diff --git a/.gitignore b/.gitignore
index 872885298..079e69581 100644
--- a/.gitignore
+++ b/.gitignore
@@ -169,6 +169,12 @@ mplabx/wolfcrypt_test.X/nbproject/Makefile-*
 mplabx/wolfcrypt_test.X/nbproject/Package-default.bash
 mplabx/wolfssl.X/nbproject/Makefile-*
 mplabx/wolfssl.X/nbproject/Package-default.bash
+mplabx/wolfssl.X/nbproject/private
+mplabx/wolfcrypt_test.X/nbproject/private
+mplabx/wolfcrypt_benchmark.X/nbproject/private
+mplabx/wolfssl.X/dist/default/
+mplabx/wolfcrypt_test.X/dist/default/
+mplabx/wolfcrypt_benchmark.X/dist/default/
 *.dSYM
 
 # Vagrant folder
@@ -220,3 +226,5 @@ IDE/LINUX-SGX/*.a
 
 # Binaries
 wolfcrypt/src/port/intel/qat_test
+/mplabx/wolfssl.X/dist/default/
+/mplabx/wolfcrypt_test.X/dist/default/
\ No newline at end of file
diff --git a/mcapi/PIC32MZ-serial.h b/mcapi/PIC32MZ-serial.h
index 323de525b..b0df814c8 100644
--- a/mcapi/PIC32MZ-serial.h
+++ b/mcapi/PIC32MZ-serial.h
@@ -1,28 +1,75 @@
 void _mon_putc(char c);
 
-static void init_serial() {
-    #ifdef MICROCHIP_PIC32
-#if defined (__32MZ2048ECH144__) || (__32MZ2048ECM144__)
-    /* Set up PB2 divisor for UART2 */
-    SYSKEY = 0x00000000;
-    SYSKEY = 0xAA996655;
-    SYSKEY = 0x556699AA;
-    PB2DIV = 0x00008018;
-    SYSKEY = 0x33333333;
- 
-    /* UART2 Init */
-//    U2BRG = 0x0C;
-    U2BRG = 0x7;
+#define BAUD_GEN(sysclk, baud) ((sysclk / (16 * baud)) - 1)
+
+#ifdef MICROCHIP_PIC32
+#if defined (__32MZ2048ECH144__) || defined(__32MZ2048ECM144__) || defined(__32MZ2048EFM144__)
+    /* Code generated from Harmony example then exported using Window -> PIC32 Memory View -> Configuration Bits into system_config.h */
+    #define SYS_CLK_FREQ                    200000000ul
+    #define SYS_CLK_BUS_PERIPHERAL_2        100000000ul
+
+    // DEVCFG3
+    #pragma config FMIIEN = ON              // Ethernet RMII/MII Enable (MII Enabled)
+    #pragma config FETHIO = ON              // Ethernet I/O Pin Select (Default Ethernet I/O)
+    #pragma config PGL1WAY = ON             // Permission Group Lock One Way Configuration (Allow only one reconfiguration)
+    #pragma config PMDL1WAY = ON            // Peripheral Module Disable Configuration (Allow only one reconfiguration)
+    #pragma config IOL1WAY = ON             // Peripheral Pin Select Configuration (Allow only one reconfiguration)
+    #pragma config FUSBIDIO = ON            // USB USBID Selection (Controlled by the USB Module)
+
+    // DEVCFG2
+    #pragma config FPLLIDIV = DIV_1         // System PLL Input Divider (1x Divider)
+    #pragma config FPLLRNG = RANGE_5_10_MHZ // System PLL Input Range (5-10 MHz Input)
+    #pragma config FPLLICLK = PLL_FRC       // System PLL Input Clock Selection (FRC is input to the System PLL)
+    #pragma config FPLLMULT = MUL_50        // System PLL Multiplier (PLL Multiply by 50)
+    #pragma config FPLLODIV = DIV_2         // System PLL Output Clock Divider (2x Divider)
+    #pragma config UPLLFSEL = FREQ_24MHZ    // USB PLL Input Frequency Selection (USB PLL input is 24 MHz)
+
+    // DEVCFG1
+    #pragma config FNOSC = SPLL             // Oscillator Selection Bits (System PLL)
+    #pragma config DMTINTV = WIN_127_128    // DMT Count Window Interval (Window/Interval value is 127/128 counter value)
+    #pragma config FSOSCEN = OFF            // Secondary Oscillator Enable (Disable SOSC)
+    #pragma config IESO = OFF               // Internal/External Switch Over (Disabled)
+    #pragma config POSCMOD = OFF            // Primary Oscillator Configuration (Primary osc disabled)
+    #pragma config OSCIOFNC = OFF           // CLKO Output Signal Active on the OSCO Pin (Disabled)
+    #pragma config FCKSM = CSECME           // Clock Switching and Monitor Selection (Clock Switch Enabled, FSCM Enabled)
+    #pragma config WDTPS = PS1048576        // Watchdog Timer Postscaler (1:1048576)
+    #pragma config WDTSPGM = STOP           // Watchdog Timer Stop During Flash Programming (WDT stops during Flash programming)
+    #pragma config WINDIS = NORMAL          // Watchdog Timer Window Mode (Watchdog Timer is in non-Window mode)
+    #pragma config FWDTEN = OFF             // Watchdog Timer Enable (WDT Disabled)
+    #pragma config FWDTWINSZ = WINSZ_25     // Watchdog Timer Window Size (Window size is 25%)
+    #pragma config DMTCNT = DMT31           // Deadman Timer Count Selection (2^31 (2147483648))
+    #pragma config FDMTEN = OFF             // Deadman Timer Enable (Deadman Timer is disabled)
+
+    // DEVCFG0
+    #pragma config ICESEL = ICS_PGx2        // ICE/ICD Comm Channel Select (Communicate on PGEC2/PGED2)
+
+    // DEVCP0
+    #pragma config CP = OFF                 // Code Protect (Protection Disabled)
+
+    #include <xc.h>
+#endif
+#endif
+
+static void init_serial(unsigned int sysClk) {
+#ifdef MICROCHIP_PIC32
+#if defined (__32MZ2048ECH144__) || defined(__32MZ2048ECM144__) || defined(__32MZ2048EFM144__)
+    /* This is for pin B14 which is connected to the USB to UART connector J11 located under Ethernet connector */
+
+    /* Setup UART2 */
+#ifdef SYS_CLK_BUS_PERIPHERAL_2
+    U2BRG = BAUD_GEN(SYS_CLK_BUS_PERIPHERAL_2, 115200);
+#else
+    if (sysClk > 100000000)
+        sysClk /= 2;
+    U2BRG = BAUD_GEN(sysClk, 115200);
+#endif
     ANSELBCLR = 0x4000;
     ANSELGCLR = 0x0040;
     RPB14R = 0x02;
     U2RXR = 0x01;
     U2MODE = 0x8000;
     U2STA = 0x400;
-#elif defined __PIC32MX__
-    SYSTEMConfigPerformance(80000000);
-    DBINIT();
 #endif
- 
 #endif
+    (void)sysClk;
 }
diff --git a/mcapi/crypto.c b/mcapi/crypto.c
index def94b706..d73308842 100644
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -20,29 +20,32 @@
  */
 
