, 3058,  830,  107, 1908, 3082, 2378, 2931,  961, 1821, 2604,
+     448, 2264,  677, 2054, 2226,  430,  555,  843, 2078,  871, 1550,  105,
+     422,  587,  177, 3094, 3038, 2869, 1574, 1653, 3083,  778, 1159, 3182,
+    2552, 1483, 2727, 1119, 1739,  644, 2457,  349,  418,  329, 3173, 3254,
+     817, 1097,  603,  610, 1322, 2044, 1864,  384, 2114, 3193, 1218, 1994,
+    2455,  220, 2142, 1670, 2144, 1799, 2051,  794, 1819, 2475, 2459,  478,
+     3221, 3021,  996,  991,  958, 1869, 1522, 1628
+};
+
+/* Zetas for inverse NTT. */
+const sword16 zetas_inv[KYBER_N / 2] = {
+    1701, 1807, 1460, 2371, 2338, 2333,  308,  108, 2851,  870,  854, 1510,
+    2535, 1278, 1530, 1185, 1659, 1187, 3109,  874, 1335, 2111,  136, 1215,
+    2945, 1465, 1285, 2007, 2719, 2726, 2232, 2512,   75,  156, 3000, 2911,
+    2980,  872, 2685, 1590, 2210,  602, 1846,  777,  147, 2170, 2551,  246,
+    1676, 1755,  460,  291,  235, 3152, 2742, 2907, 3224, 1779, 2458, 1251,
+    2486, 2774, 2899, 1103, 1275, 2652, 1065, 2881,  725, 1508, 2368,  398,
+     951,  247, 1421, 3222, 2499,  271,   90,  853, 1860, 3203, 1162, 1618,
+     666,  320,    8, 2813, 1544,  282, 1838, 1293, 2314,  552, 2677, 2106,
+    1571,  205, 2918, 1542, 2721, 2597, 2312,  681,  130, 1602, 1871,  829,
+    2946, 3065, 1325, 2756, 1861, 1474, 1202, 2367, 3147, 1752, 2707,  171,
+    3127, 3042, 1907, 1836, 1517,  359,  758, 1441
+};
+
+
+/* Number-Theoretic Transform.
+ *
+ * @param  [in, out]  r  Polynomial to transform.
+ */
+static void kyber_ntt(sword16* r)
+{
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+
+    k = 1;
+    for (len = KYBER_N / 2; len >= 2; len >>= 1) {
+        unsigned int start;
+        for (start = 0; start < KYBER_N; start = j + len) {
+            sword16 zeta = zetas[k++];
+            for (j = start; j < start + len; ++j) {
+                sword32 p = (sword32)zeta * r[j + len];
+                sword16 t = KYBER_MONT_RED(p);
+                sword16 rj = r[j];
+                r[j + len] = rj - t;
+                r[j] = rj + t;
+            }
+        }
+    }
+
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < KYBER_N; ++j) {
+        r[j] = KYBER_BARRETT_RED(r[j]);
+    }
+#else
+    unsigned int len;
+    unsigned int k = 1;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta = zetas[k++];
+
+    for (j = 0; j < KYBER_N / 2; ++j) {
+        sword32 p = (sword32)zeta * r[j + KYBER_N / 2];
+        sword16 t = KYBER_MONT_RED(p);
+        sword16 rj = r[j];
+        r[j + KYBER_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+    for (len = KYBER_N / 4; len >= 2; len >>= 1) {
+        for (start = 0; start < KYBER_N; start = j + len) {
+            zeta = zetas[k++];
+            for (j = start; j < start + len; ++j) {
+                sword32 p = (sword32)zeta * r[j + len];
+                sword16 t = KYBER_MONT_RED(p);
+                sword16 rj = r[j];
+                r[j + len] = rj - t;
+                r[j] = rj + t;
+            }
+        }
+    }
+
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < KYBER_N; ++j) {
+        r[j] = KYBER_BARRETT_RED(r[j]);
+    }
+#endif
+}
+
+/* Inverse Number-Theoretic Transform.
+ *
+ * @param  [in, out]  r  Polynomial to transform.
+ */
+static void kyber_invntt(sword16* r)
+{
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+    sword16 zeta;
+
+    k = 0;
+    for (len = 2; len <= KYBER_N / 2; len <<= 1) {
+        unsigned int start;
+        for (start = 0; start < KYBER_N; start = j + len) {
+            zeta = zetas_inv[k++];
+            for (j = start; j < start + len; ++j) {
+                sword32 p;
+                sword16 rj = r[j];
+                sword16 rjl = r[j + len];
+                sword16 t = rj + rjl;
+                r[j] = KYBER_BARRETT_RED(t);
+                rjl = rj - rjl;
+                p = (sword32)zeta * rjl;
+                r[j + len] = KYBER_MONT_RED(p);
+            }
+        }
+    }
+
+    zeta = zetas_inv[127];
+    for (j = 0; j < KYBER_N; ++j) {
+        sword32 p = (sword32)zeta * r[j];
+        r[j] = KYBER_MONT_RED(p);
+    }
+#else
+    unsigned int k;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta;
+    sword16 zeta2;
+
+    k = 0;
+    for (start = 0; start < KYBER_N; start += 2 * 2) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 2; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 2];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 2] = KYBER_MONT_RED(p);
+        }
+    }
+    for (start = 0; start < KYBER_N; start += 2 * 4) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 4; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 4];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 4] = KYBER_MONT_RED(p);
+        }
+    }
+    for (start = 0; start < KYBER_N; start += 2 * 8) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 8; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 8];
+            sword16 t = rj + rjl;
+            /* Reduce. */
+            r[start + j] = KYBER_BARRETT_RED(t);
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 8] = KYBER_MONT_RED(p);
+        }
+    }
+    for (start = 0; start < KYBER_N; start += 2 * 16) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 16; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 16];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 16] = KYBER_MONT_RED(p);
+        }
+    }
+    for (start = 0; start < KYBER_N; start += 2 * 32) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 32; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 32];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 32] = KYBER_MONT_RED(p);
+        }
+    }
+    for (start = 0; start < KYBER_N; start += 2 * 64) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 64; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 64];
+            sword16 t = rj + rjl;
+            /* Reduce. */
+            r[start + j] = KYBER_BARRETT_RED(t);
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 64] = KYBER_MONT_RED(p);
+        }
+    }
+    zeta = zetas_inv[126];
+    zeta2 = zetas_inv[127];
+    for (j = 0; j < KYBER_N / 2; ++j) {
+        sword32 p;
+        sword16 rj = r[j];
+        sword16 rjl = r[j + KYBER_N / 2];
+        sword16 t = rj + rjl;
+        rjl = rj - rjl;
+        p = (sword32)zeta * rjl;
+        r[j] = t;
+        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
+
+        p = (sword32)zeta2 * r[j];
+        r[j] = KYBER_MONT_RED(p);
+        p = (sword32)zeta2 * r[j + KYBER_N / 2];
+        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
+    }
+#endif
+}
+
+/* Multiplication of polynomials in Zq[X]/(X^2-zeta).
+ *
+ * Used for multiplication of elements in Rq in NTT domain.
+ *
+ * @param  [out]  r     Result polynomial.
+ * @param  [in]   a     First factor.
+ * @param  [in]   b     Second factor.
+ * @param  [in]   zeta  Integer defining the reduction polynomial.
+ */
+static void kyber_basemul(sword16* r, const sword16* a, const sword16* b,
+    sword16 zeta)
+{
+    sword16 r0;
+    sword16 a0 = a[0];
+    sword16 a1 = a[1];
+    sword16 b0 = b[0];
+    sword16 b1 = b[1];
+    sword32 p1;
+    sword32 p2;
+
+    p1   = (sword32)a1 * b1;
+    p2   = (sword32)a0 * b0;
+    r0   = KYBER_MONT_RED(p1);
+    p1   = (sword32)zeta * r0;
+    p1  += p2;
+    r[0] = KYBER_MONT_RED(p1);
+
+    p1   = (sword32)a0 * b1;
+    p2   = (sword32)a1 * b0;
+    p1  += p2;
+    r[1] = KYBER_MONT_RED(p1);
+}
+
+/* Multiply two polynomials in NTT domain. r = a * b.
+ *
+ * @param  [out]  r  Result polynomial.
+ * @param  [in]   a  First polynomial multiplier.
+ * @param  [in]   b  Second polynomial multiplier.
+ */
+static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+{
+    unsigned int i;
+    const sword16* zeta = zetas + 64;
+
+#ifdef WOLFSSL_KYBER_SMALL
+    for (i = 0; i < KYBER_N; i += 4, zeta++) {
+        kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
+    }
+#else
+    for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
+        kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
+        kyber_basemul(r + i + 4, a + i + 4, b + i + 4,  zeta[1]);
+        kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]);
+    }
+#endif
+}
+
+/* Multiply two polynomials in NTT domain and add to result. r += a * b.
+ *
+ * @param  [in, out]  r  Result polynomial.
+ * @param  [in]       a  First polynomial multiplier.
+ * @param  [in]       b  Second polynomial multiplier.
+ */
+static void kyber_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b)
+{
+    unsigned int i;
+    const sword16* zeta = zetas + 64;
+
+#ifdef WOLFSSL_KYBER_SMALL
+    for (i = 0; i < KYBER_N; i += 4, zeta++) {
+        sword16 t0[2];
+        sword16 t2[2];
+
+        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+    }
+#else
+    for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
+        sword16 t0[2];
+        sword16 t2[2];
+        sword16 t4[2];
+        sword16 t6[2];
+
+        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+        kyber_basemul(t4, a + i + 4, b + i + 4,  zeta[1]);
+        kyber_basemul(t6, a + i + 6, b + i + 6, -zeta[1]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+        r[i + 4] += t4[0];
+        r[i + 5] += t4[1];
+        r[i + 6] += t6[0];
+        r[i + 7] += t6[1];
+    }
+#endif
+}
+
+/* Pointwise multiply elements of a and b, into r, and multiply by 2^-16.
+ *
+ * @param  [out]  r   Result polynomial.
+ * @param  [in]   a   First vector polynomial to multiply with.
+ * @param  [in]   b   Second vector polynomial to multiply with.
+ * @param  [in]   kp  Number of polynomials in vector.
+ */
+static void kyber_pointwise_acc_mont(sword16* r, const sword16* a,
+    const sword16* b, unsigned int kp)
+{
+    unsigned int i;
+
+    kyber_basemul_mont(r, a, b);
+    for (i = 1; i < kp - 1; ++i) {
+        kyber_basemul_mont_add(r, a + i * KYBER_N, b + i * KYBER_N);
+    }
+    kyber_basemul_mont_add(r, a + (kp - 1) * KYBER_N, b + (kp - 1) * KYBER_N);
+}
+
+/******************************************************************************/
+
+/* Initialize Kyber implementation.
+ */
+void kyber_init(void)
+{
+#ifdef USE_INTEL_SPEEDUP
+    cpuid_flags = cpuid_get_flags();
+#endif
+}
+
+/******************************************************************************/
+
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * @param  [in, out]  priv  Private key vector of polynomials.
+ * @param  [out]      pub   Public key vector of polynomials.
+ * @param  [in]       e     Error values as a vector of polynomials. Modified.
+ * @param  [in]       a     Random values in an array of vectors of polynomials.
+ * @param  [in]       kp    Number of polynomials in vector.
+ */
+static void kyber_keygen_c(sword16* priv, sword16* pub, sword16* e,
+    const sword16* a, int kp)
+{
+    int i;
+
+    /* Transform private key. All of result used in public key calculation */
+    for (i = 0; i < kp; ++i) {
+        kyber_ntt(priv + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < kp; ++i) {
+        unsigned int j;
+
+        /* Multiply a by private into public polynomial. */
+        kyber_pointwise_acc_mont(pub + i * KYBER_N, a + i * kp * KYBER_N, priv,
+            kp);
+        /* Convert public polynomial to Montgomery form. */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword32 t = pub[i * KYBER_N + j] * (sword32)KYBER_F;
+            pub[i * KYBER_N + j] = KYBER_MONT_RED(t);
+        }
+        /* Transform error values polynomial. */
+        kyber_ntt(e + i * KYBER_N);
+        /* Add errors to public key and reduce. */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword16 t = pub[i * KYBER_N + j] + e[i * KYBER_N + j];
+            pub[i * KYBER_N + j] = KYBER_BARRETT_RED(t);
+        }
+    }
+}
+
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * @param  [in, out]  priv  Private key vector of polynomials.
+ * @param  [out]      pub   Public key vector of polynomials.
+ * @param  [in]       e     Error values as a vector of polynomials. Modified.
+ * @param  [in]       a     Random values in an array of vectors of polynomials.
+ * @param  [in]       kp    Number of polynomials in vector.
+ */
+void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
+    int kp)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_keygen_avx2(priv, pub, e, a, kp);
+    }
+    else
+#endif
+    {
+        kyber_keygen_c(priv, pub, e, a, kp);
+    }
+}
+
+/* Encapsuluate message.
+ *
+ * @param  [in]   pub  Public key vector of polynomials.
+ * @param  [out]  bp   Vector of polynomials.
+ * @param  [out]  v    Polynomial.
+ * @param  [in]   at   Array of vector of polynomials.
+ * @param  [in]   sp   Vector of polynomials.
+ * @param  [in]   ep   Error Vector of polynomials.
+ * @param  [in]   epp  Error polynomial.
+ * @param  [in]   m    Message polynomial.
+ * @param  [in]   kp   Number of polynomials in vector.
+ */
+static void kyber_encapsulate_c(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp)
+{
+    int i;
+
+    /* Transform sp. All of result used in calculation of bp and v. */
+    for (i = 0; i < kp; ++i) {
+        kyber_ntt(sp + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < kp; ++i) {
+        unsigned int j;
+
+        /* Multiply at by sp into bp polynomial. */
+        kyber_pointwise_acc_mont(bp + i * KYBER_N, at +  i * kp * KYBER_N, sp,
+            kp);
+        /* Inverse transform bp polynomial. */
+        kyber_invntt(bp + i * KYBER_N);
+        /* Add errors to bp and reduce. */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword16 t = bp[i * KYBER_N + j] + ep[i * KYBER_N + j];
+            bp[i * KYBER_N + j] = KYBER_BARRETT_RED(t);
+        }
+    }
+
+    /* Multiply public key by sp into v polynomial. */
+    kyber_pointwise_acc_mont(v, pub, sp, kp);
+    /* Inverse transform v. */
+    kyber_invntt(v);
+    /* Add errors and message to v and reduce. */
+    for (i = 0; i < KYBER_N; ++i) {
+        sword16 t = v[i] + epp[i] + m[i];
+        v[i] = KYBER_BARRETT_RED(t);
+    }
+}
+
+
+/* Encapsulate message.
+ *
+ * @param  [in]   pub  Public key vector of polynomials.
+ * @param  [out]  bp   Vector of polynomials.
+ * @param  [out]  v    Polynomial.
+ * @param  [in]   at   Array of vector of polynomials.
+ * @param  [in]   sp   Vector of polynomials.
+ * @param  [in]   ep   Error Vector of polynomials.
+ * @param  [in]   epp  Error polynomial.
+ * @param  [in]   m    Message polynomial.
+ * @param  [in]   kp   Number of polynomials in vector.
+ */
+void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_encapsulate_avx2(pub, bp, v, at, sp, ep, epp, m, kp);
+    }
+    else
+#endif
+    {
+        kyber_encapsulate_c(pub, bp, v, at, sp, ep, epp, m, kp);
+    }
+}
+
+/* Decapsulate message.
+ *
+ * @param  [in]   priv  Private key vector of polynomials.
+ * @param  [out]  mp    Message polynomial.
+ * @param  [in]   bp    Vector of polynomials containing error.
+ * @param  [in]   v     Encapsulated message polynomial.
+ * @param  [in]   kp    Number of polynomials in vector.
+ */
+static void kyber_decapsulate_c(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp)
+{
+    int i;
+
+    /* Transform bp. All of result used in calculation of mp. */
+    for (i = 0; i < kp; ++i) {
+        kyber_ntt(bp + i * KYBER_N);
+    }
+
+    /* Multiply private key by bp into mp polynomial. */
+    kyber_pointwise_acc_mont(mp, priv, bp, kp);
+    /* Inverse transform mp. */
+    kyber_invntt(mp);
+    /* Subtract errors (mp) out of v and reduce into mp. */
+    for (i = 0; i < KYBER_N; ++i) {
+        sword16 t = v[i] - mp[i];
+        mp[i] = KYBER_BARRETT_RED(t);
+    }
+}
+
+/* Decapsulate message.
+ *
+ * @param  [in]   priv  Private key vector of polynomials.
+ * @param  [out]  mp    Message polynomial.
+ * @param  [in]   bp    Vector of polynomials containing error.
+ * @param  [in]   v     Encapsulated message polynomial.
+ * @param  [in]   kp    Number of polynomials in vector.
+ */
+void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_decapsulate_avx2(priv, mp, bp, v, kp);
+    }
+    else
+#endif
+    {
+        kyber_decapsulate_c(priv, mp, bp, v, kp);
+    }
+}
+
+/******************************************************************************/
+
+#ifdef USE_INTEL_SPEEDUP
+#ifdef WOLFSSL_KYBER512
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    if (!transposed) {
+        state[4*4 + 0] = 0x1f0000 + 0x000;
+        state[4*4 + 1] = 0x1f0000 + 0x001;
+        state[4*4 + 2] = 0x1f0000 + 0x100;
+        state[4*4 + 3] = 0x1f0000 + 0x101;
+    }
+    else {
+        state[4*4 + 0] = 0x1f0000 + 0x000;
+        state[4*4 + 1] = 0x1f0000 + 0x100;
+        state[4*4 + 2] = 0x1f0000 + 0x001;
+        state[4*4 + 3] = 0x1f0000 + 0x101;
+    }
+
+    kyber_sha3_128_blocksx4_seed_avx2(state, seed);
+    kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+        rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+        rand + 3 * GEN_MATRIX_SIZE);
+    for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+        kyber_sha3_blocksx4_avx2(state);
+        kyber_redistribute_21_rand_avx2(state, rand + i + 0 * GEN_MATRIX_SIZE,
+            rand + i + 1 * GEN_MATRIX_SIZE, rand + i + 2 * GEN_MATRIX_SIZE,
+            rand + i + 3 * GEN_MATRIX_SIZE);
+    }
+
+    /* Sample random bytes to create a polynomial. */
+    p = rand;
+    ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    /* Create more blocks if too many rejected. */
+    while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
+           (ctr3 < KYBER_N)) {
+        kyber_sha3_blocksx4_avx2(state);
+        kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+            rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+            rand + 3 * GEN_MATRIX_SIZE);
+
+        p = rand;
+        ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0, KYBER_N - ctr0,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1, KYBER_N - ctr1,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2, KYBER_N - ctr2,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3, KYBER_N - ctr3,
+            p, XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#ifdef WOLFSSL_KYBER768
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 2; k++) {
+        for (i = 0; i < 4; i++) {
+            if (!transposed) {
+                state[4*4 + i] = 0x1f0000 + (((k*4+i)/3) << 8) + ((k*4+i)%3);
+            }
+            else {
+                state[4*4 + i] = 0x1f0000 + (((k*4+i)%3) << 8) + ((k*4+i)/3);
+            }
+        }
+
+        kyber_sha3_128_blocksx4_seed_avx2(state, seed);
+        kyber_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
+               (ctr3 < KYBER_N)) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+                rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3,
+                KYBER_N - ctr3, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 4 * KYBER_N;
+    }
+
+    state[0] = ((word64*)seed)[0];
+    state[1] = ((word64*)seed)[1];
+    state[2] = ((word64*)seed)[2];
+    state[3] = ((word64*)seed)[3];
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (2 << 8) + 2;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = 0x8000000000000000UL;
+    for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags)) {
+            sha3_block_avx2(state);
+        }
+        else {
+            BlockSha3(state);
+        }
+        XMEMCPY(rand + i, state, SHA3_128_BYTES);
+    }
+    ctr0 = kyber_rej_uniform_n_avx2(a, KYBER_N, rand, GEN_MATRIX_SIZE);
+    while (ctr0 < KYBER_N) {
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags)) {
+            sha3_block_avx2(state);
+        }
+        else {
+            BlockSha3(state);
+        }
+        XMEMCPY(rand, state, SHA3_128_BYTES);
+        ctr0 += kyber_rej_uniform_avx2(a + ctr0, KYBER_N - ctr0, rand,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+#ifdef WOLFSSL_KYBER1024
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 4; k++) {
+        for (i = 0; i < 4; i++) {
+            if (!transposed) {
+                state[4*4 + i] = 0x1f0000 + (k << 8) + i;
+            }
+            else {
+                state[4*4 + i] = 0x1f0000 + (i << 8) + k;
+            }
+        }
+
+        kyber_sha3_128_blocksx4_seed_avx2(state, seed);
+        kyber_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
+               (ctr3 < KYBER_N)) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+                rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3,
+                KYBER_N - ctr3, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 4 * KYBER_N;
+    }
+
+    return 0;
+}
+#endif /* KYBER1024 */
+#endif /* USE_INTEL_SPEEDUP */
+
+/* Absorb the seed data for squeezing out pseudo-random data.
+ *
+ * @param  [in, out]  shake128  SHAKE-128 object.
+ * @param  [in]       seed      Data to absorb.
+ * @param  [in]       len       Length of data to absorb in bytes.
+ * @return  0 on success always.
+ */
+static int kyber_xof_absorb(wc_Shake* shake128, byte* seed, int len)
+{
+    int ret;
+
+    ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_Shake128_Absorb(shake128, seed, len);
+    }
+
+    return ret;
+}
+
+/* Squeeze the state to produce pseudo-random data.
+ *
+ * @param  [in, out]  shake128  SHAKE-128 object.
+ * @param  [out]      out       Buffer to write to.
+ * @param  [in]       blocks    Number of blocks to write.
+ * @return  0 on success always.
+ */
+static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
+{
+    return wc_Shake128_SqueezeBlocks(shake128, out, blocks);
+}
+
+/* Initialize SHAKE-256 object.
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ */
+void kyber_prf_init(wc_Shake* prf)
+{
+    XMEMSET(prf->s, 0, sizeof(prf->s));
+}
+
+/* New/Initialize SHAKE-256 object.
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ * @param  [in]       heap      Dynamic memory allocator hint.
+ * @param  [in]       devId     Device id.
+ * @return  0 on success always.
+ */
+int kyber_prf_new(wc_Shake* prf, void* heap, int devId)
+{
+    return wc_InitShake256(prf, heap, devId);
+}
+
+/* Free SHAKE-256 object.
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ */
+void kyber_prf_free(wc_Shake* prf)
+{
+    wc_Shake256_Free(prf);
+}
+
+/* Create pseudo-random data from the key using SHAKE-256.
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ * @param  [out]      out       Buffer to write to.
+ * @param  [in]       outLen    Number of bytes to write.
+ * @param  [in]       key       Data to derive from. Must be KYBER_SYM_SZ + 1
+ *                              bytes in length.
+ * @return  0 on success always.
+ */
+static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
+    const byte* key)
+{
+#ifdef USE_INTEL_SPEEDUP
+    int i;
+    word64 state[25];
+
+    (void)shake256;
+
+    for (i = 0; i < KYBER_SYM_SZ / 8; i++) {
+        state[i] = ((word64*)key)[i];
+    }
+    state[KYBER_SYM_SZ / 8] = 0x1f00 | key[KYBER_SYM_SZ];
+    XMEMSET(state + KYBER_SYM_SZ / 8 + 1, 0,
+        (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64));
+    state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL;
+
+    if (IS_INTEL_BMI2(cpuid_flags)) {
+        sha3_block_bmi2(state);
+    }
+    else if (IS_INTEL_AVX2(cpuid_flags)) {
+        sha3_block_avx2(state);
+    }
+    else {
+        BlockSha3(state);
+    }
+    XMEMCPY(out, state, outLen);
+
+    return 0;
+#else
+    int ret;
+
+    ret = wc_Shake256_Update(shake256, key, KYBER_SYM_SZ + 1);
+    if (ret == 0) {
+        ret = wc_Shake256_Final(shake256, out, outLen);
+    }
+
+    return ret;
+#endif
+}
+
+#ifdef USE_INTEL_SPEEDUP
+/* Create pseudo-random key from the seed using SHAKE-256.
+ *
+ * @param  [in]  seed      Data to derive from.
+ * @param  [in]  seedLen   Length of data to derive from in bytes.
+ * @param  [out] out       Buffer to write to.
+ * @param  [in]  outLen    Number of bytes to derive.
+ * @return  0 on success always.
+ */
+int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen)
+{
+    word64 state[25];
+    int i;
+    int len64 = seedLen / 8;
+
+    for (i = 0; i < len64; i++) {
+        state[i] = ((word64*)seed)[i];
+    }
+    state[len64] = 0x1f;
+    XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
+    state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL;
+
+    if (IS_INTEL_BMI2(cpuid_flags)) {
+        sha3_block_bmi2(state);
+    }
+    else if (IS_INTEL_AVX2(cpuid_flags)) {
+        sha3_block_avx2(state);
+    }
+    else {
+        BlockSha3(state);
+    }
+    XMEMCPY(out, state, outLen);
+
+    return 0;
+}
+#endif
+
+/* Rejection sampling on uniform random bytes to generate uniform random
+ * integers mod q.
+ *
+ * @param  [out]  p     Uniform random integers mod q.
+ * @param  [in]   len   Maximum number of integers.
+ * @param  [in]   r     Uniform random bytes buffer.
+ * @param  [in]   rLen  Length of random data in buffer.
+ * @return  Number of integers sampled.
+ */
+static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen)
+{
+    unsigned int i;
+    unsigned int j;
+
+    /* Keep sampling until maximum number of integers reached or buffer used up.
+     */
+    for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) {
+        /* Use 24 bits (3 bytes) as two 12 bits integers. */
+        sword16 v0 = ((r[0] >> 0) | ((word16)r[1] << 8)) & 0xFFF;
+        sword16 v1 = ((r[1] >> 4) | ((word16)r[2] << 4)) & 0xFFF;
+
+        /* Reject first 12-bit integer if greater than or equal to q. */
+        if (v0 < KYBER_Q) {
+            p[i++] = v0;
+        }
+        /* Check second if we don't have enough integers yet.
+         * Reject second 12-bit integer if greater than or equal to q. */
+        if ((i < len) && (v1 < KYBER_Q)) {
+            p[i++] = v1;
+        }
+
+        /* Move over used bytes. */
+        r += 3;
+    }
+
+    return i;
+}
+
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   kp          Number of dimensions. kp x kp polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
+    int transposed)
+{
+#ifdef WOLFSSL_SMALL_STACK
+    byte* rand;
+#else
+    byte rand[GEN_MATRIX_SIZE + 2];
+#endif
+    byte extSeed[KYBER_SYM_SZ + 2];
+    int ret = 0;
+    int i;
+
+    XMEMCPY(extSeed, seed, KYBER_SYM_SZ);
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate large amount of memory to hold random bytes to be samples. */
+    rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (rand == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+    /* Generate each vector of polynomials. */
+    for (i = 0; (ret == 0) && (i < kp); i++, a += kp * KYBER_N) {
+        int j;
+        /* Generate each polynomial in vector from seed with indices. */
+        for (j = 0; (ret == 0) && (j < kp); j++) {
+            if (transposed) {
+                extSeed[KYBER_SYM_SZ + 0] = i;
+                extSeed[KYBER_SYM_SZ + 1] = j;
+            }
+            else {
+                extSeed[KYBER_SYM_SZ + 0] = j;
+                extSeed[KYBER_SYM_SZ + 1] = i;
+            }
+            /* Absorb the index specific seed. */
+            ret = kyber_xof_absorb(prf, extSeed, sizeof(extSeed));
+            if (ret == 0) {
+                /* Create out based on the seed. */
+                ret = kyber_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS);
+            }
+            if (ret == 0) {
+            #if (GEN_MATRIX_SIZE % 3) != 0
+                unsigned int randLen;
+            #endif
+                unsigned int ctr;
+
+                /* Sample random bytes to create a polynomial. */
+                ctr = kyber_rej_uniform_c(a + j * KYBER_N, KYBER_N, rand,
+                    GEN_MATRIX_SIZE);
+                /* Create more blocks if too many rejected. */
+            #if (GEN_MATRIX_SIZE % 3) != 0
+                randLen = GEN_MATRIX_SIZE;
+                while (ctr < KYBER_N) {
+                    int off = randLen % 3;
+                    int k;
+                    for (k = 0; k < off; k++) {
+                        rand[k] = rand[randLen - off + k];
+                    }
+                    kyber_xof_squeezeblocks(prf, rand + off, 1);
+                    randLen = off + XOF_BLOCK_SIZE;
+                    ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
+                        KYBER_N - ctr, rand, randLen);
+                }
+            #else
+                while (ctr < KYBER_N) {
+                    kyber_xof_squeezeblocks(prf, rand, 1);
+                    ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
+                        KYBER_N - ctr, rand, XOF_BLOCK_SIZE);
+                }
+            #endif
+            }
+        }
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of temporary buffer. */
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   kp          Number of dimensions. kp x kp polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
+    int transposed)
+{
+    int ret;
+
+#ifdef WOLFSSL_KYBER512
+    if (kp == KYBER512_K) {
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags)) {
+            ret = kyber_gen_matrix_k2_avx2(a, seed, transposed);
+        }
+        else
+    #endif
+        {
+            ret = kyber_gen_matrix_c(prf, a, KYBER512_K, seed, transposed);
+        }
+    }
+    else
+#endif
+#ifdef WOLFSSL_KYBER768
+    if (kp == KYBER768_K) {
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags)) {
+            ret = kyber_gen_matrix_k3_avx2(a, seed, transposed);
+        }
+        else
+    #endif
+        {
+            ret = kyber_gen_matrix_c(prf, a, KYBER768_K, seed, transposed);
+        }
+    }
+    else
+#endif
+#ifdef WOLFSSL_KYBER1024
+    if (kp == KYBER1024_K) {
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags)) {
+            ret = kyber_gen_matrix_k4_avx2(a, seed, transposed);
+        }
+        else
+    #endif
+        {
+            ret = kyber_gen_matrix_c(prf, a, KYBER1024_K, seed, transposed);
+        }
+    }
+    else
+#endif
+    {
+        ret = BAD_STATE_E;
+    }
+
+    return ret;
+}
+
+/******************************************************************************/
+
+/* Subtract one 2 bit value from another out of a larger number.
+ *
+ * @param  [in]  d  Value containing sequential 2 bit values.
+ * @param  [in]  i  Start index of the two values in 2 bits each.
+ * @return  Difference of the two values with range 0..2.
+ */
+#define ETA2_SUB(d, i) \
+    (((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \
+     ((sword16)(((d) >> ((i) * 4 + 2)) & 0x3)))
+
+/* Compute polynomial with coefficients distributed according to a centered
+ * binomial distribution with parameter eta2 from uniform random bytes.
+ *
+ * @param [out]  p  Polynomial computed.
+ * @param [in]   r  Random bytes.
+ */
+static void kyber_cbd_eta2(sword16* p, const byte* r)
+{
+    unsigned int i;
+
+#ifndef WORD64_AVAILABLE
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 4 bytes, little endian, as a 32 bit value. */
+    #ifdef BIG_ENDIAN_ORDER
+        word32 t = ByteReverseWord32(*(word32*)r);
+    #else
+        word32 t = *(word32*)r;
+    #endif
+        word32 d;
+        /* Add second bits to first. */
+        d  = (t >> 0) & 0x55555555;
+        d += (t >> 1) & 0x55555555;
+        /* Values 0, 1 or 2 in consecutive 2 bits.
+         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 8; j++) {
+            p[i + j] = ETA2_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA2_SUB(d, 0);
+        p[i + 1] = ETA2_SUB(d, 1);
+        p[i + 2] = ETA2_SUB(d, 2);
+        p[i + 3] = ETA2_SUB(d, 3);
+        p[i + 4] = ETA2_SUB(d, 4);
+        p[i + 5] = ETA2_SUB(d, 5);
+        p[i + 6] = ETA2_SUB(d, 6);
+        p[i + 7] = ETA2_SUB(d, 7);
+    #endif
+        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
+
+        /* Move over used bytes. */
+        r += 4;
+    }
+#else
+    /* Calculate sixteen integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 16) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 8 bytes, little endian, as a 64 bit value. */
+    #ifdef BIG_ENDIAN_ORDER
+        word64 t = ByteReverseWord64(*(word64*)r);
+    #else
+        word64 t = *(word64*)r;
+    #endif
+        word64 d;
+        /* Add second bits to first. */
+        d  = (t >> 0) & 0x5555555555555555L;
+        d += (t >> 1) & 0x5555555555555555L;
+        /* Values 0, 1 or 2 in consecutive 2 bits.
+         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 16; j++) {
+            p[i + j] = ETA2_SUB(d, j);
+        }
+    #else
+        p[i +  0] = ETA2_SUB(d,  0);
+        p[i +  1] = ETA2_SUB(d,  1);
+        p[i +  2] = ETA2_SUB(d,  2);
+        p[i +  3] = ETA2_SUB(d,  3);
+        p[i +  4] = ETA2_SUB(d,  4);
+        p[i +  5] = ETA2_SUB(d,  5);
+        p[i +  6] = ETA2_SUB(d,  6);
+        p[i +  7] = ETA2_SUB(d,  7);
+        p[i +  8] = ETA2_SUB(d,  8);
+        p[i +  9] = ETA2_SUB(d,  9);
+        p[i + 10] = ETA2_SUB(d, 10);
+        p[i + 11] = ETA2_SUB(d, 11);
+        p[i + 12] = ETA2_SUB(d, 12);
+        p[i + 13] = ETA2_SUB(d, 13);
+        p[i + 14] = ETA2_SUB(d, 14);
+        p[i + 15] = ETA2_SUB(d, 15);
+    #endif
+        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
+
+        /* Move over used bytes. */
+        r += 8;
+    }
+#endif
+}
+
+#ifdef WOLFSSL_KYBER512
+/* Subtract one 3 bit value from another out of a larger number.
+ *
+ * @param  [in]  d  Value containing sequential 3 bit values.
+ * @param  [in]  i  Start index of the two values in 3 bits each.
+ * @return  Difference of the two values with range 0..3.
+ */
+#define ETA3_SUB(d, i) \
+    (((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \
+     ((sword16)(((d) >> ((i) * 6 + 3)) & 0x7)))
+
+/* Compute polynomial with coefficients distributed according to a centered
+ * binomial distribution with parameter eta3 from uniform random bytes.
+ *
+ * @param [out]  p  Polynomial computed.
+ * @param [in]   r  Random bytes.
+ */
+static void kyber_cbd_eta3(sword16* p, const byte* r)
+{
+    unsigned int i;
+
+#ifndef WORD64_AVAILABLE
+    /* Calculate four integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 4) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 3 bytes, little endian, as a 24 bit value. */
+        word32 t = (((word32)(r[0])) <<  0) |
+                   (((word32)(r[1])) <<  8) |
+                   (((word32)(r[2])) << 16);
+        word32 d;
+        /* Add second and third bits to first. */
+        d  = (t >> 0) & 0x00249249;
+        d += (t >> 1) & 0x00249249;
+        d += (t >> 2) & 0x00249249;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 4; j++) {
+            p[i + j] = ETA3_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA3_SUB(d, 0);
+        p[i + 1] = ETA3_SUB(d, 1);
+        p[i + 2] = ETA3_SUB(d, 2);
+        p[i + 3] = ETA3_SUB(d, 3);
+    #endif
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 3;
+    }
+#else
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 6 bytes, little endian, as a 48 bit value. */
+        word64 t = (((word64)(r[0])) <<  0) |
+                   (((word64)(r[1])) <<  8) |
+                   (((word64)(r[2])) << 16) |
+                   (((word64)(r[3])) << 24) |
+                   (((word64)(r[4])) << 32) |
+                   (((word64)(r[5])) << 40);
+        word64 d;
+        /* Add second and third bits to first. */
+        d  = (t >> 0) & 0x0000249249249249L;
+        d += (t >> 1) & 0x0000249249249249L;
+        d += (t >> 2) & 0x0000249249249249L;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 8; j++) {
+            p[i + j] = ETA3_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA3_SUB(d, 0);
+        p[i + 1] = ETA3_SUB(d, 1);
+        p[i + 2] = ETA3_SUB(d, 2);
+        p[i + 3] = ETA3_SUB(d, 3);
+        p[i + 4] = ETA3_SUB(d, 4);
+        p[i + 5] = ETA3_SUB(d, 5);
+        p[i + 6] = ETA3_SUB(d, 6);
+        p[i + 7] = ETA3_SUB(d, 7);
+    #endif
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 6;
+    }
+#endif
+}
+#endif
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Psuedo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @param  [in]       eta1  Size of noise/error integers.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p,
+    const byte* seed, byte eta1)
+{
+    int ret;
+
+    (void)eta1;
+
+#ifdef WOLFSSL_KYBER512
+    if (eta1 == KYBER_CBD_ETA3) {
+        byte rand[ETA3_RAND_SIZE];
+
+        /* Calculate random bytes from seed with PRF. */
+        ret = kyber_prf(prf, rand, sizeof(rand), seed);
+        if (ret == 0) {
+            /* Sample for values in range -3..3 from 3 bits of random. */
+            kyber_cbd_eta3(p, rand);
+         }
+    }
+    else
+#endif
+    {
+        byte rand[ETA2_RAND_SIZE];
+
+        /* Calculate random bytes from seed with PRF. */
+        ret = kyber_prf(prf, rand, sizeof(rand), seed);
+        if (ret == 0) {
+            /* Sample for values in range -2..2 from 2 bits of random. */
+            kyber_cbd_eta2(p, rand);
+        }
+    }
+
+    return ret;
+}
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution. Values -2..2
+ *
+ * @param  [in, out]  prf   Psuedo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p,
+    const byte* seed)
+{
+    int ret;
+    byte rand[ETA2_RAND_SIZE];
+
+    /* Calculate random bytes from seed with PRF. */
+    ret = kyber_prf(prf, rand, sizeof(rand), seed);
+    if (ret == 0) {
+        kyber_cbd_eta2(p, rand);
+    }
+
+    return ret;
+}
+
+#ifdef USE_INTEL_SPEEDUP
+#define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_KYBER1024)
+/* Get the noise/error by calculating random bytes.
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o)
+{
+    int i;
+    word64 state[25 * 4];
+
+    for (i = 0; i < 4; i++) {
+        state[4*4 + i] = 0x1f00 + i + o;
+    }
+
+    kyber_sha3_256_blocksx4_seed_avx2(state, seed);
+    kyber_redistribute_16_rand_avx2(state, rand + 0 * ETA2_RAND_SIZE,
+        rand + 1 * ETA2_RAND_SIZE, rand + 2 * ETA2_RAND_SIZE,
+        rand + 3 * ETA2_RAND_SIZE);
+}
+#endif
+
+#ifdef WOLFSSL_KYBER512
+/* Get the noise/error by calculating random bytes.
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x4_eta3_avx2(byte* rand, byte* seed)
+{
+    word64 state[25 * 4];
+    int i;
+
+    state[4*4 + 0] = 0x1f00 + 0;
+    state[4*4 + 1] = 0x1f00 + 1;
+    state[4*4 + 2] = 0x1f00 + 2;
+    state[4*4 + 3] = 0x1f00 + 3;
+
+    kyber_sha3_256_blocksx4_seed_avx2(state, seed);
+    kyber_redistribute_17_rand_avx2(state, rand + 0 * PRF_RAND_SZ,
+        rand + 1 * PRF_RAND_SZ, rand + 2 * PRF_RAND_SZ,
+        rand + 3 * PRF_RAND_SZ);
+    i = SHA3_256_BYTES;
+    kyber_sha3_blocksx4_avx2(state);
+    kyber_redistribute_8_rand_avx2(state, rand + i + 0 * PRF_RAND_SZ,
+        rand + i + 1 * PRF_RAND_SZ, rand + i + 2 * PRF_RAND_SZ,
+        rand + i + 3 * PRF_RAND_SZ);
+}
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution. Values -2..2
+ *
+ * @param  [in, out]  prf   Psuedo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_eta2_avx2(KYBER_PRF_T* prf, sword16* p,
+    const byte* seed)
+{
+    int ret;
+    byte rand[ETA2_RAND_SIZE];
+
+    /* Calculate random bytes from seed with PRF. */
+    ret = kyber_prf(prf, rand, sizeof(rand), seed);
+    if (ret == 0) {
+        kyber_cbd_eta2_avx2(p, rand);
+    }
+
+    return ret;
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Psuedo-random function object.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k2_avx2(KYBER_PRF_T* prf, sword16* vec1,
+    sword16* vec2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[4 * PRF_RAND_SZ];
+
+    kyber_get_noise_x4_eta3_avx2(rand, seed);
+    kyber_cbd_eta3_avx2(vec1          , rand + 0 * PRF_RAND_SZ);
+    kyber_cbd_eta3_avx2(vec1 + KYBER_N, rand + 1 * PRF_RAND_SZ);
+    if (poly == NULL) {
+        kyber_cbd_eta3_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
+        kyber_cbd_eta3_avx2(vec2 + KYBER_N, rand + 3 * PRF_RAND_SZ);
+    }
+    else {
+        kyber_cbd_eta2_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
+        kyber_cbd_eta2_avx2(vec2 + KYBER_N, rand + 3 * PRF_RAND_SZ);
+
+        seed[KYBER_SYM_SZ] = 4;
+        ret = kyber_get_noise_eta2_avx2(prf, poly, seed);
+    }
+
+    return ret;
+}
+#endif
+
+#ifdef WOLFSSL_KYBER768
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly,
+    byte* seed)
+{
+    byte rand[4 * ETA2_RAND_SIZE];
+
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 0);
+    kyber_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2              , rand + 3 * ETA2_RAND_SIZE);
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 4);
+    kyber_cbd_eta2_avx2(vec2 + 1 * KYBER_N, rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 2 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    if (poly != NULL) {
+        kyber_cbd_eta2_avx2(poly, rand + 2 * ETA2_RAND_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#ifdef WOLFSSL_KYBER1024
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Psuedo-random function object.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k4_avx2(KYBER_PRF_T* prf, sword16* vec1,
+    sword16* vec2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[4 * ETA2_RAND_SIZE];
+
+    (void)prf;
+
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 0);
+    kyber_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 3 * KYBER_N, rand + 3 * ETA2_RAND_SIZE);
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 4);
+    kyber_cbd_eta2_avx2(vec2              , rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 3 * KYBER_N, rand + 3 * ETA2_RAND_SIZE);
+    if (poly != NULL) {
+        seed[KYBER_SYM_SZ] = 8;
+        ret = kyber_get_noise_eta2_c(prf, poly, seed);
+    }
+
+    return ret;
+}
+#endif
+#endif /* USE_INTEL_SPEEDUP */
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Psuedo-random function object.
+ * @param  [in]       kp    Number of polynomials in vector.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [in]       eta1  Size of noise/error integers with first vector.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [in]       eta2  Size of noise/error integers with second vector.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_c(KYBER_PRF_T* prf, int kp, sword16* vec1, int eta1,
+    sword16* vec2, int eta2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    int i;
+
+    /* First noise generation has a seed with 0x00 appended. */
+    seed[KYBER_SYM_SZ] = 0;
+    /* Generate noise as private key. */
+    for (i = 0; (ret == 0) && (i < kp); i++) {
+        /* Generate noise for each dimension of vector. */
+        ret = kyber_get_noise_eta1_c(prf, vec1 + i * KYBER_N, seed, eta1);
+        /* Increment value of appended byte. */
+        seed[KYBER_SYM_SZ]++;
+    }
+    /* Generate noise for error. */
+    for (i = 0; (ret == 0) && (i < kp); i++) {
+        /* Generate noise for each dimension of vector. */
+        ret = kyber_get_noise_eta1_c(prf, vec2 + i * KYBER_N, seed, eta2);
+        /* Increment value of appended byte. */
+        seed[KYBER_SYM_SZ]++;
+    }
+    if ((ret == 0) && (poly != NULL)) {
+        /* Generating random error polynomial. */
+        ret = kyber_get_noise_eta2_c(prf, poly, seed);
+    }
+
+    return ret;
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Psuedo-random function object.
+ * @param  [in]       kp    Number of polynomials in vector.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1,
+    sword16* vec2, sword16* poly, byte* seed)
+{
+    int ret;
+
+#ifdef WOLFSSL_KYBER512
+    if (kp == KYBER512_K) {
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags)) {
+            ret = kyber_get_noise_k2_avx2(prf, vec1, vec2, poly, seed);
+        }
+        else
+    #endif
+        if (poly == NULL) {
+            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA3, vec2,
+                KYBER_CBD_ETA3, NULL, seed);
+        }
+        else {
+            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA3, vec2,
+                KYBER_CBD_ETA2, poly, seed);
+        }
+    }
+    else
+#endif
+#ifdef WOLFSSL_KYBER768
+    if (kp == KYBER768_K) {
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags)) {
+            ret = kyber_get_noise_k3_avx2(vec1, vec2, poly, seed);
+        }
+        else
+    #endif
+        {
+            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2,
+                KYBER_CBD_ETA2, poly, seed);
+        }
+    }
+    else
+#endif
+#ifdef WOLFSSL_KYBER1024
+    if (kp == KYBER1024_K) {
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags)) {
+            ret = kyber_get_noise_k4_avx2(prf, vec1, vec2, poly, seed);
+        }
+        else
+    #endif
+        {
+            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2,
+                KYBER_CBD_ETA2, poly, seed);
+        }
+    }
+    else
+#endif
+    {
+        ret = BAD_STATE_E;
+    }
+
+    return ret;
+}
+
+/******************************************************************************/
+
+/* Compare two byte arrays of equal size.
+ *
+ * @param [in]  a   First array to compare.
+ * @param [in]  b   Second array to compare.
+ * @param [in]  sz  Size of arrays in bytes.
+ * @return  0 on success.
+ * @return  -1 on failure.
+ */
+static int kyber_cmp_c(const byte* a, const byte* b, int sz)
+{
+    int i;
+    byte r = 0;
+
+    /* Constant time comparison of the encapsulated message and cipher text. */
+    for (i = 0; i < sz; i++) {
+        r |= a[i] ^ b[i];
+    }
+    return 0 - ((-(word32)r) >> 31);
+}
+
+/* Compare two byte arrays of equal size.
+ *
+ * @param [in]  a   First array to compare.
+ * @param [in]  b   Second array to compare.
+ * @param [in]  sz  Size of arrays in bytes.
+ * @return  0 on success.
+ * @return  -1 on failure.
+ */
+int kyber_cmp(const byte* a, const byte* b, int sz)
+{
+    int fail;
+
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        fail = kyber_cmp_avx2(a, b, sz);
+    }
+    else
+#endif
+    {
+        fail = kyber_cmp_c(a, b, sz);
+    }
+
+    return fail;
+}
+
+/******************************************************************************/
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+static KYBER_NOINLINE void kyber_csubq_c(sword16* p)
+{
+    unsigned int i;
+
+    for (i = 0; i < KYBER_N; ++i) {
+        sword16 t = p[i] - KYBER_Q;
+        /* When top bit set, -ve number - need to add q back. */
+        p[i] = ((t >> 15) & KYBER_Q) + t;
+    }
+}
+
+/******************************************************************************/
+
+#if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE)
+
+/* Compress value.
+ *
+ * Uses div operator that may be slow.
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  s  Shift amount to apply to value being compressed.
+ * @param  [in]  m  Mask to apply get the require number of bits.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_VEC(v, i, j, k, s, m) \
+    ((((word32)v[i * KYBER_N + j + k] << s) + KYBER_Q_HALF) / KYBER_Q) & m
+
+/* Compress value to 10 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_10(v, i, j, k) \
+    TO_COMP_WORD_VEC(v, i, j, k, 10, 0x3ff)
+
+/* Compress value to 11 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_11(v, i, j, k) \
+    TO_COMP_WORD_VEC(v, i, j, k, 11, 0x7ff)
+
+#else
+
+/* Multiplier that does div q.
+ * ((1 << 53) + KYBER_Q_HALF) / KYBER_Q
+ */
+#define KYBER_V53         0x275f6ed0176UL
+/* Multiplier times half of q.
+ * KYBER_V53 * (KYBER_Q_HALF + 1)
+ */
+#define KYBER_V53_HALF    0x10013afb768076UL
+
+/* Multiplier that does div q.
+ * ((1 << 54) + KYBER_Q_HALF) / KYBER_Q
+ */
+#define KYBER_V54         0x4ebedda02ecUL
+/* Multiplier times half of q.
+ * KYBER_V54 * (KYBER_Q_HALF + 1)
+ */
+#define KYBER_V54_HALF    0x200275f6ed00ecUL
+
+/* Compress value to 10 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_10(v, i, j, k) \
+    ((((KYBER_V54 << 10) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V54_HALF) >> 54)
+
+/* Compress value to 11 bits.
+ *
+ * Uses mul instead of div.
+ * Only works for values in range: 0..3228
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_11(v, i, j, k) \
+    ((((KYBER_V53 << 11) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V53_HALF) >> 53)
+
+#endif /* CONV_WITH_DIV */
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+/* Compress the vector of polynomials into a byte array with 10 bits each.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ * @param  [in]   kp      Number of polynomials in vector.
+ */
+static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int k;
+#endif
+
+    for (i = 0; i < kp; i++) {
+        /* Reduce each coefficient to mod q. */
+        kyber_csubq_c(v + i * KYBER_N);
+        /* All values are now positive. */
+    }
+
+    /* Each polynomial. */
+    for (i = 0; i < kp; i++) {
+        /* Each 4 polynomial coefficients. */
+        for (j = 0; j < KYBER_N; j += 4) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            sword16 t[4];
+            /* Compress four polynomial values to 10 bits each. */
+            for (k = 0; k < 4; k++) {
+                t[k] = TO_COMP_WORD_10(v, i, j, k);
+            }
+
+            /* Pack four 10-bit values into byte array. */
+            r[ 0] = (t[0] >> 0);
+            r[ 1] = (t[0] >> 8) | (t[1] << 2);
+            r[ 2] = (t[1] >> 6) | (t[2] << 4);
+            r[ 3] = (t[2] >> 4) | (t[3] << 6);
+            r[ 4] = (t[3] >> 2);
+        #else
+            /* Compress four polynomial values to 10 bits each. */
+            sword16 t0 = TO_COMP_WORD_10(v, i, j, 0);
+            sword16 t1 = TO_COMP_WORD_10(v, i, j, 1);
+            sword16 t2 = TO_COMP_WORD_10(v, i, j, 2);
+            sword16 t3 = TO_COMP_WORD_10(v, i, j, 3);
+
+            /* Pack four 10-bit values into byte array. */
+            r[ 0] = (t0 >> 0);
+            r[ 1] = (t0 >> 8) | (t1 << 2);
+            r[ 2] = (t1 >> 6) | (t2 << 4);
+            r[ 3] = (t2 >> 4) | (t3 << 6);
+            r[ 4] = (t3 >> 2);
+        #endif
+
+            /* Move over set bytes. */
+            r += 5;
+        }
+    }
+}
+
+/* Compress the vector of polynomials into a byte array with 10 bits each.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ * @param  [in]   kp      Number of polynomials in vector.
+ */
+void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_compress_10_avx2(r, v, kp);
+    }
+    else
+#endif
+    {
+        kyber_vec_compress_10_c(r, v, kp);
+    }
+}
+#endif
+
+#ifdef WOLFSSL_KYBER1024
+/* Compress the vector of polynomials into a byte array with 11 bits each.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ */
+static void kyber_vec_compress_11_c(byte* r, sword16* v)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int k;
+#endif
+
+    for (i = 0; i < 4; i++) {
+        /* Reduce each coefficient to mod q. */
+        kyber_csubq_c(v + i * KYBER_N);
+        /* All values are now positive. */
+    }
+
+    /* Each polynomial. */
+    for (i = 0; i < 4; i++) {
+        /* Each 8 polynomial coefficients. */
+        for (j = 0; j < KYBER_N; j += 8) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            sword16 t[8];
+            /* Compress eight polynomial values to 11 bits each. */
+            for (k = 0; k < 8; k++) {
+                t[k] = TO_COMP_WORD_11(v, i, j, k);
+            }
+
+            /* Pack eight 11-bit values into byte array. */
+            r[ 0] = (t[0] >>  0);
+            r[ 1] = (t[0] >>  8) | (t[1] << 3);
+            r[ 2] = (t[1] >>  5) | (t[2] << 6);
+            r[ 3] = (t[2] >>  2);
+            r[ 4] = (t[2] >> 10) | (t[3] << 1);
+            r[ 5] = (t[3] >>  7) | (t[4] << 4);
+            r[ 6] = (t[4] >>  4) | (t[5] << 7);
+            r[ 7] = (t[5] >>  1);
+            r[ 8] = (t[5] >>  9) | (t[6] << 2);
+            r[ 9] = (t[6] >>  6) | (t[7] << 5);
+            r[10] = (t[7] >>  3);
+        #else
+            /* Compress eight polynomial values to 11 bits each. */
+            sword16 t0 = TO_COMP_WORD_11(v, i, j, 0);
+            sword16 t1 = TO_COMP_WORD_11(v, i, j, 1);
+            sword16 t2 = TO_COMP_WORD_11(v, i, j, 2);
+            sword16 t3 = TO_COMP_WORD_11(v, i, j, 3);
+            sword16 t4 = TO_COMP_WORD_11(v, i, j, 4);
+            sword16 t5 = TO_COMP_WORD_11(v, i, j, 5);
+            sword16 t6 = TO_COMP_WORD_11(v, i, j, 6);
+            sword16 t7 = TO_COMP_WORD_11(v, i, j, 7);
+
+            /* Pack eight 11-bit values into byte array. */
+            r[ 0] = (t0 >>  0);
+            r[ 1] = (t0 >>  8) | (t1 << 3);
+            r[ 2] = (t1 >>  5) | (t2 << 6);
+            r[ 3] = (t2 >>  2);
+            r[ 4] = (t2 >> 10) | (t3 << 1);
+            r[ 5] = (t3 >>  7) | (t4 << 4);
+            r[ 6] = (t4 >>  4) | (t5 << 7);
+            r[ 7] = (t5 >>  1);
+            r[ 8] = (t5 >>  9) | (t6 << 2);
+            r[ 9] = (t6 >>  6) | (t7 << 5);
+            r[10] = (t7 >>  3);
+        #endif
+
+            /* Move over set bytes. */
+            r += 11;
+        }
+    }
+}
+
+/* Compress the vector of polynomials into a byte array with 11 bits each.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ */
+void kyber_vec_compress_11(byte* r, sword16* v)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_compress_11_avx2(r, v, 4);
+    }
+    else
+#endif
+    {
+        kyber_vec_compress_11_c(r, v);
+    }
+}
+#endif
+
+/* Decompress a 10 bit value.
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_10(v, i, j, k, t) \
+    v[(i) * KYBER_N + 4 * (j) + (k)] = \
+        (word16)((((word32)((t) & 0x3ff) * KYBER_Q) + 512) >> 10)
+
+/* Decompress an 11 bit value.
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_11(v, i, j, k, t) \
+    v[(i) * KYBER_N + 8 * (j) + (k)] = \
+        (word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11)
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+/* Decompress the byte array of packed 10 bits into vector of polynomials.
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ * @param  [in]   kp      Number of polynomials in vector.
+ */
+static void kyber_vec_decompress_10_c(sword16* v, const unsigned char* b,
+    unsigned int kp)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int k;
+#endif
+
+    /* Each polynomial. */
+    for (i = 0; i < kp; i++) {
+        /* Each 4 polynomial coefficients. */
+        for (j = 0; j < KYBER_N / 4; j++) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            word16 t[4];
+            /* Extract out 4 values of 10 bits each. */
+            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            t[1] = (b[1] >> 2) | ((word16)b[ 2] << 6);
+            t[2] = (b[2] >> 4) | ((word16)b[ 3] << 4);
+            t[3] = (b[3] >> 6) | ((word16)b[ 4] << 2);
+            b += 5;
+
+            /* Decompress 4 values. */
+            for (k = 0; k < 4; k++) {
+                DECOMP_10(v, i, j, k, t[k]);
+            }
+        #else
+            /* Extract out 4 values of 10 bits each. */
+            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            sword16 t1 = (b[1] >> 2) | ((word16)b[ 2] << 6);
+            sword16 t2 = (b[2] >> 4) | ((word16)b[ 3] << 4);
+            sword16 t3 = (b[3] >> 6) | ((word16)b[ 4] << 2);
+            b += 5;
+
+            /* Decompress 4 values. */
+            DECOMP_10(v, i, j, 0, t0);
+            DECOMP_10(v, i, j, 1, t1);
+            DECOMP_10(v, i, j, 2, t2);
+            DECOMP_10(v, i, j, 3, t3);
+        #endif
+        }
+    }
+}
+
+/* Decompress the byte array of packed 10 bits into vector of polynomials.
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ * @param  [in]   kp      Number of polynomials in vector.
+ */
+void kyber_vec_decompress_10(sword16* v, const unsigned char* b,
+    unsigned int kp)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_decompress_10_avx2(v, b, kp);
+    }
+    else
+#endif
+    {
+        kyber_vec_decompress_10_c(v, b, kp);
+    }
+}
+#endif
+#ifdef WOLFSSL_KYBER1024
+/* Decompress the byte array of packed 11 bits into vector of polynomials.
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ */
+static void kyber_vec_decompress_11_c(sword16* v, const unsigned char* b)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int k;
+#endif
+
+    /* Each polynomial. */
+    for (i = 0; i < 4; i++) {
+        /* Each 8 polynomial coefficients. */
+        for (j = 0; j < KYBER_N / 8; j++) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            word16 t[8];
+            /* Extract out 8 values of 11 bits each. */
+            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            t[1] = (b[1] >> 3) | ((word16)b[ 2] << 5);
+            t[2] = (b[2] >> 6) | ((word16)b[ 3] << 2) |
+                   ((word16)b[4] << 10);
+            t[3] = (b[4] >> 1) | ((word16)b[ 5] << 7);
+            t[4] = (b[5] >> 4) | ((word16)b[ 6] << 4);
+            t[5] = (b[6] >> 7) | ((word16)b[ 7] << 1) |
+                   ((word16)b[8] <<  9);
+            t[6] = (b[8] >> 2) | ((word16)b[ 9] << 6);
+            t[7] = (b[9] >> 5) | ((word16)b[10] << 3);
+            b += 11;
+
+            /* Decompress 8 values. */
+            for (k = 0; k < 8; k++) {
+                DECOMP_11(v, i, j, k, t[k]);
+            }
+        #else
+            /* Extract out 8 values of 11 bits each. */
+            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            sword16 t1 = (b[1] >> 3) | ((word16)b[ 2] << 5);
+            sword16 t2 = (b[2] >> 6) | ((word16)b[ 3] << 2) |
+                   ((word16)b[4] << 10);
+            sword16 t3 = (b[4] >> 1) | ((word16)b[ 5] << 7);
+            sword16 t4 = (b[5] >> 4) | ((word16)b[ 6] << 4);
+            sword16 t5 = (b[6] >> 7) | ((word16)b[ 7] << 1) |
+                   ((word16)b[8] <<  9);
+            sword16 t6 = (b[8] >> 2) | ((word16)b[ 9] << 6);
+            sword16 t7 = (b[9] >> 5) | ((word16)b[10] << 3);
+            b += 11;
+
+            /* Decompress 8 values. */
+            DECOMP_11(v, i, j, 0, t0);
+            DECOMP_11(v, i, j, 1, t1);
+            DECOMP_11(v, i, j, 2, t2);
+            DECOMP_11(v, i, j, 3, t3);
+            DECOMP_11(v, i, j, 4, t4);
+            DECOMP_11(v, i, j, 5, t5);
+            DECOMP_11(v, i, j, 6, t6);
+            DECOMP_11(v, i, j, 7, t7);
+        #endif
+        }
+    }
+}
+
+/* Decompress the byte array of packed 11 bits into vector of polynomials.
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ */
+void kyber_vec_decompress_11(sword16* v, const unsigned char* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_decompress_11_avx2(v, b, 4);
+    }
+    else
+#endif
+    {
+        kyber_vec_decompress_11_c(v, b);
+    }
+}
+#endif
+
+#ifdef CONV_WITH_DIV
+
+/* Compress value.
+ *
+ * Uses div operator that may be slow.
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  s  Shift amount to apply to value being compressed.
+ * @param  [in]  m  Mask to apply get the require number of bits.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD(v, i, j, s, m) \
+    ((((word32)v[i + j] << s) + KYBER_Q_HALF) / KYBER_Q) & m
+
+/* Compress value to 4 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_4(p, i, j) \
+    TO_COMP_WORD(p, i, j, 4, 0xf)
+
+/* Compress value to 5 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_5(p, i, j) \
+    TO_COMP_WORD(p, i, j, 5, 0x1f)
+
+#else
+
+/* Multiplier that does div q. */
+#define KYBER_V28         ((word32)(((1U << 28) + KYBER_Q_HALF)) / KYBER_Q)
+/* Multiplier times half of q. */
+#define KYBER_V28_HALF    ((word32)(KYBER_V28 * (KYBER_Q_HALF + 1)))
+
+/* Multiplier that does div q. */
+#define KYBER_V27         ((word32)(((1U << 27) + KYBER_Q_HALF)) / KYBER_Q)
+/* Multiplier times half of q. */
+#define KYBER_V27_HALF    ((word32)(KYBER_V27 * KYBER_Q_HALF))
+
+/* Compress value to 4 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_4(p, i, j) \
+    ((((KYBER_V28 << 4) * (p)[(i) + (j)]) + KYBER_V28_HALF) >> 28)
+
+/* Compress value to 5 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_5(p, i, j) \
+    ((((KYBER_V27 << 5) * (p)[(i) + (j)]) + KYBER_V27_HALF) >> 27)
+
+#endif /* CONV_WITH_DIV */
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+/* Compress a polynomial into byte array - on coefficients into 4 bits.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+static void kyber_compress_4_c(byte* b, sword16* p)
+{
+    unsigned int i;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int j;
+    byte t[8];
+#endif
+
+    /* Reduce each coefficients to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now positive. */
+
+    /* Each 8 polynomial coefficients. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        /* Compress eight polynomial values to 4 bits each. */
+        for (j = 0; j < 8; j++) {
+            t[j] = TO_COMP_WORD_4(p, i, j);
+        }
+
+        b[0] = t[0] | (t[1] << 4);
+        b[1] = t[2] | (t[3] << 4);
+        b[2] = t[4] | (t[5] << 4);
+        b[3] = t[6] | (t[7] << 4);
+    #else
+        /* Compress eight polynomial values to 4 bits each. */
+        byte t0 = TO_COMP_WORD_4(p, i, 0);
+        byte t1 = TO_COMP_WORD_4(p, i, 1);
+        byte t2 = TO_COMP_WORD_4(p, i, 2);
+        byte t3 = TO_COMP_WORD_4(p, i, 3);
+        byte t4 = TO_COMP_WORD_4(p, i, 4);
+        byte t5 = TO_COMP_WORD_4(p, i, 5);
+        byte t6 = TO_COMP_WORD_4(p, i, 6);
+        byte t7 = TO_COMP_WORD_4(p, i, 7);
+
+        /* Pack eight 4-bit values into byte array. */
+        b[0] = t0 | (t1 << 4);
+        b[1] = t2 | (t3 << 4);
+        b[2] = t4 | (t5 << 4);
+        b[3] = t6 | (t7 << 4);
+    #endif
+
+        /* Move over set bytes. */
+        b += 4;
+    }
+}
+
+/* Compress a polynomial into byte array - on coefficients into 4 bits.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+void kyber_compress_4(byte* b, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_compress_4_avx2(b, p);
+    }
+    else
+#endif
+    {
+        kyber_compress_4_c(b, p);
+    }
+}
+#endif
+#ifdef WOLFSSL_KYBER1024
+/* Compress a polynomial into byte array - on coefficients into 5 bits.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+static void kyber_compress_5_c(byte* b, sword16* p)
+{
+    unsigned int i;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int j;
+    byte t[8];
+#endif
+
+    /* Reduce each coefficients to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now positive. */
+
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        /* Compress eight polynomial values to 5 bits each. */
+        for (j = 0; j < 8; j++) {
+            t[j] = TO_COMP_WORD_5(p, i, j);
+        }
+
+        /* Pack 5 bits into byte array. */
+        b[0] = (t[0] >> 0) | (t[1] << 5);
+        b[1] = (t[1] >> 3) | (t[2] << 2) | (t[3] << 7);
+        b[2] = (t[3] >> 1) | (t[4] << 4);
+        b[3] = (t[4] >> 4) | (t[5] << 1) | (t[6] << 6);
+        b[4] = (t[6] >> 2) | (t[7] << 3);
+    #else
+        /* Compress eight polynomial values to 5 bits each. */
+        byte t0 = TO_COMP_WORD_5(p, i, 0);
+        byte t1 = TO_COMP_WORD_5(p, i, 1);
+        byte t2 = TO_COMP_WORD_5(p, i, 2);
+        byte t3 = TO_COMP_WORD_5(p, i, 3);
+        byte t4 = TO_COMP_WORD_5(p, i, 4);
+        byte t5 = TO_COMP_WORD_5(p, i, 5);
+        byte t6 = TO_COMP_WORD_5(p, i, 6);
+        byte t7 = TO_COMP_WORD_5(p, i, 7);
+
+        /* Pack eight 5-bit values into byte array. */
+        b[0] = (t0 >> 0) | (t1 << 5);
+        b[1] = (t1 >> 3) | (t2 << 2) | (t3 << 7);
+        b[2] = (t3 >> 1) | (t4 << 4);
+        b[3] = (t4 >> 4) | (t5 << 1) | (t6 << 6);
+        b[4] = (t6 >> 2) | (t7 << 3);
+    #endif
+
+        /* Move over set bytes. */
+        b += 5;
+    }
+}
+
+/* Compress a polynomial into byte array - on coefficients into 5 bits.
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+void kyber_compress_5(byte* b, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_compress_5_avx2(b, p);
+    }
+    else
+#endif
+    {
+        kyber_compress_5_c(b, p);
+    }
+}
+#endif
+
+/* Decompress a 4 bit value.
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_4(p, i, j, t) \
+    p[(i) + (j)] = ((word16)((t) * KYBER_Q) + 8) >> 4
+
+/* Decompress a 5 bit value.
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_5(p, i, j, t) \
+    p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
+/* Decompress the byte array of packed 4 bits into polynomial.
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+static void kyber_decompress_4_c(sword16* p, const unsigned char* b)
+{
+    unsigned int i;
+
+    /* 2 coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 2) {
+        /* 2 coefficients decompressed from one byte. */
+        DECOMP_4(p, i, 0, b[0] & 0xf);
+        DECOMP_4(p, i, 1, b[0] >>  4);
+        b += 1;
+    }
+}
+
+/* Decompress the byte array of packed 4 bits into polynomial.
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+void kyber_decompress_4(sword16* p, const unsigned char* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_decompress_4_avx2(p, b);
+    }
+    else
+#endif
+    {
+        kyber_decompress_4_c(p, b);
+    }
+}
+#endif
+#ifdef WOLFSSL_KYBER1024
+/* Decompress the byte array of packed 5 bits into polynomial.
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+static void kyber_decompress_5_c(sword16* p, const unsigned char* b)
+{
+    unsigned int i;
+
+    /* Each 8 polynomial coefficients. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+        byte t[8];
+
+        /* Extract out 8 values of 5 bits each. */
+        t[0] = (b[0] >> 0);
+        t[1] = (b[0] >> 5) | (b[1] << 3);
+        t[2] = (b[1] >> 2);
+        t[3] = (b[1] >> 7) | (b[2] << 1);
+        t[4] = (b[2] >> 4) | (b[3] << 4);
+        t[5] = (b[3] >> 1);
+        t[6] = (b[3] >> 6) | (b[4] << 2);
+        t[7] = (b[4] >> 3);
+        b += 5;
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #error "Contact wolfSSL to get the implementation of this file"
+        /* Decompress 8 values. */
+        for (j = 0; j < 8; j++) {
+            DECOMP_5(p, i, j, t[j]);
+        }
+    #else
+        /* Extract out 8 values of 5 bits each. */
+        byte t0 = (b[0] >> 0);
+        byte t1 = (b[0] >> 5) | (b[1] << 3);
+        byte t2 = (b[1] >> 2);
+        byte t3 = (b[1] >> 7) | (b[2] << 1);
+        byte t4 = (b[2] >> 4) | (b[3] << 4);
+        byte t5 = (b[3] >> 1);
+        byte t6 = (b[3] >> 6) | (b[4] << 2);
+        byte t7 = (b[4] >> 3);
+        b += 5;
+
+        /* Decompress 8 values. */
+        DECOMP_5(p, i, 0, t0);
+        DECOMP_5(p, i, 1, t1);
+        DECOMP_5(p, i, 2, t2);
+        DECOMP_5(p, i, 3, t3);
+        DECOMP_5(p, i, 4, t4);
+        DECOMP_5(p, i, 5, t5);
+        DECOMP_5(p, i, 6, t6);
+        DECOMP_5(p, i, 7, t7);
+    #endif
+    }
+}
+
+/* Decompress the byte array of packed 5 bits into polynomial.
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+void kyber_decompress_5(sword16* p, const unsigned char* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_decompress_5_avx2(p, b);
+    }
+    else
+#endif
+    {
+        kyber_decompress_5_c(p, b);
+    }
+}
+#endif
+
+/******************************************************************************/
+
+/* Convert bit from byte to 0 or (KYBER_Q + 1) / 2.
+ *
+ * Constant time implementation.
+ *
+ * @param  [out]  p    Polynomial to hold converted value.
+ * @param  [in]   msg  Message to get bit from byte from.
+ * @param  [in]   i    Index of byte from message.
+ * @param  [in]   j    Index of bit in byte.
+ */
+#define FROM_MSG_BIT(p, msg, i, j) \
+    p[8 * (i) + (j)] = ((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) & KYBER_Q_1_HALF
+
+/* Convert message to polynomial.
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+static void kyber_from_msg_c(sword16* p, const byte* msg)
+{
+    unsigned int i;
+
+    /* For each byte of the message. */
+    for (i = 0; i < KYBER_N / 8; i++) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+        /* For each bit of the message. */
+        for (j = 0; j < 8; j++) {
+            FROM_MSG_BIT(p, msg, i, j);
+        }
+    #else
+        FROM_MSG_BIT(p, msg, i, 0);
+        FROM_MSG_BIT(p, msg, i, 1);
+        FROM_MSG_BIT(p, msg, i, 2);
+        FROM_MSG_BIT(p, msg, i, 3);
+        FROM_MSG_BIT(p, msg, i, 4);
+        FROM_MSG_BIT(p, msg, i, 5);
+        FROM_MSG_BIT(p, msg, i, 6);
+        FROM_MSG_BIT(p, msg, i, 7);
+    #endif
+    }
+}
+
+/* Convert message to polynomial.
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+void kyber_from_msg(sword16* p, const byte* msg)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags)) {
+        kyber_from_msg_avx2(p, msg);
+    }
+    else
+#endif
+    {
+        kyber_from_msg_c(p, msg);
+    }
+}
+
+#ifdef CONV_WITH_DIV
+
+/* Convert to value to bit.
+ *
+ * Uses div operator that may be slow.
+ *
+ * @param  [out]  m   Message.
+ * @param  [in]   p   Polynomial.
+ * @param  [in]   i   Index of byte in message.
+ * @param  [in]   j   Index of bit in byte.
+ */
+#define TO_MSG_BIT(m, p, i, j) \
+    m[i] |= (((((sword16)p[8 * i + j] << 1) + KYBER_Q_HALF) / KYBER_Q) & 1) << j
+
+#else
+
+/* Multiplier that does div q. */
+#define KYBER_V31       (((1U << 31) + (KYBER_Q / 2)) / KYBER_Q)
+/* 2 * multiplier that does div q. Only need bit 32 of result. */
+#define KYBER_V31_2     ((word32)(KYBER_V31 * 2))
+/* Multiplier times half of q. */
+#define KYBER_V31_HALF    ((word32)(KYBER_V31 * KYBER_Q_HALF))
+
+/* Convert to value to bit.
+ *
+ * Uses mul instead of div.
+ *
+ * @param  [out]  m   Message.
+ * @param  [in]   p   Polynomial.
+ * @param  [in]   i   Index of byte in message.
+ * @param  [in]   j   Index of bit in byte.
+ */
+#define TO_MSG_BIT(m, p, i, j) \
+    (m)[i] |= ((word32)((KYBER_V31_2 * (p)[8 * (i) + (j)]) + KYBER_V31_HALF) >> 31) << (j)
+
+#endif /* CONV_WITH_DIV */
+
+/* Convert polynomial to message.
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+static void kyber_to_msg_c(byte* msg, sword16* p)
+{
+    unsigned int i;
+
+    /* Reduce each coefficient to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now positive. */
+
+    for (i = 0; i < KYBER_N / 8; i++) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+        msg[i] = 0;
+        for (j = 0; j < 8; j++) {
+            TO_MSG_BIT(msg, p, i, j);
+        }
+    #else
+        msg[i] = 0;
+        TO_MSG_BIT(msg, p, i, 0);
+        TO_MSG_BIT(msg, p, i, 1);
+        TO_MSG_BIT(msg, p, i, 2);
+        TO_MSG_BIT(msg, p, i, 3);
+        TO_MSG_BIT(msg, p, i, 4);
+        TO_MSG_BIT(msg, p, i, 5);
+        TO_MSG_BIT(msg, p, i, 6);
+        TO_MSG_BIT(msg, p, i, 7);
+    #endif
+    }
+}
+
+/* Convert polynomial to message.
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+void kyber_to_msg(byte* msg, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags)) {
+        /* Convert the polynomial into a array of bytes (message). */
+        kyber_to_msg_avx2(msg, p);
+    }
+    else
+#endif
+    {
+        kyber_to_msg_c(msg, p);
+    }
+}
+
+/******************************************************************************/
+
+/* Convert bytes to polynomial.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in decoding private and public keys.
+ *
+ * @param  [out]  p  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_from_bytes_c(sword16* p, const byte* b, int k)
+{
+    int i;
+    int j;
+
+    for (j = 0; j < k; j++) {
+        for (i = 0; i < KYBER_N / 2; i++) {
+            p[2 * i + 0] = ((b[3 * i + 0] >> 0) |
+                            ((word16)b[3 * i + 1] << 8)) & 0xfff;
+            p[2 * i + 1] = ((b[3 * i + 1] >> 4) |
+                            ((word16)b[3 * i + 2] << 4)) & 0xfff;
+        }
+        p += KYBER_N;
+        b += KYBER_POLY_SIZE;
+    }
+}
+
+/* Convert bytes to polynomial.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in decoding private and public keys.
+ *
+ * @param  [out]  p  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void kyber_from_bytes(sword16* p, const byte* b, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags)) {
+        int i;
+
+        for (i = 0; i < k; i++) {
+            kyber_from_bytes_avx2(p, b);
+            p += KYBER_N;
+            b += KYBER_POLY_SIZE;
+        }
+    }
+    else
+#endif
+    {
+        kyber_from_bytes_c(p, b, k);
+    }
+}
+
+/* Convert polynomial to bytes.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in encoding private and public keys.
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   p  Polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_to_bytes_c(byte* b, sword16* p, int k)
+{
+    int i;
+    int j;
+
+    /* Reduce each coefficient to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now positive. */
+
+    for (j = 0; j < k; j++) {
+        for (i = 0; i < KYBER_N / 2; i++) {
+            word16 t0 = p[2 * i];
+            word16 t1 = p[2 * i + 1];
+            b[3 * i + 0] = (t0 >> 0);
+            b[3 * i + 1] = (t0 >> 8) | t1 << 4;
+            b[3 * i + 2] = (t1 >> 4);
+        }
+        p += KYBER_N;
+        b += KYBER_POLY_SIZE;
+    }
+}
+
+/* Convert polynomial to bytes.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in encoding private and public keys.
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   p  Polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void kyber_to_bytes(byte* b, sword16* p, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags)) {
+        int i;
+
+        for (i = 0; i < k; i++) {
+            kyber_to_bytes_avx2(b, p);
+            p += KYBER_N;
+            b += KYBER_POLY_SIZE;
+        }
+    }
+    else
 #endif
+    {
+        kyber_to_bytes_c(b, p, k);
+    }
+}
+
+#endif /* WOLFSSL_WC_KYBER */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c
index 60e8519d..cdc732f6 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c
@@ -1,6 +1,6 @@
 /* wc_lms.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c
new file mode 100644
index 00000000..dbd5ed68
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c
@@ -0,0 +1,26 @@
+/* wc_lms_impl.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_HAVE_LMS
+    #error "Contact wolfSSL to get the implementation of this file"
+#endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c
index ef61df84..a21cc2b9 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c
@@ -36,12 +36,6 @@
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 
-/* IPP header files for library initialization */
-#ifdef HAVE_FAST_RSA
-    #include <ipp.h>
-    #include <ippcp.h>
-#endif
-
 #ifdef FREESCALE_LTC_TFM
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
@@ -127,6 +121,16 @@
     #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif
 
+#if defined(HAVE_LIBOQS)
+    #include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+#endif
+
+#if defined(FREERTOS) && defined(WOLFSSL_ESPIDF)
+    #include <freertos/FreeRTOS.h>
+    #include <freertos/task.h>
+    /* The Espressif-specific platform include: */
+    #include <pthread.h>
+#endif
 
 /* prevent multiple mutex initializations */
 static volatile int initRefCount = 0;
@@ -228,20 +232,6 @@ int wolfCrypt_Init(void)
         }
     #endif
 
-    /* if defined have fast RSA then initialize Intel IPP */
-    #ifdef HAVE_FAST_RSA
-        WOLFSSL_MSG("Attempting to use optimized IPP Library");
-        if ((ret = ippInit()) != ippStsNoErr) {
-            /* possible to get a CPU feature support status on optimized IPP
-              library but still use default library and see competitive speeds */
-            WOLFSSL_MSG("Warning when trying to set up optimization");
-            WOLFSSL_MSG(ippGetStatusString(ret));
-            WOLFSSL_MSG("Using default fast IPP library");
-            ret = 0;
-            (void)ret; /* suppress not read warning */
-        }
-    #endif
-
     #if defined(FREESCALE_LTC_TFM) || defined(FREESCALE_LTC_ECC)
         ret = ksdk_port_init();
         if (ret != 0) {
@@ -386,6 +376,12 @@ int wolfCrypt_Init(void)
         }
         rpcmem_init();
 #endif
+
+#if defined(HAVE_LIBOQS)
+        if ((ret = wolfSSL_liboqsInit()) != 0) {
+            return ret;
+        }
+#endif
     }
     initRefCount++;
 
@@ -497,6 +493,10 @@ int wolfCrypt_Cleanup(void)
     #endif
     }
 
+#if defined(HAVE_LIBOQS)
+    wolfSSL_liboqsClose();
+#endif
+
     return ret;
 }
 
@@ -1283,18 +1283,22 @@ void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err)
 
 #if WOLFSSL_CRYPT_HW_MUTEX
 /* Mutex for protection of cryptography hardware */
-static wolfSSL_Mutex wcCryptHwMutex;
+static wolfSSL_Mutex wcCryptHwMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwMutex);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 static int wcCryptHwMutexInit = 0;
+#endif
 
 int wolfSSL_CryptHwMutexInit(void)
 {
     int ret = 0;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (wcCryptHwMutexInit == 0) {
         ret = wc_InitMutex(&wcCryptHwMutex);
         if (ret == 0) {
             wcCryptHwMutexInit = 1;
         }
     }
+#endif
     return ret;
 }
 int wolfSSL_CryptHwMutexLock(void)
@@ -3426,6 +3430,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
 #ifndef SINGLE_THREADED
 
+/* Environment-specific multi-thread implementation check  */
 #if defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS)
     int wolfSSL_NewThread(THREAD_TYPE* thread,
         THREAD_CB cb, void* arg)
@@ -3724,7 +3729,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
 #endif /* WOLFSSL_COND */
 
-#elif defined(WOLFSSL_PTHREADS)
+#elif defined(WOLFSSL_PTHREADS) || \
+     (defined(FREERTOS) && defined(WOLFSSL_ESPIDF))
 
     int wolfSSL_NewThread(THREAD_TYPE* thread,
         THREAD_CB cb, void* arg)
@@ -3738,18 +3744,18 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         return 0;
     }
 
-#ifdef WOLFSSL_THREAD_NO_JOIN
-    int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, void* arg)
-    {
-        THREAD_TYPE thread;
-        int ret;
-        XMEMSET(&thread, 0, sizeof(thread));
-        ret = wolfSSL_NewThread(&thread, cb, arg);
-        if (ret == 0)
-            ret = pthread_detach(thread);
-        return ret;
-    }
-#endif
+    #ifdef WOLFSSL_THREAD_NO_JOIN
+        int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, void* arg)
+        {
+            THREAD_TYPE thread;
+            int ret;
+            XMEMSET(&thread, 0, sizeof(thread));
+            ret = wolfSSL_NewThread(&thread, cb, arg);
+            if (ret == 0)
+                ret = pthread_detach(thread);
+            return ret;
+        }
+    #endif
 
     int wolfSSL_JoinThread(THREAD_TYPE thread)
     {
@@ -3937,6 +3943,6 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
     #endif /* __MACH__ */
 #endif /* WOLFSSL_COND */
 
-#endif
+#endif /* Environment check */
 
-#endif /* SINGLE_THREADED */
+#endif /* not SINGLE_THREADED */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c
new file mode 100644
index 00000000..4a91f996
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c
@@ -0,0 +1,26 @@
+/* wc_xmss_impl.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_HAVE_XMSS
+    #error "Contact wolfSSL to get the implementation of this file"
+#endif
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/test/test.c b/extra/wolfssl/wolfssl/wolfcrypt/test/test.c
index 0d1bf239..feab257f 100644
--- a/extra/wolfssl/wolfssl/wolfcrypt/test/test.c
+++ b/extra/wolfssl/wolfssl/wolfcrypt/test/test.c
@@ -134,7 +134,8 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #include <time.h>
     #include <sys/time.h>
     #include <esp_log.h>
-    #include <wolfcrypt/port/Espressif/esp32-crypt.h> /* */
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #define ESPIDF_TAG "wc_test"
 #elif defined(WOLFSSL_ZEPHYR)
     #include <stdio.h>
 
@@ -212,7 +213,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
         int ret;
         char tmpBuf[80];
 
-        ret = XSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
+        ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
         printf(tmpBuf);
 
     return ret;
@@ -316,12 +317,16 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #include <wolfssl/wolfcrypt/xmss.h>
 #ifdef HAVE_LIBXMSS
     #include <wolfssl/wolfcrypt/ext_xmss.h>
+#else
+    #include <wolfssl/wolfcrypt/wc_xmss.h>
 #endif
 #endif
 #if defined(WOLFSSL_HAVE_LMS)
     #include <wolfssl/wolfcrypt/lms.h>
 #ifdef HAVE_LIBLMS
     #include <wolfssl/wolfcrypt/ext_lms.h>
+#else
+    #include <wolfssl/wolfcrypt/wc_lms.h>
 #endif
 #endif
 #ifdef WOLFCRYPT_HAVE_ECCSI
@@ -534,6 +539,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  XChaCha20Poly1305_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des3_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_test(void);
+#if defined(WOLFSSL_AES_CFB)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cfb_test(void);
+#endif
+#ifdef WOLFSSL_AES_XTS
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_xts_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes192_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes256_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aesofb_test(void);
@@ -608,20 +619,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  kyber_test(void);
 #endif
 #if defined(WOLFSSL_HAVE_XMSS)
+    #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
+    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test_verify_only(void);
+    #endif
     #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test(void);
     #endif
-    #if defined(WOLFSSL_XMSS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test_verify_only(void);
-    #endif
 #endif
 #if defined(WOLFSSL_HAVE_LMS)
+    #if !defined(WOLFSSL_SMALL_STACK)
+        #if defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)
+    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
+        #endif
+    #endif
     #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test(void);
     #endif
-    #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
-    #endif
 #endif
 #ifdef WOLFCRYPT_HAVE_ECCSI
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  eccsi_test(void);
@@ -720,19 +733,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
 /* General big buffer size for many tests. */
 #define FOURK_BUF 4096
 
+/* If not defined in user_settings, the ERROR_OUT pause is 120 seconds. */
+#ifndef WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION
+    #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION 120
+#endif
 #if defined(WOLFSSL_ESPIDF_ERROR_PAUSE)
+    #if defined(CONFIG_FREERTOS_HZ)
+        #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
+           (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * CONFIG_FREERTOS_HZ)
+    #else
+        /* If not defined, assume RTOS is 1000 ticks per second. */
+        #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
+           (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * 1000)
+    #endif
     /* When defined, pause at error condition rather than exit with error. */
-        #define ERROR_OUT(err, eLabel) \
-            do { \
-                ret = (err); \
-                esp_ShowExtendedSystemInfo(); \
-                ESP_LOGE("wolfcrypt_test", "ESP Error! ret = %d ", err); \
-                while (1) { \
-                    vTaskDelay(60000); \
-                } \
-                /* Just to appease compiler, don't actually go to eLabel */ \
-                goto eLabel; \
-            } while (0)
+    #define ERROR_OUT(err, eLabel) \
+        do { \
+            ret = (err); \
+            ESP_LOGE(ESPIDF_TAG, "Failed: Error = %d during %s, line %d", \
+                                    err, __FUNCTION__, __LINE__); \
+            ESP_LOGI(ESPIDF_TAG, "Extended system info:"); \
+            esp_ShowExtendedSystemInfo(); \
+            ESP_LOGW(ESPIDF_TAG, "Paused for %d seconds! " \
+                                 "WOLFSSL_ESPIDF_ERROR_PAUSE is enabled.", \
+                                  WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION); \
+            vTaskDelay(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS); \
+            goto eLabel; \
+        } while (0)
 #else
     #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
 #endif
@@ -1461,7 +1488,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     if ( (ret = aesofb_test()) != 0)
         TEST_FAIL("AES-OFB  test failed!\n", ret);
     else
-        TEST_PASS("AESOFB   test passed!\n");
+        TEST_PASS("AES-OFB   test passed!\n");
 #endif
 
 #ifdef HAVE_AESGCM
@@ -1488,6 +1515,21 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     else
         TEST_PASS("AES-CCM  test passed!\n");
 #endif
+
+#ifdef WOLFSSL_AES_CFB
+    if ( (ret = aes_cfb_test()) != 0)
+        TEST_FAIL("AES-CFB  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CFB  test passed!\n");
+#endif
+
+#ifdef WOLFSSL_AES_XTS
+    if ( (ret = aes_xts_test()) != 0)
+        TEST_FAIL("AES-XTS  test failed!\n", ret);
+    else
+        TEST_PASS("AES-XTS  test passed!\n");
+#endif
+
 #ifdef HAVE_AES_KEYWRAP
     if ( (ret = aeskeywrap_test()) != 0)
         TEST_FAIL("AES Key Wrap test failed!\n", ret);
@@ -1699,15 +1741,15 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #if defined(WOLFSSL_HAVE_XMSS)
-    #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
-    if ( (ret = xmss_test()) != 0)
-        TEST_FAIL("XMSS     test failed!\n", ret);
+    #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
+    if ( (ret = xmss_test_verify_only()) != 0)
+        TEST_FAIL("XMSS Vfy test failed!\n", ret);
     else
-        TEST_PASS("XMSS     test passed!\n");
+        TEST_PASS("XMSS Vfy test passed!\n");
     #endif
 
-    #if defined(WOLFSSL_XMSS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    if ( (ret = xmss_test_verify_only()) != 0)
+    #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
+    if ( (ret = xmss_test()) != 0)
         TEST_FAIL("XMSS     test failed!\n", ret);
     else
         TEST_PASS("XMSS     test passed!\n");
@@ -1715,15 +1757,17 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif /* if defined(WOLFSSL_HAVE_XMSS) */
 
 #if defined(WOLFSSL_HAVE_LMS)
-    #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
-    if ( (ret = lms_test()) != 0)
-        TEST_FAIL("LMS      test failed!\n", ret);
+    #if !defined(WOLFSSL_SMALL_STACK)
+        #if defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)
+    if ( (ret = lms_test_verify_only()) != 0)
+        TEST_FAIL("LMS Vfy  test failed!\n", ret);
     else
-        TEST_PASS("LMS      test passed!\n");
+        TEST_PASS("LMS Vfy  test passed!\n");
+        #endif
     #endif
 
-    #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    if ( (ret = lms_test_verify_only()) != 0)
+    #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
+    if ( (ret = lms_test()) != 0)
         TEST_FAIL("LMS      test failed!\n", ret);
     else
         TEST_PASS("LMS      test passed!\n");
@@ -1897,10 +1941,17 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     if (args)
         ((func_args*)args)->return_code = ret;
 
+/* If hardware acceleration and respective metrics tracked, show results: */
+#ifdef WOLFSSL_HW_METRICS
+    #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
+        esp_hw_show_mp_metrics();
+    #endif
+#endif
+
     TEST_PASS("Test complete\n");
 
     EXIT_TEST(ret);
-}
+} /* end of wolfcrypt_test() */
 
 #ifndef NO_MAIN_DRIVER
 
@@ -1937,7 +1988,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 #ifdef WOLFSSL_APACHE_MYNEWT
         #ifdef ARCH_sim
-        mcu_sim_parse_args(argc, argv);
+            mcu_sim_parse_args(argc, argv);
         #endif
         sysinit();
 
@@ -1994,19 +2045,19 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
             err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret));
         }
 
-    #ifdef HAVE_WC_INTROSPECTION
+#ifdef HAVE_WC_INTROSPECTION
         printf("Math: %s\n", wc_GetMathInfo());
-    #endif
+#endif
 
 #ifdef WC_RNG_SEED_CB
-    wc_SetSeed_Cb(wc_GenerateSeed);
+        wc_SetSeed_Cb(wc_GenerateSeed);
 #endif
 
-    #ifdef HAVE_STACK_SIZE
+#ifdef HAVE_STACK_SIZE
         StackSizeCheck(&args, wolfcrypt_test);
-    #else
+#else
         wolfcrypt_test(&args);
-    #endif
+#endif
 
         if ((ret = wolfCrypt_Cleanup()) != 0) {
             printf("wolfCrypt_Cleanup failed %d\n", (int)ret);
@@ -2026,7 +2077,14 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         while (1);
 #endif
 
+#if defined(WOLFSSL_ESPIDF)
+        /* ESP_LOGI to print takes up a lot less memory than printf */
+        ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
+                        args.return_code);
+#else
+        /* gate this for target platforms wishing to avoid printf reference */
         printf("Exiting main with return code: %ld\n", (long int)args.return_code);
+#endif
 
         return args.return_code;
     } /* wolfcrypt_test_main or wolf_test_task */
@@ -2124,6 +2182,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
     /* Ensure a valid error code's string matches an invalid code's.
      * The string is that error strings are not available.
      */
+    WOLFSSL_ENTER("error_test NO_ERROR_STRINGS");
     errStr = wc_GetErrorString(OPEN_RAN_E);
     wc_ErrorString(OPEN_RAN_E, out);
     if (XSTRCMP(errStr, unknownStr) != 0)
@@ -2134,8 +2193,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
     int i;
     int j = 0;
     /* Values that are not or no longer error codes. */
-    int missing[] = { -123, -124, -128, -129, -159, -163, -164,
+    int missing[] = { -124, -128, -129, -159, -163, -164,
                       -165, -166, -167, -168, -169, -233,   0 };
+    WOLFSSL_ENTER("error_test !NO_ERROR_STRINGS");
 
     /* Check that all errors have a string and it's the same through the two
      * APIs. Check that the values that are not errors map to the unknown
@@ -2146,14 +2206,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
         wc_ErrorString(i, out);
 
         if (i != missing[j]) {
-            if (XSTRCMP(errStr, unknownStr) == 0)
+            if (XSTRCMP(errStr, unknownStr) == 0) {
+                WOLFSSL_MSG("errStr unknown");
                 return WC_TEST_RET_ENC_NC;
-            if (XSTRCMP(out, unknownStr) == 0)
+            }
+            if (XSTRCMP(out, unknownStr) == 0) {
+                WOLFSSL_MSG("out unknown");
                 return WC_TEST_RET_ENC_NC;
-            if (XSTRCMP(errStr, out) != 0)
+            }
+            if (XSTRCMP(errStr, out) != 0) {
+                WOLFSSL_MSG("errStr does not match output");
                 return WC_TEST_RET_ENC_NC;
-            if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ)
+            }
+            if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) {
+                WOLFSSL_MSG("errStr too long");
                 return WC_TEST_RET_ENC_NC;
+            }
         }
         else {
             j++;
@@ -2203,6 +2271,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         "0123456789+/;";
     byte charTest[] = "A+Gd\0\0\0";
     int        i;
+    WOLFSSL_ENTER("base64_test");
 
     /* Good Base64 encodings. */
     outLen = sizeof(out);
@@ -2334,6 +2403,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void)
     word32 encodedLen;
     byte   plain[40];
     word32 len;
+    WOLFSSL_ENTER("base16_test");
 
     /* length returned includes null termination */
     encodedLen = sizeof(encoded);
@@ -2377,6 +2447,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
     struct tm timearg;
     time_t now;
 #endif
+    WOLFSSL_ENTER("asn_test");
 
     ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
                          &length);
@@ -2418,6 +2489,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
     testVector a, b, c, d, e, f, g;
     testVector test_md2[7];
     int times = sizeof(test_md2) / sizeof(testVector), i;
+    WOLFSSL_ENTER("md2_test");
 
     a.input  = "";
     a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
@@ -2506,6 +2578,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void)
     testVector a, b, c, d, e, f;
     testVector test_md5[6];
     int times = sizeof(test_md5) / sizeof(testVector), i;
+    WOLFSSL_ENTER("md5_test");
 
     a.input  = "";
     a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
@@ -2635,6 +2708,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
     testVector a, b, c, d, e, f, g;
     testVector test_md4[7];
     int times = sizeof(test_md4) / sizeof(testVector), i;
+    WOLFSSL_ENTER("md4_test");
 
     a.input  = "";
     a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
@@ -2714,6 +2788,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
     testVector a, b, c, d, e;
     testVector test_sha[5];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha_test");
 
     a.input  = "";
     a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
@@ -2844,6 +2919,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void)
     testVector a, b, c, d;
     testVector test_ripemd[4];
     int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("ripemd_test");
 
     a.input  = "abc";
     a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
@@ -2948,6 +3024,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void)
     byte    digest[64];
     byte    input[64];
     int     i, ret;
+    WOLFSSL_ENTER("blake2b_test");
 
     for (i = 0; i < (int)sizeof(input); i++)
         input[i] = (byte)i;
@@ -3009,6 +3086,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void)
     byte    digest[32];
     byte    input[64];
     int     i, ret;
+    WOLFSSL_ENTER("blake2s_test");
 
     for (i = 0; i < (int)sizeof(input); i++)
         input[i] = (byte)i;
@@ -3047,6 +3125,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha224_test");
 
     a.input  = "";
     a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
@@ -3118,9 +3197,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     byte      hashcopy[WC_SHA256_DIGEST_SIZE];
     wc_test_ret_t ret = 0;
 
-    testVector a, b, c;
-    testVector test_sha[3];
+    testVector a, b, c, d;
+    testVector test_sha[4];
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    byte       i_hash[WC_SHA256_DIGEST_SIZE];
+    byte       i_hashcopy[WC_SHA256_DIGEST_SIZE];
+    testVector interleave_test_sha[4];
+    wc_Sha256  i_sha, i_shaCopy;
+#endif
+#ifndef NO_LARGE_HASH_TEST
+#define LARGE_HASH_TEST_INPUT_SZ 1024
+#ifdef WOLFSSL_SMALL_STACK
+    byte *large_input = NULL;
+#else
+    byte large_input[LARGE_HASH_TEST_INPUT_SZ];
+#endif
+#endif
+
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha256_test");
 
     a.input  = "";
     a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
@@ -3143,18 +3238,49 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_SHA256_DIGEST_SIZE;
 
+    d.input  = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+               "aaaaaa"; /* this is BLOCKSIZE length */
+    d.output = "\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52"
+               "\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46"
+               "\x68\xEB";
+    d.inLen  = XSTRLEN(d.input);
+    d.outLen = WC_SHA256_DIGEST_SIZE;
+
     test_sha[0] = a;
     test_sha[1] = b;
     test_sha[2] = c;
+    test_sha[3] = d;
+
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    interleave_test_sha[0] = a;
+    interleave_test_sha[1] = b;
+    interleave_test_sha[2] = c;
+    interleave_test_sha[3] = d;
+#endif
 
     ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
+
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    ret = wc_InitSha256_ex(&i_sha, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+#endif
+
     ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
     if (ret != 0) {
         wc_Sha256Free(&sha);
         return WC_TEST_RET_ENC_EC(ret);
     }
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    ret = wc_InitSha256_ex(&i_shaCopy, HEAP_HINT, devId);
+    if (ret != 0) {
+        wc_Sha256Free(&sha);
+        wc_Sha256Free(&i_sha);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+#endif
 
     for (i = 0; i < times; ++i) {
         ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
@@ -3162,36 +3288,91 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
         if (ret != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
         }
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256Update(&i_sha, (byte*)interleave_test_sha[i].input,
+            (word32)interleave_test_sha[i].inLen);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#endif
+
         ret = wc_Sha256GetHash(&sha, hashcopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256GetHash(&i_sha, i_hashcopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha256Copy(&sha, &shaCopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256Copy(&i_sha, &i_shaCopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha256Final(&sha, hash);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256Final(&i_sha, i_hash);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         wc_Sha256Free(&shaCopy);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        wc_Sha256Free(&i_shaCopy);
+#endif
 
-        if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
+        if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        if (XMEMCMP(i_hash, interleave_test_sha[i].output,
+                                    WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, i_hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
-        if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
+        }
+        if (XMEMCMP(i_hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#endif
     }
 
 #ifndef NO_LARGE_HASH_TEST
     /* BEGIN LARGE HASH TEST */ {
-    byte large_input[1024];
 #ifdef HASH_SIZE_LIMIT
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
             "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
             "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
 #else
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
            "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
            "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
 #endif
-    for (i = 0; i < (int)sizeof(large_input); i++) {
+
+#ifdef WOLFSSL_SMALL_STACK
+    large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
+                                  DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (large_input == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
+    }
+#endif
+
+    for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
         large_input[i] = (byte)(i & 0xFF);
     }
 #ifdef HASH_SIZE_LIMIT
@@ -3200,11 +3381,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     times = 100;
 #endif
 #ifdef WOLFSSL_PIC32MZ_HASH
-    wc_Sha256SizeSet(&sha, times * sizeof(large_input));
+    wc_Sha256SizeSet(&sha, times * LARGE_HASH_TEST_INPUT_SZ);
 #endif
     for (i = 0; i < times; ++i) {
         ret = wc_Sha256Update(&sha, (byte*)large_input,
-            (word32)sizeof(large_input));
+            LARGE_HASH_TEST_INPUT_SZ);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         }
@@ -3214,13 +3395,49 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
     } /* END LARGE HASH TEST */
+#undef LARGE_HASH_TEST_INPUT_SZ
 #endif /* NO_LARGE_HASH_TEST */
 
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+    unsigned char data_hb[WC_SHA256_BLOCK_SIZE] = {
+        0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18
+    };
+
+    ret = wc_Sha256HashBlock(&sha, data_hb, hash);
+    if (ret != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
+    }
+    if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) {
+{
+    for (int ii = 0; ii < WC_SHA256_DIGEST_SIZE; ii++)
+        fprintf(stderr, " %02x", hash[ii]);
+    fprintf(stderr, "\n");
+    for (int ii = 0; ii < WC_SHA256_DIGEST_SIZE; ii++)
+        fprintf(stderr, " %02x", b.output[ii]);
+    fprintf(stderr, "\n");
+}
+        ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+    }
+#endif
+
 exit:
 
+#if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
     wc_Sha256Free(&sha);
     wc_Sha256Free(&shaCopy);
-
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    wc_Sha256Free(&i_sha);
+    wc_Sha256Free(&i_shaCopy);
+#endif
     return ret;
 }
 #endif
@@ -3239,7 +3456,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
 
     testVector a, b, c;
     testVector test_sha[3];
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    wc_Sha512  i_sha, i_shaCopy;
+    byte       i_hash[WC_SHA512_DIGEST_SIZE];
+    byte       i_hashcopy[WC_SHA512_DIGEST_SIZE];
+    testVector interleave_test_sha[3];
+#endif
+#ifndef NO_LARGE_HASH_TEST
+#define LARGE_HASH_TEST_INPUT_SZ 1024
+#ifdef WOLFSSL_SMALL_STACK
+    byte *large_input = NULL;
+#else
+    byte large_input[LARGE_HASH_TEST_INPUT_SZ];
+#endif
+#endif
+
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha512_test");
 
     a.input  = "";
     a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
@@ -3273,55 +3506,127 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
     test_sha[1] = b;
     test_sha[2] = c;
 
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    interleave_test_sha[0] = a;
+    interleave_test_sha[1] = b;
+    interleave_test_sha[2] = c;
+#endif
+
     ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    ret = wc_InitSha512_ex(&i_sha, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+#endif
+
     ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
     if (ret != 0) {
         wc_Sha512Free(&sha);
         return WC_TEST_RET_ENC_EC(ret);
     }
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    ret = wc_InitSha512_ex(&i_shaCopy, HEAP_HINT, devId);
+    if (ret != 0) {
+        wc_Sha512Free(&sha);
+        wc_Sha512Free(&i_sha);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+#endif
 
     for (i = 0; i < times; ++i) {
         ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
             (word32)test_sha[i].inLen);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512Update(&i_sha, (byte*)interleave_test_sha[i].input,
+            (word32)interleave_test_sha[i].inLen);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha512GetHash(&sha, hashcopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512GetHash(&i_sha, i_hashcopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha512Copy(&sha, &shaCopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512Copy(&i_sha, &i_shaCopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha512Final(&sha, hash);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512Final(&i_sha, i_hash);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         wc_Sha512Free(&shaCopy);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        wc_Sha512Free(&i_shaCopy);
+#endif
 
         if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
         if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        if (XMEMCMP(i_hash, interleave_test_sha[i].output,
+                                        WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, i_hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#endif
+
     }
 
 #ifndef NO_LARGE_HASH_TEST
     /* BEGIN LARGE HASH TEST */ {
-    byte large_input[1024];
 #ifdef HASH_SIZE_LIMIT
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
         "\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE"
         "\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B"
         "\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95"
         "\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D";
 #else
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
         "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
         "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
         "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
         "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
 #endif
 
-    for (i = 0; i < (int)sizeof(large_input); i++) {
+#ifdef WOLFSSL_SMALL_STACK
+    large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
+                                  DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (large_input == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
+    }
+#endif
+
+    for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
         large_input[i] = (byte)(i & 0xFF);
     }
 #ifdef HASH_SIZE_LIMIT
@@ -3331,7 +3636,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
 #endif
     for (i = 0; i < times; ++i) {
         ret = wc_Sha512Update(&sha, (byte*)large_input,
-            (word32)sizeof(large_input));
+            LARGE_HASH_TEST_INPUT_SZ);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     }
@@ -3345,19 +3650,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            LARGE_HASH_TEST_INPUT_SZ - i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512Final(&sha, hash);
     }
 #endif
     } /* END LARGE HASH TEST */
+#undef LARGE_HASH_TEST_INPUT_SZ
 #endif /* NO_LARGE_HASH_TEST */
 
 exit:
+
+#if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
     wc_Sha512Free(&sha);
     wc_Sha512Free(&shaCopy);
-
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    wc_Sha512Free(&i_sha);
+    wc_Sha512Free(&i_shaCopy);
+#endif
     return ret;
 }
 
@@ -3379,6 +3692,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha512_224_test");
 
     a.input  = "";
     a.output = "\x6e\xd0\xdd\x02"
@@ -3530,6 +3844,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha512_256_test");
 
     a.input  = "";
     a.output = "\xc6\x72\xb8\xd1" "\xef\x56\xed\x28"
@@ -3677,6 +3992,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha384_test");
 
     a.input  = "";
 
@@ -4223,6 +4539,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void)
     wc_test_ret_t ret;
 
     (void)ret;
+    WOLFSSL_ENTER("sha3_test");
 
 #ifndef WOLFSSL_NOSHA3_224
     if ((ret = sha3_224_test()) != 0)
@@ -4456,6 +4773,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
         "\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74"
         "\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa"
         "\xfa\x1b";
+    WOLFSSL_ENTER("shake128_test");
 
 
     /*
@@ -4796,6 +5114,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
         "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
         "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
         "\xea\x26";
+
+    WOLFSSL_ENTER("shake256_test");
     /*
     ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
     */
@@ -4946,6 +5266,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void)
     byte   hashGet[WC_SM3_DIGEST_SIZE];
     byte   hashCopy[WC_SM3_DIGEST_SIZE];
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("sm3_test");
 
     testVector a, b, c;
     testVector test_sm3[3];
@@ -5159,6 +5480,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
                                         WC_HASH_TYPE_BLAKE2B,
                                         WC_HASH_TYPE_NONE };
 
+    WOLFSSL_ENTER("hash_test");
+
     /* Parameter Validation testing. */
     ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
     if (ret != BAD_FUNC_ARG)
@@ -5427,6 +5750,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_md5_test");
 
     a.input  = "Hi There";
     a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
@@ -5511,6 +5835,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha_test");
 
     a.input  = "Hi There";
     a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
@@ -5599,6 +5924,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha224_test");
 
     a.input  = "Hi There";
     a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
@@ -5691,6 +6017,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha256_test");
 
     a.input  = "Hi There";
     a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
@@ -5804,6 +6131,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha384_test");
 
     a.input  = "Hi There";
     a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
@@ -5911,6 +6239,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha512_test");
 
     a.input  = "Hi There";
     a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
@@ -6122,8 +6451,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
     };
 
     int i = 0, iMax = sizeof(input) / sizeof(input[0]),
-        j, jMax = sizeof(hashType) / sizeof(hashType[0]),
-        ret;
+        j, jMax = sizeof(hashType) / sizeof(hashType[0]);
+    int ret;
+    WOLFSSL_ENTER("hmac_sha3_test");
 
 #ifdef HAVE_FIPS
     /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
@@ -6492,6 +6822,7 @@ static wc_test_ret_t rc2_cbc_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void)
 {
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("rc2_test");
 
     ret = rc2_ecb_test();
     if (ret != 0) {
@@ -6522,6 +6853,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void)
     testVector test_arc4[4];
 
     int times = sizeof(test_arc4) / sizeof(testVector), i;
+    WOLFSSL_ENTER("arc4_test");
 
     a.input  = "\x01\x23\x45\x67\x89\xab\xcd\xef";
     a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
@@ -6784,6 +7116,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     test_chacha[2] = c;
     test_chacha[3] = d;
 
+    WOLFSSL_ENTER("chacha_test");
+
 #ifndef BENCH_EMBEDDED
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
@@ -6980,8 +7314,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
 #ifdef HAVE_POLY1305
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
 {
-    wc_test_ret_t ret = 0;
-    int      i;
     byte     tag[16];
     Poly1305 enc;
 
@@ -7139,6 +7471,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
     const byte* keys[]  = {key, key, key2, key2, key5, key};
     const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
                            correct6};
+    int i;
+    wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("poly1305_test");
 
     for (i = 0; i < 6; i++) {
         ret = wc_Poly1305SetKey(&enc, keys[i], 32);
@@ -7354,7 +7689,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
     byte generatedPlaintext[265];  /* max plaintext2/cipher2 */
     byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
-    wc_test_ret_t err;
 
     ChaChaPoly_Aead aead;
 
@@ -7363,9 +7697,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
 #else
     #define TEST_SMALL_CHACHA_CHUNKS 64
 #endif
-    #ifdef TEST_SMALL_CHACHA_CHUNKS
+
+#ifdef TEST_SMALL_CHACHA_CHUNKS
     word32 testLen;
-    #endif
+#endif
+    wc_test_ret_t err;
+
+    WOLFSSL_ENTER("chacha20_poly1305_aead_test");
 
     XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
     XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
@@ -7740,6 +8078,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
     };
 
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("des_test");
 
     ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
     if (ret != 0)
@@ -7842,7 +8181,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     size_t i;
 #endif
-
+    WOLFSSL_ENTER("des3_test");
 
     ret = wc_Des3Init(&enc, HEAP_HINT, devId);
     if (ret != 0)
@@ -8141,22 +8480,24 @@ EVP_TEST_END:
         };
     #endif /* WOLFSSL_AES_192 */
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *enc = NULL;
-#else
+    #else
         Aes enc[1];
-#endif
+    #endif
         byte cipher[AES_BLOCK_SIZE * 4];
     #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        Aes *dec = NULL;
-#else
-        Aes dec[1];
-#endif
+        #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+            Aes *dec = NULL;
+        #else
+            Aes dec[1];
+        #endif
         byte plain [AES_BLOCK_SIZE * 4];
     #endif
         wc_test_ret_t ret = 0;
 
+    WOLFSSL_ENTER("aesofb_test");
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
         ERROR_OUT(-1, out);
@@ -8431,8 +8772,10 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_OFB */
 
 #if defined(WOLFSSL_AES_CFB)
-    /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/
-    static wc_test_ret_t aescfb_test(void)
+    /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of
+     * Operation Methods and Techniques
+     */
+    static wc_test_ret_t aescfb_test_0(void)
     {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *enc = NULL;
@@ -9358,7 +9701,7 @@ static wc_test_ret_t aes_key_size_test(void)
     return ret;
 }
 
-#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
+#if defined(WOLFSSL_AES_XTS)
 
 /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
 #ifdef WOLFSSL_AES_128
@@ -9436,6 +9779,7 @@ static wc_test_ret_t aes_xts_128_test(void)
         0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
     };
 
+#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
@@ -9460,6 +9804,7 @@ static wc_test_ret_t aes_xts_128_test(void)
         0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
         0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
     };
+#endif /* HAVE_FIPS */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -9567,7 +9912,11 @@ static wc_test_ret_t aes_xts_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9579,7 +9928,11 @@ static wc_test_ret_t aes_xts_128_test(void)
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
@@ -9592,7 +9945,11 @@ static wc_test_ret_t aes_xts_128_test(void)
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9604,7 +9961,11 @@ static wc_test_ret_t aes_xts_128_test(void)
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
@@ -9617,7 +9978,11 @@ static wc_test_ret_t aes_xts_128_test(void)
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9631,13 +9996,19 @@ static wc_test_ret_t aes_xts_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(p2, buf, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifndef HAVE_FIPS
+
     /* Test ciphertext stealing in-place. */
     XMEMCPY(buf, p3, sizeof(p3));
     ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
@@ -9658,13 +10029,19 @@ static wc_test_ret_t aes_xts_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(p3, buf, sizeof(p3)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#endif /* !HAVE_FIPS */
+
 #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
     !defined(WOLFSSL_AFALG)
     {
@@ -9703,7 +10080,12 @@ static wc_test_ret_t aes_xts_128_test(void)
             ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
                 sizeof(i1));
         #if defined(WOLFSSL_ASYNC_CRYPT)
+            #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                               WC_ASYNC_FLAG_NONE);
+            #else
             ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+            #endif
         #endif
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9884,7 +10266,11 @@ static wc_test_ret_t aes_xts_256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9895,7 +10281,11 @@ static wc_test_ret_t aes_xts_256_test(void)
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9908,7 +10298,11 @@ static wc_test_ret_t aes_xts_256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -10139,7 +10533,11 @@ static wc_test_ret_t aes_xts_sector_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -10167,7 +10565,11 @@ static wc_test_ret_t aes_xts_sector_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -10199,7 +10601,11 @@ static wc_test_ret_t aes_xts_sector_test(void)
     ret = wc_AesXtsDecryptConsecutiveSectors(aes, data, c3,
             sizeof(c3), s3, sectorSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -10296,14 +10702,22 @@ static wc_test_ret_t aes_xts_args_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret == 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret == 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -11269,6 +11683,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
             byte key[] = "0123456789abcdef   ";  /* align */
     #endif
     WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";  /* align */
+    WOLFSSL_ENTER("aes_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
@@ -11314,8 +11729,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(cipher, verify_ecb, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify_ecb, AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!");
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
     #ifdef HAVE_AES_DECRYPT
         XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
         ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
@@ -11343,16 +11760,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != 0)
+    if (ret != 0) {
+        WOLFSSL_MSG("failed wc_AesCbcDecrypt");
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) {
+        WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    }
 #endif /* HAVE_AES_DECRYPT */
     /* skipped because wrapped key use in case of renesas sm */
     #ifndef HAVE_RENESAS_SYNC
-    if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
+    if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) {
+        WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    }
     #endif
 #endif /* WOLFSSL_AES_128 */
 
@@ -11612,9 +12035,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+                    AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed plain-msg2 compare");
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
+        }
         #endif /* HAVE_AES_DECRYPT */
     }
 #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
@@ -11697,44 +12121,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         goto out;
 #endif
 
-#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-    #ifdef WOLFSSL_AES_128
-    ret = aes_xts_128_test();
-    if (ret != 0)
-        goto out;
-    #endif
-    #ifdef WOLFSSL_AES_256
-    ret = aes_xts_256_test();
-    if (ret != 0)
-        goto out;
-    #endif
-    #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
-    ret = aes_xts_sector_test();
-    if (ret != 0)
-        goto out;
-    #endif
-    #ifdef WOLFSSL_AES_128
-    ret = aes_xts_args_test();
-    if (ret != 0)
-        goto out;
-    #endif
-#endif
-
-#if defined(WOLFSSL_AES_CFB)
-    ret = aescfb_test();
-    if (ret != 0)
-        goto out;
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = aescfb1_test();
-    if (ret != 0)
-        goto out;
-
-    ret = aescfb8_test();
-    if (ret != 0)
-        goto out;
-#endif
-#endif
-
 #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     ret = aesecb_test();
     if (ret != 0)
@@ -11773,6 +12159,58 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
     return ret;
 }
 
+#if defined(WOLFSSL_AES_CFB)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
+{
+    int ret;
+    WOLFSSL_ENTER("aes_cfb_test");
+
+    ret = aescfb_test_0();
+    if (ret != 0)
+        return ret;
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    ret = aescfb1_test();
+    if (ret != 0)
+        return ret;
+
+    ret = aescfb8_test();
+    if (ret != 0)
+        return ret;
+#endif
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_AES_XTS)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
+{
+    int ret = 0;
+    WOLFSSL_ENTER("aes_xts_test");
+
+    #ifdef WOLFSSL_AES_128
+    ret = aes_xts_128_test();
+    if (ret != 0)
+        return ret;
+    #endif
+    #ifdef WOLFSSL_AES_256
+    ret = aes_xts_256_test();
+    if (ret != 0)
+        return ret;
+    #endif
+    #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
+    ret = aes_xts_sector_test();
+    if (ret != 0)
+        return ret;
+    #endif
+    #ifdef WOLFSSL_AES_128
+    ret = aes_xts_args_test();
+    if (ret != 0)
+        return ret;
+    #endif
+    return 0;
+}
+#endif
+
 #ifdef WOLFSSL_AES_192
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 {
@@ -11782,6 +12220,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 #else
     Aes enc[1];
 #endif
+    int enc_inited = 0;
     byte cipher[AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -11789,6 +12228,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 #else
     Aes dec[1];
 #endif
+    int dec_inited = 0;
     byte plain[AES_BLOCK_SIZE];
 #endif
 #endif /* HAVE_AES_CBC */
@@ -11809,15 +12249,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
         0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
     };
 
-    WOLFSSL_SMALL_STACK_STATIC byte key[] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
         0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
         0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
         0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
     };
-    WOLFSSL_SMALL_STACK_STATIC byte iv[]  = {
+    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
     };
+    WOLFSSL_ENTER("aes192_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -11831,11 +12272,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    enc_inited = 1;
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+    dec_inited = 1;
 
     ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
     if (ret != 0)
@@ -11865,23 +12308,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
+        WOLFSSL_MSG("failed wc_AesCbcDecrypt plain-msg compare");
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif
 
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
-
   out:
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
+    if (enc) {
+        if (enc_inited)
+            wc_AesFree(enc);
         XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    }
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
+    if (dec) {
+        if (dec_inited)
+            wc_AesFree(dec);
         XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    }
 #endif
+#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
+    if (enc_inited)
+        wc_AesFree(enc);
+    if (dec_inited)
+        wc_AesFree(dec);
 #endif
 #endif /* HAVE_AES_CBC */
 
@@ -11898,6 +12348,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
 #else
     Aes enc[1];
 #endif
+    int enc_inited = 0;
     byte cipher[AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -11905,6 +12356,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
 #else
     Aes dec[1];
 #endif
+    int dec_inited = 0;
     byte plain[AES_BLOCK_SIZE];
 #endif
 #endif /* HAVE_AES_CBC */
@@ -11928,7 +12380,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
                 (byte*)guser_PKCbInfo.wrapped_key_aes256;
     int keySz = (256/8);
 #else
-    WOLFSSL_SMALL_STACK_STATIC byte key[] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
         0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
         0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
         0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
@@ -11936,10 +12388,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     };
     int keySz = (int)sizeof(key);
 #endif
-    WOLFSSL_SMALL_STACK_STATIC byte iv[]  = {
+    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
     };
+    WOLFSSL_ENTER("aes256_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -11953,11 +12406,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    enc_inited = 1;
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+    dec_inited = 1;
 
     ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
     if (ret != 0)
@@ -11991,10 +12446,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
     ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
@@ -12034,11 +12485,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
-
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
     ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -12076,21 +12522,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
-
-#endif
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */
 
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
+    if (enc) {
+        if (enc_inited)
+            wc_AesFree(enc);
         XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    }
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
+    if (dec) {
+        if (dec_inited)
+            wc_AesFree(dec);
         XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    }
 #endif
+#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
+    if (enc_inited)
+        wc_AesFree(enc);
+    if (dec_inited)
+        wc_AesFree(dec);
 #endif
 #endif /* HAVE_AES_CBC */
 
@@ -12229,7 +12682,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
             wc_AesFree(dec);
         XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
     }
-#else
+#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
     if (enc_inited)
         wc_AesFree(enc);
     if (dec_inited)
@@ -12322,6 +12775,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void)
     };
 
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("aesgcm_default_test");
+
     ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
             plain1, sizeof(plain1), cipher1, sizeof(cipher1),
             aad1, sizeof(aad1), tag1, sizeof(tag1));
@@ -12525,6 +12980,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     byte resultP[sizeof(p) + AES_BLOCK_SIZE];
     byte resultC[sizeof(p) + AES_BLOCK_SIZE];
     wc_test_ret_t ret = 0;
+
 #ifdef WOLFSSL_AES_256
     #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
     int  alen;
@@ -12554,7 +13010,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
 #else
     byte large_input[BENCH_AESGCM_LARGE];
-    byte large_output[BENCH_AESGCM_LARGE];
+    byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE];
     byte large_outdec[BENCH_AESGCM_LARGE];
 #endif
 
@@ -12562,6 +13018,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
     XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
 #endif
+    WOLFSSL_ENTER("aesgcm_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -13184,12 +13641,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #ifdef WOLFSSL_AES_128
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
 {
-    wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Gmac *gmac;
 #else
     Gmac gmac[1];
 #endif
+    wc_test_ret_t ret;
 
     WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
     {
@@ -13240,6 +13697,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
 #endif
 
     byte tag[16];
+    WOLFSSL_ENTER("gmac_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -13687,6 +14145,8 @@ static wc_test_ret_t aesccm_128_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void)
 {
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("aesccm_test");
+
 #ifdef WOLFSSL_AES_128
     if (ret == 0)
         ret = aesccm_128_test();
@@ -13798,9 +14258,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
 
     WOLFSSL_SMALL_STACK_STATIC byte ciphertext[sizeof(vectors[0].ct)];
     WOLFSSL_SMALL_STACK_STATIC byte authtag[sizeof(vectors[0].tag)];
-    wc_test_ret_t ret;
     int i;
     int len;
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("aes_eax_test");
+
 
     for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
 
@@ -14026,6 +14488,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
         {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
     #endif
     };
+
+    WOLFSSL_ENTER("aeskeywrap_test");
+
     testSz = sizeof(test_wrap) / sizeof(keywrapVector);
 
     XMEMSET(output, 0, sizeof(output));
@@ -14076,7 +14541,6 @@ void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
 
 WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
 {
-    int ret = 0;
     byte data[] = TEST_STRING;
     word32 dataSz = TEST_STRING_SZ;
 
@@ -14089,6 +14553,9 @@ WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
     word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
 
     wc_Aria aria;
+    int ret = 0;
+    WOLFSSL_ENTER("ariagcm_test");
+
     XMEMSET((void *)&aria, 0, sizeof(aria));
     ret = wc_AriaInitCrypt(&aria, algo);
     if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
@@ -14264,7 +14731,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
 
     byte out[CAMELLIA_BLOCK_SIZE];
     Camellia cam;
-    int i, testsSz, ret;
     WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
     {
         {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
@@ -14280,6 +14746,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
         {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
         {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
     };
+    int i, testsSz;
+    int ret;
+    WOLFSSL_ENTER("camellia_test");
 
     testsSz = sizeof(testVectors)/sizeof(test_vector_t);
     for (i = 0; i < testsSz; i++) {
@@ -14842,6 +15311,7 @@ static int sm4_ccm_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
 {
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("sm4_test");
 
 #ifdef WOLFSSL_SM4_ECB
     ret = sm4_ecb_test();
@@ -14875,7 +15345,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
 
 #ifdef HAVE_XCHACHA
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
-    wc_test_ret_t ret;
 
     WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
         0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
@@ -14930,17 +15399,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
         0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
     };
 
+    wc_test_ret_t ret;
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
     byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
+    WOLFSSL_ENTER("XChaCha_test");
     if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
     struct ChaCha chacha[1];
     byte buf1[sizeof Plaintext];
     byte buf2[sizeof Plaintext];
+    WOLFSSL_ENTER("XChaCha_test");
 #endif
 
     ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
@@ -14982,7 +15455,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
 
 #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
-    wc_test_ret_t ret;
 
     WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
         0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
@@ -15019,15 +15491,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
       0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
     };
 
+    wc_test_ret_t ret;
+
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
+    WOLFSSL_ENTER("XChaCha20Poly1305_test");
     if ((buf1 == NULL) || (buf2 == NULL))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
     byte buf1[sizeof Ciphertext + sizeof Tag];
     byte buf2[sizeof Plaintext];
+    WOLFSSL_ENTER("XChaCha20Poly1305_test");
 #endif
 
     ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
@@ -15163,14 +15640,30 @@ static wc_test_ret_t random_rng_test(void)
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
     {
         byte nonce[8] = { 0 };
-        /* Test dynamic RNG. */
+
+        /* Test dynamic RNG */
         rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
         if (rng == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
         ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+        wc_rng_free(rng);
+        rng = NULL;
+
+        if (ret != 0)
+            return ret;
+
+        /* Test dynamic RNG using extended API */
+        ret = wc_rng_new_ex(&rng, nonce, (word32)sizeof(nonce),
+                            HEAP_HINT, devId);
+        if (ret != 0)
+            return WC_TEST_RET_ENC_EC(ret);
 
+        ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
         wc_rng_free(rng);
+
+        if (ret != 0)
+            return ret;
     }
 #endif
 
@@ -15298,6 +15791,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 
     byte output[WC_SHA256_DIGEST_SIZE * 4];
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("random_test");
 
     ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
                             output, sizeof(output));
@@ -15364,6 +15858,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 {
+    WOLFSSL_ENTER("random_test");
+
     /* Basic RNG generate block test */
     return random_rng_test();
 }
@@ -15413,7 +15909,7 @@ static int simple_mem_test(int sz)
 static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ)
 {
     wc_test_ret_t ret = 0;
-    volatile word32 j = -1; /* must be volatile to properly detect error */
+    volatile word32 j = (word32)-1; /* must be volatile to properly detect error */
 
     ret = (wc_test_ret_t)*in; /* accessed *in value. */
     (void)ret;
@@ -15437,6 +15933,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 {
     wc_test_ret_t ret = 0;
     word32 j = 0; /* used in embedded const pointer test */
+    WOLFSSL_ENTER("memory_test");
 
 #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
     int i;
@@ -15859,16 +16356,16 @@ static void initDefaultName(void)
 
 #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
     !defined(NO_FILESYSTEM)
-static byte minSerial[] = { 0x02, 0x01, 0x01 };
-static byte minName[] = { 0x30, 0x00 };
-static byte nameBad[] = {
+static const byte minSerial[] = { 0x02, 0x01, 0x01 };
+static const byte minName[] = { 0x30, 0x00 };
+static const byte nameBad[] = {
     0x30, 0x08,
           0x31, 0x06,
                 0x30, 0x04,
                       0x06, 0x02,
                             0x55, 0x04,
 };
-static byte minDates[] = {
+static const byte minDates[] = {
     0x30, 0x1e,
           0x17, 0x0d,
                 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
@@ -15877,7 +16374,7 @@ static byte minDates[] = {
                 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
                 0x32, 0x33, 0x31, 0x30, 0x5a
 };
-static byte minPubKey[] = {
+static const byte minPubKey[] = {
     0x30, 0x1c,
           0x30, 0x0d,
                 0x06, 0x09,
@@ -15891,14 +16388,14 @@ static byte minPubKey[] = {
                             0x02, 0x03,
                                   0x01, 0x00, 0x01
 };
-static byte minSigAlg[] = {
+static const byte minSigAlg[] = {
     0x30, 0x0d,
           0x06, 0x09,
                 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
                 0x0b,
           0x05, 0x00
 };
-static byte minSig[] = {
+static const byte minSig[] = {
     0x03, 0x01,
           0x00
 };
@@ -15910,7 +16407,7 @@ static int add_seq(byte* certData, int offset, byte* data, byte length)
     certData[offset++] = length;
     return offset + length;
 }
-static int add_data(byte* certData, int offset, byte* data, byte length)
+static int add_data(byte* certData, int offset, const byte* data, byte length)
 {
     XMEMCPY(certData + offset, data, length);
     return offset + length;
@@ -15980,6 +16477,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
     size_t      bytes;
     XFILE       file;
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("cert_test");
+
 
     tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmp == NULL)
@@ -16082,6 +16581,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     /* created from rsa_test : cert.der */
     byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
                     "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
+    WOLFSSL_ENTER("certext_test");
 
     tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmp == NULL)
@@ -16252,6 +16752,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
     FILE* file;
     byte* der;
     word32 derSz;
+    WOLFSSL_ENTER("decodedCertCache_test");
 
     derSz = FOURK_BUF;
     der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -16405,87 +16906,45 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
 
     /* Parameter Validation testing. */
     ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != BAD_FUNC_ARG)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
+
     eSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != RSA_BUFFER_E)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
+
     eSz = sizeof(e);
     nSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
     if (ret != RSA_BUFFER_E)
-#endif
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
 }
 #endif /* NO_ASN */
 
-#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
+#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
 static wc_test_ret_t rsa_export_key_test(RsaKey* key)
 {
@@ -16560,7 +17019,7 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
 
     return 0;
 }
-#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
+#endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
 
 #ifndef NO_SIG_WRAPPER
 static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
@@ -16622,12 +17081,7 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, NULL);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
+#if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
     /* blinding / rng handled with hardware acceleration */
     if (ret != 0)
 #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@@ -16845,7 +17299,7 @@ static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte
 }
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
+#if !defined(NO_ASN)
 static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 {
     wc_test_ret_t ret;
@@ -17188,6 +17642,10 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || sig == NULL)
         ERROR_OUT(MEMORY_E, exit_rsa_pss);
@@ -17508,6 +17966,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(key, RsaKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WOLFSSL_ENTER("rsa_no_pad_test");
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (key == NULL || out == NULL || plain == NULL)
         ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
@@ -17738,6 +18201,12 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 #endif
+
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (out == NULL
     #ifndef WOLFSSL_RSA_PUBLIC_ONLY
@@ -18024,8 +18493,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     }
-
-#ifdef WOLFSSL_ALT_NAMES
+#if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
         /* Get CA Cert for testing */
     #ifdef USE_CERT_BUFFERS_1024
         XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
@@ -18044,6 +18512,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
             ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
     #endif /* USE_CERT_BUFFERS */
 
+    #if  defined(WOLFSSL_ALT_NAMES)
     #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
         !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
         ret = wc_SetAltNames(myCert, rsaCaCertFile);
@@ -18065,7 +18534,8 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     #endif
-#endif /* WOLFSSL_ALT_NAMES */
+    #endif /* WOLFSSL_ALT_NAMES */
+#endif /* WOLFSSL_ALT_NAMES || HAVE_PKCS7 */
 
     /* Get CA Key */
 #ifdef USE_CERT_BUFFERS_1024
@@ -18537,8 +19007,7 @@ exit_rsa:
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
 #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
-     (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS) || \
       (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
       && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
 static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
@@ -18555,6 +19024,10 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || plain == NULL)
         ERROR_OUT(MEMORY_E, exit_rsa);
@@ -18915,6 +19388,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WOLFSSL_ENTER("rsa_test");
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || plain == NULL)
         ERROR_OUT(MEMORY_E, exit_rsa);
@@ -18942,7 +19420,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     XMEMSET(keypub, 0, sizeof *keypub);
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
+#if !defined(NO_ASN)
     ret = rsa_decode_test(key);
     if (ret != 0)
         ERROR_OUT(ret, exit_rsa);
@@ -19120,7 +19598,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #elif defined(WOLFSSL_PUBLIC_MP)
     {
-        static byte signature_2048[] = {
+        static const byte signature_2048[] = {
             0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
             0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
             0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
@@ -19206,19 +19684,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
-    #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
-        (!defined(HAVE_FIPS) || \
+    #if (!defined(HAVE_FIPS) || \
          (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
          && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
     ret = rsa_oaep_padding_test(key, &rng);
     if (ret != 0)
         return ret;
 
-    #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
+    #endif /* !HAVE_FIPS */
     #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
 #endif /* WOLFSSL_RSA_VERIFY_ONLY */
 
-#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
+#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_export_key_test(key);
     if (ret != 0)
@@ -20075,7 +20552,8 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
 
-#if defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)
+#if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
+    !defined(HAVE_INTEL_QA)
     /* Make p even */
     key->p.dp[0] &= (mp_digit)-2;
     if (ret != 0)
@@ -20107,7 +20585,7 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 
     /* Getting here means success - set ret to 0. */
     ret = 0;
-#endif
+#endif /* (SP DH or Fast Math) and not Intel QuickAssist */
 
 done:
 
@@ -20198,6 +20676,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
 #endif
 #endif /* !WC_NO_RNG */
 
+    WOLFSSL_ENTER("dh_test");
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if (key == NULL || key2 == NULL || tmp == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
@@ -20606,6 +21086,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
     DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
+    WOLFSSL_ENTER("dsa_test");
+
 
     if ((tmp == NULL) ||
         (key == NULL)
@@ -20946,6 +21428,7 @@ static wc_test_ret_t srp_test_digest(SrpType dgstType)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void)
 {
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("srp_test");
 
 #ifndef NO_SHA
     ret = srp_test_digest(SRP_TYPE_SHA);
@@ -21946,6 +22429,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     EVP_MD_CTX md_ctx;
     testVector a, b, c, d, e, f;
     byte       hash[WC_SHA256_DIGEST_SIZE*2];  /* max size */
+    WOLFSSL_ENTER("openssl_test");
 
     a.inLen = 0;
     b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
@@ -23133,6 +23617,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
 #if !defined(NO_SHA256) && !defined(NO_SHA)
     WOLFSSL_EVP_MD_CTX* ctx;
     WOLFSSL_EVP_MD_CTX* ctx2;
+    WOLFSSL_ENTER("openSSL_evpMD_test");
 
     ctx = EVP_MD_CTX_create();
     ctx2 = EVP_MD_CTX_create();
@@ -23224,7 +23709,7 @@ static void show(const char *title, const char *p, unsigned int s) {
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
 {
     wc_test_ret_t ret = 0;
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
+#if !defined(NO_RSA) && !defined(NO_SHA)
     byte*   prvTmp;
     byte*   pubTmp;
     int prvBytes;
@@ -23246,9 +23731,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
     XFILE  keypubFile;
     char cliKey[]    = "./certs/client-key.der";
     char cliKeypub[] = "./certs/client-keyPub.der";
-
 #endif
 
+    WOLFSSL_ENTER("openssl_pkey0_test");
+
     prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (prvTmp == NULL)
         return WC_TEST_RET_ENC_ERRNO;
@@ -23452,8 +23938,7 @@ openssl_pkey0_test_done:
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
 {
     wc_test_ret_t ret = 0;
-#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    !defined(NO_SHA)
+#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
     EVP_PKEY_CTX* dec = NULL;
     EVP_PKEY_CTX* enc = NULL;
     EVP_PKEY* pubKey  = NULL;
@@ -23482,6 +23967,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
     unsigned char plain[RSA_TEST_BYTES];
 #endif
 
+    WOLFSSL_ENTER("openssl_pkey1_test");
+
 #if defined(USE_CERT_BUFFERS_1024)
     XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
     cliKeySz = (long)sizeof_client_key_der_1024;
@@ -23648,7 +24135,7 @@ openssl_pkey1_test_done:
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
 {
-#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA) && !defined(NO_SHA)
     byte*   prvTmp;
     byte*   pubTmp;
     int prvBytes;
@@ -23667,12 +24154,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     unsigned int count;
     wc_test_ret_t ret, ret1, ret2;
 
-    #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
+#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
     XFILE   keyFile;
     XFILE   keypubFile;
     char cliKey[]    = "./certs/client-key.der";
     char cliKeypub[] = "./certs/client-keyPub.der";
-    #endif
+#endif
+    WOLFSSL_ENTER("openssl_evpSig_test");
 
     prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (prvTmp == NULL)
@@ -23903,6 +24391,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
         0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
     };
 #endif
+    WOLFSSL_ENTER("scrypt_test");
 
     ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
     if (ret != 0)
@@ -23942,6 +24431,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
     if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif
+#else
+#ifdef SCRYPT_TEST_ALL
+    (void)verify4;
+#endif
 #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
 
 #if !defined(BENCH_EMBEDDED)
@@ -23986,9 +24479,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
     int id         =  1;
     int kLen       = 24;
     int iterations =  1;
-    wc_test_ret_t ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
-                                                  iterations, kLen, WC_SHA256, id);
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("pkcs12_test");
 
+    ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
+                          iterations, kLen, WC_SHA256, id);
     if (ret < 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -24027,8 +24522,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
         0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
     };
 
-    wc_test_ret_t ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt,
-              (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId);
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("pbkdf2_test");
+
+    ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
+                       salt, (int)sizeof(salt), iterations,
+                       kLen, WC_SHA256, HEAP_HINT, devId);
     if (ret != 0)
         return ret;
 
@@ -24054,9 +24553,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
         0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
     };
 
-    wc_test_ret_t ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
-        (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
-        HEAP_HINT);
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("pbkdf1_test");
+
+    ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
+             (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
+             HEAP_HINT);
     if (ret != 0)
         return ret;
 
@@ -24069,29 +24571,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
 {
-   wc_test_ret_t ret = 0;
+    wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("pwdbased_test");
 
 #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
-   ret = pbkdf1_test();
-   if (ret != 0)
-      return ret;
+    ret = pbkdf1_test();
+    if (ret != 0)
+        return ret;
 #endif
 #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
-   ret = pbkdf2_test();
-   if (ret != 0)
-      return ret;
+    ret = pbkdf2_test();
+    if (ret != 0)
+        return ret;
 #endif
 #ifdef HAVE_PKCS12
-   ret = pkcs12_test();
-   if (ret != 0)
-      return ret;
+    ret = pkcs12_test();
+    if (ret != 0)
+        return ret;
 #endif
 #ifdef HAVE_SCRYPT
-   ret = scrypt_test();
-   if (ret != 0)
-      return ret;
+    ret = scrypt_test();
+    if (ret != 0)
+        return ret;
 #endif
-   return ret;
+    return ret;
 }
 
 #endif /* NO_PWDBASED */
@@ -24153,6 +24656,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
                       0x58, 0x65 };
 #endif
 #endif /* !NO_SHA256 */
+    WOLFSSL_ENTER("hkdf_test");
 
     XMEMSET(okm1, 0, sizeof(okm1));
     L = (int)sizeof(okm1);
@@ -24335,13 +24839,14 @@ static const SshKdfTestVector sshKdfTestVectors[] = {
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
 {
-    wc_test_ret_t result = 0;
+    byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
     word32 i;
     word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
     const SshKdfTestVector* tv = NULL;
-    byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
-    /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
+    wc_test_ret_t result = 0;
+    WOLFSSL_ENTER("sshkdf_test");
 
+    /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
     for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
         result = wc_SSH_KDF(tv->hashId, tv->keyId,
                 cKey, tv->expectedKeySz,
@@ -24926,6 +25431,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
     word32 i;
     word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector);
     const Tls13KdfTestVector* tv = NULL;
+    WOLFSSL_ENTER("tls13_kdf_test");
 
     for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) {
         byte output[WC_MAX_DIGEST_SIZE];
@@ -25163,6 +25669,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
     };
 #endif
 
+    WOLFSSL_ENTER("x963kdf_test");
+
 #ifndef NO_SHA
     ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
                       kek, sizeof(verify));
@@ -25312,6 +25820,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
 {
     wc_test_ret_t ret = 0;
     Hpke hpke[1];
+    WOLFSSL_ENTER("hpke_test");
 
 #if defined(HAVE_ECC)
     #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
@@ -25594,6 +26103,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
     unsigned char keyE[32];
     unsigned char keyA[20];
     unsigned char keyS[14];
+    WOLFSSL_ENTER("srtpkdf_test");
 
     for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
     #ifndef WOLFSSL_AES_128
@@ -25895,6 +26405,13 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
     WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 
+    WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
+#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
+    WC_ALLOC_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (sig == NULL)
         ERROR_OUT(MEMORY_E, done);
@@ -27283,6 +27800,21 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     int     curveSize;
 #endif
 
+#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
+    !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
+    WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
+#endif
+#ifdef HAVE_ECC_KEY_EXPORT
+    WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
+#endif
+#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
+    !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
+    defined(HAVE_ECC_SIGN)
+    WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
 #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
@@ -27690,6 +28222,7 @@ done:
 static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
 {
     wc_test_ret_t ret;
+    WOLFSSL_MSG_EX("ecc_test_curve keySize = %d", keySize);
 
     ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
         NULL);
@@ -28241,7 +28774,9 @@ done:
 #endif
 
 #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
+    !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
+    !defined(WOLFSSL_CRYPTOCELL)
 static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
 {
     wc_test_ret_t ret;
@@ -28933,6 +29468,18 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
     int     curveSize;
 #endif
 
+#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
+    WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
+#endif
+#ifdef HAVE_ECC_KEY_EXPORT
+    WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
+#endif
+#ifdef HAVE_ECC_SIGN
+    WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
 #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
     if (sharedA == NULL || sharedB == NULL)
@@ -30074,6 +30621,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
 {
     wc_test_ret_t ret;
     WC_RNG rng;
+    WOLFSSL_ENTER("ecc_test");
+#if defined(ECC_MIN_KEY_SZ)
+    WOLFSSL_MSG_EX("ecc_test ECC_MIN_KEY_SZ = %d\n", ECC_MIN_KEY_SZ);
+#else
+    WOLFSSL_MSG("ecc_test ECC_MIN_KEY_SZ not defined.");
+#endif
 
 #if defined(WOLFSSL_CERT_EXT) && \
     (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
@@ -30117,8 +30670,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
 #endif /* HAVE_ECC160 */
 #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
     ret = ecc_test_curve(&rng, 24, ECC_CURVE_DEF);
-        printf("keySize=24, Default\n");
     if (ret < 0) {
+        printf("keySize=24, Default\n");
         goto done;
     }
 #endif /* HAVE_ECC192 */
@@ -30958,6 +31511,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     ecc_key userA[1];
     ecc_key userB[1];
 #endif
+    WOLFSSL_ENTER("ecc_encrypt_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -31130,6 +31684,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
     byte   plain[256];
     int verify = 0;
     word32 x;
+    WOLFSSL_ENTER("ecc_test_buffers");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL))
@@ -31696,6 +32251,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
 #endif /* HAVE_CURVE25519_SHARED_SECRET */
 
     (void)x;
+    WOLFSSL_ENTER("curve25519_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -32611,7 +33167,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
                                    sizeof(msg4)
     };
 #ifndef NO_ASN
-    static byte privateEd25519[] = {
+    static const byte privateEd25519[] = {
         0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
         0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
         0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
@@ -32619,7 +33175,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
         0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
     };
-    static byte badPrivateEd25519[] = {
+    static const byte badPrivateEd25519[] = {
         0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
         0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
         0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
@@ -32633,7 +33189,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         0xf7,0x07,0x51,0x1a,
         0x00  /* add additional bytes to make the pubkey bigger  */
     };
-    static byte publicEd25519[] = {
+    static const byte publicEd25519[] = {
         0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
         0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
         0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
@@ -32643,7 +33199,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     };
 
     /* size has been altered to catch if sanity check is done */
-    static byte badPublicEd25519[] = {
+    static const byte badPublicEd25519[] = {
         0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
         0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
         0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
@@ -32652,7 +33208,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         0xf7,0x07,0x51,0x1a,
         0x00 /* add an additional byte to make the pubkey appear bigger */
     };
-    static byte privPubEd25519[] = {
+    static const byte privPubEd25519[] = {
         0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06,
         0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
         0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
@@ -32672,6 +33228,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
     ed25519_key key3;
 #endif
+    WOLFSSL_ENTER("ed25519_test");
 
     /* create ed25519 keys */
 #ifndef HAVE_FIPS
@@ -33005,7 +33562,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
 #ifdef HAVE_CURVE448_KEY_EXPORT
     byte    exportBuf[CURVE448_KEY_SIZE];
 #endif
-    word32  x;
+    word32  x = 0;
     curve448_key userA, userB, pubKey;
 
 #if defined(HAVE_CURVE448_SHARED_SECRET) && \
@@ -33071,6 +33628,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
 #endif /* HAVE_CURVE448_SHARED_SECRET */
 
     (void)x;
+    WOLFSSL_ENTER("curve448_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -34129,6 +34687,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
     ed448_key key3[1];
 #endif
 #endif
+    WOLFSSL_ENTER("ed448_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -36452,6 +37011,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
           KYBER1024_CIPHER_TEXT_SIZE },
     #endif
     };
+    WOLFSSL_ENTER("kyber_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
@@ -36570,8 +37130,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 {
     int             i = 0;
     int             j = 0;
-    int             ret = -1;
-    int             ret2 = -1;
     XmssKey         signingKey;
     XmssKey         verifyKey;
     WC_RNG          rng;
@@ -36583,8 +37141,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
     unsigned char * old_sk = NULL;
     const char *    msg = "XMSS post quantum signature test";
     word32          msgSz = (word32) XSTRLEN(msg);
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10
+    const char *    param = "XMSS-SHA2_10_256";
+#elif WOLFSSL_XMSS_MIN_HEIGHT <= 20
     const char *    param = "XMSSMT-SHA2_20/4_256";
+#elif WOLFSSL_XMSS_MIN_HEIGHT <= 40
+    const char *    param = "XMSSMT-SHA2_40/8_256";
+#else
+    const char *    param = "XMSSMT-SHA2_60/12_256";
+#endif
     byte *          sig = NULL;
+    int             ret2 = -1;
+    int             ret = -1;
+    WOLFSSL_ENTER("xmss_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
@@ -36683,7 +37252,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 
             ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if (ret2 != -1) {
+            if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
                 /* Verify passed when it should have failed. */
                 return WC_TEST_RET_ENC_I(j);
             }
@@ -36716,8 +37285,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 }
 #endif /*if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)*/
 
-#if defined(WOLFSSL_HAVE_XMSS) && defined(WOLFSSL_XMSS_VERIFY_ONLY) && \
-    !defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_SMALL_STACK) && \
+    WOLFSSL_XMSS_MIN_HEIGHT <= 10
 
 /* A simple xmss verify only test using:
  *   XMSS-SHA2_10_256
@@ -36730,7 +37299,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
  *   https://github.com/XMSS/xmss-reference
  * */
 
-static byte xmss_pub[XMSS_SHA256_PUBLEN] =
+static const byte xmss_pub[XMSS_SHA256_PUBLEN] =
 {
     0x00,0x00,0x00,0x01,0xA5,0x41,0x31,0x96,
     0x0A,0xF9,0xF3,0xB2,0x4B,0x2E,0x5B,0x3E,
@@ -36743,7 +37312,7 @@ static byte xmss_pub[XMSS_SHA256_PUBLEN] =
     0xC9,0xB7,0x39,0x4E
 };
 
-static byte xmss_msg[32] =
+static /* not const */ byte xmss_msg[32] =
 {
     0x07,0x9F,0x80,0x86,0xDB,0x76,0x27,0xDF,
     0xED,0x5B,0x2A,0x81,0x60,0x60,0x7D,0xB4,
@@ -36753,7 +37322,7 @@ static byte xmss_msg[32] =
 
 /* This was actually the 5th signature produced from
  * xmss_fast test in xmss-reference. */
-static byte xmss_sig[2500] =
+static /* not const */ byte xmss_sig[2500] =
 {
     0x00,0x00,0x00,0x05,0xF0,0x15,0x34,0xBA,
     0x92,0x03,0x6A,0xB9,0xA5,0x23,0x86,0x11,
@@ -37072,13 +37641,14 @@ static byte xmss_sig[2500] =
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 {
-    int          ret = -1;
-    int          ret2 = -1;
-    int          j = 0;
     XmssKey      verifyKey;
-    word32       pkSz = 0;
+    word32       pkSz  = 0;
     word32       sigSz = 0;
     const char * param = "XMSS-SHA2_10_256";
+    int          j     = 0;
+    int          ret2  = -1;
+    int          ret   = -1;
+    WOLFSSL_ENTER("xmss_test_verify_only");
 
     ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
@@ -37120,7 +37690,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
     xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
     ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                              (byte *) xmss_msg, sizeof(xmss_msg));
-    if (ret2 != -1) {
+    if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
         printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
         return WC_TEST_RET_ENC_EC(ret);
     }
@@ -37141,7 +37711,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 
         ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                                  (byte *) xmss_msg, sizeof(xmss_msg));
-        if (ret2 != -1) {
+        if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -37155,8 +37725,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 
     return ret;
 }
-#endif /* if defined(WOLFSSL_HAVE_XMSS) && defined(WOLFSSL_XMSS_VERIFY_ONLY) &&
-        *    !defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_HAVE_XMSS && !WOLFSSL_SMALL_STACK &&
+        * WOLFSSL_XMSS_MIN_HEIGHT <= 10 */
 
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
@@ -37205,6 +37775,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 #else
     byte          sig[WC_TEST_LMS_SIG_LEN];
 #endif
+    WOLFSSL_ENTER("lms_test");
 
     XMEMSET(priv, 0, sizeof(priv));
     XMEMSET(old_priv, 0, sizeof(old_priv));
@@ -37256,7 +37827,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
     if (sigSz != WC_TEST_LMS_SIG_LEN) {
-        printf("error: got %d, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
+        printf("error: got %u, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
         return WC_TEST_RET_ENC_EC(sigSz);
     }
 
@@ -37290,7 +37861,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 
             ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if (ret2 != -1) {
+            if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
                 /* Verify passed when it should have failed. */
                 return WC_TEST_RET_ENC_I(j);
             }
@@ -37311,13 +37882,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 
     wc_FreeRng(&rng);
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return ret;
 }
 
 #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
-#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) && \
-    !defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)
 
 /* A simple LMS verify only test.
  *
@@ -37339,7 +37914,7 @@ static byte lms_msg[28] =
     0x61,0x67,0x65,0x21
 };
 
-static byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
+static const byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
 {
     0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x06,
     0x00,0x00,0x00,0x04,0xA1,0x26,0x76,0xF8,
@@ -37551,6 +38126,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     int    levels = 0;
     int    height = 0;
     int    winternitz = 0;
+    WOLFSSL_ENTER("lms_test_verify_only");
 
     ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
@@ -37576,7 +38152,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
     if (pubLen != HSS_MAX_PUBLIC_KEY_LEN) {
-        printf("error: got %d, expected %d\n", pubLen, HSS_MAX_PUBLIC_KEY_LEN);
+        printf("error: got %u, expected %d\n", pubLen, HSS_MAX_PUBLIC_KEY_LEN);
         return WC_TEST_RET_ENC_EC(pubLen);
     }
 
@@ -37584,7 +38160,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
     if (sigSz != LMS_L1H10W8_SIGLEN) {
-        printf("error: got %d, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
+        printf("error: got %u, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
         return WC_TEST_RET_ENC_EC(sigSz);
     }
 
@@ -37599,7 +38175,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     lms_msg[msgSz / 2] ^= 1;
     ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
                             (byte *) lms_msg, msgSz);
-    if (ret2 != -1) {
+    if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
         printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
         return WC_TEST_RET_ENC_EC(ret);
     }
@@ -37621,7 +38197,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
         ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
                                 LMS_L1H10W8_SIGLEN,
                                 (byte *) lms_msg, msgSz);
-        if (ret2 != -1) {
+        if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -37634,8 +38210,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     return ret;
 }
 
-#endif /* if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) &&
-        *    !defined(WOLFSSL_SMALL_STACK) */
+#endif
+#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */
 
 static const int fiducial3 = WC_TEST_RET_LN; /* source code reference point --
                                               * see print_fiducials() below.
@@ -38551,6 +39127,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void)
     EccsiKey* pub  = NULL;
     mp_int* ssk    = NULL;
     ecc_point* pvt = NULL;
+    WOLFSSL_ENTER("eccsi_test");
 
     priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
             DYNAMIC_TYPE_TMP_BUFFER);
@@ -39363,12 +39940,12 @@ static wc_test_ret_t sakke_kat_encapsulate_test(SakkeKey* key)
         0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
         0x33, 0x00
     };
-    static word32 idSz = sizeof(id);
+    static const word32 idSz = sizeof(id);
     byte ssv[] = {
         0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
         0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
     };
-    static word16 ssvSz = sizeof(ssv);
+    static const word16 ssvSz = sizeof(ssv);
     static const byte expAuth[] = {
         0x04,
         0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
@@ -39706,6 +40283,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
     SakkeKey* pub  = NULL;
     SakkeKey* key  = NULL;
     ecc_point* rsk = NULL;
+    WOLFSSL_ENTER("sakke_test");
 
     priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
             DYNAMIC_TYPE_TMP_BUFFER);
@@ -39970,6 +40548,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
     const CMAC_Test_Case* tc;
     word32 i, tagSz;
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("cmac_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
@@ -40016,16 +40595,42 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
 
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+        ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
+                               tc->k, tc->kSz, NULL, devId);
+#else
         ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
                                tc->k, tc->kSz);
+#endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+        ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
+                             tc->k, tc->kSz, HEAP_HINT, devId);
+#else
         ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
                              tc->k, tc->kSz);
+#endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+        /* Test that keyless generate with init is the same */
+        XMEMSET(tag, 0, sizeof(tag));
+        tagSz = sizeof(tag);
+        ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+        ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
+                NULL, 0, HEAP_HINT, devId);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+#endif
+
     }
 
     ret = 0;
@@ -40268,6 +40873,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
     unsigned char res[SIPHASH_MAC_SIZE_16];
     unsigned char tmp[SIPHASH_MAC_SIZE_8];
     SipHash siphash;
+    WOLFSSL_ENTER("siphash_test (1)");
 
     for (i = 0; i < 64; i++) {
         ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
@@ -40305,6 +40911,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
         if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
             return WC_TEST_RET_ENC_I(i);
     }
+#else
+    WOLFSSL_ENTER("siphash_test (1)");
 #endif
 
     /* Testing bad parameters. */
@@ -40627,6 +41235,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
     word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
     byte *c;
     byte *d;
+    WOLFSSL_ENTER("compress_test");
 
     c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -41751,6 +42360,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void)
     byte* eccPrivKey = NULL;
     word32 eccCertSz    = 0;
     word32 eccPrivKeySz = 0;
+    WOLFSSL_ENTER("pkcs7enveloped_test");
 
 #ifndef NO_RSA
     /* read client RSA cert and key in DER format */
@@ -42457,6 +43067,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
     byte* eccPrivKey = NULL;
     word32 eccCertSz    = 0;
     word32 eccPrivKeySz = 0;
+    WOLFSSL_ENTER("pkcs7authenveloped_test");
 
 #ifndef NO_RSA
     /* read client RSA cert and key in DER format */
@@ -42918,6 +43529,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert
     wc_test_ret_t ret = 0;
     word32 derSz;
     byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    WOLFSSL_ENTER("pkcs7callback_test");
 
     if (! derBuf)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -43042,8 +43654,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
     /* Attribute example from RFC 4134, Section 7.2
      * OID = 1.2.5555
      * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
-    static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
-    static byte genAttr[] = { 0x04, 47,
+    static const byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
+    static const byte genAttr[] = { 0x04, 47,
                               0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
                               0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
                               0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
@@ -43051,8 +43663,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
                               0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
                               0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
 
-    static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
-    static byte genAttr2[] = { 0x04, 47,
+    static const byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
+    static const byte genAttr2[] = { 0x04, 47,
                               0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
                               0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
                               0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
@@ -43114,6 +43726,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
     #endif
 #endif /* !NO_AES && HAVE_AES_CBC */
     };
+    WOLFSSL_ENTER("pkcs7encrypted_test");
 
     encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -43290,6 +43903,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
         ERROR_OUT(MEMORY_E, out);
     }
 #endif
+    WOLFSSL_ENTER("pkcs7compressed_test");
 
     testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
 
@@ -43385,12 +43999,12 @@ typedef struct {
     word32       signedAttribsSz;
     const char*  outFileName;
     int          contentOID;
-    byte*        contentType;
+    const byte*  contentType;
     word32       contentTypeSz;
     int          sidType;
     int          encryptOID;   /* for single-shot encrypt alg OID */
     int          encCompFlag;  /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
-    byte*        encryptKey;   /* for single-shot, encryptedData */
+    const byte*  encryptKey;   /* for single-shot, encryptedData */
     word32       encryptKeySz; /* for single-shot, encryptedData */
     PKCS7Attrib* unprotectedAttribs;   /* for single-shot, encryptedData */
     word32       unprotectedAttribsSz; /* for single-shot, encryptedData */
@@ -43424,24 +44038,24 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         0x72,0x6c,0x64
     };
 
-    static byte transIdOid[] =
+    static const byte transIdOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x07 };
-    static byte messageTypeOid[] =
+    static const byte messageTypeOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x02 };
-    static byte senderNonceOid[] =
+    static const byte senderNonceOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x05 };
 #ifndef NO_SHA
-    static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
+    byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
 #else
-    static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
+    byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
 #endif
-    static byte messageType[] = { 0x13, 2, '1', '9' };
-    static byte senderNonce[PKCS7_NONCE_SZ + 2];
+    static const byte messageType[] = { 0x13, 2, '1', '9' };
+    byte senderNonce[PKCS7_NONCE_SZ + 2];
 
-    static PKCS7Attrib attribs[] =
+    PKCS7Attrib attribs[] =
     {
         { transIdOid, sizeof(transIdOid), transId,
                                sizeof(transId) - 1 }, /* take off the null */
@@ -43452,13 +44066,13 @@ static wc_test_ret_t pkcs7signed_run_vectors(
     };
 
     /* for testing custom contentType, FirmwarePkgData */
-    static byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
+    static const byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
                                         0x48, 0x86, 0xF7, 0x0D,
                                         0x01, 0x09, 0x10, 0x01, 0x10 };
 
     #define MAX_TESTVECTORS_LEN 20
     #define ADD_PKCS7SIGNEDVECTOR(...) {                                       \
-            pkcs7SignedVector _this_vector = { __VA_ARGS__ };                  \
+            const pkcs7SignedVector _this_vector = { __VA_ARGS__ };            \
             if (testSz == MAX_TESTVECTORS_LEN) {                               \
                 ret = WC_TEST_RET_ENC_NC;                                      \
                 goto out;                                                      \
@@ -43715,7 +44329,8 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         /* optional custom contentType, default is DATA,
            overrides contentOID if set */
         if (testVectors[i].contentType != NULL) {
-            ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType,
+            ret = wc_PKCS7_SetContentType(pkcs7,
+                                          (byte *)testVectors[i].contentType,
                                           testVectors[i].contentTypeSz);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -43837,7 +44452,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         #else
             byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
         #endif
-            byte* oidPt = transIdOid + 2;  /* skip object id tag and size */
+            const byte* oidPt = transIdOid + 2;  /* skip object id tag and size */
             int oidSz = (int)sizeof(transIdOid) - 2;
             int bufSz = 0;
 
@@ -43943,7 +44558,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
 #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
      defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
-    static byte aes256Key[] = {
+    static const byte aes256Key[] = {
         0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
         0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
         0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -43951,10 +44566,10 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
     };
 #endif
 
-    static byte messageTypeOid[] =
+    static const byte messageTypeOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x02 };
-    static byte messageType[] = { 0x13, 2, '1', '9' };
+    static const byte messageType[] = { 0x13, 2, '1', '9' };
 
     PKCS7Attrib attribs[] =
     {
@@ -44244,7 +44859,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
             /* encode Signed Encrypted FirmwarePkgData */
             encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
-                    testVectors[i].encryptKey, testVectors[i].encryptKeySz,
+                    (byte *)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
                     testVectors[i].privateKey, testVectors[i].privateKeySz,
                     testVectors[i].encryptOID, testVectors[i].signOID,
                     testVectors[i].hashOID, (byte*)testVectors[i].content,
@@ -44276,7 +44891,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
             /* encode Signed Encrypted Compressed FirmwarePkgData */
             encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
-                    testVectors[i].encryptKey, testVectors[i].encryptKeySz,
+                    (byte*)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
                     testVectors[i].privateKey, testVectors[i].privateKeySz,
                     testVectors[i].encryptOID, testVectors[i].signOID,
                     testVectors[i].hashOID, (byte*)testVectors[i].content,
@@ -44347,7 +44962,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
         else if (testVectors[i].encCompFlag == 1) {
 
             /* decrypt inner encryptedData */
-            pkcs7->encryptionKey = testVectors[i].encryptKey;
+            pkcs7->encryptionKey = (byte *)testVectors[i].encryptKey;
             pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
 
             ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
@@ -44385,7 +45000,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
             XMEMSET(encryptedTmp, 0, encryptedTmpSz);
 
             /* decrypt inner encryptedData */
-            pkcs7->encryptionKey = testVectors[i].encryptKey;
+            pkcs7->encryptionKey = (byte*)testVectors[i].encryptKey;
             pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
 
             encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
@@ -44471,6 +45086,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
     word32 rsaServerPrivKeyBufSz = 0;
     word32 rsaCaPrivKeyBufSz     = 0;
     word32 eccClientPrivKeyBufSz = 0;
+    WOLFSSL_ENTER("pkcs7signed_test");
 
 #ifndef NO_RSA
     /* read client RSA cert and key in DER format */
@@ -44721,7 +45337,7 @@ static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
     char str[30];
     WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
     WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
-    WOLFSSL_SMALL_STACK_STATIC const char* badStr3 = " ";
+    WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
     WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
     WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
 
@@ -44753,8 +45369,8 @@ static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
     ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
     if (ret != MP_VAL)
         return WC_TEST_RET_ENC_EC(ret);
-    ret = mp_read_radix(r, badStr3, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
+    if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_read_radix(r, zeros, MP_RADIX_DEC);
@@ -44801,7 +45417,7 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
 #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
     static char longStr[2 * sizeof(a->dp) + 2];
 #endif
-    WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = " ";
+    WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
     WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
     WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
 
@@ -44821,8 +45437,8 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
         }
     }
 
-    ret = mp_read_radix(r, badStr1, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    ret = mp_read_radix(r, empty2, MP_RADIX_HEX);
+    if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
     if (ret != MP_VAL)
@@ -47273,6 +47889,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #endif
     mp_digit d = 0;
 #endif
+
 #ifdef WOLFSSL_SMALL_STACK
     mp_int *a = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
                                   DYNAMIC_TYPE_TMP_BUFFER),
@@ -47295,6 +47912,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #else
     mp_int a[1], b[1], r1[1], r2[1], p[1];
 #endif
+    WOLFSSL_ENTER("mp_test");
 
     ret = mp_init_multi(a, b, r1, r2, NULL, NULL);
     if (ret != 0)
@@ -47348,8 +47966,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
             ret = mp_mulmod(a, a, p, r2);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
-            if (mp_cmp(r1, r2) != 0)
+            if (mp_cmp(r1, r2) != 0) {
+                WOLFSSL_MSG("Fail: mp_mulmod result does not match mp_sqrmod!");
                 ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+            }
          #endif
 
      #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
@@ -47789,6 +48409,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
     wc_test_ret_t ret;
     int isPrime = 0;
     WC_RNG rng;
+    WOLFSSL_ENTER("prime_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((n == NULL) ||
@@ -47974,6 +48595,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
         { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
         { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
     };
+    WOLFSSL_ENTER("berder_test");
 
     for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
         ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
@@ -48053,6 +48675,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
     byte        a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
     byte        b[256];
     int         i;
+    WOLFSSL_ENTER("logging_test (debug)");
 
     for (i = 0; i < (int)sizeof(b); i++)
         b[i] = i;
@@ -48099,6 +48722,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
     (void)b;
 
 #else
+    WOLFSSL_ENTER("logging_test");
     ret = wolfSSL_Debugging_ON();
     if (ret != NOT_COMPILED_IN)
         return WC_TEST_RET_ENC_EC(ret);
@@ -48123,20 +48747,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
     !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY))
     wc_test_ret_t ret;
 #endif
+
 #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
-  #ifndef WOLFSSL_STATIC_MEMORY
-    wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
-  #else
-    wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
+    #ifndef WOLFSSL_STATIC_MEMORY
+        wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
+        WOLFSSL_ENTER("[wolfcrypt_]mutex_test (1)");
+    #else
+        wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
                                                  HEAP_HINT, DYNAMIC_TYPE_MUTEX);
-    if (mm != NULL) {
-        ret = wc_InitMutex(mm);
-        if (ret != 0) {
-            WOLFSSL_MSG("Init Mutex failed");
-            XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
-            return WC_TEST_RET_ENC_EC(ret);
+        WOLFSSL_ENTER("[wolfcrypt_]mutex_test (2)");
+        if (mm != NULL) {
+            ret = wc_InitMutex(mm);
+            if (ret != 0) {
+                WOLFSSL_MSG("Init Mutex failed");
+                XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
+                return WC_TEST_RET_ENC_EC(ret);
+            }
         }
-    }
   #endif
     if (mm == NULL)
         return WC_TEST_RET_ENC_ERRNO;
@@ -48255,6 +48882,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
     wolfSSL_Malloc_cb  mc;
     wolfSSL_Free_cb    fc;
     wolfSSL_Realloc_cb rc;
+    WOLFSSL_ENTER("memcb_test");
 
     /* Save existing memory callbacks */
     ret = wolfSSL_GetAllocators(&mc, &fc, &rc);
@@ -48340,7 +48968,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void)
             0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
             0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
         };
-
+    WOLFSSL_ENTER("blob_test");
 
     XMEMSET(blob, 0, sizeof(blob));
     XMEMSET(out, 0, sizeof(out));
@@ -49461,13 +50089,13 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         /* set devId to invalid, so software is used */
         info->hmac.hmac->devId = INVALID_DEVID;
 
-        if (info->hash.in != NULL) {
+        if (info->hmac.in != NULL) {
             ret = wc_HmacUpdate(
                 info->hmac.hmac,
                 info->hmac.in,
                 info->hmac.inSz);
         }
-        else if (info->hash.digest != NULL) {
+        else if (info->hmac.digest != NULL) {
             ret = wc_HmacFinal(
                 info->hmac.hmac,
                 info->hmac.digest);
@@ -49477,6 +50105,49 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         info->hmac.hmac->devId = devIdArg;
     }
 #endif
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
+    else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
+        if (info->cmac.cmac == NULL) {
+            return NOT_COMPILED_IN;
+        }
+
+        /* set devId to invalid so software is used */
+        info->cmac.cmac->devId = INVALID_DEVID;
+
+        /* Handle one-shot cases */
+        if (info->cmac.key != NULL && info->cmac.in != NULL
+                && info->cmac.out != NULL) {
+            ret = wc_AesCmacGenerate(info->cmac.out,
+                    info->cmac.outSz,
+                    info->cmac.in,
+                    info->cmac.inSz,
+                    info->cmac.key,
+                    info->cmac.keySz);
+        /* Sequentially handle incremental cases */
+        } else {
+            if (info->cmac.key != NULL) {
+                ret = wc_InitCmac(info->cmac.cmac,
+                        info->cmac.key,
+                        info->cmac.keySz,
+                        info->cmac.type,
+                        NULL);
+            }
+            if ((ret == 0) && (info->cmac.in != NULL)) {
+                ret = wc_CmacUpdate(info->cmac.cmac,
+                        info->cmac.in,
+                        info->cmac.inSz);
+            }
+            if ((ret ==0) && (info->cmac.out != NULL)) {
+                ret = wc_CmacFinal(info->cmac.cmac,
+                        info->cmac.out,
+                        info->cmac.outSz);
+            }
+        }
+
+        /* reset devId */
+        info->cmac.cmac->devId = devIdArg;
+    }
+#endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */
 
     (void)devIdArg;
     (void)myCtx;
@@ -49516,6 +50187,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
     wc_test_ret_t ret = 0;
     int origDevId = devId;
     myCryptoDevCtx myCtx;
+    WOLFSSL_ENTER("cryptocb_test");
 
     /* example data for callback */
     myCtx.exampleVar = 1;
@@ -49571,6 +50243,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
     if (ret == 0)
         ret = aes_test();
     #endif
+    #ifdef WOLFSSL_AES_XTS
+    if (ret == 0)
+        ret = aes_xts_test();
+    #endif
     #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
     if (ret == 0)
         ret = aesccm_test();
@@ -49649,6 +50325,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void)
           0x71, 0x01, 0x04, /* Cert Info */
           0xFE, 0x00,       /* Error Detection */
     };
+    WOLFSSL_ENTER("certpiv_test");
 
     XMEMSET(&piv, 0, sizeof(piv));
     /* Test with Identiv 0x0A, 0x0B and 0x0C markers */
@@ -49718,6 +50395,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void)
 {
     time_t t;
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("time_test");
 
     ret = wc_SetTimeCb(time_cb);
     if (ret != 0)
@@ -49841,6 +50519,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     byte computedPlaintext[82];
     byte siv[AES_BLOCK_SIZE];
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("aes_siv_test");
 
     for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
         ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/Makefile.am b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/Makefile.am
deleted file mode 100644
index d9c3ae39..00000000
--- a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-AM_CFLAGS=-I m4
-
-#add in wolfssl directory
-AM_CPPFLAGS+=-I$(abs_srcdir)/../../ -I$(srcdir)/include/
-lib_LTLIBRARIES = lib/libusercrypto.la
-lib_libusercrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
-lib_libusercrypto_la_LDFLAGS = $(AM_LDFLAGS)
-lib_libusercrypto_la_SOURCES = src/rsa.c
-include_HEADERS = include/user_rsa.h
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/README.txt b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/README.txt
deleted file mode 100644
index 8afe87f6..00000000
--- a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/README.txt
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-/*
- Created to use intel's IPP see their license for linking to intel's IPP library
- */
-
-
-##BUILDING ON 64BIT MAC OSX
-Tested and developed on MAC OSX linking to IPP v9.0
-
-for me exporting the IPP library was needed. As an example it was
-export DYLD_LIBRARY_PATH="/opt/intel/ipp/lib"
-
-first go to the root wolfssl dir and run ./autogen.sh && ./configure it with desired settings then make. This is to set up the define options and wolfssl library for the user crypto to link to.
-
-Then go to the wolfssl/user-crypto directory and run ./autogen.sh && ./configure then make make install this creates a usercrypto library to use
-
-Finally go back to the root wolfssl directory and follow these build instructions
-
-building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
-An example build would be
-./configure --with-user-crypto CPPFLAGS=-I/opt/intel/ipp/include --enable-lighty
-
-
-##BUILDING IN 32BIT UBUNTU
-Tested on UBUNTU 32 bit linking to IPP v9.0
-
-for me exporting the IPP library. As an example it was
-export LD_LIBRARY_PATH="/opt/intel/ipp/lib/ia32_lin/:$LD_LIBRARY_PATH"
-
-first go to the root wolfssl dir and configure it with desired settings and make install. This is to set up the define options and wolfssl library for the user crypto to link to.
-
-For me on Ubuntu the IPP libraries had been installed into /opt/intel/ipp/lib/ia32_lin/ so the ./configure LDFLAGS=-L/opt/intel/ipp/lib/ia32_lin was needed to be looking at that directory.
-Run make && make install from the directory wolfssl_root/wolfssl/user-crypto/ this creates a usercrypto library to use
-
-Finally go back to the root wolfssl directory and follow these build instructions
-
-building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
-
-./configure --with-user-crypto=root_wolfssl/wolfssl/user-crypto CPPFLAGS=-I/opt/intel/ipp/include (plus any desired additional flags)
-
-
-##THINGS TO CHECK FOR IF NOT ABLE TO LINK WITH USERCRYPTO LIB
-Check that the path has been exported for the IPP library. If usercrypto is unable to use the  function to init an RSA key then the link to it will fail in configure. Check for this by $DYLD_LIBRARY_PATH on mac or $LD_LIBRARY_PATH on ubuntu. If the directory for the Intel IPP libraries are not displayed than use "export DYLD_LIBRARY_PATH=path_to_ipp_libraries:$DYLD_LIBRARY_PATH".
-
-
-##CREATING OWN RSA CRYPTO PLUGIN
-
-It is required to have a header file named user_rsa.h. This is what is looked for by wolfssl/wolfcrypt/rsa.h and should contain the user defined rsa key struct.
-
-It is required to have a library called usercrypto. This is linked to when configuring wolfSSL with the option --with-user-crypto
-
-It is required when compiled with RSA cert generation to have key struct elements named n and e containing the corresponding big numbers. And the three helper functions to work with the big numbers. These functions are called by wolfcrypt/src/asn.c when working with certificates.
-To view the needed functions look at wolfssl/wolfcrypt/rsa.h they will be extern functions surrounded by HAVE_USER_RSA define.
-Cert Generation for other sign and verify such as ECC are not yet supported.
-
-When building with openssl compatibility layer extra developent needs to be done, having the two functions SetRsaExernal and SetRsaInternal
-
-wolfSSL does not take responsibility for the strength of security of third party cryptography libraries plugged in by the user.
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/autogen.sh b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/autogen.sh
deleted file mode 100755
index 89e475c0..00000000
--- a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/autogen.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-#
-# Create configure and makefile stuff...
-#
-
-# Git hooks should come before autoreconf.
-if test -d .git; then
-  if ! test -d .git/hooks; then
-    mkdir .git/hooks
-  fi
-  ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
-  ln -s -f ../../pre-push.sh .git/hooks/pre-push
-fi
-
-# If this is a source checkout then call autoreconf with error as well
-if test -d .git; then
-  WARNINGS="all,error"
-else
-  WARNINGS="all"
-fi
-
-autoreconf --install --force --verbose
-
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/configure.ac b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/configure.ac
deleted file mode 100644
index 561b9ccd..00000000
--- a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/configure.ac
+++ /dev/null
@@ -1,44 +0,0 @@
-#                                               -*- Autoconf -*-
-# Process this file with autoconf to produce a configure script.
-
-AC_PREREQ([2.63])
-AC_INIT([usercypto], [0.1], [])
-AC_CONFIG_SRCDIR([src/rsa.c])
-
-AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
-
-LT_PREREQ([2.2])
-LT_INIT([disable-static])
-LT_LANG([C++])
-LT_LANG([C])
-
-# Checks for programs.
-AC_PROG_CC
-AC_CONFIG_MACRO_DIR([m4])
-
-# Checks for libraries.
-AM_LDFLAGS=$LDFLAGS
-LDFLAGS="$LDFLAGS -L/opt/intel/ipp/lib -lippcp -lippcore"
-
-# Path to find wolfssl/options and other includes
-AM_CPPFLAGS=$CPPFLAGS
-CPPFLAGS="$CPPFLAGS -I../../ -I/opt/intel/ipp/include"
-AC_CHECK_LIB([ippcore], [ippGetStatusString], [], [AC_MSG_ERROR([ippcore library needed ./configure LDFLAGS=/path/to/ipp/lib])])
-AC_CHECK_LIB([ippcp], [ippsRSA_InitPublicKey], [], [AC_MSG_ERROR([ippcp library needed ./configure LDFLAGS=/path/to/ipp/lib])])
-
-# check headers
-AC_CHECK_HEADER([ippcp.h], [], [AC_MSG_ERROR([ippcp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
-AC_CHECK_HEADER([ipp.h], [], [AC_MSG_ERROR([ipp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
-
-LDFLAGS=$AM_LDFLAGS
-CPPFLAGS=$AM_CPPFLAGS
-
-AM_LDFLAGS="-L/opt/intel/ipp/lib -lippcp -lippcore"
-AM_CPPFLAGS="-I/opt/intel/ipp/include"
-
-AC_SUBST([AM_CPPFLAGS])
-AC_SUBST([AM_LDFLAGS])
-AC_C_INLINE
-
-AC_CONFIG_FILES([Makefile])
-AC_OUTPUT
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include.am b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include.am
deleted file mode 100644
index 6cc8577a..00000000
--- a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include.am
+++ /dev/null
@@ -1,13 +0,0 @@
-
-if BUILD_FAST_RSA
-include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h
-endif
-
-# user crypto plug in example
-EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac
-EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh
-EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h
-EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c
-EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep
-EXTRA_DIST+= wolfcrypt/user-crypto/README.txt
-EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include/user_rsa.h b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include/user_rsa.h
deleted file mode 100644
index c850b779..00000000
--- a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/include/user_rsa.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/* user_rsa.h
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-/*
- Created to use intel's IPP see their license for linking to intel's IPP library
- */
-
-#ifndef USER_WOLF_CRYPT_RSA_H
-#define USER_WOLF_CRYPT_RSA_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_RSA
-
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-/* intels crypto */
-#include <ipp.h>
-#include <ippcp.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* needed for WOLFSSL_RSA type but use macro guard against redefine */
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TYPES_DEFINED) \
-        && !defined(WOLFSSL_RSA_TYPE_DEFINED)
-    struct WOLFSSL_RSA;
-    typedef struct WOLFSSL_RSA WOLFSSL_RSA;
-    #define WOLFSSL_RSA_TYPE_DEFINED
-#endif
-
-
-enum {
-    RSA_PUBLIC   = 0,
-    RSA_PRIVATE  = 1,
-};
-
-/* RSA */
-struct RsaKey {
-    IppsBigNumState* n;
-    IppsBigNumState* e;
-    IppsBigNumState* dipp;
-    IppsBigNumState* pipp;
-    IppsBigNumState* qipp;
-    IppsBigNumState* dPipp;
-    IppsBigNumState* dQipp;
-    IppsBigNumState* uipp;
-    int nSz, eSz, dSz;
-    IppsRSAPublicKeyState*  pPub;
-    IppsRSAPrivateKeyState* pPrv;
-    word32 prvSz; /* size of private key */
-    word32 sz;    /* size of signature */
-    int   type;                               /* public or private */
-    void* heap;                               /* for user memory overrides */
-};
-
-#ifndef WC_RSAKEY_TYPE_DEFINED
-    typedef struct RsaKey RsaKey;
-    #define WC_RSAKEY_TYPE_DEFINED
-#endif
-
-WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void*);
-WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
-WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
-
-WOLFSSL_API int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                                     word32 outLen, RsaKey* key, WC_RNG* rng);
-WOLFSSL_API int  wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
-                                            RsaKey* key);
-WOLFSSL_API int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
-                                      word32 outLen, RsaKey* key);
-WOLFSSL_API int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-                                word32 outLen, RsaKey* key, WC_RNG* rng);
-WOLFSSL_API int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
-                                        RsaKey* key);
-WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
-                                  word32 outLen, RsaKey* key);
-WOLFSSL_API int  wc_RsaEncryptSize(RsaKey* key);
-
-WOLFSSL_API int  wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
-WOLFSSL_API int  wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
-        word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
-WOLFSSL_API int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
-WOLFSSL_API int  wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
-                                        const byte* e, word32 eSz, RsaKey* key);
-WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
-WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
-#ifdef WOLFSSL_KEY_GEN
-    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
-#endif
-WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
-                                                                       word32*);
-WOLFSSL_API int  wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
-
-
-#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-        /* abstracted BN operations with RSA key */
-    WOLFSSL_API int wc_Rsa_leading_bit(void* BN);
-    WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN);
-
-        /* return MP_OKAY on success */
-    WOLFSSL_API int wc_Rsa_to_unsigned_bin(void* BN, byte* in, int inLen);
-#endif
-
-#ifdef OPENSSL_EXTRA /* abstracted functions to deal with rsa key */
-    WOLFSSL_API int SetRsaExternal(WOLFSSL_RSA* rsa);
-    WOLFSSL_API int SetRsaInternal(WOLFSSL_RSA* rsa);
-#endif
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_RSA */
-#endif /* USER_WOLF_CRYPT_RSA_H */
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/lib/.gitkeep b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/lib/.gitkeep
deleted file mode 100644
index e69de29b..00000000
diff --git a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/src/rsa.c b/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/src/rsa.c
deleted file mode 100644
index 66357372..00000000
--- a/extra/wolfssl/wolfssl/wolfcrypt/user-crypto/src/rsa.c
+++ /dev/null
@@ -1,2797 +0,0 @@
-/* rsa.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#ifdef HAVE_CONFIG_H /* configure options when using autoconf */
-    #include <config.h>
-#endif
-
-#include <wolfssl/options.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_RSA
-
-#define USER_CRYPTO_ERROR -101
-
-#ifdef OPENSSL_EXTRA
-    #include <wolfssl/openssl/rsa.h> /* include for openssl compatibility */
-    #include <wolfssl/openssl/bn.h>
-#endif
-#include "user_rsa.h"
-
-#ifdef DEBUG_WOLFSSL /* debug done without variadic to allow older compilers */
-    #include <stdio.h>
-    #define USER_DEBUG(x) printf x
-#else
-    #define USER_DEBUG(x) WC_DO_NOTHING
-#endif
-
-#define ASN_INTEGER    0x02
-#define ASN_BIT_STRING 0x03
-#define ASN_TAG_NULL   0x05
-#define ASN_OBJECT_ID  0x06
-
-
-/* Make sure compiler doesn't skip -- used from wolfSSL */
-static inline void ForceZero(const void* mem, word32 len)
-{
-    volatile byte* z = (volatile byte*)mem;
-
-    while (len--) *z++ = 0;
-}
-
-enum {
-    RSA_PUBLIC_ENCRYPT  = 0,
-    RSA_PUBLIC_DECRYPT  = 1,
-    RSA_PRIVATE_ENCRYPT = 2,
-    RSA_PRIVATE_DECRYPT = 3,
-
-    RSA_BLOCK_TYPE_1 = 1,
-    RSA_BLOCK_TYPE_2 = 2,
-
-    RSA_MIN_SIZE = 512,
-    RSA_MAX_SIZE = 4096, /* max allowed in IPP library */
-
-    RSA_MIN_PAD_SZ   = 11      /* separator + 0 + pad value + 8 pads */
-};
-
-
-int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
-{
-
-    USER_DEBUG(("Entering wc_InitRsaKey\n"));
-
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set full struct as 0 */
-    ForceZero(key, sizeof(RsaKey));
-
-    USER_DEBUG(("\tExit wc_InitRsaKey\n"));
-
-    (void)devId;
-    (void)heap;
-    return 0;
-}
-
-int wc_InitRsaKey(RsaKey* key, void* heap)
-{
-    return wc_InitRsaKey_ex(key, heap, INVALID_DEVID);
-}
-
-
-/* three functions needed for cert and key gen */
-#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-/* return 1 if there is a leading bit*/
-int wc_Rsa_leading_bit(void* bn)
-{
-    int ret = 0;
-    int dataSz;
-    Ipp32u* data;
-    Ipp32u  q;
-    int qSz = sizeof(Ipp32u);
-
-    if (ippsExtGet_BN(NULL, &dataSz, NULL, bn) != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN Rsa leading bit error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* convert from size in binary to Ipp32u */
-    dataSz = dataSz / 32 + ((dataSz % 32)? 1 : 0);
-    data = (Ipp32u*)XMALLOC(dataSz * sizeof(Ipp32u), NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL) {
-        USER_DEBUG(("Rsa leading bit memory error\n"));
-        return 0;
-    }
-
-    /* extract value from BN */
-    if (ippsExtGet_BN(NULL, NULL, data, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa leading bit error\n"));
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return 0;
-    }
-
-    /* use method like what's used in wolfssl tfm.c  */
-    q = data[dataSz - 1];
-
-    ret = 0;
-    while (qSz > 0) {
-        if (q != 0)
-            ret = (q & 0x80) != 0;
-        q >>= 8;
-        qSz--;
-    }
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return ret;
-}
-
-
-/* get the size in bytes of BN */
-int wc_Rsa_unsigned_bin_size(void* bn)
-{
-    int ret = 0;
-    if (ippsExtGet_BN(NULL, &ret, NULL, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa unsigned bin size error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-    return (ret / 8) + ((ret % 8)? 1: 0); /* size in bytes */
-}
-
-#ifndef MP_OKAY
-#define MP_OKAY 0
-#endif
-
-/* extract the bn value to a unsigned byte array and return MP_OKAY on success */
-int wc_Rsa_to_unsigned_bin(void* bn, byte* in, int inLen)
-{
-    if (ippsGetOctString_BN((Ipp8u*)in, inLen, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa to unsigned bin error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-    return MP_OKAY;
-}
-#endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN || OPENSSL_EXTRA */
-
-
-#ifdef OPENSSL_EXTRA /* functions needed for openssl compatibility layer */
-static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, IppsBigNumState* in)
-{
-    IppStatus ret;
-    byte* data;
-    int sz;
-
-    USER_DEBUG(("Entering SetIndividualExternal\n"));
-
-    if (bn == NULL || in == NULL) {
-        USER_DEBUG(("inputs NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (*bn == NULL) {
-        *bn = wolfSSL_BN_new();
-        if (*bn == NULL) {
-            USER_DEBUG(("SetIndividualExternal alloc failed\n"));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* get size of array needed and extract oct array of data */
-    ret = ippsGetSize_BN(in, &sz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    data = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(data, sz, in);
-    if (ret != ippStsNoErr) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* store the data into a wolfSSL Big Number */
-    *bn = wolfSSL_BN_bin2bn(data, sz, *bn);
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi)
-{
-    int length, ctxSz, sz;
-    IppStatus ret;
-    Ipp8u* data;
-
-    USER_DEBUG(("Entering SetIndividualInternal\n"));
-
-    if (bn == NULL || bn->internal == NULL) {
-        USER_DEBUG(("bn NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    length = wolfSSL_BN_num_bytes(bn);
-
-    /* if not IPP BN then create one */
-    if (*mpi == NULL) {
-        ret = ippsBigNumGetSize(length, &ctxSz);
-        if (ret != ippStsNoErr)
-            return USER_CRYPTO_ERROR;
-
-        *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-        if (*mpi == NULL)
-            return USER_CRYPTO_ERROR;
-
-        ret = ippsBigNumInit(length, *mpi);
-        if (ret != ippStsNoErr) {
-            XFREE(*mpi, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            return USER_CRYPTO_ERROR;
-        }
-
-    }
-
-    /* get the size of array needed and check IPP BigNum */
-    if (ippsGetSize_BN(*mpi, &sz) != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    if (sz < length) {
-        USER_DEBUG(("big num size is too small\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    data = (Ipp8u*)XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* extract the wolfSSL BigNum and store it into IPP BigNum */
-    if (wolfSSL_BN_bn2bin(bn, data) < 0) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("error in getting bin from wolfssl bn\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsSetOctString_BN(data, length, *mpi);
-    if (ret != ippStsNoErr) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-/* WolfSSL -> OpenSSL */
-int SetRsaExternal(WOLFSSL_RSA* rsa)
-{
-    RsaKey* key;
-    USER_DEBUG(("Entering SetRsaExternal\n"));
-
-    if (rsa == NULL || rsa->internal == NULL) {
-        USER_DEBUG(("rsa key NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key = (RsaKey*)rsa->internal;
-
-    if (SetIndividualExternal(&rsa->n, key->n) != 0) {
-        USER_DEBUG(("rsa n key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (SetIndividualExternal(&rsa->e, key->e) != 0) {
-        USER_DEBUG(("rsa e key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (key->type == RSA_PRIVATE) {
-        if (SetIndividualExternal(&rsa->d, key->dipp) != 0) {
-            USER_DEBUG(("rsa d key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->p, key->pipp) != 0) {
-            USER_DEBUG(("rsa p key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->q, key->qipp) != 0) {
-            USER_DEBUG(("rsa q key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->dmp1, key->dPipp) != 0) {
-            USER_DEBUG(("rsa dP key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->dmq1, key->dQipp) != 0) {
-            USER_DEBUG(("rsa dQ key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->iqmp, key->uipp) != 0) {
-            USER_DEBUG(("rsa u key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    rsa->exSet = 1;
-
-    /* SSL_SUCCESS */
-    return 1;
-}
-
-
-/* Openssl -> WolfSSL */
-int SetRsaInternal(WOLFSSL_RSA* rsa)
-{
-    int ctxSz, pSz, qSz;
-    IppStatus ret;
-    RsaKey* key;
-    USER_DEBUG(("Entering SetRsaInternal\n"));
-
-    if (rsa == NULL || rsa->internal == NULL) {
-        USER_DEBUG(("rsa key NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key = (RsaKey*)rsa->internal;
-
-    if (SetIndividualInternal(rsa->n, &key->n) != 0) {
-        USER_DEBUG(("rsa n key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (SetIndividualInternal(rsa->e, &key->e) != 0) {
-        USER_DEBUG(("rsa e key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* public key */
-    key->type = RSA_PUBLIC;
-
-    if (rsa->d != NULL) {
-        if (SetIndividualInternal(rsa->d, &key->dipp) != 0) {
-            USER_DEBUG(("rsa d key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* private key */
-        key->type = RSA_PRIVATE;
-    }
-
-    if (rsa->p != NULL &&
-        SetIndividualInternal(rsa->p, &key->pipp) != 0) {
-        USER_DEBUG(("rsa p key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->q != NULL &&
-        SetIndividualInternal(rsa->q, &key->qipp) != 0) {
-        USER_DEBUG(("rsa q key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->dmp1 != NULL &&
-        SetIndividualInternal(rsa->dmp1, &key->dPipp) != 0) {
-        USER_DEBUG(("rsa dP key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->dmq1 != NULL &&
-        SetIndividualInternal(rsa->dmq1, &key->dQipp) != 0) {
-        USER_DEBUG(("rsa dQ key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->iqmp != NULL &&
-        SetIndividualInternal(rsa->iqmp, &key->uipp) != 0) {
-        USER_DEBUG(("rsa u key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    rsa->inSet = 1;
-
-    /* get sizes of IPP BN key states created from input */
-    ret = ippsGetSize_BN(key->n, &key->nSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->e, &key->eSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->sz = key->nSz; /* set modulus size */
-
-    /* convert to size in bits */
-    key->nSz = key->nSz * 8;
-    key->eSz = key->eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (key->pipp != NULL && key->qipp != NULL && key->dipp != NULL &&
-            key->dPipp != NULL && key->dQipp != NULL && key->uipp != NULL) {
-        /* get bn sizes needed for private key set up */
-        ret = ippsGetSize_BN(key->pipp, &pSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        ret = ippsGetSize_BN(key->qipp, &qSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* store sizes needed for creating tmp private keys */
-        ret = ippsGetSize_BN(key->dipp, &key->dSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* convert to size in bits */
-        key->dSz = key->dSz * 8;
-        pSz = pSz * 8;
-        qSz = qSz * 8;
-
-        /* set up private key state */
-        ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        key->prvSz = ctxSz;
-        key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-        if (key->pPrv == NULL)
-            return USER_CRYPTO_ERROR;
-
-        ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                        ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-                key->dQipp, key->uipp, key->pPrv);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* SSL_SUCCESS */
-    return 1;
-}
-#endif /* OPENSSLEXTRA */
-
-
-/* Padding scheme function used in wolfSSL for signing needed for matching
-   existing API signing scheme
-    input : the msg to be signed
-    inputLen : length of input msg
-    pkcsBlock : the outputted padded msg
-    pkcsBlockLen : length of outputted padded msg buffer
-    padValue : the padded value after first 00 , is either 01 or 02
-    rng : random number generator structure
- */
-static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
-                   word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
-{
-    if (inputLen == 0 || pkcsBlockLen == 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    pkcsBlock[0] = 0x0;       /* set first byte to zero and advance */
-    pkcsBlock++; pkcsBlockLen--;
-    pkcsBlock[0] = padValue;  /* insert padValue */
-
-    if (padValue == RSA_BLOCK_TYPE_1) {
-        if (pkcsBlockLen < inputLen + 2) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* pad with 0xff bytes */
-        XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
-    }
-    else {
-        /* pad with non-zero random bytes */
-        word32 padLen, i;
-        int    ret;
-
-        if (pkcsBlockLen < inputLen + 1) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        padLen = pkcsBlockLen - inputLen - 1;
-        ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
-
-        if (ret != 0)
-            return ret;
-
-        /* remove zeros */
-        for (i = 1; i < padLen; i++)
-            if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
-    }
-
-    pkcsBlock[pkcsBlockLen-inputLen-1] = 0;     /* separator */
-    XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
-
-    return 0;
-}
-
-
-/* UnPad plaintext, set start to *output, return length of plaintext,
- * < 0 on error */
-static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
-                       byte **output, byte padValue)
-{
-    word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
-           invalid = 0,
-           i = 1,
-           outputLen;
-
-    if (pkcsBlockLen == 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (pkcsBlock[0] != 0x0) /* skip past zero */
-        invalid = 1;
-    pkcsBlock++; pkcsBlockLen--;
-
-    /* Require block type padValue */
-    invalid = (pkcsBlock[0] != padValue) || invalid;
-
-    /* verify the padding until we find the separator */
-    if (padValue == RSA_BLOCK_TYPE_1) {
-        while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
-    }
-    else {
-        while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
-    }
-
-    if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
-        USER_DEBUG(("RsaUnPad error, bad formatting\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    outputLen = pkcsBlockLen - i;
-    invalid = (outputLen > maxOutputLen) || invalid;
-
-    if (invalid) {
-        USER_DEBUG(("RsaUnPad error, bad formatting\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    *output = (byte *)(pkcsBlock + i);
-    return outputLen;
-}
-
-
-/* Set up memory and structure for a Big Number
- * returns ippStsNoErr on success
- */
-static IppStatus init_bn(IppsBigNumState** in, int sz)
-{
-    int ctxSz;
-    IppStatus ret;
-
-    ret = ippsBigNumGetSize(sz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        return ret;
-    }
-
-    *in = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*in == NULL) {
-        return ippStsNoMemErr;
-    }
-
-    ret = ippsBigNumInit(sz, *in);
-    if (ret != ippStsNoErr) {
-        XFREE(*in, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *in = NULL;
-        return ret;
-    }
-
-    return ippStsNoErr;
-}
-
-
-/* Set up memory and structure for a Montgomery struct
- * returns ippStsNoErr on success
- */
-static IppStatus init_mont(IppsMontState** mont, int* ctxSz,
-                                                         IppsBigNumState* modul)
-{
-    int       mSz;
-    Ipp32u*   m;
-    IppStatus ret;
-
-    ret = ippsExtGet_BN(NULL, ctxSz, NULL, modul);
-    if (ret != ippStsNoErr) {
-        return ret;
-    }
-
-    /* convert bits to Ipp32u array size and round up
-       32 is number of bits in type */
-    mSz = (*ctxSz/32)+((*ctxSz % 32)? 1: 0);
-    m = (Ipp32u*)XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (m == NULL) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ippStsNoMemErr;
-    }
-
-    ret = ippsExtGet_BN(NULL, NULL, m, modul);
-    if (ret != ippStsNoErr) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ret;
-    }
-
-    ret = ippsMontGetSize(IppsSlidingWindows, mSz, ctxSz);
-    if (ret != ippStsNoErr) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ret;
-    }
-
-    /* 2. Allocate working buffer using malloc */
-    *mont = (IppsMontState*)XMALLOC(*ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*mont == NULL) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ippStsNoMemErr;
-    }
-    ret = ippsMontInit(IppsSlidingWindows, mSz, *mont);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontInit error of %s\n", ippGetStatusString(ret)));
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *mont = NULL;
-        return ret;
-    }
-
-    /* 3. Call the function MontSet to set big number module */
-    ret = ippsMontSet(m, mSz, *mont);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontSet error of %s\n", ippGetStatusString(ret)));
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *mont = NULL;
-        return ret;
-    }
-
-    XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return ippStsNoErr;
-}
-
-
-
-int wc_FreeRsaKey(RsaKey* key)
-{
-    if (key == NULL)
-        return 0;
-
-    USER_DEBUG(("Entering wc_FreeRsaKey\n"));
-
-    if (key->pPub != NULL) {
-        XFREE(key->pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pPub = NULL;
-    }
-
-    if (key->pPrv != NULL) {
-        /* write over sensitive information */
-        ForceZero(key->pPrv, key->prvSz);
-        XFREE(key->pPrv, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pPrv = NULL;
-    }
-
-    if (key->n != NULL) {
-        XFREE(key->n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->n = NULL;
-    }
-
-    if (key->e != NULL) {
-        XFREE(key->e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->e = NULL;
-    }
-
-    if (key->dipp != NULL) {
-        XFREE(key->dipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dipp = NULL;
-    }
-
-    if (key->pipp != NULL) {
-        XFREE(key->pipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pipp = NULL;
-    }
-
-    if (key->qipp != NULL) {
-        XFREE(key->qipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->qipp = NULL;
-    }
-
-    if (key->dPipp != NULL) {
-        XFREE(key->dPipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dPipp = NULL;
-    }
-
-    if (key->dQipp != NULL) {
-        XFREE(key->dQipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dQipp = NULL;
-    }
-
-    if (key->uipp != NULL) {
-        XFREE(key->uipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->uipp = NULL;
-    }
-
-    USER_DEBUG(("\tExit wc_FreeRsaKey\n"));
-    (void)key;
-
-    return 0;
-}
-
-
-/* Some parsing functions from wolfSSL code needed to match wolfSSL API used */
-static int GetLength(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx)
-{
-    int     length = 0;
-    word32  idx = *inOutIdx;
-    byte    b;
-
-    *len = 0;    /* default length */
-
-    if ((idx + 1) > maxIdx) {   /* for first read */
-        USER_DEBUG(("GetLength bad index on input\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    b = input[idx++];
-    if (b >= 0x80) {
-        word32 bytes = b & 0x7F;
-
-        if ((idx + bytes) > maxIdx) {   /* for reading bytes */
-            USER_DEBUG(("GetLength bad long length\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        while (bytes--) {
-            b = input[idx++];
-            length = (length << 8) | b;
-        }
-    }
-    else
-        length = b;
-
-    if ((idx + length) > maxIdx) {   /* for user of length */
-        USER_DEBUG(("GetLength value exceeds buffer length\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    *inOutIdx = idx;
-    if (length > 0)
-        *len = length;
-
-    return length;
-}
-
-static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
-                        word32 maxIdx)
-{
-    word32 idx = *inOutIdx;
-    byte   b;
-    int    length;
-
-    if ((idx + 1) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    b = input[idx++];
-    if (b != tag)
-        return USER_CRYPTO_ERROR;
-
-    if (GetLength(input, &idx, &length, maxIdx) < 0)
-        return USER_CRYPTO_ERROR;
-
-    *len      = length;
-    *inOutIdx = idx;
-    return length;
-}
-
-static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
-                     word32 maxIdx)
-{
-    int    ret;
-
-    ret = GetASNHeader(input, ASN_INTEGER, inOutIdx, len, maxIdx);
-    if (ret < 0)
-        return ret;
-
-    if (*len > 0) {
-        /* remove leading zero, unless there is only one 0x00 byte */
-        if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
-            (*inOutIdx)++;
-            (*len)--;
-
-            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
-                return USER_CRYPTO_ERROR;
-        }
-    }
-
-    return 0;
-}
-
-static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx,
-                  word32 maxIdx)
-{
-    IppStatus ret;
-    word32 idx = *inOutIdx;
-    int    length;
-    int    ctxSz;
-
-    if (GetASNInt(input, &idx, &length, maxIdx) < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsBigNumGetSize(length, &ctxSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*mpi == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsBigNumInit(length, *mpi);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)input + idx, length, *mpi);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *inOutIdx = idx + length;
-    return 0;
-}
-
-
-static int GetSequence(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx)
-{
-    int    length = -1;
-    word32 idx    = *inOutIdx;
-
-    if ((idx + 1) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != (0x10 | 0x20) ||
-            GetLength(input, &idx, &length, maxIdx) < 0)
-        return USER_CRYPTO_ERROR;
-
-    *len      = length;
-    *inOutIdx = idx;
-
-    return length;
-}
-
-
-static int GetMyVersion(const byte* input, word32* inOutIdx,
-                               int* version, word32 maxIdx)
-{
-    word32 idx = *inOutIdx;
-
-    if ((idx + 3) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != 0x02)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != 0x01)
-        return USER_CRYPTO_ERROR;
-
-    *version  = input[idx++];
-    *inOutIdx = idx;
-
-    return *version;
-}
-
-
-int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
-                        word32 inSz)
-{
-    int    version, length;
-    int  ctxSz, pSz, qSz;
-    IppStatus ret;
-
-    if (input == NULL || inOutIdx == NULL || key == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("Entering wc_RsaPrivateKeyDecode\n"));
-
-    /* read in key information */
-    if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-    if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-    key->type = RSA_PRIVATE;
-
-    if (GetInt(&key->n,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->e,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->pipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->qipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dPipp, input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dQipp, input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->uipp,  input, inOutIdx, inSz) < 0 )
-        return USER_CRYPTO_ERROR;
-
-    /* get sizes of IPP BN key states created from input */
-    ret = ippsGetSize_BN(key->n, &key->nSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->e, &key->eSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->sz = key->nSz; /* set modulus size */
-
-    /* convert to size in bits */
-    key->nSz = key->nSz * 8;
-    key->eSz = key->eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* get bn sizes needed for private key set up */
-    ret = ippsGetSize_BN(key->pipp, &pSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->qipp, &qSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* store sizes needed for creating tmp private keys */
-    ret = ippsGetSize_BN(key->dipp, &key->dSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* convert to size in bits */
-    key->dSz = key->dSz * 8;
-    pSz = pSz * 8;
-    qSz = qSz * 8;
-
-    /* set up private key state */
-    ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->prvSz = ctxSz;
-    key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPrv == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-            key->dQipp, key->uipp, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("\tExit wc_RsaPrivateKeyDecode\n"));
-
-    return 0;
-}
-
-
-int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
-        word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz)
-{
-    IppStatus ret = 0;
-    int length;
-#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
-    byte b;
-#endif
-
-    if (input == NULL || inOutIdx == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecode_ex\n"));
-
-    if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
-    if ((*inOutIdx + 1) > inSz)
-        return USER_CRYPTO_ERROR;
-
-    b = input[*inOutIdx];
-    if (b != ASN_INTEGER) {
-        /* not from decoded cert, will have algo id, skip past */
-        if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-
-        b = input[(*inOutIdx)++];
-        if (b != ASN_OBJECT_ID)
-            return USER_CRYPTO_ERROR;
-
-        if (GetLength(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-
-        *inOutIdx += length;   /* skip past */
-
-        /* could have NULL tag and 0 terminator, but may not */
-        b = input[(*inOutIdx)++];
-
-        if (b == ASN_TAG_NULL) {
-            b = input[(*inOutIdx)++];
-            if (b != 0)
-                return USER_CRYPTO_ERROR;
-        }
-        else {
-            /* go back, didn't have it */
-            (*inOutIdx)--;
-        }
-
-        /* should have bit tag length and seq next */
-        b = input[(*inOutIdx)++];
-        if (b != ASN_BIT_STRING)
-            return USER_CRYPTO_ERROR;
-
-        if (GetLength(input, inOutIdx, &length, inSz) <= 0)
-            return USER_CRYPTO_ERROR;
-
-        /* could have 0 */
-        b = input[(*inOutIdx)++];
-        if (b != 0)
-            (*inOutIdx)--;
-
-        if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-    }
-#endif /* OPENSSL_EXTRA || RSA_DECODE_EXTRA */
-
-    /* Get modulus */
-    ret = GetASNInt(input, inOutIdx, &length, inSz);
-    if (ret < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-    if (nSz)
-        *nSz = length;
-    if (n)
-        *n = &input[*inOutIdx];
-    *inOutIdx += length;
-
-    /* Get exponent */
-    ret = GetASNInt(input, inOutIdx, &length, inSz);
-    if (ret < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-    if (eSz)
-        *eSz = length;
-    if (e)
-        *e = &input[*inOutIdx];
-    *inOutIdx += length;
-
-    USER_DEBUG(("\tExit wc_RsaPublicKeyDecode_ex\n"));
-
-    return ret;
-}
-
-/* read in a public RSA key */
-int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
-                       word32 inSz)
-{
-    IppStatus ret;
-    const byte *n = NULL, *e = NULL;
-    word32 nSz = 0, eSz = 0;
-
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecode\n"));
-
-    ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, inSz, &n, &nSz, &e, &eSz);
-    if (ret == 0) {
-        ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key);
-    }
-
-    USER_DEBUG(("\tExit RsaPublicKeyDecode\n"));
-
-    return ret;
-}
-
-/* import RSA public key elements (n, e) into RsaKey structure (key) */
-int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
-                             word32 eSz, RsaKey* key)
-{
-    IppStatus ret;
-    int ctxSz;
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecodeRaw\n"));
-
-    if (n == NULL || e == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set up IPP key states -- read in n */
-    ret = init_bn(&key->n, nSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)n, nSz, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* read in e */
-    ret = init_bn(&key->e, eSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)e, eSz, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* store size and convert to binary */
-    key->sz = nSz;
-    nSz = nSz * 8;
-    eSz = eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(nSz, eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(nSz, eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n,key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->nSz = nSz;
-    key->eSz = eSz;
-    key->type = RSA_PUBLIC;
-
-    return 0;
-}
-
-
-/* encrypt using PKCS v15 */
-int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key, WC_RNG* rng)
-{
-    IppStatus ret;
-    Ipp8u* scratchBuffer;
-    int    scratchSz;
-
-    if (key == NULL || in == NULL || out == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (key->pPub == NULL || outLen < key->sz)
-        return USER_CRYPTO_ERROR;
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePublicKey(&scratchSz, key->pPub);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSAEncrypt_PKCSv15((Ipp8u*)in, inLen, NULL, (Ipp8u*)out,
-            key->pPub, scratchBuffer);
-    if (ret != ippStsNoErr) {
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("encrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    (void)rng;
-    return key->sz;
-}
-
-
-/* decrypt using PLCS v15 */
-int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key)
-{
-    IppStatus ret;
-    Ipp8u* scratchBuffer;
-    int    scratchSz;
-    int    outSz;
-
-    if (in == NULL || out == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (key->pPrv == NULL || inLen != key->sz)
-        return USER_CRYPTO_ERROR;
-
-    outSz = outLen;
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv);
-    if (ret != ippStsNoErr) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* perform decryption using IPP */
-    ret = ippsRSADecrypt_PKCSv15((Ipp8u*)in, (Ipp8u*)out, &outSz, key->pPrv,
-            scratchBuffer);
-    if (ret != ippStsNoErr) {
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return outSz;
-}
-
-
-/* out is a pointer that is set to the location in byte array "in" where input
- data has been decrypted */
-int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
-    int outSz;
-    byte* tmp;
-
-    USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n"));
-
-    /* allocate a buffer for max decrypted text */
-    tmp = (byte*)XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (tmp == NULL)
-        return USER_CRYPTO_ERROR;
-
-    outSz = wc_RsaPrivateDecrypt(in, inLen, tmp, key->sz, key);
-    if (outSz >= 0) {
-        XMEMCPY(in, tmp, outSz);
-        *out = in;
-    }
-    else {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    USER_DEBUG(("\tExit wc_RsaPrivateDecryptInline\n"));
-
-    return outSz;
-}
-
-
-/* Used to clean up memory when exiting, clean up memory used */
-static int FreeHelper(IppsBigNumState* pTxt, IppsBigNumState* cTxt,
-        Ipp8u* scratchBuffer, void* pPub)
-{
-    if (pTxt != NULL)
-        XFREE(pTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (cTxt != NULL)
-        XFREE(cTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer != NULL)
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPub != NULL)
-        XFREE(pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-/* for Rsa Verify
-    in : byte array to be verified
-    inLen : length of input array
-    out : pointer to location of in byte array that has been verified
- */
-int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
-
-    int ctxSz;
-    int scratchSz;
-    Ipp8u* scratchBuffer = NULL;
-    IppStatus ret;
-    IppsRSAPrivateKeyState* pPub = NULL;
-    IppsBigNumState* pTxt = NULL;
-    IppsBigNumState* cTxt = NULL;
-
-    USER_DEBUG(("Entering wc_RsaSSL_VerifyInline\n"));
-
-    if (key == NULL || key->n == NULL || key->e == NULL) {
-        USER_DEBUG(("n or e element was null\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (in == NULL || inLen == 0 || out == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set up a private key state using public key values */
-    ret = ippsRSA_GetSizePrivateKeyType1(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    pPub = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPrivateKeyType1(key->nSz, key->eSz, pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPrivateKeyType1(key->n, key->e, pPub);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, pPub);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* load plain and cipher into big num states */
-    ret = init_bn(&pTxt, key->sz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, pTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* set up cipher to hold signature */
-    ret = init_bn(&cTxt, key->sz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, cTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* decrypt using public key information */
-    ret = ippsRSA_Decrypt(cTxt, pTxt, pPub, scratchBuffer);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* extract big num struct to octet string */
-    ret = ippsGetOctString_BN((Ipp8u*)in, key->sz, pTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("BN get string error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-
-    /* unpad the decrypted information and return size of array */
-    return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
-}
-
-
-/* sets up and call VerifyInline to verify a signature */
-int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key)
-{
-    int plainLen;
-    byte*  tmp;
-    byte*  pad = 0;
-
-    if (out == NULL || in == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_USER_CRYPTO);
-    if (tmp == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    XMEMCPY(tmp, in, inLen);
-
-    /* verify signature and test if output buffer is large enough */
-    plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key);
-    if (plainLen < 0) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return plainLen;
-    }
-
-    if (plainLen > (int)outLen)
-        plainLen = USER_CRYPTO_ERROR;
-    else
-        XMEMCPY(out, pad, plainLen);
-
-    ForceZero(tmp, inLen);
-    XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return plainLen;
-}
-
-
-/* Check if a > b , if so c = a mod b
-   return ippStsNoErr on success */
-static IppStatus reduce(IppsBigNumState* a, IppsBigNumState* b,
-        IppsBigNumState* c)
-{
-    IppStatus ret;
-
-    if ((ret = ippsMod_BN(a, b, c)) != ippStsNoErr)
-        return ret;
-
-    return ippStsNoErr;
-}
-
-
-static IppStatus exptmod(IppsBigNumState* a, IppsBigNumState* b,
-        IppsMontState* mont, IppsBigNumState* out, IppsBigNumState* one)
-{
-    IppStatus ret;
-
-    ret = ippsMontForm(a, mont, a);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontForm error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    /* a = a^b mod mont */
-    ret = ippsMontExp(a, b, mont, out);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontExp error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    /* convert back from montgomery */
-    ret = ippsMontMul(out, one, mont, out);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontMul error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    return ippStsNoErr;
-}
-
-
-static void Free_BN(IppsBigNumState* bn)
-{
-    int sz, ctxSz;
-    IppStatus ret;
-
-    if (bn != NULL) {
-        ret = ippStsNoErr;
-        ret |= ippsGetSize_BN(bn, &sz);
-        ret |= ippsBigNumGetSize(sz, &ctxSz);
-        if (ret == ippStsNoErr) {
-            ForceZero(bn, ctxSz);
-        }
-        else {
-            USER_DEBUG(("Issue with clearing a struct in RsaSSL_Sign free\n"));
-        }
-        XFREE(bn, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    }
-}
-
-
-/* free up memory used during CRT sign operation */
-static void FreeSignHelper(IppsBigNumState* one, IppsBigNumState* tmp,
-        IppsBigNumState* tmpP, IppsBigNumState* tmpQ, IppsBigNumState* tmpa,
-        IppsBigNumState* tmpb)
-{
-    Free_BN(one);
-    Free_BN(tmp);
-    Free_BN(tmpP);
-    Free_BN(tmpQ);
-    Free_BN(tmpa);
-    Free_BN(tmpb);
-}
-
-
-/* for Rsa Sign */
-int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, WC_RNG* rng)
-{
-    int sz, pSz, qSz;
-    IppStatus ret;
-    word32 outSz;
-
-    IppsMontState* pMont = NULL;
-    IppsMontState* qMont = NULL;
-
-    IppsBigNumState* one  = NULL;
-    IppsBigNumState* tmp  = NULL;
-    IppsBigNumState* tmpP = NULL;
-    IppsBigNumState* tmpQ = NULL;
-    IppsBigNumState* tmpa = NULL;
-    IppsBigNumState* tmpb = NULL;
-
-    IppsBigNumSGN sa, sb;
-
-    Ipp8u o[1];
-    o[0] = 1;
-
-    USER_DEBUG(("Entering wc_RsaSSL_Sign\n"));
-
-    if (in == NULL || out == NULL || key == NULL || rng == NULL) {
-        USER_DEBUG(("Bad argument to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    sz = key->sz;
-
-
-    /* sanity check on key being used */
-    if (key->pipp == NULL || key->qipp == NULL || key->uipp == NULL ||
-            key->dPipp == NULL || key->dQipp == NULL) {
-        USER_DEBUG(("Bad key argument to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (sz > (int)outLen) {
-        USER_DEBUG(("Bad argument outLen to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (sz < RSA_MIN_PAD_SZ) {
-        USER_DEBUG(("Key size is too small\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) {
-        USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* Set up needed pkcs v15 padding */
-    if (wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng) != 0) {
-        USER_DEBUG(("RSA Padding error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmp = input to sign */
-    ret = init_bn(&tmp, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN(out, sz, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSetOctString_BN error of %s\n",
-                                                      ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpP = tmp mod p */
-    ret = init_bn(&tmpP, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpQ = tmp mod q */
-    ret = init_bn(&tmpQ, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpa */
-    ret = init_bn(&tmpa, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpb */
-    ret = init_bn(&tmpb, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* one : used for conversion from Montgomery to classical */
-    ret = init_bn(&one, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN(o, 1, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSetOctString_BN error of %s\n",
-                    ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /**
-      Set up Montgomery state
-      */
-    ret = init_mont(&pMont, &pSz, key->pipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
-        if (pMont != NULL) {
-            XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        }
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = init_mont(&qMont, &qSz, key->qipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
-        if (qMont != NULL) {
-            XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        }
-        ForceZero(pMont, pSz);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /**
-      Check and reduce input
-      This is needed for calls to MontExp since required value of a < modulus
-      */
-    ret = reduce(tmp, key->pipp, tmpP);
-    if (ret != ippStsNoErr)
-    {
-        USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = reduce(tmp, key->qipp, tmpQ);
-    if (ret != ippStsNoErr)
-    {
-        USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpa = (tmp mod p)^dP mod p */
-    ret = exptmod(tmpP, key->dPipp, pMont, tmpa, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpb = (tmp mod q)^dQ mod q */
-    ret = exptmod(tmpQ, key->dQipp, qMont, tmpb, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmp = (tmpa - tmpb) * qInv (mod p) */
-    ret = ippsSub_BN(tmpa, tmpb, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsMul_BN(tmp, key->uipp, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMul_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* mod performed the same was as wolfSSL fp_mod -- tmpa is just scratch */
-   ret = ippsDiv_BN(tmp, key->pipp, tmpa, tmp);
-   if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsDiv_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-   }
-
-    /* Check sign of values and perform conditional add */
-    ret = ippsExtGet_BN(&sa, NULL, NULL, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsExtGet_BN(&sb, NULL, NULL, key->pipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    if (sa != sb) {
-        ret = ippsAdd_BN(tmp, key->pipp, tmp);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsAdd_BN error of %s\n", ippGetStatusString(ret)));
-            ForceZero(pMont, pSz);
-            ForceZero(qMont, qSz);
-            XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* tmp = tmpb + q * tmp */
-    ret = ippsMul_BN(tmp, key->qipp, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-
-    ret = ippsAdd_BN(tmp, tmpb, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* Extract the output */
-    ret = ippsGetOctString_BN(out, sz, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetOctString_BN error of %s\n",
-                    ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    outSz = sz;
-
-    /* clear memory and free */
-    ForceZero(pMont, pSz);
-    ForceZero(qMont, qSz);
-    XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-
-    return outSz;
-}
-
-
-int wc_RsaEncryptSize(RsaKey* key)
-{
-    if (key == NULL)
-        return 0;
-
-    return key->sz;
-}
-
-
-/* flatten RsaKey structure into individual elements (e, n) */
-int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
-                           word32* nSz)
-{
-    int sz, bytSz;
-    IppStatus ret;
-
-    USER_DEBUG(("Entering wc_RsaFlattenPublicKey\n"));
-
-    if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL)
-       return USER_CRYPTO_ERROR;
-
-    bytSz = sizeof(byte) * 8;
-    ret = ippsExtGet_BN(NULL, &sz, NULL, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* sz is in bits change to bytes */
-    sz = (sz / bytSz) + ((sz % bytSz)? 1 : 0);
-
-    if (*eSz < (word32)sz)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(e, sz, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *eSz = (word32)sz;
-
-    /* flatten n */
-    ret = ippsExtGet_BN(NULL, &sz, NULL, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* sz is in bits change to bytes */
-    sz = (sz / bytSz) + ((sz % bytSz)? 1: 0);
-
-    if (*nSz < (word32)sz)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(n, sz, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *nSz = (word32)sz;
-
-    return 0;
-}
-
-
-IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams);
-IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams)
-{
-    int nBytes;
-
-    if (pData == NULL) {
-        USER_DEBUG(("error with wolfSSL_rng argument\n"));
-        return ippStsErr;
-    }
-
-    nBytes = (nBits/8) + ((nBits % 8)? 1: 0);
-    if (wc_RNG_GenerateBlock((WC_RNG*)pEbsParams, (byte*)pData, nBytes) != 0) {
-        USER_DEBUG(("error in generating random wolfSSL block\n"));
-        return ippStsErr;
-    }
-
-    return ippStsNoErr;
-}
-
-
-#ifdef WOLFSSL_KEY_GEN
-/* Make an RSA key for size bits, with e specified, 65537 is a good e */
-int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
-{
-    IppStatus ret;
-    int scratchSz;
-    int i; /* for tries on calling make key */
-    int ctxSz;
-
-    IppsBigNumState* pSrcPublicExp = NULL;
-    Ipp8u* scratchBuffer = NULL;
-    Ipp8u  eAry[8];
-    int trys = 8; /* Miller-Rabin test parameter */
-    IppsPrimeState* pPrime = NULL;
-
-    int qBitSz; /* size of q factor */
-    int bytSz; /* size of key in bytes */
-    int leng;
-
-    USER_DEBUG(("Entering wc_MakeRsaKey\n"));
-
-    /* get byte size and individual private key size -- round up */
-    qBitSz = (size / 2) + ((size % 2)? 1: 0);
-    bytSz  = (size / 8) + ((size % 8)? 1: 0);
-
-    if (key == NULL || rng == NULL) {
-        USER_DEBUG(("Error, NULL argument passed in\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (e < 3 || (e&1) == 0)
-        return USER_CRYPTO_ERROR;
-
-    if (size > RSA_MAX_SIZE || size < RSA_MIN_SIZE)
-        return USER_CRYPTO_ERROR;
-
-    key->type = RSA_PRIVATE;
-    key->sz   = bytSz;
-
-    /* initialize prime number */
-    ret = ippsPrimeGetSize(size, &ctxSz); /* size in bits */
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsPrimeGetSize error of %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    pPrime = (IppsPrimeState*)XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPrime == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsPrimeInit(size, pPrime);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsPrimeInit error of %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* define RSA privete key type 2 */
-    /* length in bits of p and q factors */
-    ret = ippsRSA_GetSizePrivateKeyType2(qBitSz, qBitSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKeyType2 error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    key->prvSz = ctxSz; /* used when freeing private key */
-    key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPrv == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* length in bits of p and q factors */
-    ret = ippsRSA_InitPrivateKeyType2(qBitSz, qBitSz, key->pPrv, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPrivateKeyType2 error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* allocate scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetBufferSizePrivateKey error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up initial value of pScrPublicExp */
-    leng = (int)sizeof(long); /* # of Ipp32u in long */
-
-    /* place the value of e into the array eAry then load into BN */
-    for (i = 0; i < leng; i++) {
-        eAry[i] = (e >> (8 * (leng - 1 - i))) & 0XFF;
-    }
-    ret = init_bn(&pSrcPublicExp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsSetOctString_BN(eAry, leng, pSrcPublicExp);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* initializing key->n */
-    ret = init_bn(&key->n, bytSz);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* initializing public exponent key->e */
-    ret = init_bn(&key->e, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* private exponent key->dipp */
-    ret = init_bn(&key->dipp, bytSz);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* call IPP to generate keys, if insufficient entropy error call again */
-    ret = ippStsInsufficientEntropy;
-    while (ret == ippStsInsufficientEntropy) {
-        ret = ippsRSA_GenerateKeys(pSrcPublicExp, key->n, key->e,
-                key->dipp, key->pPrv, scratchBuffer, trys, pPrime,
-                wolfSSL_rng, rng);
-        if (ret == ippStsNoErr) {
-            break;
-        }
-
-        /* catch all errors other than entropy error */
-        if (ret != ippStsInsufficientEntropy) {
-            USER_DEBUG(("ippsRSA_GeneratKeys error of %s\n",
-                    ippGetStatusString(ret)));
-            ret = USER_CRYPTO_ERROR;
-            goto makeKeyEnd;
-        }
-    }
-
-    /* get bn sizes needed for private key set up */
-    ret = ippsExtGet_BN(NULL, &key->eSz, NULL, key->e);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsExtGet_BN(NULL, &key->nSz, NULL, key->n);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s nSz = %d eSz = %d\n",
-                ippGetStatusString(ret), key->nSz, key->eSz));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* get private key information for key struct */
-    leng = size/16; /* size of q, p, u, dP, dQ */
-    ret = init_bn(&key->pipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up q BN for key */
-    ret = init_bn(&key->qipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up dP BN for key */
-    ret = init_bn(&key->dPipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up dQ BN for key */
-    ret = init_bn(&key->dQipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up u BN for key */
-    ret = init_bn(&key->uipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* get values from created key */
-    ret = ippsRSA_GetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-            key->dQipp, key->uipp, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetPrivateKeyType2 error %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-    ret = 0; /* success case */
-
-makeKeyEnd:
-    /* clean up memory used */
-    XFREE(pSrcPublicExp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(pPrime, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    if (ret != 0) { /* with fail case free RSA components created */
-        wc_FreeRsaKey(key);
-    }
-
-    return ret;
-}
-
-#endif
-
-#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-
-/********** duplicate code needed -- future refactor */
-#define MAX_VERSION_SZ 5
-#define MAX_SEQ_SZ 5
-#define ASN_CONTEXT_SPECIFIC 0x80
-#define ASN_CONSTRUCTED 0x20
-#define ASN_LONG_LENGTH 0x80
-#define ASN_SEQUENCE 0x10
-#define RSA_INTS 8
-#define FALSE 0
-#define TRUE 1
-
-#define MAX_LENGTH_SZ 4
-#define RSAk 645
-#define keyType 2
-#define MAX_RSA_INT_SZ 517
-#define MAX_RSA_E_SZ 16
-#define MAX_ALGO_SZ 20
-
-static word32 BytePrecision(word32 value)
-{
-    word32 i;
-    for (i = sizeof(value); i; --i)
-        if (value >> ((i - 1) * WOLFSSL_BIT_SIZE))
-            break;
-
-    return i;
-}
-
-
-static int SetMyVersion(word32 version, byte* output, int header)
-{
-    int i = 0;
-
-    if (output == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (header) {
-        output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
-        output[i++] = ASN_BIT_STRING;
-    }
-    output[i++] = ASN_INTEGER;
-    output[i++] = 0x01;
-    output[i++] = (byte)version;
-
-    return i;
-}
-
-
-static word32 SetLength(word32 length, byte* output)
-{
-    word32 i = 0, j;
-
-    if (length < 0x80)
-        output[i++] = (byte)length;
-    else {
-        output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
-
-        for (j = BytePrecision(length); j; --j) {
-            output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
-            i++;
-        }
-    }
-
-    return i;
-}
-
-
-static word32 SetSequence(word32 len, byte* output)
-{
-    output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED;
-    return SetLength(len, output + 1) + 1;
-}
-
-
-static word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
-{
-    /* adding TAG_NULL and 0 to end */
-
-    /* RSA keyType */
-    #ifndef NO_RSA
-        static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-                                            0x01, 0x01, 0x01, 0x05, 0x00};
-    #endif /* NO_RSA */
-
-    int    algoSz = 0;
-    int    tagSz  = 2;   /* tag null and terminator */
-    word32 idSz, seqSz;
-    const  byte* algoName = 0;
-    byte ID_Length[MAX_LENGTH_SZ];
-    byte seqArray[MAX_SEQ_SZ + 1];  /* add object_id to end */
-
-    if (type == keyType) {    /* keyType */
-        switch (algoOID) {
-        #ifndef NO_RSA
-            case RSAk:
-                algoSz = sizeof(RSA_AlgoID);
-                algoName = RSA_AlgoID;
-                break;
-        #endif /* NO_RSA */
-        default:
-            /* unknown key algo */
-            return 0;
-        }
-    }
-    else {
-        /* unknown algo type */
-        return 0;
-    }
-
-    idSz  = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */
-    seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray);
-                 /* +1 for object id, curveID of curveSz follows for ecc */
-    seqArray[seqSz++] = ASN_OBJECT_ID;
-
-    XMEMCPY(output, seqArray, seqSz);
-    XMEMCPY(output + seqSz, ID_Length, idSz);
-    XMEMCPY(output + seqSz + idSz, algoName, algoSz);
-
-    return seqSz + idSz + algoSz;
-
-}
-
-
-/* Write a public RSA key to output */
-static int SetRsaPublicKey(byte* output, RsaKey* key,
-                           int outLen, int with_header)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    byte* n = NULL;
-    byte* e = NULL;
-#else
-    byte n[MAX_RSA_INT_SZ];
-    byte e[MAX_RSA_E_SZ];
-#endif
-    byte seq[MAX_SEQ_SZ];
-    byte len[MAX_LENGTH_SZ + 1];  /* trailing 0 */
-    int  nSz;
-    int  eSz;
-    int  seqSz;
-    int  lenSz;
-    int  idx;
-    int  rawLen;
-    int  leadingBit;
-    int  err;
-
-    if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ)
-        return USER_CRYPTO_ERROR;
-
-    /* n */
-#ifdef WOLFSSL_SMALL_STACK
-    n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (n == NULL)
-        return USER_CRYPTO_ERROR;
-#endif
-
-    leadingBit = wc_Rsa_leading_bit(key->n);
-    rawLen = wc_Rsa_unsigned_bin_size(key->n);
-    if ((int)rawLen < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    rawLen = rawLen + leadingBit;
-    n[0] = ASN_INTEGER;
-    nSz  = SetLength(rawLen, n + 1) + 1;  /* int tag */
-
-    if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
-        if (leadingBit)
-            n[nSz] = 0;
-        err = ippsGetOctString_BN((Ipp8u*)n + nSz, rawLen - leadingBit, key->n);
-        if (err == ippStsNoErr)
-            nSz += rawLen;
-        else {
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-            return USER_CRYPTO_ERROR;
-        }
-    }
-    else {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* e */
-#ifdef WOLFSSL_SMALL_STACK
-    e = (byte*)XMALLOC(MAX_RSA_E_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (e == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-#endif
-
-    leadingBit = wc_Rsa_leading_bit(key->e);
-    rawLen = wc_Rsa_unsigned_bin_size(key->e);
-    if ((int)rawLen < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    rawLen = rawLen + leadingBit;
-    e[0] = ASN_INTEGER;
-    eSz  = SetLength(rawLen, e + 1) + 1;  /* int tag */
-
-    if ( (eSz + rawLen) < MAX_RSA_E_SZ) {
-        if (leadingBit)
-            e[eSz] = 0;
-        err = ippsGetOctString_BN((Ipp8u*)e + eSz, rawLen - leadingBit, key->e);
-        if (err == ippStsNoErr)
-            eSz += rawLen;
-        else {
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-            return USER_CRYPTO_ERROR;
-        }
-    }
-    else {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    seqSz  = SetSequence(nSz + eSz, seq);
-
-    /* check output size */
-    if ( (seqSz + nSz + eSz) > outLen) {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* headers */
-    if (with_header) {
-        int  algoSz;
-#ifdef WOLFSSL_SMALL_STACK
-        byte* algo;
-
-        algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        if (algo == NULL) {
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            return USER_CRYPTO_ERROR;
-        }
-#else
-        byte algo[MAX_ALGO_SZ];
-#endif
-        algoSz = SetAlgoID(RSAk, algo, keyType, 0);
-        lenSz  = SetLength(seqSz + nSz + eSz + 1, len);
-        len[lenSz++] = 0;   /* trailing 0 */
-
-        /* write, 1 is for ASN_BIT_STRING */
-        idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output);
-
-        /* check output size */
-        if ( (idx + algoSz + 1 + lenSz + seqSz + nSz + eSz) > outLen) {
-            #ifdef WOLFSSL_SMALL_STACK
-                XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-                XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-                XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            #endif
-
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* algo */
-        XMEMCPY(output + idx, algo, algoSz);
-        idx += algoSz;
-        /* bit string */
-        output[idx++] = ASN_BIT_STRING;
-        /* length */
-        XMEMCPY(output + idx, len, lenSz);
-        idx += lenSz;
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-    }
-    else
-        idx = 0;
-
-    /* seq */
-    XMEMCPY(output + idx, seq, seqSz);
-    idx += seqSz;
-    /* n */
-    XMEMCPY(output + idx, n, nSz);
-    idx += nSz;
-    /* e */
-    XMEMCPY(output + idx, e, eSz);
-    idx += eSz;
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-
-    return idx;
-}
-
-
-static IppsBigNumState* GetRsaInt(RsaKey* key, int idx)
-{
-    if (idx == 0)
-        return key->n;
-    if (idx == 1)
-        return key->e;
-    if (idx == 2)
-        return key->dipp;
-    if (idx == 3)
-        return key->pipp;
-    if (idx == 4)
-        return key->qipp;
-    if (idx == 5)
-        return key->dPipp;
-    if (idx == 6)
-        return key->dQipp;
-    if (idx == 7)
-        return key->uipp;
-
-    return NULL;
-}
-
-
-/* Release Tmp RSA resources */
-static WC_INLINE void FreeTmpRsas(byte** tmps, void* heap)
-{
-    int i;
-
-    (void)heap;
-
-    for (i = 0; i < RSA_INTS; i++)
-        XFREE(tmps[i], heap, DYNAMIC_TYPE_USER_CRYPTO);
-}
-
-
-/* Convert RsaKey key to DER format, write to output (inLen), return bytes
-   written */
-int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
-{
-    word32 seqSz, verSz, rawLen, intTotalLen = 0;
-    word32 sizes[RSA_INTS];
-    int    i, j, outLen, ret = 0, lbit;
-
-    byte  seq[MAX_SEQ_SZ];
-    byte  ver[MAX_VERSION_SZ];
-    byte* tmps[RSA_INTS];
-
-    USER_DEBUG(("Entering RsaKeyToDer\n"));
-
-    if (!key)
-        return USER_CRYPTO_ERROR;
-
-    if (key->type != RSA_PRIVATE)
-        return USER_CRYPTO_ERROR;
-
-    for (i = 0; i < RSA_INTS; i++)
-        tmps[i] = NULL;
-
-    /* write all big ints from key to DER tmps */
-    for (i = 0; i < RSA_INTS; i++) {
-        Ipp32u isZero;
-        IppsBigNumState* keyInt = GetRsaInt(key, i);
-
-        ippsCmpZero_BN(keyInt, &isZero); /* makes isZero 0 if true */
-        rawLen = wc_Rsa_unsigned_bin_size(keyInt);
-        if ((int)rawLen < 0) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* leading zero */
-        if (!isZero || wc_Rsa_leading_bit(keyInt))
-            lbit = 1;
-        else
-            lbit = 0;
-
-        rawLen += lbit;
-
-        tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-        if (tmps[i] == NULL) {
-            ret = USER_CRYPTO_ERROR;
-            break;
-        }
-
-        tmps[i][0] = ASN_INTEGER;
-        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
-
-        if (sizes[i] <= MAX_SEQ_SZ) {
-            int err;
-
-            /* leading zero */
-            if (lbit)
-                tmps[i][sizes[i]-1] = 0x00;
-
-            /* extract data*/
-            err = ippsGetOctString_BN((Ipp8u*)(tmps[i] + sizes[i]),
-                    rawLen - lbit, keyInt);
-            if (err == ippStsOk) {
-                sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
-                intTotalLen += sizes[i];
-                ret = 0;
-            }
-            else {
-                ret = USER_CRYPTO_ERROR;
-                USER_DEBUG(("ippsGetOctString_BN error %s\n",
-                                                      ippGetStatusString(err)));
-                break;
-            }
-        }
-        else {
-            ret = USER_CRYPTO_ERROR;
-            break;
-        }
-    }
-
-    if (ret != 0) {
-        FreeTmpRsas(tmps, key->heap);
-        return ret;
-    }
-
-    /* make headers */
-    verSz = SetMyVersion(0, ver, FALSE);
-    seqSz = SetSequence(verSz + intTotalLen, seq);
-
-    outLen = seqSz + verSz + intTotalLen;
-    if (output) {
-        if (outLen > (int)inLen) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* write to output */
-        XMEMCPY(output, seq, seqSz);
-        j = seqSz;
-        XMEMCPY(output + j, ver, verSz);
-        j += verSz;
-
-        for (i = 0; i < RSA_INTS; i++) {
-            XMEMCPY(output + j, tmps[i], sizes[i]);
-            j += sizes[i];
-        }
-    }
-    FreeTmpRsas(tmps, key->heap);
-
-    return outLen;
-}
-
-
-/* Convert Rsa Public key to DER format, write to output (inLen), return bytes
-   written
-*/
-int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
-{
-    return SetRsaPublicKey(output, key, inLen, 1);
-}
-
-/* Returns public DER version of the RSA key. If with_header is 0 then only a
- * seq + n + e is returned in ASN.1 DER format */
-int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
-    int with_header)
-{
-    return SetRsaPublicKey(output, key, inLen, with_header);
-}
-
-#endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */
-
-#ifdef WC_RSA_BLINDING
-
-int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
-{
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    (void)rng;
-
-    return 0;
-}
-
-#endif /* WC_RSA_BLINDING */
-
-#endif /* NO_RSA */
-
diff --git a/extra/wolfssl/wolfssl/wolfssl.rc b/extra/wolfssl/wolfssl/wolfssl.rc
index d9a8b919..471de1e8 100644
Binary files a/extra/wolfssl/wolfssl/wolfssl.rc and b/extra/wolfssl/wolfssl/wolfssl.rc differ
diff --git a/extra/wolfssl/wolfssl/wolfssl/internal.h b/extra/wolfssl/wolfssl/wolfssl/internal.h
index f59da64f..258cb034 100644
--- a/extra/wolfssl/wolfssl/wolfssl/internal.h
+++ b/extra/wolfssl/wolfssl/wolfssl/internal.h
@@ -1549,7 +1549,8 @@ enum Misc {
 #endif
 #endif
 #ifdef HAVE_PQC
-    ENCRYPT_LEN     = 4600,     /* allow 4600 byte buffer for dilithium. */
+    ENCRYPT_LEN     = 5120,     /* Allow 5k byte buffer for dilithium and
+                                 * hybridization with other algs. */
 #else
 #ifndef NO_PSK
     ENCRYPT_LEN     = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2,
@@ -1779,11 +1780,11 @@ enum Misc {
 
     PQC_SA_MAJOR        = 0xFE,/* Most significant byte used with PQC sig algs */
 
-    /* These values for falcon and dilithium match what OQS has defined in their OpenSSL fork. */
+    /* These values for falcon and dilithium match what OQS has defined. */
     FALCON_LEVEL1_SA_MAJOR = 0xFE,
-    FALCON_LEVEL1_SA_MINOR = 0x0B,
+    FALCON_LEVEL1_SA_MINOR = 0xAE,
     FALCON_LEVEL5_SA_MAJOR = 0xFE,
-    FALCON_LEVEL5_SA_MINOR = 0x0E,
+    FALCON_LEVEL5_SA_MINOR = 0xB1,
 
     DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
     DILITHIUM_LEVEL2_SA_MINOR = 0xA0,
@@ -1797,6 +1798,8 @@ enum Misc {
 
 #if defined(HAVE_PQC)
     MAX_CERT_VERIFY_SZ = 6000,            /* For Dilithium */
+#elif defined(WOLFSSL_CERT_EXT)
+    MAX_CERT_VERIFY_SZ = 2048,            /* For larger extensions */
 #elif !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS)
     MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
 #elif defined(HAVE_ECC)
@@ -1847,7 +1850,8 @@ enum Misc {
     (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
 #ifdef HAVE_PQC
 #define WOLFSSL_NAMED_GROUP_IS_PQC(group) \
-    (WOLFSSL_PQC_MIN <= (group) && (group) <= WOLFSSL_PQC_MAX)
+    ((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \
+     (WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX))
 #else
 #define WOLFSSL_NAMED_GROUP_IS_PQC(group)    ((void)(group), 0)
 #endif /* HAVE_PQC */
@@ -2172,6 +2176,9 @@ WOLFSSL_LOCAL int  CreateDevPrivateKey(void** pkey, byte* data, word32 length,
                                        void* heap, int devId);
 #endif
 WOLFSSL_LOCAL int  DecodePrivateKey(WOLFSSL *ssl, word16* length);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_LOCAL int  DecodeAltPrivateKey(WOLFSSL *ssl, word16* length);
+#endif
 #ifdef WOLF_PRIVATE_KEY_ID
 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
 #ifndef NO_ASN
@@ -2333,7 +2340,7 @@ struct Suites {
     word16 hashSigAlgoSz;           /* SigAlgo extension length in bytes */
     byte   suites[WOLFSSL_MAX_SUITE_SZ];
     byte   hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
-    byte   setSuites;               /* user set suites from default */
+    byte   setSuites:1;             /* user set suites from default */
 };
 
 typedef struct CipherSuite {
@@ -2371,7 +2378,9 @@ typedef struct TLSX TLSX;
 WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites,
                                 CipherSuite* cs, TLSX* extensions);
 WOLFSSL_LOCAL int  MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
-WOLFSSL_LOCAL int  SetCipherList(WOLFSSL_CTX* ctx, Suites* suites,
+WOLFSSL_LOCAL int  SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl,
+        Suites* suites, const char* list);
+WOLFSSL_LOCAL int  SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites,
                                  const char* list);
 WOLFSSL_LOCAL int  SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites,
                                           const byte* list, const int listSz);
@@ -2499,6 +2508,10 @@ struct CRL_Entry {
     word32  tbsSz;
     word32  signatureSz;
     word32  signatureOID;
+#ifdef WC_RSA_PSS
+    word32  sigParamsSz; /* length of signature parameters   */
+    byte*   sigParams;   /* buffer with signature parameters */
+#endif
 #if !defined(NO_SKID) && !defined(NO_ASN)
     byte    extAuthKeyIdSet;
     byte    extAuthKeyId[KEYID_SIZE];
@@ -2507,6 +2520,7 @@ struct CRL_Entry {
 };
 
 
+#ifdef HAVE_CRL_MONITOR
 typedef struct CRL_Monitor CRL_Monitor;
 
 /* CRL directory monitor */
@@ -2532,6 +2546,7 @@ typedef HANDLE wolfSSL_CRL_mfd_t; /* monitor fd, INVALID_HANDLE_VALUE if
                                    * no init yet */
 #define WOLFSSL_CRL_MFD_INIT_VAL (INVALID_HANDLE_VALUE)
 #endif
+#endif
 
 /* wolfSSL CRL controller */
 struct WOLFSSL_CRL {
@@ -2542,8 +2557,8 @@ struct WOLFSSL_CRL {
     CbCrlIO               crlIOCb;
 #endif
     wolfSSL_RwLock        crlLock;       /* CRL list lock */
-    CRL_Monitor           monitors[WOLFSSL_CRL_MONITORS_LEN];
 #ifdef HAVE_CRL_MONITOR
+    CRL_Monitor           monitors[WOLFSSL_CRL_MONITORS_LEN];
     COND_TYPE             cond;          /* condition to signal setup */
     THREAD_TYPE           tid;           /* monitoring thread */
     wolfSSL_CRL_mfd_t     mfd;
@@ -2617,10 +2632,13 @@ struct WOLFSSL_CERT_MANAGER {
 #endif
     wolfSSL_Ref     ref;
 #ifdef HAVE_PQC
-    short           minFalconKeySz;      /* minimum allowed Falcon key size */
-    short           minDilithiumKeySz;   /* minimum allowed Dilithium key size */
+    short           minFalconKeySz;     /* minimum allowed Falcon key size */
+    short           minDilithiumKeySz;  /* minimum allowed Dilithium key size */
+#endif
+#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
+    && defined(HAVE_OID_DECODING)
+    wc_UnknownExtCallback unknownExtCallback;
 #endif
-
 };
 
 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm,
@@ -2845,6 +2863,10 @@ typedef enum {
     #ifdef WOLFSSL_QUIC
     TLSX_KEY_QUIC_TP_PARAMS         = 0x0039, /* RFC 9001, ch. 8.2 */
     #endif
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+    TLSX_CKS                        = 0xff92, /* X9.146; ff indcates personal
+                                               * use and 92 is hex for 146. */
+    #endif
 #endif
     TLSX_RENEGOTIATION_INFO         = 0xff01,
 #ifdef WOLFSSL_QUIC
@@ -3349,6 +3371,7 @@ typedef struct KeyShareEntry {
     word32                pubKeyLen; /* Public key length                 */
 #if !defined(NO_DH) || defined(HAVE_PQC)
     byte*                 privKey;   /* Private key - DH and PQ KEMs only */
+    word32                privKeyLen;/* Only for PQ KEMs. */
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     int                   lastRet;
@@ -3372,8 +3395,11 @@ WOLFSSL_LOCAL int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input,
         word16 length, byte msgType);
 WOLFSSL_LOCAL int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl,
         const byte* input, word16 length, TLSX** extensions);
-
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_LOCAL int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input,
+                                 word16 length, TLSX** extensions);
+WOLFSSL_LOCAL int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions);
+#endif
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
 
 enum PskDecryptReturn {
@@ -3554,6 +3580,12 @@ struct WOLFSSL_CTX {
     byte        privateKeyLabel:1;
     int         privateKeySz;
     int         privateKeyDevId;
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    DerBuffer*  altPrivateKey;
+    byte        altPrivateKeyType;
+    int         altPrivateKeySz;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef OPENSSL_ALL
     WOLFSSL_EVP_PKEY* privateKeyPKey;
 #endif
@@ -3739,7 +3771,7 @@ struct WOLFSSL_CTX {
     word32          maxEarlyDataSz;
 #endif
 #ifdef HAVE_ANON
-    byte        haveAnon;               /* User wants to allow Anon suites */
+    byte        useAnon;               /* User wants to allow Anon suites */
 #endif /* HAVE_ANON */
 #ifdef WOLFSSL_ENCRYPTED_KEYS
     wc_pem_password_cb* passwd_cb;
@@ -3930,6 +3962,10 @@ struct WOLFSSL_CTX {
 #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS)
     byte doAppleNativeCertValidationFlag:1;
 #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte *sigSpec;
+    word16 sigSpecSz;
+#endif
 };
 
 WOLFSSL_LOCAL
@@ -4176,7 +4212,8 @@ typedef struct Hashes {
     #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
         byte md5[WC_MD5_DIGEST_SIZE];
     #endif
-    #if !defined(NO_SHA)
+    #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
+                              defined(WOLFSSL_ALLOW_TLS_SHA1))
         byte sha[WC_SHA_DIGEST_SIZE];
     #endif
     #ifndef NO_SHA256
@@ -4496,7 +4533,10 @@ typedef struct Buffers {
                                               when got WANT_WRITE            */
     byte            weOwnCert;             /* SSL own cert flag */
     byte            weOwnCertChain;        /* SSL own cert chain flag */
-    byte            weOwnKey;              /* SSL own key  flag */
+    byte            weOwnKey;              /* SSL own key flag */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte            weOwnAltKey;           /* SSL own alt key flag */
+#endif
     byte            weOwnDH;               /* SSL own dh (p,g)  flag */
 #ifndef NO_DH
     buffer          serverDH_P;            /* WOLFSSL_CTX owns, unless we own */
@@ -4513,6 +4553,11 @@ typedef struct Buffers {
     byte            keyLabel:1;            /* Key data is a label not data */
     int             keySz;                 /* Size of RSA key */
     int             keyDevId;              /* Device Id for key */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    DerBuffer*      altKey;                /* WOLFSSL_CTX owns, unless we own */
+    byte            altKeyType;            /* Type of key: dilithium, falcon */
+    int             altKeySz;              /* Size of key */
+#endif
     DerBuffer*      certChain;             /* WOLFSSL_CTX owns, unless we own */
                  /* chain after self, in DER, with leading size for each cert */
 #ifdef WOLFSSL_TLS13
@@ -4662,7 +4707,7 @@ struct Options {
 #ifdef HAVE_POLY1305
     word16            oldPoly:1;        /* set when to use old rfc way of poly*/
 #endif
-    word16            haveAnon:1;       /* User wants to allow Anon suites */
+    word16            useAnon:1;       /* User wants to allow Anon suites */
 #ifdef HAVE_SESSION_TICKET
     word16            createTicket:1;     /* Server to create new Ticket */
     word16            useTicket:1;        /* Use Ticket not session cache */
@@ -4770,6 +4815,8 @@ struct Options {
     byte            cipherSuite;            /* second byte, actual suite */
     byte            hashAlgo;               /* selected hash algorithm */
     byte            sigAlgo;                /* selected sig algorithm */
+    byte            peerHashAlgo;           /* peer's chosen hash algo */
+    byte            peerSigAlgo;            /* peer's chosen sig algo */
     byte            serverState;
     byte            clientState;
     byte            handShakeState;
@@ -5091,6 +5138,17 @@ struct WOLFSSL_X509 {
     byte            notBeforeData[CTC_DATE_SIZE];
     byte            notAfterData[CTC_DATE_SIZE];
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Subject Alternative Public Key Info */
+    byte *sapkiDer;
+    int sapkiLen;
+    /* Alternative Signature Algorithm */
+    byte *altSigAlgDer;
+    int altSigAlgLen;
+    /* Alternative Signature Value */
+    byte *altSigValDer;
+    int altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 };
 
 
@@ -5189,7 +5247,8 @@ typedef struct MsgsReceived {
 typedef struct HS_Hashes {
     Hashes          verifyHashes;
     Hashes          certHashes;         /* for cert verify */
-#ifndef NO_SHA
+#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
+                          defined(WOLFSSL_ALLOW_TLS_SHA1))
     wc_Sha          hashSha;            /* sha hash of handshake msgs */
 #endif
 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
@@ -5456,6 +5515,11 @@ struct WOLFSSL {
                                          * allocated from heap */
     word32          hsType;             /* Type of Handshake key (hsKey) */
     WOLFSSL_CIPHER  cipher;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    void*           hsAltKey;           /* Handshake key (dilithium, falcon)
+                                         * allocated from heap */
+    word32          hsAltType;          /* Type of Handshake key (hsAltKey) */
+#endif
 #ifndef WOLFSSL_AEAD_ONLY
     hmacfp          hmac;
 #endif
@@ -5877,7 +5941,12 @@ struct WOLFSSL {
 #if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_KEYLOGFILE)
     SSLSnifferSecretCb snifferSecretCb;
 #endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_KEYLOGFILE */
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte *sigSpec;         /* This pointer never owns the memory. */
+    word16 sigSpecSz;
+    byte *peerSigSpec;     /* This pointer always owns the memory. */
+    word16 peerSigSpecSz;
+#endif
 };
 
 /*
@@ -6139,9 +6208,15 @@ WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey);
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
 WOLFSSL_LOCAL int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
-                                            word16 named_curve);
+                                            word16 curve_id);
 #else
-#define wolfSSL_curve_is_disabled(ssl, c)   ((void)(ssl), (void)(c), 0)
+static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
+                                               word16 curve_id)
+{
+    (void)ssl;
+    (void)curve_id;
+    return 0;
+}
 #endif
 
 WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
@@ -6409,10 +6484,8 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
 /* Set*Internal and Set*External functions */
 WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
 WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
-#ifndef HAVE_USER_RSA
 WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
 WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
-#endif
 
 typedef enum elem_set {
     ELEMENT_P   = 0x01,
@@ -6639,7 +6712,7 @@ WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
 #endif
 #endif
 
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA)
 WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf,
     int publicKey, void* heap);
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h b/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h
index e6f5a709..9206b092 100644
--- a/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h
+++ b/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h
@@ -25,6 +25,7 @@
 #ifndef WOLFSSL_BIO_H_
 #define WOLFSSL_BIO_H_
 
+#include <wolfssl/openssl/ssl.h>
 
 #ifdef __cplusplus
     extern "C" {
diff --git a/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h b/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h
index f57626f3..a787da28 100644
--- a/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h
+++ b/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h
@@ -96,13 +96,9 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT
 #define SSLeay_version wolfSSLeay_version
 #define SSLeay wolfSSLeay
 #define OpenSSL_version_num wolfSSL_OpenSSL_version_num
+#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+#define SSLEAY_VERSION OPENSSL_VERSION
 
-#if defined(WOLFSSL_QT) || defined(WOLFSSL_HITCH)
-    #define SSLEAY_VERSION 0x10001000L
-#else
-    #define SSLEAY_VERSION 0x0090600fL
-#endif
-#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
 #define CRYPTO_lock wc_LockMutex_ex
 
 /* this function was used to set the default malloc, free, and realloc */
diff --git a/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h b/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h
index c43e507b..57404c92 100644
--- a/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h
+++ b/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h
@@ -36,7 +36,8 @@
      /* valid version */
 #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
       defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
-      defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL)
+      defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \
+      defined(WOLFSSL_OPENSSH)
     /* For Apache httpd, Use 1.1.0 compatibility */
      #define OPENSSL_VERSION_NUMBER 0x10100003L
 #elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) || defined(WOLFSSL_KRB)
@@ -45,7 +46,7 @@
 #elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG)
      #define OPENSSL_VERSION_NUMBER 0x1010000fL
 #elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN)
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENVPN)
      /* version number can be increased for Lighty after compatibility for ECDH
         is added */
      #define OPENSSL_VERSION_NUMBER 0x10001040L
@@ -56,6 +57,10 @@
 #define OPENSSL_VERSION_TEXT             "wolfSSL " LIBWOLFSSL_VERSION_STRING
 #define OPENSSL_VERSION                  0
 
+#ifndef OPENSSL_IS_WOLFSSL
+#define OPENSSL_IS_WOLFSSL
+#endif
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #endif /* header */
diff --git a/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h b/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h
index 77874c77..5cd96e26 100644
--- a/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h
+++ b/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h
@@ -340,6 +340,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_CTX_set1_sigalgs_list       wolfSSL_CTX_set1_sigalgs_list
 #define SSL_set1_sigalgs_list           wolfSSL_set1_sigalgs_list
 #define SSL_get_signature_nid           wolfSSL_get_signature_nid
+#define SSL_get_signature_type_nid      wolfSSL_get_signature_type_nid
+#define SSL_get_peer_signature_nid      wolfSSL_get_peer_signature_nid
+#define SSL_get_peer_signature_type_nid wolfSSL_get_peer_signature_type_nid
 
 #define SSL_CTX_set1_groups             wolfSSL_CTX_set1_groups
 #define SSL_set1_groups                 wolfSSL_set1_groups
diff --git a/extra/wolfssl/wolfssl/wolfssl/quic.h b/extra/wolfssl/wolfssl/wolfssl/quic.h
index c1462cba..d4152423 100644
--- a/extra/wolfssl/wolfssl/wolfssl/quic.h
+++ b/extra/wolfssl/wolfssl/wolfssl/quic.h
@@ -32,6 +32,8 @@
 
 #ifdef WOLFSSL_QUIC
 
+#include <stdint.h>
+
 /* QUIC operates on three encryption levels which determine
  * which keys/algos are used for de-/encryption. These are
  * kept separately for incoming and outgoing data and.
@@ -288,6 +290,15 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
                       const uint8_t* salt, size_t saltlen,
                       const uint8_t* info, size_t infolen);
 
+/* most common QUIC packet size as of 2022 was 1,200 bytes
+ * largest packet size listed in the RFC is 1,392 bytes
+ * this gives plenty of breathing room for capacity of records but keeps sizes
+ * read from the wire sane */
+#ifndef WOLFSSL_QUIC_MAX_RECORD_CAPACITY
+    /* 1024*1024 -- 1 MB */
+    #define WOLFSSL_QUIC_MAX_RECORD_CAPACITY (1048576)
+#endif
+
 #endif /* WOLFSSL_QUIC */
 
 #ifdef __cplusplus
diff --git a/extra/wolfssl/wolfssl/wolfssl/ssl.h b/extra/wolfssl/wolfssl/wolfssl/ssl.h
index 907b3691..804ec44b 100644
--- a/extra/wolfssl/wolfssl/wolfssl/ssl.h
+++ b/extra/wolfssl/wolfssl/wolfssl/ssl.h
@@ -1056,8 +1056,11 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file(
     WOLFSSL_CTX* ctx, const char* file, int format);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(
     WOLFSSL_CTX* ctx, const char* file, int format);
-
-#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_file(
+    WOLFSSL_CTX* ctx, const char* file, int format);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* !NO_FILESYSTEM && !NO_CERTS */
 
 #ifndef NO_CERTS
 #define WOLFSSL_LOAD_FLAG_NONE          0x00000000
@@ -1129,6 +1132,10 @@ WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx);
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff);
 WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid);
+WOLFSSL_API int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid);
+WOLFSSL_API int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid);
+WOLFSSL_API int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl,
+        int* nid);
 WOLFSSL_API int  wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx,
                                                const char* list);
 WOLFSSL_API int  wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list);
@@ -1197,8 +1204,8 @@ WOLFSSL_API int  wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
 WOLFSSL_API int  wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count);
 
 #ifdef HAVE_ECC
-WOLFSSL_API int  wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list);
-WOLFSSL_API int  wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list);
+WOLFSSL_API int  wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list);
+WOLFSSL_API int  wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list);
 #endif
 #endif
 
@@ -1533,7 +1540,8 @@ WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
 WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
 
-#if defined(HAVE_OCSP) || defined(HAVE_CRL)
+#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \
+    defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING))
 #include "wolfssl/wolfcrypt/asn.h"
 #endif
 
@@ -1681,6 +1689,7 @@ WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
 WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
 
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
 WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
@@ -2885,6 +2894,9 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
         const unsigned char** in, int len);
 WOLFSSL_API WOLFSSL_X509*
     wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
+WOLFSSL_API WOLFSSL_X509*
+    wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const unsigned char* in, int len,
+    void* heap);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509*
     wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
@@ -3032,23 +3044,26 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
         #ifdef __PPU
             #include <sys/types.h>
             #include <sys/socket.h>
-        #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \
+        #elif defined(ARDUINO)
+            /* TODO board specific */
+        #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)    && \
               !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
-              !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \
-              !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \
-              !defined(WOLFSSL_ZEPHYR) && !defined(NETOS)
+              !defined(WOLFSSL_EMBOS)   && !defined(WOLFSSL_FROSTED)    && \
+              !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI)    && \
+              !defined(WOLFSSL_ZEPHYR)  && !defined(NETOS)
             #include <sys/uio.h>
         #endif
         /* allow writev style writing */
         WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
                                      int iovcnt);
-    #endif
-#endif
+    #endif /* !NO_WRITEV */
+#endif /* !_WIN32 */
 
 
 #ifndef NO_CERTS
     /* SSL_CTX versions */
     WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx);
+    WOLFSSL_API int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx);
 #ifdef WOLFSSL_TRUST_PEER_CERT
     WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx);
 #ifdef WOLFSSL_LOCAL_X509_STORE
@@ -3587,6 +3602,13 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
     WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm);
     WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm);
 
+#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
+    && defined(HAVE_OID_DECODING)
+    WOLFSSL_API void wolfSSL_CertManagerSetUnknownExtCallback(
+        WOLFSSL_CERT_MANAGER* cm,
+        wc_UnknownExtCallback cb);
+#endif
+
     WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm,
         const char* f, const char* d);
     WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
@@ -3596,6 +3618,8 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
         const unsigned char* buff, long sz, int format);
 
     WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
+    WOLFSSL_API int wolfSSL_CertManagerUnloadIntermediateCerts(
+        WOLFSSL_CERT_MANAGER* cm);
 #ifdef WOLFSSL_TRUST_PEER_CERT
     WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(
         WOLFSSL_CERT_MANAGER* cm);
@@ -3980,7 +4004,7 @@ enum {
     WOLFSSL_KYBER_LEVEL5          = 573, /* KYBER_1024 */
     WOLFSSL_PQC_SIMPLE_MAX        = 573,
 
-    WOLFSSL_PQC_HYBRID_MIN        = 12052,
+    WOLFSSL_PQC_HYBRID_MIN        = 12090,
     WOLFSSL_P256_KYBER_LEVEL1     = 12090,
     WOLFSSL_P384_KYBER_LEVEL3     = 12092,
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,
@@ -4008,6 +4032,16 @@ WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
 WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
 #endif
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+#define WOLFSSL_CKS_SIGSPEC_NATIVE      0x0001
+#define WOLFSSL_CKS_SIGSPEC_ALTERNATIVE 0x0002
+#define WOLFSSL_CKS_SIGSPEC_BOTH        0x0003
+#define WOLFSSL_CKS_SIGSPEC_EXTERNAL    0x0004
+
+WOLFSSL_API int wolfSSL_UseCKS(WOLFSSL* ssl, byte *sigSpec, word16 sigSpecSz);
+WOLFSSL_API int wolfSSL_CTX_UseCKS(WOLFSSL_CTX* ctx, byte *sigSpec,
+                                   word16 sigSpecSz);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
 /* Secure Renegotiation */
 #if defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO)
diff --git a/extra/wolfssl/wolfssl/wolfssl/test.h b/extra/wolfssl/wolfssl/wolfssl/test.h
index 5265e87f..47abb74a 100644
--- a/extra/wolfssl/wolfssl/wolfssl/test.h
+++ b/extra/wolfssl/wolfssl/wolfssl/test.h
@@ -110,7 +110,9 @@
 #elif defined(WOLFSSL_TIRTOS)
     #include <string.h>
     #include <netdb.h>
-    #include <sys/types.h>
+    #if !defined(__ti__) /* conflicts with sys/socket.h */
+        #include <sys/types.h>
+    #endif
     #include <arpa/inet.h>
     #include <sys/socket.h>
     #include <ti/sysbios/knl/Task.h>
@@ -173,6 +175,8 @@
         int h_length;        /* length of address */
         char** h_addr_list;  /* list of addresses from the name server */
     };
+#elif defined(ARDUINO)
+    /* TODO, define board-specific */
 #else
     #include <string.h>
     #include <sys/types.h>
@@ -285,6 +289,14 @@
     #endif
 #endif
 
+
+#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY) || defined(TEST_PK_PSK)
+    #define WOLFSSL_PKMSG(...) printf(__VA_ARGS__)
+#else
+    #define WOLFSSL_PKMSG(...) WC_DO_NOTHING
+#endif
+
+
 #ifndef MY_EX_USAGE
 #define MY_EX_USAGE 2
 #endif
@@ -654,6 +666,13 @@ int rem_dir(const char* dirName);
 int rem_file(const char* fileName);
 int copy_file(const char* in, const char* out);
 
+#if defined(__MACH__) || defined(__FreeBSD__)
+    int link_file(const char* in, const char* out);
+    #define STAGE_FILE(x,y) link_file((x),(y))
+#else
+    #define STAGE_FILE(x,y) copy_file((x),(y))
+#endif
+
 void signal_ready(tcp_ready* ready);
 
 /* wolfSSL */
@@ -1284,7 +1303,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
             int err;
             struct hostent* entry = gethostbyname(peer, &err);
         #elif defined(WOLFSSL_TIRTOS)
-            struct hostent* entry = DNSGetHostByName(peer);
+            struct hostent* entry = (struct hostent*)DNSGetHostByName(peer);
         #elif defined(WOLFSSL_VXWORKS)
             struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
         #else
@@ -1796,7 +1815,6 @@ static WC_INLINE void tcp_set_blocking(SOCKET_T* sockfd)
     #endif
 }
 
-
 #ifndef NO_PSK
 
 /* identity is OpenSSL testing default for openssl s_client, keep same */
@@ -1806,6 +1824,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
         char* identity, unsigned int id_max_len, unsigned char* key,
         unsigned int key_max_len)
 {
+    unsigned int ret;
+
     (void)ssl;
     (void)hint;
     (void)key_max_len;
@@ -1815,13 +1835,13 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
 
     if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
-           unsigned binary */
+         * unsigned binary */
         key[0] = 0x1a;
         key[1] = 0x2b;
         key[2] = 0x3c;
         key[3] = 0x4d;
 
-        return 4;   /* length of key in octets or 0 for error */
+        ret = 4;   /* length of key in octets or 0 for error */
     }
     else {
         int i;
@@ -1833,14 +1853,23 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
             key[i] = b;
         }
 
-        return 32;   /* length of key in octets or 0 for error */
+        ret = 32;   /* length of key in octets or 0 for error */
     }
+
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Client using HW (Len %d, Hint %s)\n", ret, hint);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 
 
 static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
         unsigned char* key, unsigned int key_max_len)
 {
+    unsigned int ret;
+
     (void)ssl;
     (void)key_max_len;
 
@@ -1850,13 +1879,13 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
 
     if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
-           unsigned binary */
+         * unsigned binary */
         key[0] = 0x1a;
         key[1] = 0x2b;
         key[2] = 0x3c;
         key[3] = 0x4d;
 
-        return 4;   /* length of key in octets or 0 for error */
+        ret = 4;   /* length of key in octets or 0 for error */
     }
     else {
         int i;
@@ -1868,8 +1897,14 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
             key[i] = b;
         }
 
-        return 32;   /* length of key in octets or 0 for error */
+        ret = 32;   /* length of key in octets or 0 for error */
     }
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Server using HW (Len %d, Hint %s)\n", ret, identity);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 
 #ifdef WOLFSSL_TLS13
@@ -1877,6 +1912,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
         const char* hint, char* identity, unsigned int id_max_len,
         unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
 {
+    unsigned int ret;
     int i;
     int b = 0x01;
     const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
@@ -1896,7 +1932,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
 
     *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
 
-    return 32;   /* length of key in octets or 0 for error */
+    ret = 32;   /* length of key in octets or 0 for error */
+
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Client TLS 1.3 using HW (Len %d, Hint %s)\n", ret, hint);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 
 
@@ -1904,6 +1947,7 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
         const char* identity, unsigned char* key, unsigned int key_max_len,
         const char** ciphersuite)
 {
+    unsigned int ret;
     int i;
     int b = 0x01;
     int kIdLen = (int)XSTRLEN(kIdentityStr);
@@ -1927,7 +1971,15 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
 
     *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
 
-    return 32;   /* length of key in octets or 0 for error */
+    ret = 32;   /* length of key in octets or 0 for error */
+
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Server TLS 1.3 using HW (Len %d, Hint %s)\n",
+        ret, identity);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 #endif
 
@@ -2489,37 +2541,42 @@ static WC_INLINE void CRL_CallBack(const char* url)
 #endif
 
 #ifndef NO_DH
-static WC_INLINE void SetDH(WOLFSSL* ssl)
-{
-    /* dh1024 p */
-    static const unsigned char p[] =
+#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSS_SP_MATH_ALL)
+    /* dh2048 p */
+    static const unsigned char test_dh_p[] =
     {
-        0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
-        0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
-        0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
-        0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
-        0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
-        0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
-        0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
-        0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
-        0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
-        0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
-        0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+        0xD3, 0xB2, 0x99, 0x84, 0x5C, 0x0A, 0x4C, 0xE7, 0x37, 0xCC, 0xFC, 0x18,
+        0x37, 0x01, 0x2F, 0x5D, 0xC1, 0x4C, 0xF4, 0x5C, 0xC9, 0x82, 0x8D, 0xB7,
+        0xF3, 0xD4, 0xA9, 0x8A, 0x9D, 0x34, 0xD7, 0x76, 0x57, 0xE5, 0xE5, 0xC3,
+        0xE5, 0x16, 0x85, 0xCA, 0x4D, 0xD6, 0x5B, 0xC1, 0xF8, 0xCF, 0x89, 0x26,
+        0xD0, 0x38, 0x8A, 0xEE, 0xF3, 0xCD, 0x33, 0xE5, 0x56, 0xBB, 0x90, 0x83,
+        0x9F, 0x97, 0x8E, 0x71, 0xFB, 0x27, 0xE4, 0x35, 0x15, 0x45, 0x86, 0x09,
+        0x71, 0xA8, 0x9A, 0xB9, 0x3E, 0x0F, 0x51, 0x8A, 0xC2, 0x75, 0x51, 0x23,
+        0x12, 0xFB, 0x94, 0x31, 0x44, 0xBF, 0xCE, 0xF6, 0xED, 0xA6, 0x3A, 0xB7,
+        0x92, 0xCE, 0x16, 0xA9, 0x14, 0xB3, 0x88, 0xB7, 0x13, 0x81, 0x71, 0x83,
+        0x88, 0xCD, 0xB1, 0xA2, 0x37, 0xE1, 0x59, 0x5C, 0xD0, 0xDC, 0xCA, 0x82,
+        0x87, 0xFA, 0x43, 0x44, 0xDD, 0x78, 0x3F, 0xCA, 0x27, 0x7E, 0xE1, 0x6B,
+        0x93, 0x19, 0x7C, 0xD9, 0xA6, 0x96, 0x47, 0x0D, 0x12, 0xC1, 0x13, 0xD7,
+        0xB9, 0x0A, 0x40, 0xD9, 0x1F, 0xFF, 0xB8, 0xB4, 0x00, 0xC8, 0xAA, 0x5E,
+        0xD2, 0x66, 0x4A, 0x05, 0x8E, 0x9E, 0xF5, 0x34, 0xE7, 0xD7, 0x09, 0x7B,
+        0x15, 0x49, 0x1D, 0x76, 0x31, 0xD6, 0x71, 0xEC, 0x13, 0x4E, 0x89, 0x8C,
+        0x09, 0x22, 0xD8, 0xE7, 0xA3, 0xE9, 0x7D, 0x21, 0x51, 0x26, 0x6E, 0x9F,
+        0x30, 0x8A, 0xBB, 0xBC, 0x74, 0xC1, 0xC3, 0x27, 0x6A, 0xCE, 0xA3, 0x12,
+        0x60, 0x68, 0x01, 0xD2, 0x34, 0x07, 0x80, 0xCC, 0x2D, 0x7F, 0x5C, 0xAE,
+        0xA2, 0x97, 0x40, 0xC8, 0x3C, 0xAC, 0xDB, 0x6F, 0xFE, 0x6C, 0x6D, 0xD2,
+        0x06, 0x1C, 0x43, 0xA2, 0xB2, 0x2B, 0x82, 0xB7, 0xD0, 0xAB, 0x3F, 0x2C,
+        0xE7, 0x9C, 0x19, 0x16, 0xD1, 0x5E, 0x26, 0x86, 0xC7, 0x92, 0xF9, 0x16,
+        0x0B, 0xFA, 0x66, 0x83
     };
 
-    /* dh1024 g */
-    static const unsigned char g[] =
+    /* dh2048 g */
+    static const unsigned char test_dh_g[] =
     {
       0x02,
     };
-
-    wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
-}
-
-static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
-{
+#else
     /* dh1024 p */
-    static const unsigned char p[] =
+    static const unsigned char test_dh_p[] =
     {
         0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
         0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
@@ -2535,12 +2592,22 @@ static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
     };
 
     /* dh1024 g */
-    static const unsigned char g[] =
+    static const unsigned char test_dh_g[] =
     {
       0x02,
     };
+#endif
+
+static WC_INLINE void SetDH(WOLFSSL* ssl)
+{
+    wolfSSL_SetTmpDH(ssl, test_dh_p, sizeof(test_dh_p), test_dh_g,
+        sizeof(test_dh_g));
+}
 
-    wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
+static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
+{
+    wolfSSL_CTX_SetTmpDH(ctx, test_dh_p, sizeof(test_dh_p), test_dh_g,
+        sizeof(test_dh_g));
 }
 #endif /* NO_DH */
 
@@ -3075,12 +3142,6 @@ typedef struct PkCbInfo {
 #endif
 } PkCbInfo;
 
-#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
-    #define WOLFSSL_PKMSG(...) printf(__VA_ARGS__)
-#else
-    #define WOLFSSL_PKMSG(...) WC_DO_NOTHING
-#endif
-
 #ifdef HAVE_ECC
 
 static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
diff --git a/extra/wolfssl/wolfssl/wolfssl/version.h b/extra/wolfssl/wolfssl/wolfssl/version.h
index c0cad152..d6193c4d 100644
--- a/extra/wolfssl/wolfssl/wolfssl/version.h
+++ b/extra/wolfssl/wolfssl/wolfssl/version.h
@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "5.6.6"
-#define LIBWOLFSSL_VERSION_HEX 0x05006006
+#define LIBWOLFSSL_VERSION_STRING "5.7.0"
+#define LIBWOLFSSL_VERSION_HEX 0x05007000
 
 #ifdef __cplusplus
 }
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h
index 75653bad..1c369cef 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h
@@ -85,10 +85,14 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
 #ifdef WOLFSSL_XILINX_CRYPT_VERSAL
 #include <wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h>
 #include <xsecure_aesclient.h>
-#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
+#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
+    #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
+#endif
 #else /* versal */
 #include <xsecure_aes.h>
-#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
+#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
+    #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
+#endif
 #endif /* !versal */
 #endif /* WOLFSSL_XILINX_CRYPT */
 
@@ -175,6 +179,9 @@ enum {
     AES_ENC_TYPE   = WC_CIPHER_AES,   /* cipher unique type */
     AES_ENCRYPTION = 0,
     AES_DECRYPTION = 1,
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    AES_ENCRYPTION_AND_DECRYPTION = 2,
+#endif
 
     AES_BLOCK_SIZE      = 16,
 
@@ -395,6 +402,9 @@ struct Aes {
 #ifdef WOLFSSL_AES_XTS
 typedef struct XtsAes {
     Aes aes;
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    Aes aes_decrypt;
+#endif
     Aes tweak;
 } XtsAes;
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h
index 351517e4..01eb03c2 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h
@@ -932,7 +932,11 @@ enum Misc_ASN {
     MIN_DATE_SIZE       =  12,
     MAX_DATE_SIZE       =  32,
     ASN_GEN_TIME_SZ     =  15,     /* 7 numbers * 2 + Zulu tag */
-#ifndef NO_RSA
+#ifdef HAVE_SPHINCS
+    MAX_ENCODED_SIG_SZ  = 51200,
+#elif defined(HAVE_PQC)
+    MAX_ENCODED_SIG_SZ  = 5120,
+#elif !defined(NO_RSA)
 #ifdef WOLFSSL_HAPROXY
     MAX_ENCODED_SIG_SZ  = 1024,    /* Supports 8192 bit keys */
 #else
@@ -1019,6 +1023,7 @@ enum Misc_ASN {
 #endif
     TRAILING_ZERO       = 1,       /* Used for size of zero pad */
     ASN_TAG_SZ          = 1,       /* single byte ASN.1 tag */
+    ASN_INDEF_END_SZ    = 2,       /* 0x00 0x00 at end of indef */
     MIN_VERSION_SZ      = 3,       /* Min bytes needed for GetMyVersion */
     MAX_X509_VERSION    = 3,       /* Max X509 version allowed */
     MIN_X509_VERSION    = 0,       /* Min X509 version allowed */
@@ -1124,6 +1129,7 @@ enum Block_Sum {
 
 
 enum Key_Sum {
+    ANONk             = 0,
     DSAk              = 515,
     RSAk              = 645,
     RSAPSSk           = 654,
@@ -1135,8 +1141,8 @@ enum Key_Sum {
     ED448k            = 257, /* 1.3.101.113 */
     X448k             = 255, /* 1.3.101.111 */
     DHk               = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
-    FALCON_LEVEL1k    = 268, /* 1.3.9999.3.1 */
-    FALCON_LEVEL5k    = 271, /* 1.3.9999.3.4 */
+    FALCON_LEVEL1k    = 273, /* 1.3.9999.3.6 */
+    FALCON_LEVEL5k    = 276, /* 1.3.9999.3.9 */
     DILITHIUM_LEVEL2k = 213,    /* 1.3.6.1.4.1.2.267.7.4.4 */
     DILITHIUM_LEVEL3k = 216,    /* 1.3.6.1.4.1.2.267.7.6.5 */
     DILITHIUM_LEVEL5k = 220,    /* 1.3.6.1.4.1.2.267.7.8.7 */
@@ -1220,7 +1226,12 @@ enum Extensions_Sum {
     AKEY_PACKAGE_OID          = 1048, /* 2.16.840.1.101.2.1.2.78.5
                                         RFC 5958  - Asymmetric Key Packages */
     FASCN_OID = 419, /* 2.16.840.1.101.3.6.6 Federal PKI Policy FASC-N */
-    UPN_OID   = 265  /* 1.3.6.1.4.1.311.20.2.3 UPN */
+    UPN_OID   = 265, /* 1.3.6.1.4.1.311.20.2.3 UPN */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */
+    ALT_SIG_ALG_OID           = 187, /* 2.5.29.73 alt sig alg */
+    ALT_SIG_VAL_OID           = 188  /* 2.5.29.74 alt sig val */
+#endif
 };
 
 enum CertificatePolicy_Sum {
@@ -1925,6 +1936,11 @@ struct DecodedCert {
 #ifdef WOLFSSL_SUBJ_INFO_ACC
     byte extSubjInfoAccSet : 1;
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte extSapkiSet : 1;
+    byte extAltSigAlgSet : 1;
+    byte extAltSigValSet : 1;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
     byte extCertPolicyCrit : 1;
 #endif
@@ -1938,6 +1954,19 @@ struct DecodedCert {
     && defined(HAVE_OID_DECODING)
     wc_UnknownExtCallback unknownExtCallback;
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Subject Alternative Public Key Info */
+    byte *sapkiDer;
+    int sapkiLen;
+    word32 sapkiOID;
+    /* Alternative Signature Algorithm */
+    byte *altSigAlgDer;
+    int altSigAlgLen;
+    word32 altSigAlgOID;
+    /* Alternative Signature Value */
+    byte *altSigValDer;
+    int altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 };
 
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
@@ -1987,6 +2016,14 @@ struct Signer {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
     word32 cm_idx;
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* The Subject Alternative Public Key Info (SAPKI) will NOT be cached.
+     * Caching of it is NOT SUPPORTED yet. */
+    byte *sapkiDer;
+    int sapkiLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+    byte type;
+
     Signer* next;
 };
 
@@ -2065,6 +2102,8 @@ WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
 
 WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
                                 word32* derSz);
+WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz,
+    byte* out, word32* outSz, word32* idx);
 
 WOLFSSL_ASN_API void FreeAltNames(DNS_entry* altNames, void* heap);
 WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap);
@@ -2097,6 +2136,13 @@ WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz,
                                       void* heap, const byte* pubKey,
                                       word32 pubKeySz, int pubKeyOID);
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_LOCAL int wc_ConfirmAltSignature(
+    const byte* buf, word32 bufSz,
+    const byte* key, word32 keySz, word32 keyOID,
+    const byte* sig, word32 sigSz, word32 sigOID,
+    void *heap);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
     (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)))
 WOLFSSL_LOCAL int wc_CertGetPubKey(const byte* cert, word32 certSz,
@@ -2122,6 +2168,8 @@ WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
 WOLFSSL_LOCAL Signer* MakeSigner(void* heap);
 WOLFSSL_LOCAL void    FreeSigner(Signer* signer, void* heap);
 WOLFSSL_LOCAL void    FreeSignerTable(Signer** table, int rows, void* heap);
+WOLFSSL_LOCAL void    FreeSignerTableType(Signer** table, int rows, byte type,
+                                          void* heap);
 #ifdef WOLFSSL_TRUST_PEER_CERT
 WOLFSSL_LOCAL void    FreeTrustedPeer(TrustedPeerCert* tp, void* heap);
 WOLFSSL_LOCAL void    FreeTrustedPeerTable(TrustedPeerCert** table, int rows,
@@ -2232,14 +2280,20 @@ WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
 
 WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
+WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef);
 WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef);
+WOLFSSL_LOCAL word32 SetIndefEnd(byte* output);
 WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetOctetStringEx(word32 len, byte* output, byte indef);
 WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
 WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
-WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
-WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output,
+        byte isIndef);
+WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output,
+    byte isIndef);
 WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
+WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
 WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
 WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
     word32 outputSz, int maxSnSz);
@@ -2547,6 +2601,10 @@ struct DecodedCRL {
     word32  sigIndex;                /* offset to start of signature     */
     word32  sigLength;               /* length of signature              */
     word32  signatureOID;            /* sum of algorithm object id       */
+#ifdef WC_RSA_PSS
+    word32  sigParamsIndex;          /* start of signature parameters    */
+    word32  sigParamsLength;         /* length of signature parameters   */
+#endif
     byte*   signature;               /* pointer into raw source, not owned */
     byte    issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash          */
     byte    crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash            */
@@ -2573,8 +2631,8 @@ WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap);
 WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
                                       const byte* toBeSigned, word32 tbsSz,
                                       const byte* signature, word32 sigSz,
-                                      word32 signatureOID, Signer *ca,
-                                      void* heap);
+                                      word32 signatureOID, const byte* sigParams,
+                                      int sigParamsSz, Signer *ca, void* heap);
 WOLFSSL_LOCAL int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl,
                            const byte* buff, word32 sz, int verify, void* cm);
 WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h
index a4395ed0..0f58152d 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h
@@ -141,6 +141,7 @@ enum EncPkcs8Types {
 enum CertType {
     CERT_TYPE       = 0,
     PRIVATEKEY_TYPE,
+    ALT_PRIVATEKEY_TYPE,
     DH_PARAM_TYPE,
     DSA_PARAM_TYPE,
     CRL_TYPE,
@@ -214,8 +215,8 @@ enum Ctc_SigType {
     CTC_ED25519      = 256,
     CTC_ED448        = 257,
 
-    CTC_FALCON_LEVEL1 = 268,
-    CTC_FALCON_LEVEL5 = 271,
+    CTC_FALCON_LEVEL1 = 273,
+    CTC_FALCON_LEVEL5 = 276,
 
     CTC_DILITHIUM_LEVEL2     = 213,
     CTC_DILITHIUM_LEVEL3     = 216,
@@ -513,6 +514,19 @@ typedef struct Cert {
     byte     issRaw[sizeof(CertName)];   /* raw issuer info */
     byte     sbjRaw[sizeof(CertName)];   /* raw subject info */
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* These will not point to managed buffers. They will point to buffers that
+     * are managed by others. No cleanup neccessary. */
+    /* Subject Alternative Public Key Info */
+    byte *sapkiDer;
+    int sapkiLen;
+    /* Alternative Signature Algorithm */
+    byte *altSigAlgDer;
+    int altSigAlgLen;
+    /* Alternative Signature Value */
+    byte *altSigValDer;
+    int altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef WOLFSSL_CERT_REQ
     char     challengePw[CTC_NAME_SIZE];
     char     unstructuredName[CTC_NAME_SIZE];
@@ -572,6 +586,11 @@ WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf,
                                WC_RNG* rng);
 WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
                             RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_API int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
+                                     word32 bufSz, int keyType, void* key,
+                                     WC_RNG* rng);
+#endif
 WOLFSSL_ABI
 WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
                                 RsaKey* key, WC_RNG* rng);
@@ -704,7 +723,6 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
 #endif
 
 #ifndef NO_RSA
-    #if !defined(HAVE_USER_RSA)
     WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
         word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
     /* For FIPS v1/v2 and selftest this is in rsa.h */
@@ -717,7 +735,6 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
          (! ((HAVE_FIPS_VERSION == 5) && (HAVE_FIPS_VERSION_MINOR == 0)))))
     WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
     #endif
-    #endif /* !HAVE_USER_RSA */
     WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header);
     WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
         int with_header);
@@ -943,6 +960,11 @@ WOLFSSL_API int wc_GetFASCNFromCert(struct DecodedCert* cert,
                                     byte* fascn, word32* fascnSz);
 #endif /* WOLFSSL_FPKI */
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_API int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der,
+                                  int derSz);
+#endif
+
 #if !defined(XFPRINTF) || defined(NO_FILESYSTEM) || \
     defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_ASN_PRINT)
 #undef WOLFSSL_ASN_PRINT
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h
index 5fbda43c..e59df284 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h
@@ -111,11 +111,25 @@ WOLFSSL_API
 int wc_AesCmacGenerate(byte* out, word32* outSz,
                        const byte* in, word32 inSz,
                        const byte* key, word32 keySz);
+WOLFSSL_API
+int wc_AesCmacGenerate_ex(Cmac *cmac,
+                          byte* out, word32* outSz,
+                          const byte* in, word32 inSz,
+                          const byte* key, word32 keySz,
+                          void* heap,
+                          int devId);
 
 WOLFSSL_API
 int wc_AesCmacVerify(const byte* check, word32 checkSz,
                      const byte* in, word32 inSz,
                      const byte* key, word32 keySz);
+WOLFSSL_API
+int wc_AesCmacVerify_ex(Cmac* cmac,
+                        const byte* check, word32 checkSz,
+                        const byte* in, word32 inSz,
+                        const byte* key, word32 keySz,
+                        void* heap,
+                        int devId);
 
 WOLFSSL_LOCAL
 void ShiftAndXorRb(byte* out, byte* in);
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h
index 9e04328f..9d25dcf3 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h
@@ -50,6 +50,7 @@
     #define CPUID_ADX    0x0040   /* ADCX, ADOX */
     #define CPUID_MOVBE  0x0080   /* Move and byte swap */
     #define CPUID_BMI1   0x0100   /* ANDN */
+    #define CPUID_SHA    0x0200   /* SHA-1 and SHA-256 instructions */
 
     #define IS_INTEL_AVX1(f)    ((f) & CPUID_AVX1)
     #define IS_INTEL_AVX2(f)    ((f) & CPUID_AVX2)
@@ -60,6 +61,7 @@
     #define IS_INTEL_ADX(f)     ((f) & CPUID_ADX)
     #define IS_INTEL_MOVBE(f)   ((f) & CPUID_MOVBE)
     #define IS_INTEL_BMI1(f)    ((f) & CPUID_BMI1)
+    #define IS_INTEL_SHA(f)     ((f) & CPUID_SHA)
 
 #endif
 
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h
index cf38444f..8f667775 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h
@@ -71,6 +71,21 @@
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
     #include <wolfssl/wolfcrypt/sha512.h>
 #endif
+#ifdef HAVE_PQC
+    #include <wolfssl/wolfcrypt/kyber.h>
+#ifdef WOLFSSL_WC_KYBER
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+    #include <wolfssl/wolfcrypt/ext_kyber.h>
+#endif
+#endif
+#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
+#if defined(HAVE_PQC) && defined(HAVE_FALCON)
+    #include <wolfssl/wolfcrypt/falcon.h>
+#endif
+
 
 #ifdef WOLF_CRYPTO_CB_CMD
 /* CryptoCb Commands */
@@ -201,6 +216,64 @@ typedef struct wc_CryptoInfo {
                 byte         contextLen;
             } ed25519verify;
         #endif
+        #if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
+            struct {
+                WC_RNG*     rng;
+                int         size;
+                void*       key;
+                int         type; /* enum wc_PqcKemType */
+            } pqc_kem_kg;
+            struct {
+                byte*       ciphertext;
+                word32      ciphertextLen;
+                byte*       sharedSecret;
+                word32      sharedSecretLen;
+                WC_RNG*     rng;
+                void*       key;
+                int         type; /* enum wc_PqcKemType */
+            } pqc_encaps;
+            struct {
+                const byte* ciphertext;
+                word32      ciphertextLen;
+                byte*       sharedSecret;
+                word32      sharedSecretLen;
+                void*       key;
+                int         type; /* enum wc_PqcKemType */
+            } pqc_decaps;
+        #endif
+        #if defined(HAVE_PQC) && \
+            (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
+            struct {
+                WC_RNG*     rng;
+                int         size;
+                void*       key;
+                int         type; /* enum wc_PqcSignatureType */
+            } pqc_sig_kg;
+            struct {
+                const byte* in;
+                word32      inlen;
+                byte*       out;
+                word32*     outlen;
+                WC_RNG*     rng;
+                void*       key;
+                int         type; /* enum wc_PqcSignatureType */
+            } pqc_sign;
+            struct {
+                const byte* sig;
+                word32      siglen;
+                const byte* msg;
+                word32      msglen;
+                int*        res;
+                void*       key;
+                int         type; /* enum wc_PqcSignatureType */
+            } pqc_verify;
+            struct {
+                void*       key;
+                const byte* pubKey;
+                word32      pubKeySz;
+                int         type; /* enum wc_PqcSignatureType */
+            } pqc_sig_check;
+        #endif
 #if HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
@@ -296,6 +369,7 @@ typedef struct wc_CryptoInfo {
                 word32      sz;
             } des3;
         #endif
+            void* ctx;
 #if HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
@@ -326,6 +400,7 @@ typedef struct wc_CryptoInfo {
         #ifdef WOLFSSL_SHA512
             wc_Sha512* sha512;
         #endif
+            void* ctx;
 #if HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
@@ -450,6 +525,37 @@ WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
     const byte* context, byte contextLen);
 #endif /* HAVE_ED25519 */
 
+#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
+WOLFSSL_LOCAL int wc_CryptoCb_PqcKemGetDevId(int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type,
+    int keySize, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcEncapsulate(byte* ciphertext,
+    word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen,
+    WC_RNG* rng, int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext,
+    word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen,
+    int type, void* key);
+#endif /* HAVE_PQC && WOLFSSL_HAVE_KYBER */
+
+#if defined(HAVE_PQC) && (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
+WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type,
+    int keySize, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out,
+    word32 *outlen, WC_RNG* rng, int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
+    const byte* msg, word32 msglen, int* res, int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
+    const byte* pubKey, word32 pubKeySz);
+#endif /* HAVE_PQC && (HAVE_FALCON || HAVE_DILITHIUM) */
+
 #ifndef NO_AES
 #ifdef HAVE_AESGCM
 WOLFSSL_LOCAL int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h
index 896976c5..5472d092 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h
@@ -31,10 +31,15 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif
 
 #ifdef __cplusplus
@@ -60,17 +65,34 @@
 #define DILITHIUM_LEVEL5_PRV_KEY_SIZE (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
 #endif
 
-#define DILITHIUM_MAX_KEY_SIZE     DILITHIUM_LEVEL5_PRV_KEY_SIZE
+#define DILITHIUM_MAX_KEY_SIZE     DILITHIUM_LEVEL5_KEY_SIZE
 #define DILITHIUM_MAX_SIG_SIZE     DILITHIUM_LEVEL5_SIG_SIZE
 #define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
 #define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
 
+#ifdef WOLF_PRIVATE_KEY_ID
+#define DILITHIUM_MAX_ID_LEN    32
+#define DILITHIUM_MAX_LABEL_LEN 32
+#endif
+
 /* Structs */
 
 struct dilithium_key {
     bool pubKeySet;
     bool prvKeySet;
     byte level; /* 2,3 or 5 */
+
+#ifdef WOLF_CRYPTO_CB
+    void* devCtx;
+    int   devId;
+#endif
+#ifdef WOLF_PRIVATE_KEY_ID
+    byte id[DILITHIUM_MAX_ID_LEN];
+    int  idLen;
+    char label[DILITHIUM_MAX_LABEL_LEN];
+    int  labelLen;
+#endif
+
     byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
     byte k[DILITHIUM_MAX_PRV_KEY_SIZE];
 };
@@ -84,13 +106,26 @@ struct dilithium_key {
 
 WOLFSSL_API
 int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                       dilithium_key* key);
+                       dilithium_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                          word32 msgLen, int* res, dilithium_key* key);
 
 WOLFSSL_API
 int wc_dilithium_init(dilithium_key* key);
+
+WOLFSSL_API
+int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId);
+
+#ifdef WOLF_PRIVATE_KEY_ID
+WOLFSSL_API
+int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len,
+                         void* heap, int devId);
+WOLFSSL_API
+int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap,
+                            int devId);
+#endif
+
 WOLFSSL_API
 int wc_dilithium_set_level(dilithium_key* key, byte level);
 WOLFSSL_API
@@ -109,7 +144,7 @@ int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
                                  dilithium_key* key);
 
 WOLFSSL_API
-int wc_dilithium_export_public(dilithium_key*, byte* out, word32* outLen);
+int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen);
 WOLFSSL_API
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h
index 5f67d2d6..2d7ee320 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h
@@ -659,10 +659,8 @@ WOLFSSL_LOCAL
 int wc_ecc_shared_secret_gen_sync(ecc_key* private_key,
     ecc_point* point, byte* out, word32* outlen);
 
-#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
-    defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
-#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
-#else
+#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+    !defined(PLUTON_CRYPTO_ECC) && !defined(WOLFSSL_CRYPTOCELL)
 #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
 #endif
 
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h
index 0d6ef49f..9748d6df 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h
@@ -31,8 +31,6 @@
 
 #ifdef HAVE_ED25519
 
-#include <wolfssl/wolfcrypt/fe_operations.h>
-#include <wolfssl/wolfcrypt/ge_operations.h>
 #include <wolfssl/wolfcrypt/random.h>
 #ifndef WOLFSSL_SHA512
 #error ED25519 requires SHA512
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h
index b45671d7..48011fce 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h
@@ -80,7 +80,7 @@ enum {
 /* An ED448 Key */
 struct ed448_key {
     byte    p[ED448_PUB_KEY_SIZE]; /* compressed public key */
-    byte    k[ED448_PRV_KEY_SIZE]; /* private key : 56 secret -- 56 public */
+    byte    k[ED448_PRV_KEY_SIZE]; /* private key : 57 secret -- 57 public */
 #ifdef FREESCALE_LTC_ECC
     /* uncompressed point coordinates */
     byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h
index d29ac13b..99afb966 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h
@@ -65,11 +65,17 @@ enum {
     MP_ZERO_E          = -121,  /* got a mp zero result, not expected */
 
     AES_EAX_AUTH_E     = -122, /* AES-EAX Authentication check failure */
+    KEY_EXHAUSTED_E    = -123, /* No longer usable for operation. */
+
+    /* -124 unused. */
 
     MEMORY_E           = -125,  /* out of memory error */
     VAR_STATE_CHANGE_E = -126,  /* var state modified by different thread */
     FIPS_DEGRADED_E    = -127,  /* FIPS Module in degraded mode */
 
+    /* -128 unused. */
+    /* -129 unused. */
+
     RSA_WRONG_TYPE_E   = -130,  /* RSA wrong block type for RSA function */
     RSA_BUFFER_E       = -131,  /* RSA buffer error, output too small or
                                    input too large */
@@ -101,10 +107,13 @@ enum {
     ASN_SIG_HASH_E     = -156,  /* ASN sig error, unsupported hash type */
     ASN_SIG_KEY_E      = -157,  /* ASN sig error, unsupported key type */
     ASN_DH_KEY_E       = -158,  /* ASN key init error, invalid input */
+    /* -159 unused. */
     ASN_CRIT_EXT_E     = -160,  /* ASN unsupported critical extension */
     ASN_ALT_NAME_E     = -161,  /* ASN alternate name error */
     ASN_NO_PEM_HEADER  = -162,  /* ASN no PEM header found */
 
+    /* -163..-169 unused. */
+
     ECC_BAD_ARG_E      = -170,  /* ECC input argument of wrong type */
     ASN_ECC_KEY_E      = -171,  /* ASN ECC bad input */
     ECC_CURVE_OID_E    = -172,  /* Unsupported ECC OID curve type */
@@ -182,6 +191,8 @@ enum {
     SIG_TYPE_E          = -231,  /* Signature Type not enabled/available */
     HASH_TYPE_E         = -232,  /* Hash Type not enabled/available */
 
+    /* -233 unused. */
+
     WC_KEY_SIZE_E       = -234,  /* Key size error, either too small or large */
     ASN_COUNTRY_SIZE_E  = -235,  /* ASN Cert Gen, invalid country code size */
     MISSING_RNG_E       = -236,  /* RNG required but not provided */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_kyber.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_kyber.h
index 53c175d7..0ea7108b 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_kyber.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_kyber.h
@@ -22,6 +22,10 @@
 #ifndef EXT_KYBER_H
 #define EXT_KYBER_H
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #ifdef WOLFSSL_HAVE_KYBER
 #include <wolfssl/wolfcrypt/kyber.h>
 
@@ -56,6 +60,12 @@ struct KyberKey {
      * Note we don't save the variant (SHAKE vs AES) as that is decided at
      * configuration time. */
     int type;
+
+#ifdef WOLF_CRYPTO_CB
+    void* devCtx;
+    int   devId;
+#endif
+
     byte priv[EXT_KYBER_MAX_PRIV_SZ];
     byte pub[EXT_KYBER_MAX_PUB_SZ];
 };
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h
index cced2b05..9d4bff8b 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h
@@ -31,10 +31,15 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #if defined(HAVE_PQC) && defined(HAVE_FALCON)
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif
 
 #ifdef __cplusplus
@@ -55,17 +60,35 @@
 #define FALCON_LEVEL5_PRV_KEY_SIZE (FALCON_LEVEL5_PUB_KEY_SIZE+FALCON_LEVEL5_KEY_SIZE)
 #endif
 
-#define FALCON_MAX_KEY_SIZE     FALCON_LEVEL5_PRV_KEY_SIZE
+#define FALCON_MAX_KEY_SIZE     FALCON_LEVEL5_KEY_SIZE
 #define FALCON_MAX_SIG_SIZE     FALCON_LEVEL5_SIG_SIZE
 #define FALCON_MAX_PUB_KEY_SIZE FALCON_LEVEL5_PUB_KEY_SIZE
 #define FALCON_MAX_PRV_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE
 
+#ifdef WOLF_PRIVATE_KEY_ID
+#define FALCON_MAX_ID_LEN    32
+#define FALCON_MAX_LABEL_LEN 32
+#endif
+
+
 /* Structs */
 
 struct falcon_key {
     bool pubKeySet;
     bool prvKeySet;
     byte level;
+
+#ifdef WOLF_CRYPTO_CB
+    void* devCtx;
+    int   devId;
+#endif
+#ifdef WOLF_PRIVATE_KEY_ID
+    byte id[FALCON_MAX_ID_LEN];
+    int  idLen;
+    char label[FALCON_MAX_LABEL_LEN];
+    int  labelLen;
+#endif
+
     byte p[FALCON_MAX_PUB_KEY_SIZE];
     byte k[FALCON_MAX_PRV_KEY_SIZE];
 };
@@ -79,13 +102,26 @@ struct falcon_key {
 
 WOLFSSL_API
 int wc_falcon_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                       falcon_key* key);
+                       falcon_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                          word32 msgLen, int* res, falcon_key* key);
 
 WOLFSSL_API
 int wc_falcon_init(falcon_key* key);
+
+WOLFSSL_API
+int wc_falcon_init_ex(falcon_key* key, void* heap, int devId);
+
+#ifdef WOLF_PRIVATE_KEY_ID
+WOLFSSL_API
+int wc_falcon_init_id(falcon_key* key, const unsigned char* id, int len,
+                      void* heap, int devId);
+WOLFSSL_API
+int wc_falcon_init_label(falcon_key* key, const char* label, void* heap,
+                         int devId);
+#endif
+
 WOLFSSL_API
 int wc_falcon_set_level(falcon_key* key, byte level);
 WOLFSSL_API
@@ -104,7 +140,7 @@ int wc_falcon_import_private_key(const byte* priv, word32 privSz,
                                  falcon_key* key);
 
 WOLFSSL_API
-int wc_falcon_export_public(falcon_key*, byte* out, word32* outLen);
+int wc_falcon_export_public(falcon_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_falcon_export_private_only(falcon_key* key, byte* out, word32* outLen);
 WOLFSSL_API
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h
index 760ef2f5..38ac71a2 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h
@@ -64,7 +64,7 @@ WOLFSSL_LOCAL int  ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b);
 
 WOLFSSL_LOCAL int  ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a,
                                     const ge448_p2 *A, const byte *b);
-WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2* h, const byte* a);
+WOLFSSL_LOCAL int  ge448_scalarmult_base(ge448_p2* h, const byte* a);
 WOLFSSL_LOCAL void sc448_reduce(byte* b);
 WOLFSSL_LOCAL void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d);
 WOLFSSL_LOCAL void ge448_to_bytes(byte *s, const ge448_p2 *h);
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h
index b8079ba2..27b14237 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h
@@ -170,6 +170,9 @@ WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type);
 WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
     const byte* data, word32 data_len,
     byte* hash, word32 hash_len);
+WOLFSSL_API int wc_Hash_ex(enum wc_HashType hash_type,
+    const byte* data, word32 data_len,
+    byte* hash, word32 hash_len, void* heap, int devId);
 
 /* generic hash operation wrappers */
 WOLFSSL_API int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type,
@@ -191,26 +194,36 @@ WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
 #ifndef NO_MD5
 #include <wolfssl/wolfcrypt/md5.h>
 WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Md5Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #endif
 
 #ifndef NO_SHA
 #include <wolfssl/wolfcrypt/sha.h>
 WOLFSSL_API int wc_ShaHash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_ShaHash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #endif
 
 #ifdef WOLFSSL_SHA224
 #include <wolfssl/wolfcrypt/sha256.h>
 WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha224Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #endif /* defined(WOLFSSL_SHA224) */
 
 #ifndef NO_SHA256
 #include <wolfssl/wolfcrypt/sha256.h>
 WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha256Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #endif
 
 #ifdef WOLFSSL_SHA384
 #include <wolfssl/wolfcrypt/sha512.h>
 WOLFSSL_API int wc_Sha384Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha384Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #endif /* defined(WOLFSSL_SHA384) */
 
 #ifdef WOLFSSL_SHA512
@@ -218,6 +231,12 @@ WOLFSSL_API int wc_Sha384Hash(const byte* data, word32 len, byte* hash);
 WOLFSSL_API int wc_Sha512Hash(const byte* data, word32 len, byte* hash);
 WOLFSSL_API int wc_Sha512_224Hash(const byte* data, word32 len, byte* hash);
 WOLFSSL_API int wc_Sha512_256Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha512Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
+WOLFSSL_API int wc_Sha512_224Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
+WOLFSSL_API int wc_Sha512_256Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #endif /* WOLFSSL_SHA512 */
 
 #ifdef WOLFSSL_SHA3
@@ -226,18 +245,32 @@ WOLFSSL_API int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash);
 WOLFSSL_API int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash);
 WOLFSSL_API int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash);
 WOLFSSL_API int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sha3_224Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
+WOLFSSL_API int wc_Sha3_256Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
+WOLFSSL_API int wc_Sha3_384Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
+WOLFSSL_API int wc_Sha3_512Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #ifdef WOLFSSL_SHAKE128
 WOLFSSL_API int wc_Shake128Hash(const byte* data, word32 len, byte* hash,
     word32 hashLen);
+WOLFSSL_API int wc_Shake128Hash_ex(const byte* data, word32 len, byte* hash,
+    word32 hashLen, void* heap, int devId);
 #endif
 #ifdef WOLFSSL_SHAKE256
 WOLFSSL_API int wc_Shake256Hash(const byte* data, word32 len, byte* hash,
     word32 hashLen);
+WOLFSSL_API int wc_Shake256Hash_ex(const byte* data, word32 len, byte* hash,
+    word32 hashLen, void* heap, int devId);
 #endif
 #endif /* WOLFSSL_SHA3 */
 
 #ifdef WOLFSSL_SM3
 WOLFSSL_API int wc_Sm3Hash(const byte* data, word32 len, byte* hash);
+WOLFSSL_API int wc_Sm3Hash_ex(const byte* data, word32 len, byte* hash,
+    void* heap, int devId);
 #endif
 
 #endif /* !NO_HASH_WRAPPER */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h
index f325dd35..929d8b2b 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h
@@ -210,8 +210,16 @@ WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap);
 
 #ifdef HAVE_HKDF
 
+WOLFSSL_API int wc_HKDF_Extract_ex(int type, const byte* salt, word32 saltSz,
+                                const byte* inKey, word32 inKeySz, byte* out,
+                                void* heap, int devId);
+
 WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
                                 const byte* inKey, word32 inKeySz, byte* out);
+
+WOLFSSL_API int wc_HKDF_Expand_ex(int type, const byte* inKey, word32 inKeySz,
+                               const byte* info, word32 infoSz,
+                               byte* out, word32 outSz, void* heap, int devId);
 WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
                                const byte* info, word32 infoSz,
                                byte* out, word32 outSz);
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am
index dfdc80ac..dbe67c59 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am
@@ -144,6 +144,10 @@ nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-crypt.h
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
 endif
 
+if BUILD_LIBOQS
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/liboqs/liboqs.h
+endif
+
 if BUILD_ASYNCCRYPT
 nobase_include_HEADERS+= wolfssl/wolfcrypt/async.h
 endif
@@ -218,3 +222,11 @@ endif
 if BUILD_MAXQ10XX
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/maxim/maxq10xx.h
 endif
+
+if BUILD_AUTOSAR
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/Csm.h
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/CryIf.h
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/Crypto.h
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/StandardTypes.h
+endif
+
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h
index 6a6a8569..7fa3c7e7 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h
@@ -76,9 +76,20 @@ enum {
     MAX_TLS13_HKDF_LABEL_SZ = 47 + WC_MAX_DIGEST_SIZE
 };
 
+WOLFSSL_API int wc_Tls13_HKDF_Extract_ex(byte* prk, const byte* salt,
+                          word32 saltLen, byte* ikm, word32 ikmLen, int digest,
+                          void* heap, int devId);
+
 WOLFSSL_API int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt,
                           word32 saltLen, byte* ikm, word32 ikmLen, int digest);
 
+WOLFSSL_API int wc_Tls13_HKDF_Expand_Label_ex(byte* okm, word32 okmLen,
+                             const byte* prk, word32 prkLen,
+                             const byte* protocol, word32 protocolLen,
+                             const byte* label, word32 labelLen,
+                             const byte* info, word32 infoLen,
+                             int digest, void* heap, int devId);
+
 WOLFSSL_API int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen,
                              const byte* prk, word32 prkLen,
                              const byte* protocol, word32 protocolLen,
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kyber.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kyber.h
index 7ac4ebd6..5132e127 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kyber.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kyber.h
@@ -49,12 +49,12 @@
 
 
 /* Size of a polynomial vector based on dimensions. */
-#define KYBER_POLY_VEC_SZ(k) (k * KYBER_POLY_SIZE)
+#define KYBER_POLY_VEC_SZ(k) ((k) * KYBER_POLY_SIZE)
 /* Size of a compressed polynomial based on bits per coefficient. */
-#define KYBER_POLY_COMPRESSED_SZ(b) (b * (KYBER_N / 8))
+#define KYBER_POLY_COMPRESSED_SZ(b) ((b) * (KYBER_N / 8))
 /* Size of a compressed vector polynomial based on dimensions and bits per
  * coefficient. */
-#define KYBER_POLY_VEC_COMPRESSED_SZ(k, b) (k * (b * (KYBER_N / 8)))
+#define KYBER_POLY_VEC_COMPRESSED_SZ(k, b) ((k) * ((b) * (KYBER_N / 8)))
 
 
 /* Kyber-512 parameters */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h
index 498b605e..4eee1fa6 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h
@@ -89,6 +89,11 @@ enum wc_FuncNum {
 };
 #endif
 
+#if defined(ARDUINO)
+/* implemented in Arduino wolfssl.h */
+extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
+#endif /* ARDUINO */
+
 typedef void (*wolfSSL_Logging_cb)(const int logLevel,
                                    const char *const logMessage);
 
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h
index cf832731..9a1d7b06 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h
@@ -267,6 +267,13 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
         ((void)(CipherLifecycleTag), (void)(heap), (void)(abort_p), 0)
 #endif
 
+#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+    WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void);
+    #ifndef WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED
+        #define WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED 0
+    #endif
+#endif
+
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS
     WOLFSSL_API extern THREAD_LS_T int wc_svr_count;
     WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file;
@@ -276,27 +283,29 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
         #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE abort();
     #elif defined(DEBUG_VECTOR_REGISTERS_EXIT_ON_FAIL)
         #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE exit(1);
-    #else
+    #elif !defined(DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE)
         #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE
     #endif
 
     #define SAVE_VECTOR_REGISTERS(fail_clause) {                    \
         int _svr_ret = wc_debug_vector_registers_retval;            \
         if (_svr_ret != 0) { fail_clause }                          \
-        ++wc_svr_count;                                             \
-        if (wc_svr_count > 5) {                                     \
-            fprintf(stderr,                                         \
-                    ("%s @ L%d : incr : "                           \
-                     "wc_svr_count %d (last op %s L%d)\n"),         \
-                    __FILE__,                                       \
-                    __LINE__,                                       \
-                    wc_svr_count,                                   \
-                    wc_svr_last_file,                               \
-                    wc_svr_last_line);                              \
-            DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE                \
+        else {                                                      \
+          ++wc_svr_count;                                           \
+          if (wc_svr_count > 5) {                                   \
+              fprintf(stderr,                                       \
+                      ("%s @ L%d : incr : "                         \
+                       "wc_svr_count %d (last op %s L%d)\n"),       \
+                      __FILE__,                                     \
+                      __LINE__,                                     \
+                      wc_svr_count,                                 \
+                      wc_svr_last_file,                             \
+                      wc_svr_last_line);                            \
+              DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE              \
+          }                                                         \
+          wc_svr_last_file = __FILE__;                              \
+          wc_svr_last_line = __LINE__;                              \
         }                                                           \
-        wc_svr_last_file = __FILE__;                                \
-        wc_svr_last_line = __LINE__;                                \
     }
 
     WOLFSSL_API extern THREAD_LS_T int wc_debug_vector_registers_retval;
@@ -320,11 +329,6 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
     } while (0)
 
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
-    #ifndef WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED
-        #define WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED 0
-    #endif
-        WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void);
-
     #define SAVE_VECTOR_REGISTERS2(...) ({                          \
         int _svr2_val = SAVE_VECTOR_REGISTERS2_fuzzer();            \
         if (_svr2_val == 0) {                                       \
@@ -430,6 +434,11 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
         wc_svr_last_file = __FILE__;                                \
         wc_svr_last_line = __LINE__;                                \
     } while(0)
+
+#else /* !DEBUG_VECTOR_REGISTER_ACCESS */
+    #if !defined(SAVE_VECTOR_REGISTERS2) && defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING)
+        #define SAVE_VECTOR_REGISTERS2(...) SAVE_VECTOR_REGISTERS2_fuzzer()
+    #endif
 #endif
 
 #ifdef __cplusplus
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h
index 8901733f..2685c6cd 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h
@@ -114,6 +114,7 @@ word32 btoi(byte b);
 WOLFSSL_LOCAL signed char HexCharToByte(char ch);
 WOLFSSL_LOCAL char ByteToHex(byte in);
 WOLFSSL_LOCAL int  ByteToHexStr(byte in, char* out);
+WOLFSSL_LOCAL int CharIsWhiteSpace(char ch);
 
 WOLFSSL_LOCAL byte ctMaskGT(int a, int b);
 WOLFSSL_LOCAL byte ctMaskGTE(int a, int b);
@@ -152,6 +153,8 @@ WOLFSSL_LOCAL byte w64GTE(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL byte w64LT(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL w64wrapper w64Sub(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL void w64Zero(w64wrapper *a);
+WOLFSSL_LOCAL w64wrapper w64ShiftRight(w64wrapper a, int shift);
+WOLFSSL_LOCAL w64wrapper w64ShiftLeft(w64wrapper a, int shift);
 
 #else /* !NO_INLINE */
 
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h
index 1e2733c8..2af117dc 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h
@@ -112,6 +112,7 @@ enum PKCS7_STATE {
     WC_PKCS7_VERIFY_STAGE4,
     WC_PKCS7_VERIFY_STAGE5,
     WC_PKCS7_VERIFY_STAGE6,
+    WC_PKCS7_VERIFY_STAGE7,
 
     /* parse info set */
     WC_PKCS7_INFOSET_START,
@@ -224,6 +225,11 @@ typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* out, word32 outSz,
                                   int keyWrapAlgo, int type, int dir);
 
+/* Callbacks for supporting different stream cases */
+typedef int (*CallbackGetContent)(PKCS7* pkcs7, byte** content, void* ctx);
+typedef int (*CallbackStreamOut)(PKCS7* pkcs7, const byte* output,
+        word32 outputSz, void* ctx);
+
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
 /* RSA sign raw digest callback, user builds DigestInfo */
 typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
@@ -247,7 +253,13 @@ struct PKCS7 {
 #ifdef ASN_BER_TO_DER
     byte*  der;                   /* DER encoded version of message       */
     word32 derSz;
+    CallbackGetContent getContentCb;
+    CallbackStreamOut  streamOutCb;
+    void*  streamCtx; /* passed to getcontentCb and streamOutCb */
 #endif
+    byte   encodeStream:1;        /* use BER when encoding */
+    byte   noCerts:1;             /* if certificates should be added into bundle
+                                     during creation */
     byte*  cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */
     byte*  verifyCert;            /* cert from array used for verify */
     word32 verifyCertSz;
@@ -495,6 +507,15 @@ WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
 WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx);
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 
+/* stream and certs */
+WOLFSSL_LOCAL int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output,
+    const byte* input, word32 inputSz);
+WOLFSSL_API int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
+    CallbackGetContent getContentCb, CallbackStreamOut streamOutCb, void* ctx);
+WOLFSSL_API int wc_PKCS7_GetStreamMode(PKCS7* pkcs7);
+WOLFSSL_API int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag);
+WOLFSSL_API int wc_PKCS7_GetNoCerts(PKCS7* pkcs7);
+
 /* CMS/PKCS#7 CompressedData */
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output,
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
index f8d88ef8..72905c93 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
@@ -44,6 +44,20 @@
 #include <esp_types.h>
 #include <esp_log.h>
 
+#if ESP_IDF_VERSION_MAJOR >= 4
+    #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE ""
+#else
+    /* Older ESP-IDF such as that for ESP8266 do not support empty strings */
+    #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE "."
+#endif
+
+/* Optional exit message.
+ * The WOLFSSL_COMPLETE keyword exits wolfSSL test harness script. */
+#define WOLFSSL_ESPIDF_EXIT_MESSAGE \
+    "\n\nDone!"                 \
+    "\n\nWOLFSSL_COMPLETE"      \
+    "\n\nIf running from idf.py monitor, press twice: Ctrl+]"
+
 /* exit codes to be used in tfm.c, sp_int.c, integer.c, etc.
  *
  * see wolfssl/wolfcrypt/error-crypt.h
@@ -238,6 +252,11 @@ enum {
 **   See NO_HW_MATH_TEST.
 **
 *******************************************************************************
+** WOLFSSL_FULL_WOLFSSH_SUPPORT
+**   TODO - there's a known, unresolved problem with SHA256 in wolfSSH
+**   Until fixed by a release version or this macro being define once resolved,
+**   this macro should remain undefined.
+**
 */
 #ifdef WOLFSSL_ESP32_CRYPT_DEBUG
     #undef LOG_LOCAL_LEVEL
@@ -452,7 +471,10 @@ enum {
 #endif
 
 #ifdef SINGLE_THREADED
-    #undef ESP_MONITOR_HW_TASK_LOCK
+    #ifdef WOLFSSL_DEBUG_MUTEX
+        #undef  ESP_MONITOR_HW_TASK_LOCK
+        #define ESP_MONITOR_HW_TASK_LOCK
+    #endif
 #else
     /* Unless explicitly disabled, monitor task lock when not single thread. */
     #ifndef ESP_DISABLE_HW_TASK_LOCK
@@ -513,6 +535,8 @@ extern "C"
 #ifndef NO_AES
     #if ESP_IDF_VERSION_MAJOR >= 4
         #include "esp32/rom/aes.h"
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        /* no hardware includes for ESP8266*/
     #else
         #include "rom/aes.h"
     #endif
@@ -616,7 +640,7 @@ extern "C"
     {
         /* pointer to object the initialized HW; to track copies */
         void* initializer;
-#ifndef SINGLE_THREADED
+#if !defined(SINGLE_THREADED) || defined(ESP_MONITOR_HW_TASK_LOCK)
         void* task_owner;
 #endif
 
@@ -857,6 +881,16 @@ extern "C"
 }
 #endif
 
+/* Compatibility checks */
+#if defined(DEBUG_WOLFSSH) || defined(ESP_ENABLE_WOLFSSH) || \
+    defined(WOLFSSH_TERM)  || defined(WOLFSSH_TEST_SERVER)
+    #ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256
+        /* need to add this line to wolfssl component user_settings.h
+         * #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 */
+        #error "ESP32_CRYPT_HASH_SHA256 not supported on wolfSSL at this time"
+    #endif
+#endif /* SSH SHA256 HW check */
+
 #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */
 
 #endif  /* __ESP32_CRYPT_H__ */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h
new file mode 100644
index 00000000..9a75f4e8
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h
@@ -0,0 +1,49 @@
+/* CryIf.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CRYIF_H
+#define WOLFSSL_CRYIF_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* implementation specific structure, for now not used */
+typedef struct CryIf_ConfigType {
+    void* heap;
+} CryIf_ConfigType;
+
+WOLFSSL_LOCAL void CryIf_Init(const CryIf_ConfigType* in);
+WOLFSSL_LOCAL void CryIf_GetVersionInfo(Std_VersionInfoType* ver);
+WOLFSSL_LOCAL Std_ReturnType CryIf_ProcessJob(uint32 id, Crypto_JobType* job);
+WOLFSSL_LOCAL Std_ReturnType CryIf_CancelJob(uint32 id, Crypto_JobType* job);
+WOLFSSL_LOCAL Std_ReturnType CryIf_KeyElementSet(uint32 keyId, uint32 eId,
+        const uint8* key, uint32 keySz);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_CRYIF_H */
+
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h
new file mode 100644
index 00000000..f7b41f10
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h
@@ -0,0 +1,55 @@
+/* Crypto.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CRYPTO_H
+#define WOLFSSL_CRYPTO_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* key format */
+enum {
+    CRYPTO_KE_FORMAT_BIN_OCTET = 0x01,
+    CRYPTO_KE_FORMAT_BIN_RSA_PRIVATEKEY = 0x05,
+    CRYPTO_KE_FORMAT_BIN_RSA_PUBLICKEY = 0x06
+};
+
+/* implementation specific structure, for now not used */
+typedef struct Crypto_ConfigType {
+    void* heap;
+} Crypto_ConfigType;
+
+WOLFSSL_LOCAL Std_ReturnType Crypto_KeyElementSet(uint32 keyId, uint32 eId,
+        const uint8* key, uint32 keySz);
+WOLFSSL_LOCAL void Crypto_Init(const Crypto_ConfigType* config);
+WOLFSSL_LOCAL Std_ReturnType Crypto_ProcessJob(uint32 objectId,
+        Crypto_JobType* job);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_CRYPTO_H */
+
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h
new file mode 100644
index 00000000..51356021
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h
@@ -0,0 +1,295 @@
+/* csm.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* specifications from AUTOSAR_SWS_CryptoServiceManager Release 4.4.0 */
+/* naming scheme from 4.4 specifications, needed for applications to use
+ * standardized names when linking */
+
+
+#ifndef WOLFSSL_CSM_H
+#define WOLFSSL_CSM_H
+
+#ifdef WOLFSSL_AUTOSAR
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/port/autosar/StandardTypes.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+/* Error values */
+#define WOLFSSL_CSM_E_PARAM_POINTER  0x01
+#define WOLFSSL_CSM_E_SMALL_BUFFER   0x03
+#define WOLFSSL_CSM_E_PARAM_HANDLE   0x04
+#define WOLFSSL_CSM_E_UNINIT         0x05
+#define WOLFSSL_CSM_E_INIT_FAILED    0x07
+#define WOLFSSL_CSM_E_PROCESSING_MOD 0x08
+
+
+#define Crypto_JobType WOLFSSL_JOBTYPE
+#define Crypto_JobPrimitiveInputOutputType WOLFSSL_JOBIO
+#define Crypto_JobStateType WOLFSSL_JOBSTATE
+#define Crypto_VerifyResultType WOLFSSL_VERIFY
+#define Crypto_OperationModeType WOLFSSL_OMODE_TYPE
+
+/* implementation specific structure, for now not used */
+typedef struct Csm_ConfigType {
+    void* heap;
+} Csm_ConfigType;
+
+typedef enum WOLFSSL_JOBSTATE {
+    CRYPTO_JOBSTATE_IDLE = 0x00,
+    CRYPTO_JOBSTATE_ACTIVE = 0x01
+} WOLFSSL_JOBSTATE;
+
+typedef enum WOLFSSL_VERIFY {
+    CRYPTO_E_VER_OK = 0x00,
+    CRYPTO_E_VER_NOT_OK = 0x01
+} WOLFSSL_VERIFY;
+
+/* operation modes <Rte_Csm_Type.h> */
+typedef enum WOLFSSL_OMODE_TYPE {
+    CRYPTO_OPERATIONMODE_START = 0x01,
+    CRYPTO_OPERATIONMODE_UPDATE = 0x02,
+    CRYPTO_OPERATIONMODE_STREAMSTART = 0x03,
+    CRYPTO_OPERATIONMODE_FINISH = 0x04,
+    CRYPTO_OPERATIONMODE_SINGLECALL = 0x07
+} WOLFSSL_OMODE_TYPE;
+
+
+typedef enum Crypto_ServiceInfoType {
+    CRYPTO_ENCRYPT = 0x03,
+    CRYPTO_DECRYPT = 0x04,
+    CRYPTO_RANDOMGENERATE = 0x0B,
+
+#ifdef CSM_UNSUPPORTED_ALGS
+    /* not yet supported */
+    CRYPTO_HASH = 0x00,
+    CRYPTO_MACGENERATE = 0x01,
+    CRYPTO_MACVERIFY = 0x02,
+    CRYPTO_AEADENCRYPT = 0x05,
+    CRYPTO_AEADDECRYPT = 0x06,
+    CRYPTO_SIGNATUREGENERATE = 0x07,
+    CRYPTO_SIGNATUREVERIFY = 0x08,
+    CRYPTO_RANDOMSEED = 0x0C,
+    CRYPTO_KEYGENERATE= 0x0D,
+    CRYPTO_KEYDERIVE = 0x0E,
+    CRYPTO_KEYEXCHANGECALCPUBVAL = 0x0F,
+    CRYPTO_KEYEXCHANGECALCSECRET = 0x10,
+    CRYPTO_CERTIFICATEPARSE = 0x11,
+    CRYPTO_CERTIFICATEVERIFY = 0x12,
+    CRYPTO_KEYSETVALID = 0x13,
+#endif
+} Crypto_ServiceInfoType;
+
+
+typedef enum Crypto_AlgorithmModeType {
+    CRYPTO_ALGOMODE_NOT_SET = 0x00,
+    CRYPTO_ALGOMODE_CBC = 0x02,
+
+#ifdef CSM_UNSUPPORTED_ALGS
+    /* not yet supported */
+    CRYPTO_ALGOMODE_ECB = 0x01,
+    CRYPTO_ALGOMODE_CFB = 0x03,
+    CRYPTO_ALGOMODE_OFB = 0x04,
+    CRYPTO_ALGOMODE_CTR = 0x05,
+    CRYPTO_ALGOMODE_GCM = 0x06,
+    CRYPTO_ALGOMODE_XTS = 0x07,
+    CRYPTO_ALGOMODE_RSAES_OAEP = 0x08,
+    CRYPTO_ALGOMODE_RSAAES_PKCS1_V1_5 = 0x09,
+    CRYPTO_ALGOMODE_RSAAES_PSS = 0x0A,
+    CRYPTO_ALGOMODE_RSAASA_PKCS1_V1_5 = 0x0B,
+    CRYPTO_ALGOMODE_8ROUNDS = 0x0C, /* ChaCha8 */
+    CRYPTO_ALGOMODE_12ROUNDS = 0x0D, /* ChaCha12 */
+    CRYPTO_ALGOMODE_20ROUNDS = 0x0E, /* ChaCha20 */
+    CRYPTO_ALGOMODE_HMAC = 0x0F,
+    CRYPTO_ALGOMODE_CMAC = 0x10,
+    CRYPTO_ALGOMODE_GMAC = 0x11,
+#endif
+} Crypto_AlgorithmModeType;
+
+typedef enum Crypto_AlgorithmFamilyType {
+    CRYPTO_ALGOFAM_NOT_SET = 0x00,
+    CRYPTO_ALGOFAM_SHA1 = 0x01,
+    CRYPTO_ALGOFAM_SHA2_224 = 0x02,
+    CRYPTO_ALGOFAM_SHA2_256 = 0x03,
+    CRYPTO_ALGOFAM_SHA2_384 = 0x04,
+    CRYPTO_ALGOFAM_SHA2_512 = 0x05,
+    CRYPTO_ALGOFAM_SHA2_512_224 = 0x06,
+    CRYPTO_ALGOFAM_SHA2_512_256 = 0x07,
+    CRYPTO_ALGOFAM_SHA3_224 = 0x08,
+    CRYPTO_ALGOFAM_SHA3_256 = 0x09,
+    CRYPTO_ALGOFAM_SHA3_384 = 0x0A,
+    CRYPTO_ALGOFAM_SHA3_512 = 0x0B,
+    CRYPTO_ALGOFAM_SHAKE128 = 0x0C,
+    CRYPTO_ALGOFAM_SHAKE256 = 0x0D,
+    CRYPTO_ALGOFAM_RIPEMD160 = 0x0E,
+    CRYPTO_ALGOFAM_BLAKE_1_256 = 0x0D,
+    CRYPTO_ALGOFAM_BLAKE_1_512 = 0x10,
+    CRYPTO_ALGOFAM_BLAKE_2s_256 = 0x11,
+    CRYPTO_ALGOFAM_BLAKE_2s_512 = 0x12,
+    CRYPTO_ALGOFAM_3DES = 0x13,
+    CRYPTO_ALGOFAM_AES = 0x14,
+    CRYPTO_ALGOFAM_CHACHA = 0x15,
+    CRYPTO_ALGOFAM_RSA = 0x16,
+    CRYPTO_ALGOFAM_ED25519 = 0x17,
+    CRYPTO_ALGOFAM_BRAINPOOL = 0x18,
+    CRYPTO_ALGOFAM_ECCNIST = 0x19,
+    CRYPTO_ALGOFAM_RNG = 0x1B,
+    CRYPTO_ALGOFAM_SIPHASH = 0x1C,
+    CRYPTO_ALGOFAM_ECIES = 0x1D,
+    CRYPTO_ALGOFAM_ECCANSI = 0x1E,
+    CRYPTO_ALGOFAM_ECCSEC = 0x1F,
+    CRYPTO_ALGOFAM_DRBG = 0x20,
+    CRYPTO_ALGOFAM_FIPS186 = 0x21, /* random number gen according to FIPS 186 */
+    CRYPTO_ALGOFAM_PADDING_PKCS7 = 0x22,
+    CRYPTO_ALGOFAM_PADDING_ONEWITHZEROS = 0x23 /* fill with 0's but first bit
+                                                * after data is 1 */
+} Crypto_AlgorithmFamilyType;
+
+typedef enum Crypto_KeyID {
+    /* Cipher/AEAD */
+    CRYPTO_KE_CIPHER_KEY = 0x01,
+    CRYPTO_KE_CIPHER_IV =  0x05,
+    CRYPTO_KE_CIPHER_PROOF = 0x06,
+    CRYPTO_KE_CIPHER_2NDKEY =  0x07
+} Crypto_KeyID;
+
+
+typedef enum Crypto_ProcessingType {
+    CRYPTO_PROCESSING_ASYNC = 0x00,
+    CRYPTO_PROCESSING_SYNC = 0x01
+} Crypto_ProcessingType;
+
+
+/* removed const on elements @TODO which is different than 8.2.8 in
+ * AUTOSAR_SWS_CryptoServiceManager.pdf */
+typedef struct Crypto_JobInfoType {
+    uint32 jobId;
+    uint32 jobPriority;
+} Crypto_JobInfoType;
+
+typedef struct Crypto_JobRedirectionInfoType {
+    uint8 redirectionConfig;
+    uint32 inputKeyId;
+    uint32 inputKeyElementId;
+    uint32 secondaryInputKeyId;
+    uint32 secondaryInputKeyElementId;
+    uint32 tertiaryInputKeyId;
+    uint32 tertiaryInputKeyElementId;
+    uint32 outputKeyId;
+    uint32 outputKeyElementId;
+    uint32 secondaryOutputKeyId;
+    uint32 secondaryOutputKeyElementId;
+} Crypto_JobRedirectionInfoType;
+
+
+enum Crypto_InputOutputRedirectionConfigType {
+    CRYPTO_REDIRECT_CONFIG_PRIMARY_INPUT = 0x01,
+    CRYPTO_REDIRECT_CONFIG_SECONDARY_INPUT = 0x02,
+    CRYPTO_REDIRECT_CONFIG_TERTIARY_INPUT = 0x04,
+    CRYPTO_REDIRECT_CONFIG_PRIMARY_OUTPUT = 0x10,
+    CRYPTO_REDIRECT_CONFIG_SECONDARY_OUTPUT = 0x20
+};
+
+
+typedef struct WOLFSSL_JOBIO {
+    const uint8 *inputPtr;
+    uint32       inputLength;
+    const uint8 *secondaryInputPtr; /* secondary data for verify */
+    uint32       secondaryInputLength;
+    const uint8 *tertiaryInputPtr; /* third input data for verify */
+    uint32       tertiaryInputLength;
+    uint8       *outputPtr;
+    uint32      *outputLengthPtr;
+    uint8       *secondaryOutputPtr;
+    uint32      *secondaryOutputLengthPtr;
+    uint64       input64; /* input parameter */
+    Crypto_VerifyResultType *verifyPtr;
+    uint64      *output64Ptr;
+    Crypto_OperationModeType mode;
+    uint32       cryIfKeyId;
+    uint32       targetCryIfKeyId;
+} WOLFSSL_JOBIO;
+
+
+typedef struct Crypto_AlgorithmInfoType {
+    Crypto_AlgorithmFamilyType family;
+    Crypto_AlgorithmFamilyType secondaryFamily; /* second algo type if needed */
+    uint32 keyLength;
+    Crypto_AlgorithmModeType mode; /* i.e. CBC / RSA OAEP */
+} Crypto_AlgorithmInfoType;
+
+
+/* removed const on all 3 elements which is slightly different than AutoSAR */
+typedef struct Crypto_PrimitiveInfoType {
+    uint32 resultLength;
+    Crypto_ServiceInfoType service;
+    Crypto_AlgorithmInfoType algorithm;
+} Crypto_PrimitiveInfoType;
+
+
+typedef struct Crypto_JobPrimitiveInfoType {
+    uint32 callbackId;
+    const Crypto_PrimitiveInfoType *primitiveInfo;
+    uint32 cryIfKeyId;
+    Crypto_ProcessingType processingType;
+    boolean callbackUpdateNotification;
+} Crypto_JobPrimitiveInfoType;
+
+
+typedef struct WOLFSSL_JOBTYPE {
+    uint32 jobId;
+    WOLFSSL_JOBSTATE jobState;
+    WOLFSSL_JOBIO    jobPrimitiveInputOutput;
+    const Crypto_JobPrimitiveInfoType* jobPrimitiveInfo;
+    const Crypto_JobInfoType* jobInfo;
+    Crypto_JobRedirectionInfoType* jobRedirectionInfoRef;
+} WOLFSSL_JOBTYPE;
+
+
+WOLFSSL_API void Csm_Init(const Csm_ConfigType* config);
+
+/* can be called before init, all else return WOLFSSL_CSM_E_UNINIT */
+WOLFSSL_API void Csm_GetVersionInfo(Std_VersionInfoType* version);
+
+WOLFSSL_API Std_ReturnType Csm_Decrypt(uint32 jobId,
+        Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+        uint8* resultPtr, uint32* resultLengthPtr);
+WOLFSSL_API Std_ReturnType Csm_Encrypt(uint32 jobId,
+        Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+        uint8* resultPtr, uint32* resultLengthPtr);
+WOLFSSL_API Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId,
+        const uint8* keyPtr, uint32 keyLength);
+WOLFSSL_API Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,
+        uint32* resultLengthPtr);
+WOLFSSL_LOCAL void ReportToDET(int err);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_AUTOSAR */
+#endif /* WOLFSSL_CSM_H */
+
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
new file mode 100644
index 00000000..a3675f25
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
@@ -0,0 +1,66 @@
+/* StandardTypes.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef WOLFSSL_AUTOSAR
+
+#ifndef WOLFSSL_STANDARDTYPES_H
+#define WOLFSSL_STANDARDTYPES_H
+#include <wolfssl/wolfcrypt/types.h>
+
+/* remap primitives */
+typedef byte   uint8;
+typedef byte   boolean;
+typedef word16 uint16;
+typedef word32 uint32;
+typedef word64 uint64;
+
+#ifndef TRUE
+    #define TRUE 1
+#endif
+#ifndef FALSE
+    #define FALSE 0
+#endif
+
+/* return types */
+typedef enum Std_ReturnType {
+    E_OK = 0x00,
+    E_NOT_OK = 0x01,
+    E_SMALL_BUFFER = 0x02,
+    E_ENTROPY_EXHAUSTION = 0x03,
+    E_KEY_READ_FAIL = 0x04,
+    E_KEY_NOT_AVAILABLE = 0x05,
+    E_KEY_NOT_VALID = 0x06,
+    E_JOB_CANCELED = 0x07,
+    E_KEY_EMPTY = 0x08
+} Std_ReturnType;
+
+
+typedef struct Std_VersionInfoType {
+    uint16 vendorID;
+    uint16 moduleID;
+    uint8 sw_major_version;
+    uint8 sw_minor_version;
+    uint8 sw_patch_version;
+} Std_VersionInfoType;
+#endif /* WOLFSSL_AUTOSAR */
+
+#endif /* WOLFSSL_STANDARDTYPES_H */
+
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
index 8f452ce6..ba4d3bd7 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
@@ -93,6 +93,11 @@ struct wc_IOTSAFE {
     word16 ecdh_keypair_slot;
     word16 peer_pubkey_slot;
     word16 peer_cert_slot;
+#elif (IOTSAFE_ID_SIZE == 4)
+    word32 privkey_id;
+    word32 ecdh_keypair_slot;
+    word32 peer_pubkey_slot;
+    word32 peer_cert_slot;
 #else
 #error "IOTSAFE: ID_SIZE not supported"
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h
new file mode 100644
index 00000000..58da9ba2
--- /dev/null
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h
@@ -0,0 +1,62 @@
+/* liboqs.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/port/liboqs/liboqs.h
+*/
+/*
+
+DESCRIPTION
+This library provides the support interfaces to the liboqs library providing
+implementations for Post-Quantum cryptography algorithms.
+*/
+
+#ifndef WOLF_CRYPT_LIBOQS_H
+#define WOLF_CRYPT_LIBOQS_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#if defined(HAVE_LIBOQS)
+
+#include "oqs/oqs.h"
+    
+
+int wolfSSL_liboqsInit(void);
+
+void wolfSSL_liboqsClose(void);
+
+int wolfSSL_liboqsRngMutexLock(WC_RNG* rng);
+
+int wolfSSL_liboqsRngMutexUnlock(void);
+
+#endif /* HAVE_LIBOQS */
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_LIBOQS_H */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h
index 886d823a..6bde526c 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h
@@ -44,13 +44,6 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-/* PSA implementation takes over the Sha struct and Sha functions implementation
-   completely. Devoiding the struct of the DevId field and hooks to make
-   crypto_cb work. */
-#if !defined(WOLFSSL_PSA_NO_HASH) && defined(WOLF_CRYPTO_CB)
-#error "WOLFSSL PSA is not supported with WOLF_CRYPTO_CB"
-#endif
-
 #if defined(WOLFSSL_HAVE_PSA)
 
 #include <psa/crypto.h>
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h
index 8cd599bd..d4ab8e33 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h
@@ -205,7 +205,10 @@ WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
 #endif /* HAVE_WNR */
 
 
-WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap);
+WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz,
+                                           void* heap);
+WOLFSSL_API int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz,
+                              void* heap, int devId);
 WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG* rng);
 
 
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h
index acdc3bb7..3daa02c5 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h
@@ -58,11 +58,6 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
     #define NO_RSA_BOUNDS_CHECK
 #endif
 
-/* allow for user to plug in own crypto */
-#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))
-    #include "user_rsa.h"
-#else
-
 #include <wolfssl/wolfcrypt/wolfmath.h>
 #include <wolfssl/wolfcrypt/random.h>
 
@@ -449,8 +444,8 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou
                                    int bits, void* heap);
 
 WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType);
-
-#endif /* HAVE_USER_RSA */
+WOLFSSL_LOCAL int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
+    int checkSmallCt);
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h
index 5eacd6c8..bc544c70 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h
@@ -265,6 +265,37 @@
 /* Uncomment next line if using MAXQ108x */
 /* #define WOLFSSL_MAXQ108X */
 
+#if defined(ARDUINO)
+    /* Due to limited build control, we'll ignore file warnings. */
+    /* See https://github.com/arduino/arduino-cli/issues/631     */
+    #undef  WOLFSSL_IGNORE_FILE_WARN
+    #define WOLFSSL_IGNORE_FILE_WARN
+
+    /* we don't have the luxury of compiler options, so manually define */
+    #if defined(__arm__)
+        #undef  WOLFSSL_ARDUINO
+        #define WOLFSSL_ARDUINO
+    /* ESP32? */
+    #endif
+
+    #undef FREERTOS
+    #ifndef WOLFSSL_USER_SETTINGS
+        #define WOLFSSL_USER_SETTINGS
+    #endif /* WOLFSSL_USER_SETTINGS */
+
+    /* board-specific */
+    #if defined(__AVR__)
+        #define WOLFSSL_NO_SOCK
+        #define NO_WRITEV
+    #elif defined(__arm__)
+        #define WOLFSSL_NO_SOCK
+        #define NO_WRITEV
+    #elif defined(ESP32) || defined(ESP8266)
+        /* assume sockets available */
+    #else
+        #define WOLFSSL_NO_SOCK
+    #endif
+#endif
 
 #ifdef WOLFSSL_USER_SETTINGS
     #include "user_settings.h"
@@ -316,44 +347,43 @@
     #endif
 #endif
 
-/* OpenSSL compat layer */
-#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST)
-#undef  WOLFSSL_ALWAYS_VERIFY_CB
-#define WOLFSSL_ALWAYS_VERIFY_CB
+/* ---------------------------------------------------------------------------
+ * Dual Algorithm Certificate Required Features.
+ * ---------------------------------------------------------------------------
+ */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
 
-#undef WOLFSSL_VERIFY_CB_ALL_CERTS
-#define WOLFSSL_VERIFY_CB_ALL_CERTS
+#ifndef WOLFSSL_ASN_TEMPLATE
+    #error "Dual alg cert support requires the ASN.1 template feature."
+#endif
 
-#undef WOLFSSL_EXTRA_ALERTS
-#define WOLFSSL_EXTRA_ALERTS
+#ifdef NO_RSA
+    #error "Need RSA or else dual alg cert example will not work."
+#endif
 
-#undef HAVE_EXT_CACHE
-#define HAVE_EXT_CACHE
+#ifndef HAVE_ECC
+    #error "Need ECDSA or else dual alg cert example will not work."
+#endif
 
-#undef WOLFSSL_FORCE_CACHE_ON_TICKET
-#define WOLFSSL_FORCE_CACHE_ON_TICKET
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
 
-#undef WOLFSSL_AKID_NAME
-#define WOLFSSL_AKID_NAME
+#undef WOLFSSL_CUSTOM_OID
+#define WOLFSSL_CUSTOM_OID
 
-#undef HAVE_CTS
-#define HAVE_CTS
+#undef HAVE_OID_ENCODING
+#define HAVE_OID_ENCODING
 
-#undef WOLFSSL_SESSION_ID_CTX
-#define WOLFSSL_SESSION_ID_CTX
-#endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */
+#undef WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_EXT
 
-/* Special small OpenSSL compat layer for certs */
-#ifdef OPENSSL_EXTRA_X509_SMALL
-#undef WOLFSSL_EKU_OID
-#define WOLFSSL_EKU_OID
+#undef OPENSSL_EXTRA
+#define OPENSSL_EXTRA
 
-#undef WOLFSSL_MULTI_ATTRIB
-#define WOLFSSL_MULTI_ATTRIB
+#undef HAVE_OID_DECODING
+#define HAVE_OID_DECODING
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
-#undef WOLFSSL_NO_OPENSSL_RAND_CB
-#define WOLFSSL_NO_OPENSSL_RAND_CB
-#endif /* OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(_WIN32) && !defined(_M_X64) && \
     defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI)
@@ -381,6 +411,33 @@
     #include <nx_api.h>
 #endif
 
+#if defined(ARDUINO)
+    #if defined(ESP32)
+        #ifndef NO_ARDUINO_DEFAULT
+            #define SIZEOF_LONG_LONG 8
+            #ifdef FREERTOS
+                #undef FREERTOS
+            #endif
+
+            #define WOLFSSL_LWIP
+            #define NO_WRITEV
+            #define NO_WOLFSSL_DIR
+            #define WOLFSSL_NO_CURRDIR
+
+            #define TFM_TIMING_RESISTANT
+            #define ECC_TIMING_RESISTANT
+            #define WC_RSA_BLINDING
+            #define WC_NO_CACHE_RESISTANT
+        #endif /* !NO_ARDUINO_DEFAULT */
+    #elif defined(__arm__)
+            #define NO_WRITEV
+            #define NO_WOLFSSL_DIR
+            #define WOLFSSL_NO_CURRDIR
+    #elif defined(OTHERBOARD)
+        /* TODO: define other Arduino boards here */
+    #endif
+#endif
+
 #if defined(WOLFSSL_ESPIDF)
     #define SIZEOF_LONG_LONG 8
     #ifndef NO_ESPIDF_DEFAULT
@@ -392,10 +449,22 @@
 
         #define TFM_TIMING_RESISTANT
         #define ECC_TIMING_RESISTANT
+
+        /* WC_RSA_BLINDING takes up extra space! */
         #define WC_RSA_BLINDING
         #define WC_NO_CACHE_RESISTANT
     #endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */
 
+    #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
+        #error "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 cannot be defined without" \
+               "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 (enable or disable both)"
+    #endif
+    #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384)
+        #error "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 cannot be defined without" \
+               "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 (enable or disable both)"
+    #endif
 #if defined(WOLFSSL_ESPWROOM32)
     /* WOLFSSL_ESPWROOM32 is a legacy macro gate.
     ** Not be be confused with WOLFSSL_ESPWROOM32SE, naming a specific board */
@@ -701,11 +770,20 @@
 
 
 #ifdef WOLFSSL_ARDUINO
+    /* Define WOLFSSL_USER_IO here to avoid check in internal.c */
+    #define WOLFSSL_USER_IO
+
     #define NO_WRITEV
     #define NO_WOLFSSL_DIR
     #define SINGLE_THREADED
     #define NO_DEV_RANDOM
-    #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */
+    #if defined(INTEL_GALILEO) || defined(ESP32)
+        /* boards with has time.h compatibility */
+    #elif defined(__arm__)
+        /* TODO is time really missing from Arduino Due? */
+        /* This is a brute-force solution to make it work: */
+        #define NO_ASN_TIME
+    #else
         #define TIME_OVERRIDES
         #ifndef XTIME
             #error "Must define XTIME externally see porting guide"
@@ -926,7 +1004,8 @@ extern void uITRON4_free(void *p) ;
         #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
         #if defined(WOLFSSL_ESPIDF)
                 /* In IDF, realloc(p, n) is equivalent to
-                 * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */
+                 * heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
+                 *  there's no pvPortRealloc available  */
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
         /* FreeRTOS pvPortRealloc() implementation can be found here:
          * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
@@ -948,8 +1027,10 @@ extern void uITRON4_free(void *p) ;
             #define NO_DH
         #endif
     #endif
-    #ifndef NO_DSA
-        #define NO_DSA
+    #ifndef HAVE_DSA
+        #ifndef NO_DSA
+            #define NO_DSA
+        #endif
     #endif
 
     #ifndef SINGLE_THREADED
@@ -972,12 +1053,6 @@ extern void uITRON4_free(void *p) ;
     #define NO_MAIN_DRIVER
 #endif
 
-#ifdef WOLFSSL_TI_CRYPT
-    #define NO_GCM_ENCRYPT_EXTRA
-    #define NO_PUBLIC_GCM_SET_IV
-    #define NO_PUBLIC_CCM_SET_NONCE
-#endif
-
 #ifdef WOLFSSL_TIRTOS
     #define SIZEOF_LONG_LONG 8
     #define NO_WRITEV
@@ -987,35 +1062,57 @@ extern void uITRON4_free(void *p) ;
      * specified in user_settings.
      */
     #ifndef USE_FAST_MATH
-        #define WOLFSSL_HAVE_SP_ECC
         #define SP_WORD_SIZE 32
-        #define WOLFSSL_HAVE_SP_RSA
-        #define WOLFSSL_SP_4096
+        #define WOLFSSL_HAVE_SP_ECC
+        #ifndef NO_RSA
+            #define WOLFSSL_HAVE_SP_RSA
+        #endif
+        #ifndef NO_DH
+            #define WOLFSSL_HAVE_SP_DH
+        #endif
+        #if !defined(NO_RSA) || !defined(NO_DH)
+            /* DH/RSA 2048, 3072 and 4096 */
+            #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS >= 4096
+                #define WOLFSSL_SP_4096
+            #endif
+        #endif
     #endif
     #define TFM_TIMING_RESISTANT
     #define ECC_TIMING_RESISTANT
     #define WC_RSA_BLINDING
     #define NO_DEV_RANDOM
     #define NO_FILESYSTEM
-    #define NO_SIG_WRAPPER
     #define NO_MAIN_DRIVER
-    #define USE_CERT_BUFFERS_2048
-    #define NO_ERROR_STRINGS
-    /* Uncomment this setting if your toolchain does not offer time.h header */
-    /* #define USER_TIME */
+    #ifndef NO_CRYPT_TEST
+        #define USE_CERT_BUFFERS_2048
+    #endif
+    #ifndef DEBUG_WOLFSSL
+        #define NO_ERROR_STRINGS
+    #endif
+
     #define HAVE_ECC
     #define HAVE_ALPN
     #define USE_WOLF_STRTOK /* use with HAVE_ALPN */
     #define HAVE_TLS_EXTENSIONS
-    #define HAVE_AESGCM
     #define HAVE_SUPPORTED_CURVES
+
+    #define HAVE_AESGCM
+
     #ifdef __IAR_SYSTEMS_ICC__
         #pragma diag_suppress=Pa089
     #elif !defined(__GNUC__)
         /* Suppress the sslpro warning */
         #pragma diag_suppress=11
     #endif
+
+    /* Uncomment this setting if your toolchain does not offer time.h header */
+    /* #define USER_TIME */
     #include <ti/sysbios/hal/Seconds.h>
+    #if defined(__ti__) && !defined(USER_TIME)
+        /* TI internal time() offsets by 2208988800 (1990 -> 1970),
+         * which overflows signed 32-bit */
+        #define NO_TIME_SIGNEDNESS_CHECK
+    #endif
 #endif
 
 #ifdef EBSNET
@@ -1177,7 +1274,12 @@ extern void uITRON4_free(void *p) ;
     #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
         #define XMALLOC_OVERRIDE
         #define XMALLOC(s, h, t)    ((void)(h), (void)(t), (void *)_mem_alloc_system((s)))
-        #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+        #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+            #define XFREE(p, h, t)      {(void)(h); (void)(t); _mem_free(p);}
+        #else
+            #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+        #endif
+
         /* Note: MQX has no realloc, using fastmath above */
     #endif
     #ifdef USE_FAST_MATH
@@ -1208,7 +1310,11 @@ extern void uITRON4_free(void *p) ;
     #endif
 
     #define XMALLOC(s, h, t)    ((void)(h), (void)(t), (void *)_mem_alloc_system((s)))
-    #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+    #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
+        #define XFREE(p, h, t)      {(void)(h); (void)(t); _mem_free(p);}
+    #else
+        #define XFREE(p, h, t)      {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));}
+    #endif
     #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */
 
     #define MQX_FILE_PTR FILE *
@@ -1819,7 +1925,10 @@ extern void uITRON4_free(void *p) ;
     #if !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
         #define NO_DEV_RANDOM
     #endif
+    #undef  NO_WOLFSSL_DIR
     #define NO_WOLFSSL_DIR
+
+    #undef  HAVE_AESGCM
     #define HAVE_AESGCM
 #endif
 
@@ -1908,7 +2017,7 @@ extern void uITRON4_free(void *p) ;
     void *z_realloc(void *ptr, size_t size);
     #define realloc   z_realloc
 
-    #ifndef CONFIG_NET_SOCKETS_POSIX_NAMES
+    #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API)
     #define CONFIG_NET_SOCKETS_POSIX_NAMES
     #endif
 #endif
@@ -2024,9 +2133,17 @@ extern void uITRON4_free(void *p) ;
     #include "RTOS.h"
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), OS_HEAP_malloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), OS_HEAP_free((p)))
-        #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), OS_HEAP_realloc(((p), (n)))
+        /* Per the user manual of embOS https://www.segger.com/downloads/embos/UM01001
+         * this API has changed with V5. */
+        #if (OS_VERSION >= 50000U)
+            #define XMALLOC(s, h, type)  ((void)(h), (void)(type), OS_HEAP_malloc((s)))
+            #define XFREE(p, h, type)    ((void)(h), (void)(type), OS_HEAP_free((p)))
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), OS_HEAP_realloc((p), (n)))
+        #else
+            #define XMALLOC(s, h, type)  ((void)(h), (void)(type), OS_malloc((s)))
+            #define XFREE(p, h, type)    ((void)(h), (void)(type), OS_free((p)))
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), OS_realloc((p), (n)))
+        #endif
     #endif
 #endif
 
@@ -2657,6 +2774,14 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_IPV6
 #endif
 
+/* ---------------------------------------------------------------------------
+ * ASN Library Selection (default to ASN_TEMPLATE)
+ * ---------------------------------------------------------------------------
+ */
+#if !defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_ASN_ORIGINAL) && \
+    !defined(NO_ASN)
+    #define WOLFSSL_ASN_TEMPLATE
+#endif
 
 #ifdef WOLFSSL_LINUXKM
     #ifdef HAVE_CONFIG_H
@@ -2693,6 +2818,7 @@ extern void uITRON4_free(void *p) ;
     #ifndef WOLFSSL_TEST_SUBROUTINE
         #define WOLFSSL_TEST_SUBROUTINE static
     #endif
+    #undef HAVE_PTHREAD
     #undef HAVE_STRINGS_H
     #undef HAVE_ERRNO_H
     #undef HAVE_THREAD_LS
@@ -2746,6 +2872,51 @@ extern void uITRON4_free(void *p) ;
     #define OPENSSL_EXTRA
 #endif
 
+/* ---------------------------------------------------------------------------
+ * OpenSSL compat layer
+ * ---------------------------------------------------------------------------
+ */
+#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST)
+    #undef  WOLFSSL_ALWAYS_VERIFY_CB
+    #define WOLFSSL_ALWAYS_VERIFY_CB
+
+    #undef WOLFSSL_VERIFY_CB_ALL_CERTS
+    #define WOLFSSL_VERIFY_CB_ALL_CERTS
+
+    #undef WOLFSSL_EXTRA_ALERTS
+    #define WOLFSSL_EXTRA_ALERTS
+
+    #undef HAVE_EXT_CACHE
+    #define HAVE_EXT_CACHE
+
+    #undef WOLFSSL_FORCE_CACHE_ON_TICKET
+    #define WOLFSSL_FORCE_CACHE_ON_TICKET
+
+    #undef WOLFSSL_AKID_NAME
+    #define WOLFSSL_AKID_NAME
+
+    #undef HAVE_CTS
+    #define HAVE_CTS
+
+    #undef WOLFSSL_SESSION_ID_CTX
+    #define WOLFSSL_SESSION_ID_CTX
+#endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */
+
+/* ---------------------------------------------------------------------------
+ * Special small OpenSSL compat layer for certs
+ * ---------------------------------------------------------------------------
+ */
+#ifdef OPENSSL_EXTRA_X509_SMALL
+    #undef WOLFSSL_EKU_OID
+    #define WOLFSSL_EKU_OID
+
+    #undef WOLFSSL_MULTI_ATTRIB
+    #define WOLFSSL_MULTI_ATTRIB
+
+    #undef WOLFSSL_NO_OPENSSL_RAND_CB
+    #define WOLFSSL_NO_OPENSSL_RAND_CB
+#endif /* OPENSSL_EXTRA_X509_SMALL */
+
 #ifdef HAVE_SNI
     #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
 #endif
@@ -2903,7 +3074,7 @@ extern void uITRON4_free(void *p) ;
 #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
     !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
     !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) \
-    && !defined(USE_FAST_MATH)
+    && !defined(USE_FAST_MATH) && defined(NO_SHA256)
     #undef  WOLFSSL_NO_FORCE_ZERO
     #define WOLFSSL_NO_FORCE_ZERO
 #endif
@@ -3091,6 +3262,15 @@ extern void uITRON4_free(void *p) ;
 #define WOLFSSL_NO_KYBER1024
 #endif
 
+#if (defined(HAVE_LIBOQS) ||                                            \
+     defined(WOLFSSL_WC_KYBER) ||                                       \
+     defined(HAVE_LIBXMSS) ||                                           \
+     defined(HAVE_LIBLMS) ||                                            \
+     defined(WOLFSSL_DUAL_ALG_CERTS)) &&                                \
+    !defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+    #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
+#endif
+
 #if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \
     !defined(WOLFSSL_HAVE_KYBER)
 #error Please do not define HAVE_PQC yourself.
@@ -3130,8 +3310,9 @@ extern void uITRON4_free(void *p) ;
     #define NO_SESSION_CACHE_REF
 #endif
 
-/* (D)TLS v1.3 requires 64-bit number wrappers */
-#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS)
+/* (D)TLS v1.3 requires 64-bit number wrappers as does XMSS and LMS. */
+#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) || \
+    defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS)
     #undef WOLFSSL_W64_WRAPPER
     #define WOLFSSL_W64_WRAPPER
 #endif
@@ -3161,7 +3342,6 @@ extern void uITRON4_free(void *p) ;
  *   RSA public only, CAVP selftest, fast RSA, user RSA, QAT or CryptoCell */
 #if (defined(WOLFSSL_RSA_KEY_CHECK) || (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0))) && \
     !defined(WOLFSSL_NO_RSA_KEY_CHECK) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
-    !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \
     !defined(HAVE_INTEL_QA) && !defined(WOLFSSL_CRYPTOCELL) && \
     !defined(HAVE_SELFTEST)
 
@@ -3253,6 +3433,22 @@ extern void uITRON4_free(void *p) ;
     /* Ciphersuite check done in internal.h */
 #endif
 
+/* Some final sanity checks */
+#if defined(WOLFSSL_ESPIDF) && defined(ARDUINO)
+    #error "Found both ESPIDF and ARDUINO. Pick one."
+#endif
+
+#if defined(WOLFSSL_CAAM_BLOB)
+    #ifndef WOLFSSL_CAAM
+        #error "WOLFSSL_CAAM_BLOB requires WOLFSSL_CAAM"
+    #endif
+#endif
+
+#if defined(HAVE_ED25519)
+    #ifndef WOLFSSL_SHA512
+        #error "HAVE_ED25519 requires WOLFSSL_SHA512"
+    #endif
+#endif
 
 #ifdef __cplusplus
     }   /* extern "C" */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h
index 65cc60ec..e8bcc9b0 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h
@@ -122,48 +122,48 @@ enum {
 /* Sha digest */
 struct wc_Sha {
 #ifdef FREESCALE_LTC_SHA
-        ltc_hash_ctx_t ctx;
+    ltc_hash_ctx_t ctx;
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
-        SE050_HASH_Context se050Ctx;
+    SE050_HASH_Context se050Ctx;
 #elif defined(STM32_HASH)
-        STM32_HASH_Context stmCtx;
+    STM32_HASH_Context stmCtx;
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
-        wc_silabs_sha_t silabsCtx;
+    wc_silabs_sha_t silabsCtx;
 #elif defined(WOLFSSL_IMXRT_DCP)
-        dcp_handle_t handle;
-        dcp_hash_ctx_t ctx;
+    dcp_handle_t handle;
+    dcp_hash_ctx_t ctx;
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
-        psa_hash_operation_t psa_ctx;
+    psa_hash_operation_t psa_ctx;
 #else
-        word32  buffLen;   /* in bytes          */
-        word32  loLen;     /* length in bytes   */
-        word32  hiLen;     /* length in bytes   */
-        word32  buffer[WC_SHA_BLOCK_SIZE  / sizeof(word32)];
+    word32  buffLen;   /* in bytes          */
+    word32  loLen;     /* length in bytes   */
+    word32  hiLen;     /* length in bytes   */
+    word32  buffer[WC_SHA_BLOCK_SIZE  / sizeof(word32)];
     #ifdef WOLFSSL_PIC32MZ_HASH
-        word32  digest[PIC32_DIGEST_SIZE / sizeof(word32)];
+    word32  digest[PIC32_DIGEST_SIZE / sizeof(word32)];
     #else
-        word32  digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
-    #endif
-        void*   heap;
-    #ifdef WOLFSSL_PIC32MZ_HASH
-        hashUpdCache cache; /* cache for updates */
-    #endif
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        WC_ASYNC_DEV asyncDev;
-    #endif /* WOLFSSL_ASYNC_CRYPT */
-    #ifdef WOLF_CRYPTO_CB
-        int    devId;
-        void*  devCtx; /* generic crypto callback context */
-    #endif
-    #ifdef WOLFSSL_IMXRT1170_CAAM
-        caam_hash_ctx_t ctx;
-        caam_handle_t hndl;
-    #endif
-    #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
-        byte*  msg;
-        word32 used;
-        word32 len;
+    word32  digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
     #endif
+    void*   heap;
+#endif
+#ifdef WOLFSSL_PIC32MZ_HASH
+    hashUpdCache cache; /* cache for updates */
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+    WC_ASYNC_DEV asyncDev;
+#endif /* WOLFSSL_ASYNC_CRYPT */
+#ifdef WOLF_CRYPTO_CB
+    int    devId;
+    void*  devCtx; /* generic crypto callback context */
+#endif
+#ifdef WOLFSSL_IMXRT1170_CAAM
+    caam_hash_ctx_t ctx;
+    caam_handle_t hndl;
+#endif
+#if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
+    byte*  msg;
+    word32 used;
+    word32 len;
 #endif
 #if defined(WOLFSSL_ESP32_CRYPT) && \
    !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h
index 454290c4..323c53ad 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h
@@ -164,7 +164,7 @@ struct wc_Sha256 {
 #elif defined(STM32_HASH_SHA2)
     STM32_HASH_Context stmCtx;
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
-  wc_silabs_sha_t silabsCtx;
+    wc_silabs_sha_t silabsCtx;
 #elif defined(WOLFSSL_IMXRT_DCP)
     dcp_handle_t handle;
     dcp_hash_ctx_t ctx;
@@ -249,6 +249,10 @@ WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256);
 #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
 WOLFSSL_API int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data);
 #endif
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+WOLFSSL_API int wc_Sha256HashBlock(wc_Sha256* sha, const unsigned char* data,
+    unsigned char* hash);
+#endif
 #if defined(WOLFSSL_HASH_KEEP)
 WOLFSSL_API int wc_Sha256_Grow(wc_Sha256* sha256, const byte* in, int inSz);
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h
index 1c943d94..7592c468 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h
@@ -159,7 +159,7 @@ struct wc_Sha512 {
     WC_ESP32SHA ctx;
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
-  wc_silabs_sha_t silabsCtx;
+    wc_silabs_sha_t silabsCtx;
 #endif
 #ifdef WOLFSSL_KCAPI_HASH
     wolfssl_KCAPI_Hash kcapi;
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h
index e768d0cd..cf7b8f28 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h
@@ -1067,7 +1067,7 @@ MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap);
 MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result);
 MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result,
     WC_RNG* rng);
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
 MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r);
 #endif
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h
index 958d8529..84871f53 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h
@@ -41,6 +41,7 @@
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif
 
 #ifdef __cplusplus
@@ -99,7 +100,7 @@ struct sphincs_key {
 
 WOLFSSL_API
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key);
+                        sphincs_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_sphincs_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                           word32 msgLen, int* res, sphincs_key* key);
@@ -124,7 +125,7 @@ int wc_sphincs_import_private_key(const byte* priv, word32 privSz,
                                   sphincs_key* key);
 
 WOLFSSL_API
-int wc_sphincs_export_public(sphincs_key*, byte* out, word32* outLen);
+int wc_sphincs_export_public(sphincs_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_sphincs_export_private_only(sphincs_key* key, byte* out, word32* outLen);
 WOLFSSL_API
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h
index dc6d55a1..915a3359 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h
@@ -364,7 +364,7 @@ while (0)
 /* Initialize an mp_int. */
 #define INIT_MP_INT_SIZE(name, bits) \
     mp_init(name)
-/* Type to cast to when using size marcos. */
+/* Type to cast to when using size macros. */
 #define MP_INT_SIZE     mp_int
 
 
@@ -877,8 +877,9 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size);
 MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
 MP_API int mp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct);
 MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho);
+MP_API int mp_sqr(fp_int *a, fp_int *b);
+
 #ifdef HAVE_ECC
-    MP_API int mp_sqr(fp_int *a, fp_int *b);
     MP_API int mp_div_2(fp_int * a, fp_int * b);
     MP_API int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c);
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h
index 0d41354e..01ed929f 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h
@@ -259,7 +259,9 @@ decouple library dependencies with standard string, memory and so on.
     #endif
 
 #elif defined(WC_16BIT_CPU)
+    #ifndef MICROCHIP_PIC24
         #undef WORD64_AVAILABLE
+    #endif
         typedef word16 wolfssl_word;
         #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as \
                            * mp_digit, no 64 bit type so make mp_digit 16 bit */
@@ -356,7 +358,7 @@ typedef struct w64wrapper {
                 #define WC_INLINE inline
             #endif
         #else
-            #define WC_INLINE
+            #define WC_INLINE WC_MAYBE_UNUSED
         #endif
     #else
         #define WC_INLINE WC_MAYBE_UNUSED
@@ -556,6 +558,10 @@ typedef struct w64wrapper {
                 #endif
                 #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
             #endif /* WOLFSSL_DEBUG_MEMORY */
+        #elif  defined(WOLFSSL_EMBOS) && !defined(XMALLOC_USER) \
+                && !defined(NO_WOLFSSL_MEMORY) \
+                && !defined(WOLFSSL_STATIC_MEMORY)
+            /* settings.h solve this case already. Avoid redefinition. */
         #elif (!defined(FREERTOS) && !defined(FREERTOS_TCP)) || defined(WOLFSSL_TRACK_MEMORY)
             #ifdef WOLFSSL_DEBUG_MEMORY
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__))
@@ -578,71 +584,94 @@ typedef struct w64wrapper {
     #endif
 
     /* declare/free variable handling for async and smallstack */
+    #ifndef WC_ALLOC_DO_ON_FAILURE
+        #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING
+    #endif
+
+    #define WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+        VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
+        int idx##VAR_NAME = 0, inner_idx_##VAR_NAME
+    #define WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \
+        VAR_TYPE* VAR_NAME[VAR_ITEMS]
+    #define WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+        for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+            (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+            if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
+                for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
+                    XFREE((VAR_NAME)[inner_idx_##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+                    (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
+                } \
+                for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
+                    (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
+                } \
+                idx##VAR_NAME = 0; \
+                WC_ALLOC_DO_ON_FAILURE(); \
+                break; \
+            } \
+        }
+    #define WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            do { \
+                WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP); \
+                if (idx##VAR_NAME != 0) { \
+                    for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                        XMEMSET((VAR_NAME)[idx##VAR_NAME], 0, VAR_SIZE); \
+                    } \
+                } \
+            } while (0)
+    #define WC_HEAP_ARRAY_OK(VAR_NAME) (idx##VAR_NAME != 0)
+    #define WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)               \
+        if (WC_HEAP_ARRAY_OK(VAR_NAME)) {                               \
+            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+            }                                                           \
+            idx##VAR_NAME = 0;                                          \
+        }
+
     #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK)
         #define WC_DECLARE_VAR_IS_HEAP_ALLOC
         #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
-        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
-            int idx##VAR_NAME, inner_idx_##VAR_NAME
-        #define WC_INIT_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-                if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
-                    for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
-                        XFREE((VAR_NAME)[inner_idx_##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    break; \
-                } \
-            }
+            VAR_TYPE* VAR_NAME = NULL
+        #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP)        \
+            do {                                                        \
+                (VAR_NAME) = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+                if ((VAR_NAME) == NULL) {                               \
+                    WC_ALLOC_DO_ON_FAILURE();                           \
+                }                                                       \
+            } while (0)
+        #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP)        \
+            do { \
+                WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP); \
+                XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE) * (VAR_SIZE)); \
+            } while (0)
         #define WC_FREE_VAR(VAR_NAME, HEAP) \
             XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
+        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+        #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \
+            WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE)
+        #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+        #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+        #define WC_ARRAY_OK(VAR_NAME) WC_HEAP_ARRAY_OK(VAR_NAME)
         #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-            }
-
-        #define WC_DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
-        #define WC_DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            WC_INIT_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
-        #define WC_FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
-            WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)
+            WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)
     #else
         #undef WC_DECLARE_VAR_IS_HEAP_ALLOC
         #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
             VAR_TYPE VAR_NAME[VAR_SIZE]
-        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE VAR_NAME[VAR_ITEMS][VAR_SIZE]
-        #define WC_INIT_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) WC_DO_NOTHING
+        #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) WC_DO_NOTHING
+        #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP)        \
+            XMEMSET(VAR_NAME, 0, sizeof(var))
         #define WC_FREE_VAR(VAR_NAME, HEAP) WC_DO_NOTHING /* nothing to free, its stack */
+        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */
+        #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \
+            VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */
+        #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) WC_DO_NOTHING
+        #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) XMEMSET(VAR_NAME, 0, sizeof(VAR_NAME))
+        #define WC_ARRAY_OK(VAR_NAME) 1
         #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) WC_DO_NOTHING /* nothing to free, its stack */
-
-        #define WC_DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
-            int idx##VAR_NAME, inner_idx_##VAR_NAME
-        #define WC_DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
-                if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
-                    for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
-                        XFREE((VAR_NAME)[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_TMP_BUFFER); \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    break; \
-                } \
-            }
-        #define WC_FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
-            }
     #endif
 
     #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
@@ -651,9 +680,9 @@ typedef struct w64wrapper {
         #define DECLARE_ARRAY               WC_DECLARE_ARRAY
         #define FREE_VAR                    WC_FREE_VAR
         #define FREE_ARRAY                  WC_FREE_ARRAY
-        #define DECLARE_ARRAY_DYNAMIC_DEC   WC_DECLARE_ARRAY_DYNAMIC_DEC
-        #define DECLARE_ARRAY_DYNAMIC_EXE   WC_DECLARE_ARRAY_DYNAMIC_EXE
-        #define FREE_ARRAY_DYNAMIC          WC_FREE_ARRAY_DYNAMIC
+        #define DECLARE_ARRAY_DYNAMIC_DEC   WC_DECLARE_HEAP_ARRAY
+        #define DECLARE_ARRAY_DYNAMIC_EXE   WC_ALLOC_HEAP_ARRAY
+        #define FREE_ARRAY_DYNAMIC          WC_FREE_HEAP_ARRAY
     #endif /* HAVE_FIPS */
 
     #if !defined(USE_WOLF_STRTOK) && \
@@ -700,11 +729,11 @@ typedef struct w64wrapper {
         #endif
 
         #ifndef XSTRCASECMP
-        #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000)
-            /* XC32 supports str[n]casecmp in version >= 1.0. */
+        #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000) && (__XC32_VERSION < 4000)
+            /* XC32 supports str[n]casecmp in version >= 1.0 through 4.0. */
             #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2))
         #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \
-                defined(WOLFSSL_ZEPHYR)
+                defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strcasecmp. */
             #define USE_WOLF_STRCASECMP
             #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1,s2)
@@ -734,7 +763,7 @@ typedef struct w64wrapper {
             /* XC32 supports str[n]casecmp in version >= 1.0. */
             #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
         #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \
-                defined(WOLFSSL_ZEPHYR)
+                defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strncasecmp. */
             #define USE_WOLF_STRNCASECMP
             #define XSTRNCASECMP(s1,s2) wc_strncasecmp(s1,s2)
@@ -882,8 +911,12 @@ typedef struct w64wrapper {
 
     #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         #ifndef XGETENV
-            #include <stdlib.h>
-            #define XGETENV getenv
+            #ifdef NO_GETENV
+                #define XGETENV(x) (NULL)
+            #else
+                #include <stdlib.h>
+                #define XGETENV getenv
+            #endif
         #endif
     #endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
@@ -898,7 +931,11 @@ typedef struct w64wrapper {
         #endif
         #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
         #define XISALNUM(c)     isalnum((c))
-        #define XISASCII(c)     isascii((c))
+        #ifdef NO_STDLIB_ISASCII
+            #define XISASCII(c) (((c) >= 0 && (c) <= 127) ? 1 : 0)
+        #else
+            #define XISASCII(c) isascii((c))
+        #endif
         #define XISSPACE(c)     isspace((c))
         #endif
         /* needed by wolfSSL_check_domain_name() */
@@ -1015,6 +1052,7 @@ typedef struct w64wrapper {
         DYNAMIC_TYPE_SPHINCS      = 98,
         DYNAMIC_TYPE_SM4_BUFFER   = 99,
         DYNAMIC_TYPE_DEBUG_TAG    = 100,
+        DYNAMIC_TYPE_LMS          = 101,
         DYNAMIC_TYPE_SNIFFER_SERVER      = 1000,
         DYNAMIC_TYPE_SNIFFER_SESSION     = 1001,
         DYNAMIC_TYPE_SNIFFER_PB          = 1002,
@@ -1169,9 +1207,55 @@ typedef struct w64wrapper {
         WC_PK_TYPE_ED25519_KEYGEN = 15,
         WC_PK_TYPE_CURVE25519_KEYGEN = 16,
         WC_PK_TYPE_RSA_GET_SIZE = 17,
-        WC_PK_TYPE_MAX = WC_PK_TYPE_RSA_GET_SIZE
+        #define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE
+    #if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
+        WC_PK_TYPE_PQC_KEM_KEYGEN = 18,
+        WC_PK_TYPE_PQC_KEM_ENCAPS = 19,
+        WC_PK_TYPE_PQC_KEM_DECAPS = 20,
+        #undef _WC_PK_TYPE_MAX
+        #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS
+    #endif
+    #if defined(HAVE_PQC) && (defined(HAVE_DILITHIUM) || defined(HAVE_FALCON))
+        WC_PK_TYPE_PQC_SIG_KEYGEN = 21,
+        WC_PK_TYPE_PQC_SIG_SIGN = 22,
+        WC_PK_TYPE_PQC_SIG_VERIFY = 23,
+        WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY = 24,
+        #undef _WC_PK_TYPE_MAX
+        #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY
+    #endif
+        WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX
     };
 
+    #if defined(HAVE_PQC)
+    /* Post quantum KEM algorithms */
+    enum wc_PqcKemType {
+        WC_PQC_KEM_TYPE_NONE = 0,
+        #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_NONE
+    #if defined(WOLFSSL_HAVE_KYBER)
+        WC_PQC_KEM_TYPE_KYBER = 1,
+        #undef _WC_PQC_KEM_TYPE_MAX
+        #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_KYBER
+    #endif
+        WC_PQC_KEM_TYPE_MAX = _WC_PQC_KEM_TYPE_MAX
+    };
+
+    /* Post quantum signature algorithms */
+    enum wc_PqcSignatureType {
+        WC_PQC_SIG_TYPE_NONE = 0,
+        #define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_NONE
+    #if defined(HAVE_DILITHIUM)
+        WC_PQC_SIG_TYPE_DILITHIUM = 1,
+        #undef _WC_PQC_SIG_TYPE_MAX
+        #define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_DILITHIUM
+    #endif
+    #if defined(HAVE_FALCON)
+        WC_PQC_SIG_TYPE_FALCON = 2,
+        #undef _WC_PQC_SIG_TYPE_MAX
+        #define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_FALCON
+    #endif
+        WC_PQC_SIG_TYPE_MAX = _WC_PQC_SIG_TYPE_MAX
+    };
+    #endif
 
     /* settings detection for compile vs runtime math incompatibilities */
     enum {
@@ -1237,87 +1321,57 @@ typedef struct w64wrapper {
           #ifndef WOLFSSL_USE_ALIGN
               #define WOLFSSL_USE_ALIGN
           #endif
-    #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */
-
-    #ifdef WOLFSSL_USE_ALIGN
-        #if !defined(ALIGN16)
-            #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-                defined(__llvm__)
-                #define ALIGN16 __attribute__ ( (aligned (16)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN16 __declspec (align (16))
-            #else
-                #define ALIGN16
-            #endif
-        #endif /* !ALIGN16 */
-
-        #if !defined (ALIGN32)
-            #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-                defined(__llvm__)
-                #define ALIGN32 __attribute__ ( (aligned (32)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN32 __declspec (align (32))
-            #else
-                #define ALIGN32
-            #endif
-        #endif /* !ALIGN32 */
-
-        #if !defined(ALIGN64)
-            #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-                defined(__llvm__)
-                #define ALIGN64 __attribute__ ( (aligned (64)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN64 __declspec (align (64))
-            #else
-                #define ALIGN64
-            #endif
-        #endif /* !ALIGN64 */
-
-        #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-            defined(__llvm__)
-            #define ALIGN128 __attribute__ ( (aligned (128)))
+    #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || \
+            * WOLFSSL_AFALG_XILINX */
+
+    /* Helpers for memory alignment */
+    #ifndef XALIGNED
+        #if defined(__GNUC__) || defined(__llvm__) || \
+              defined(__IAR_SYSTEMS_ICC__)
+            #define XALIGNED(x) __attribute__ ( (aligned (x)))
+        #elif defined(__KEIL__)
+            #define XALIGNED(x) __align(x)
         #elif defined(_MSC_VER)
             /* disable align warning, we want alignment ! */
             #pragma warning(disable: 4324)
-            #define ALIGN128 __declspec (align (128))
+            #define XALIGNED(x) __declspec (align (x))
         #else
-            #define ALIGN128
+            #define XALIGNED(x) /* null expansion */
         #endif
+    #endif
 
-        #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)  || \
-            defined(__llvm__)
-            #define ALIGN256 __attribute__ ( (aligned (256)))
-        #elif defined(_MSC_VER)
-            /* disable align warning, we want alignment ! */
-            #pragma warning(disable: 4324)
-            #define ALIGN256 __declspec (align (256))
+    /* Only use alignment in wolfSSL/wolfCrypt if WOLFSSL_USE_ALIGN is set */
+    #ifdef WOLFSSL_USE_ALIGN
+        /* For IAR ARM the maximum variable alignment on stack is 8-bytes.
+         * Variables declared outside stack (like static globals) can have
+         * higher alignment. */
+        #if defined(__ICCARM__)
+            #define WOLFSSL_ALIGN(x) XALIGNED(8)
         #else
-            #define ALIGN256
+            #define WOLFSSL_ALIGN(x) XALIGNED(x)
         #endif
-
     #else
-        #ifndef ALIGN16
-            #define ALIGN16
-        #endif
-        #ifndef ALIGN32
-            #define ALIGN32
-        #endif
-        #ifndef ALIGN64
-            #define ALIGN64
-        #endif
-        #ifndef ALIGN128
-            #define ALIGN128
-        #endif
-        #ifndef ALIGN256
-            #define ALIGN256
-        #endif
-    #endif /* WOLFSSL_USE_ALIGN */
+        #define WOLFSSL_ALIGN(x) /* null expansion */
+    #endif
+
+    #ifndef ALIGN8
+        #define ALIGN8   WOLFSSL_ALIGN(8)
+    #endif
+    #ifndef ALIGN16
+        #define ALIGN16  WOLFSSL_ALIGN(16)
+    #endif
+    #ifndef ALIGN32
+        #define ALIGN32  WOLFSSL_ALIGN(32)
+    #endif
+    #ifndef ALIGN64
+        #define ALIGN64  WOLFSSL_ALIGN(64)
+    #endif
+    #ifndef ALIGN128
+        #define ALIGN128 WOLFSSL_ALIGN(128)
+    #endif
+    #ifndef ALIGN256
+        #define ALIGN256 WOLFSSL_ALIGN(256)
+    #endif
 
     #if !defined(PEDANTIC_EXTENSION)
         #if defined(__GNUC__)
@@ -1399,6 +1453,10 @@ typedef struct w64wrapper {
         #ifndef HAVE_SELFTEST
             #define WOLFSSL_THREAD_NO_JOIN
         #endif
+    #elif defined(FREERTOS) && defined(WOLFSSL_ESPIDF)
+        typedef void*          THREAD_RETURN;
+        typedef pthread_t      THREAD_TYPE;
+        #define WOLFSSL_THREAD
     #elif defined(FREERTOS)
         typedef unsigned int   THREAD_RETURN;
         typedef TaskHandle_t   THREAD_TYPE;
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_kyber.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_kyber.h
index 62c3ed81..61fe8b2b 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_kyber.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_kyber.h
@@ -1,3 +1,281 @@
+/* wc_kyber.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
-#error "Contact wolfSSL to get the implementation of this file"
+/*!
+    \file wolfssl/wolfcrypt/wc_kyber.h
+*/
+
+
+#ifndef WOLF_CRYPT_WC_KYBER_H
+#define WOLF_CRYPT_WC_KYBER_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/sha3.h>
+#include <wolfssl/wolfcrypt/kyber.h>
+
+#ifdef WOLFSSL_HAVE_KYBER
+
+#if defined(_MSC_VER)
+    #define KYBER_NOINLINE __declspec(noinline)
+#elif defined(__GNUC__)
+    #define KYBER_NOINLINE __attribute__((noinline))
+#else
+    #define KYBER_NOINLINE
+#endif
+
+/* Define algorithm type when not excluded. */
+
+#ifndef WOLFSSL_NO_KYBER512
+#define WOLFSSL_KYBER512
+#endif
+#ifndef WOLFSSL_NO_KYBER768
+#define WOLFSSL_KYBER768
+#endif
+#ifndef WOLFSSL_NO_KYBER1024
+#define WOLFSSL_KYBER1024
+#endif
+
+enum {
+    /* Flags of Kyber keys. */
+    KYBER_FLAG_PRIV_SET = 0x0001,
+    KYBER_FLAG_PUB_SET  = 0x0002,
+    KYBER_FLAG_BOTH_SET = 0x0003,
+    KYBER_FLAG_H_SET    = 0x0004,
+
+    /* 2 bits of random used to create noise value. */
+    KYBER_CBD_ETA2          = 2,
+    /* 3 bits of random used to create noise value. */
+    KYBER_CBD_ETA3          = 3,
+
+    /* Number of bits to compress to. */
+    KYBER_COMP_4BITS    =  4,
+    KYBER_COMP_5BITS    =  5,
+    KYBER_COMP_10BITS   = 10,
+    KYBER_COMP_11BITS   = 11,
+};
+
+
+/* SHAKE128 rate. */
+#define XOF_BLOCK_SIZE      168
+
+/* Modulus of co-efficients of polynomial. */
+#define KYBER_Q             3329
+
+
+/* Kyber-512 parameters */
+#ifdef WOLFSSL_KYBER512
+/* Number of bits of random to create noise from. */
+#define KYBER512_ETA1       KYBER_CBD_ETA3
+#endif /* WOLFSSL_KYBER512 */
+
+/* Kyber-768 parameters */
+#ifdef WOLFSSL_KYBER768
+/* Number of bits of random to create noise from. */
+#define KYBER768_ETA1       KYBER_CBD_ETA2
+#endif /* WOLFSSL_KYBER768 */
+
+/* Kyber-1024 parameters */
+#ifdef WOLFSSL_KYBER1024
+/* Number of bits of random to create noise from. */
+#define KYBER1024_ETA1      KYBER_CBD_ETA2
+#endif /* WOLFSSL_KYBER1024 */
+
+
+
+/* The data type of the pseudo-random function. */
+#define KYBER_PRF_T     wc_Shake
+
+/* Kyber key. */
+struct KyberKey {
+    /* Type of key: KYBER512, KYBER768, KYBER1024 */
+    int type;
+    /* Dynamic memory allocation hint. */
+    void* heap;
+#if defined(WOLF_CRYPTO_CB)
+    /* Device Id. */
+    int devId;
+#endif
+    /* Flags indicating what is stored in the key. */
+    int flags;
+
+    /* A pseudo-random function object. */
+    KYBER_PRF_T prf;
+
+    /* Private key as a vector. */
+    sword16 priv[KYBER_MAX_K * KYBER_N];
+    /* Public key as a vector. */
+    sword16 pub[KYBER_MAX_K * KYBER_N];
+    /* Public seed. */
+    byte pubSeed[KYBER_SYM_SZ];
+    /* Public hash - hash of encoded public key. */
+    byte h[KYBER_SYM_SZ];
+    /* Randomizer for decapsulation. */
+    byte z[KYBER_SYM_SZ];
+};
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+WOLFSSL_LOCAL
+void kyber_init(void);
+WOLFSSL_LOCAL
+void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
+    int kp);
+WOLFSSL_LOCAL
+void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp);
+WOLFSSL_LOCAL
+void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp);
+
+WOLFSSL_LOCAL
+int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
+    int transposed);
+WOLFSSL_LOCAL
+int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed);
+
+#ifdef USE_INTEL_SPEEDUP
+WOLFSSL_LOCAL
+int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen);
+#endif
+WOLFSSL_LOCAL
+void kyber_prf_init(KYBER_PRF_T* prf);
+WOLFSSL_LOCAL
+int kyber_prf_new(KYBER_PRF_T* prf, void* heap, int devId);
+WOLFSSL_LOCAL
+void kyber_prf_free(KYBER_PRF_T* prf);
+
+WOLFSSL_LOCAL
+int kyber_cmp(const byte* a, const byte* b, int sz);
+
+WOLFSSL_LOCAL
+void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp);
+WOLFSSL_LOCAL
+void kyber_vec_compress_11(byte* r, sword16* v);
+WOLFSSL_LOCAL
+void kyber_vec_decompress_10(sword16* v, const unsigned char* b,
+    unsigned int kp);
+WOLFSSL_LOCAL
+void kyber_vec_decompress_11(sword16* v, const unsigned char* b);
+
+WOLFSSL_LOCAL
+void kyber_compress_4(byte* b, sword16* p);
+WOLFSSL_LOCAL
+void kyber_compress_5(byte* b, sword16* p);
+WOLFSSL_LOCAL
+void kyber_decompress_4(sword16* p, const unsigned char* b);
+WOLFSSL_LOCAL
+void kyber_decompress_5(sword16* p, const unsigned char* b);
+
+WOLFSSL_LOCAL
+void kyber_from_msg(sword16* p, const byte* msg);
+WOLFSSL_LOCAL
+void kyber_to_msg(byte* msg, sword16* p);
+WOLFSSL_LOCAL
+void kyber_from_bytes(sword16* p, const byte* b, int k);
+WOLFSSL_LOCAL
+void kyber_to_bytes(byte* b, sword16* p, int k);
+
+#ifdef USE_INTEL_SPEEDUP
+WOLFSSL_LOCAL
+void kyber_keygen_avx2(sword16* priv, sword16* pub, sword16* e,
+    const sword16* a, int kp);
+WOLFSSL_LOCAL
+void kyber_encapsulate_avx2(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp);
+WOLFSSL_LOCAL
+void kyber_decapsulate_avx2(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp);
+
+WOLFSSL_LOCAL
+unsigned int kyber_rej_uniform_n_avx2(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+WOLFSSL_LOCAL
+unsigned int kyber_rej_uniform_avx2(sword16* p, unsigned int len, const byte* r,
+    unsigned int rLen);
+WOLFSSL_LOCAL
+void kyber_redistribute_21_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void kyber_redistribute_17_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void kyber_redistribute_16_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void kyber_redistribute_8_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+
+WOLFSSL_LOCAL
+void kyber_sha3_blocksx4_avx2(word64* s);
+WOLFSSL_LOCAL
+void kyber_sha3_128_blocksx4_seed_avx2(word64* s, byte* seed);
+WOLFSSL_LOCAL
+void kyber_sha3_256_blocksx4_seed_avx2(word64* s, byte* seed);
+
+WOLFSSL_LOCAL
+void kyber_cbd_eta2_avx2(sword16* p, const byte* r);
+WOLFSSL_LOCAL
+void kyber_cbd_eta3_avx2(sword16* p, const byte* r);
+
+WOLFSSL_LOCAL
+void kyber_from_msg_avx2(sword16* p, const byte* msg);
+WOLFSSL_LOCAL
+void kyber_to_msg_avx2(byte* msg, sword16* p);
+
+WOLFSSL_LOCAL
+void kyber_from_bytes_avx2(sword16* p, const byte* b);
+WOLFSSL_LOCAL
+void kyber_to_bytes_avx2(byte* b, sword16* p);
+
+WOLFSSL_LOCAL
+void kyber_compress_10_avx2(byte* r, const sword16* p, int n);
+WOLFSSL_LOCAL
+void kyber_decompress_10_avx2(sword16* p, const byte* r, int n);
+WOLFSSL_LOCAL
+void kyber_compress_11_avx2(byte* r, const sword16* p, int n);
+WOLFSSL_LOCAL
+void kyber_decompress_11_avx2(sword16* p, const byte* r, int n);
+
+WOLFSSL_LOCAL
+void kyber_compress_4_avx2(byte* r, const sword16* p);
+WOLFSSL_LOCAL
+void kyber_decompress_4_avx2(sword16* p, const byte* r);
+WOLFSSL_LOCAL
+void kyber_compress_5_avx2(byte* r, const sword16* p);
+WOLFSSL_LOCAL
+void kyber_decompress_5_avx2(sword16* p, const byte* r);
+
+
+WOLFSSL_LOCAL
+int kyber_cmp_avx2(const byte* a, const byte* b, int sz);
+#endif
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_HAVE_KYBER */
+
+#endif /* WOLF_CRYPT_WC_KYBER_H */
 
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h
index a0e06e41..f51dad7b 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h
@@ -1,6 +1,6 @@
 /* wc_lms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2024 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h
index 5240effa..bf5ef6b3 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h
@@ -130,6 +130,7 @@
     #include "cmsis_os.h"
 #elif defined(WOLFSSL_TIRTOS)
     #include <ti/sysbios/BIOS.h>
+    #include <ti/sysbios/knl/Task.h>
     #include <ti/sysbios/knl/Semaphore.h>
 #elif defined(WOLFSSL_FROSTED)
     #include <semaphore.h>
@@ -243,7 +244,7 @@
             typedef pthread_rwlock_t wolfSSL_RwLock;
         #endif
         typedef pthread_mutex_t wolfSSL_Mutex;
-        #define WOLFSSL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
+        #define WOLFSSL_MUTEX_INITIALIZER(lockname) PTHREAD_MUTEX_INITIALIZER
     #elif defined(THREADX)
         typedef TX_MUTEX wolfSSL_Mutex;
     #elif defined(WOLFSSL_DEOS)
@@ -305,6 +306,13 @@
     #endif /* USE_WINDOWS_API */
 
 #endif /* SINGLE_THREADED */
+
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    #define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) = WOLFSSL_MUTEX_INITIALIZER(lockname)
+#else
+    #define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) /* null expansion */
+#endif
+
 #if !defined(WOLFSSL_USE_RWLOCK) || defined(SINGLE_THREADED)
     typedef wolfSSL_Mutex wolfSSL_RwLock;
 #endif
@@ -697,49 +705,59 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 
     #if !defined(NO_WOLFSSL_DIR)\
         && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-    #if defined(USE_WINDOWS_API)
-        #include <sys/stat.h>
-        #ifndef XSTAT
-        #define XSTAT       _stat
-        #endif
-        #define XS_ISREG(s) (s & _S_IFREG)
-        #define SEPARATOR_CHAR ';'
+        #if defined(USE_WINDOWS_API)
+            #include <sys/stat.h>
+            #ifndef XSTAT
+                #define XSTAT       _stat
+            #endif
+            #define XS_ISREG(s) (s & _S_IFREG)
+            #define SEPARATOR_CHAR ';'
 
-    #elif defined(INTIME_RTOS)
-        #include <sys/stat.h>
-        #ifndef XSTAT
-        #define XSTAT _stat64
-        #endif
-        #define XS_ISREG(s) S_ISREG(s)
-        #define SEPARATOR_CHAR ';'
-        #define XWRITE      write
-        #define XREAD       read
-        #define XCLOSE      close
+        #elif defined(ARDUINO)
+            #ifndef XSTAT
+                #define XSTAT       _stat
+            #endif
+            #define XS_ISREG(s) (s & _S_IFREG)
+            #define SEPARATOR_CHAR ';'
 
-    #elif defined(WOLFSSL_TELIT_M2MB)
-        #ifndef XSTAT
-        #define XSTAT       m2mb_fs_stat
-        #endif
-        #define XS_ISREG(s) (s & M2MB_S_IFREG)
-        #define SEPARATOR_CHAR ':'
-    #else
-        #include <dirent.h>
-        #include <unistd.h>
-        #include <sys/stat.h>
-        #define XWRITE      write
-        #define XREAD       read
-        #define XCLOSE      close
-        #ifndef XSTAT
-        #define XSTAT       stat
+        #elif defined(INTIME_RTOS)
+            #include <sys/stat.h>
+            #ifndef XSTAT
+            #define XSTAT _stat64
+            #endif
+            #define XS_ISREG(s) S_ISREG(s)
+            #define SEPARATOR_CHAR ';'
+            #define XWRITE      write
+            #define XREAD       read
+            #define XCLOSE      close
+
+        #elif defined(WOLFSSL_TELIT_M2MB)
+            #ifndef XSTAT
+            #define XSTAT       m2mb_fs_stat
+            #endif
+            #define XS_ISREG(s) (s & M2MB_S_IFREG)
+            #define SEPARATOR_CHAR ':'
+
+        #else
+            #ifndef NO_WOLFSSL_DIR
+                #include <dirent.h>
+            #endif
+            #include <unistd.h>
+            #include <sys/stat.h>
+            #define XWRITE      write
+            #define XREAD       read
+            #define XCLOSE      close
+            #ifndef XSTAT
+            #define XSTAT       stat
+            #endif
+            #define XS_ISREG(s) S_ISREG(s)
+            #define SEPARATOR_CHAR ':'
         #endif
-        #define XS_ISREG(s) S_ISREG(s)
-        #define SEPARATOR_CHAR ':'
-    #endif
 
-    #ifndef XSTAT_TYPE
-        #define XSTAT_TYPE struct XSTAT
-    #endif
-    #endif
+        #ifndef XSTAT_TYPE
+            #define XSTAT_TYPE struct XSTAT
+        #endif
+    #endif /* !NO_WOLFSSL_DIR !WOLFSSL_NUCLEUS !WOLFSSL_NUCLEUS_1_2 */
 #endif
 
     #ifndef MAX_FILENAME_SZ
@@ -776,6 +794,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
         #define IntimeFindNext(data)  (0 == _findnext64(data))
         #define IntimeFindClose(data) (0 == _findclose64(data))
         #define IntimeFilename(ctx)   ctx->FindFileData.f_filename
+    #elif defined(ARDUINO)
+        /* TODO: board specific features */
     #else
         struct dirent* entry;
         DIR*   dir;
@@ -1179,6 +1199,33 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #endif
 #endif
 
+#ifdef WOLF_C99
+    /* use alternate keyword for compatibility with -std=c99 */
+    #define XASM_VOLATILE(a) __asm__ volatile(a)
+#elif defined(__IAR_SYSTEMS_ICC__)
+    #define XASM_VOLATILE(a) asm volatile(a)
+#elif defined(__KEIL__)
+    #define XASM_VOLATILE(a) __asm volatile(a)
+#else
+    #define XASM_VOLATILE(a) __asm__ __volatile__(a)
+#endif
+
+#ifndef WOLFSSL_NO_FENCE
+    #if defined (__i386__) || defined(__x86_64__)
+        #define XFENCE() XASM_VOLATILE("lfence")
+    #elif (defined (__arm__) && (__ARM_ARCH > 6)) || defined(__aarch64__)
+        #define XFENCE() XASM_VOLATILE("isb")
+    #elif defined(__riscv)
+        #define XFENCE() XASM_VOLATILE("fence")
+    #elif defined(__PPC__)
+        #define XFENCE() XASM_VOLATILE("isync; sync")
+    #else
+        #define XFENCE() do{}while(0)
+    #endif
+#else
+    #define XFENCE() do{}while(0)
+#endif
+
 
     /* AFTER user_settings.h is loaded,
     ** determine if POSIX multi-threaded: HAVE_PTHREAD  */
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h
index 70f26c48..7f19aee2 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h
@@ -89,6 +89,53 @@
 #define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */
 #define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */
 
+#if defined(HAVE_FIPS) || defined(HAVE_LIBXMSS)
+    #undef WOLFSSL_WC_XMSS_NO_SHA512
+    #define WOLFSSL_WC_XMSS_NO_SHA512
+    #undef WOLFSSL_WC_XMSS_NO_SHAKE128
+    #define WOLFSSL_WC_XMSS_NO_SHAKE128
+    #undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
+    #ifdef HAVE_LIBXMSS
+        #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE       256
+    #else
+        #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE       192
+    #endif
+    #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE       256
+#endif
+
+#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256)
+    #define WC_XMSS_SHA256
+#endif
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512)
+    #define WC_XMSS_SHA512
+#endif
+#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128)
+    #define WC_XMSS_SHAKE128
+#endif
+#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256)
+    #define WC_XMSS_SHAKE256
+#endif
+
+#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE
+    #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE       192
+#endif
+#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
+    #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE       512
+#endif
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE
+    #error "XMSS minimum hash size is greater than maximum hash size"
+#endif
+
+#ifndef WOLFSSL_XMSS_MIN_HEIGHT
+    #define WOLFSSL_XMSS_MIN_HEIGHT             10
+#endif
+#ifndef WOLFSSL_XMSS_MAX_HEIGHT
+    #define WOLFSSL_XMSS_MAX_HEIGHT             60
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT
+    #error "XMSS minimum height is greater than maximum height"
+#endif
+
 typedef struct XmssKey XmssKey;
 
 /* Return codes returned by private key callbacks. */
@@ -113,37 +160,41 @@ enum wc_XmssState {
 };
 
 /* Private key write and read callbacks. */
-typedef enum wc_XmssRc (*write_private_key_cb)(const byte * priv, word32 privSz, void *context);
-typedef enum wc_XmssRc (*read_private_key_cb)(byte * priv, word32 privSz, void *context);
+typedef enum wc_XmssRc (*write_private_key_cb)(const byte* priv, word32 privSz,
+    void* context);
+typedef enum wc_XmssRc (*read_private_key_cb)(byte* priv, word32 privSz,
+    void* context);
 
 #ifdef __cplusplus
     extern "C" {
 #endif
-WOLFSSL_API int  wc_XmssKey_Init(XmssKey * key, void * heap, int devId);
-WOLFSSL_API int  wc_XmssKey_SetParamStr(XmssKey * key, const char * str);
+
+WOLFSSL_API int  wc_XmssKey_Init(XmssKey* key, void* heap, int devId);
+WOLFSSL_API int  wc_XmssKey_SetParamStr(XmssKey* key, const char* str);
 #ifndef WOLFSSL_XMSS_VERIFY_ONLY
-WOLFSSL_API int  wc_XmssKey_SetWriteCb(XmssKey * key,
+WOLFSSL_API int  wc_XmssKey_SetWriteCb(XmssKey* key,
     write_private_key_cb write_cb);
-WOLFSSL_API int  wc_XmssKey_SetReadCb(XmssKey * key,
+WOLFSSL_API int  wc_XmssKey_SetReadCb(XmssKey* key,
     read_private_key_cb read_cb);
-WOLFSSL_API int  wc_XmssKey_SetContext(XmssKey * key, void * context);
-WOLFSSL_API int  wc_XmssKey_MakeKey(XmssKey * key, WC_RNG * rng);
-WOLFSSL_API int  wc_XmssKey_Reload(XmssKey * key);
-WOLFSSL_API int  wc_XmssKey_GetPrivLen(const XmssKey * key, word32 * len);
-WOLFSSL_API int  wc_XmssKey_Sign(XmssKey * key, byte * sig, word32 * sigSz,
-    const byte * msg, int msgSz);
-WOLFSSL_API int  wc_XmssKey_SigsLeft(XmssKey * key);
+WOLFSSL_API int  wc_XmssKey_SetContext(XmssKey* key, void* context);
+WOLFSSL_API int  wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng);
+WOLFSSL_API int  wc_XmssKey_Reload(XmssKey* key);
+WOLFSSL_API int  wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len);
+WOLFSSL_API int  wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz,
+    const byte* msg, int msgSz);
+WOLFSSL_API int  wc_XmssKey_SigsLeft(XmssKey* key);
 #endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
-WOLFSSL_API void wc_XmssKey_Free(XmssKey * key);
-WOLFSSL_API int  wc_XmssKey_GetSigLen(const XmssKey * key, word32 * len);
-WOLFSSL_API int  wc_XmssKey_GetPubLen(const XmssKey * key, word32 * len);
-WOLFSSL_API int  wc_XmssKey_ExportPub(XmssKey * keyDst, const XmssKey * keySrc);
-WOLFSSL_API int  wc_XmssKey_ExportPubRaw(const XmssKey * key, byte * out,
-    word32 * outLen);
-WOLFSSL_API int  wc_XmssKey_ImportPubRaw(XmssKey * key, const byte * in,
+WOLFSSL_API void wc_XmssKey_Free(XmssKey* key);
+WOLFSSL_API int  wc_XmssKey_GetSigLen(const XmssKey* key, word32* len);
+WOLFSSL_API int  wc_XmssKey_GetPubLen(const XmssKey* key, word32* len);
+WOLFSSL_API int  wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc);
+WOLFSSL_API int  wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out,
+    word32* outLen);
+WOLFSSL_API int  wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in,
     word32 inLen);
-WOLFSSL_API int  wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigSz,
-    const byte * msg, int msgSz);
+WOLFSSL_API int  wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz,
+    const byte* msg, int msgSz);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/extra/wolfssl/wolfssl/wolfssl/wolfio.h b/extra/wolfssl/wolfssl/wolfssl/wolfio.h
index 9a8b5113..48646a50 100644
--- a/extra/wolfssl/wolfssl/wolfssl/wolfio.h
+++ b/extra/wolfssl/wolfssl/wolfssl/wolfio.h
@@ -66,6 +66,8 @@
             #include <errno.h>
             #define LWIP_PROVIDE_ERRNO 1
         #endif
+    #elif defined(ARDUINO)
+        /* TODO Add specific boards */
     #elif defined(FREESCALE_MQX)
         #include <posix.h>
         #include <rtcs.h>
@@ -118,8 +120,6 @@
         #include <errno.h>
         #include <unistd.h>
         #include <fcntl.h>
-        #include <netdb.h>
-        #include <sys/ioctl.h>
     #elif defined(WOLFSSL_SGX)
         #include <errno.h>
     #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
@@ -161,11 +161,9 @@
             #include <sys/socket.h>
             #include <arpa/inet.h>
             #include <netinet/in.h>
-            #include <netdb.h>
             #ifdef __PPU
                 #include <netex/errno.h>
             #else
-                #include <sys/ioctl.h>
             #endif
         #endif
     #endif
@@ -318,6 +316,12 @@
     #include <network.h>
     #define SEND_FUNCTION net_send
     #define RECV_FUNCTION net_recv
+#elif defined(WOLFSSL_ESPIDF)
+    #define SEND_FUNCTION send
+    #define RECV_FUNCTION recv
+    #if !defined(HAVE_SOCKADDR) && !defined(WOLFSSL_NO_SOCK)
+        #define HAVE_SOCKADDR
+    #endif
 #elif defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
     #define SEND_FUNCTION lwip_send
     #define RECV_FUNCTION lwip_recv
diff --git a/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt b/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt
index bf8fe1a7..ec6dcba2 100644
--- a/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt
+++ b/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt
@@ -45,6 +45,7 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/des3.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dh.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dilithium.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dsa.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc_fp.c)
@@ -52,6 +53,7 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed25519.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/error.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ext_kyber.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/falcon.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_low_mem.c)
@@ -95,6 +97,7 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_dsp32.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_int.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_x86_64.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sphincs.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/srp.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c)
@@ -106,6 +109,7 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfmath.c)
 
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/liboqs/liboqs.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_aes.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_hash.c)
diff --git a/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf b/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf
index 15d4ebba..b7e4eee4 100644
--- a/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf
+++ b/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf
@@ -1,5 +1,6 @@
 # Configure stack and heap sizes
 CONFIG_MAIN_STACK_SIZE=32768
+CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
 
 # Pthreads
 CONFIG_PTHREAD_IPC=y
-- 
cgit v1.2.3