 
-
 /* Implements Microchip CRYPTO API layer */
-
-
+#ifdef HAVE_CONFIG_H
+    #include "config.h"
+#endif
+#ifdef MICROCHIP_MPLAB_HARMONY
+    #include "system_config.h"
+#endif
 
 #include "crypto.h"
 
-#include <cyassl/ctaocrypt/settings.h>
-
-#include <cyassl/ctaocrypt/md5.h>
-#include <cyassl/ctaocrypt/sha.h>
-#include <cyassl/ctaocrypt/sha256.h>
-#include <cyassl/ctaocrypt/sha512.h>
-#include <cyassl/ctaocrypt/hmac.h>
-#include <cyassl/ctaocrypt/compress.h>
-#include <cyassl/ctaocrypt/random.h>
-#include <cyassl/ctaocrypt/des3.h>
-#include <cyassl/ctaocrypt/aes.h>
-#include <cyassl/ctaocrypt/rsa.h>
-#include <cyassl/ctaocrypt/ecc.h>
-#include <cyassl/ctaocrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/settings.h>
 
+#include <wolfssl/wolfcrypt/md5.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/hmac.h>
+#include <wolfssl/wolfcrypt/compress.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/des3.h>
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/rsa.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
+#ifndef NO_MD5
 /* Initialize MD5 */
 int CRYPT_MD5_Initialize(CRYPT_MD5_CTX* md5)
 {
@@ -75,7 +78,9 @@ int CRYPT_MD5_Finalize(CRYPT_MD5_CTX* md5, unsigned char* digest)
 
     return wc_Md5Final((Md5*)md5, digest);
 }
+#endif
 
+#ifndef NO_SHA
 
 /* Initialize SHA */
 int CRYPT_SHA_Initialize(CRYPT_SHA_CTX* sha)
@@ -109,7 +114,9 @@ int CRYPT_SHA_Finalize(CRYPT_SHA_CTX* sha, unsigned char* digest)
 
     return wc_ShaFinal((Sha*)sha, digest);
 }
+#endif
 
+#ifndef NO_SHA256
 
 /* Initialize SHA-256 */
 int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX* sha256)
@@ -143,8 +150,10 @@ int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX* sha256, unsigned char* digest)
 
     return wc_Sha256Final((Sha256*)sha256, digest);
 }
+#endif
 
-
+#ifdef WOLFSSL_SHA512
+#ifdef WOLFSSL_SHA384
 /* Initialize SHA-384 */
 int CRYPT_SHA384_Initialize(CRYPT_SHA384_CTX* sha384)
 {
@@ -177,6 +186,7 @@ int CRYPT_SHA384_Finalize(CRYPT_SHA384_CTX* sha384, unsigned char* digest)
 
     return wc_Sha384Final((Sha384*)sha384, digest);
 }
+#endif
 
 
 /* Initialize SHA-512 */
@@ -211,8 +221,9 @@ int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest)
 
     return wc_Sha512Final((Sha512*)sha512, digest);
 }
+#endif
 
-
+#ifndef NO_HMAC
 /* Set HMAC key with type */
 int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key,
                       unsigned int sz)
@@ -252,6 +263,9 @@ int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX* hmac, unsigned char* digest)
     return wc_HmacFinal((Hmac*)hmac, digest);
 }
 
+#endif
+
+#ifdef HAVE_LIBZ
 
 /* Huffman Compression, set flag to do static, otherwise dynamic */
 /* return compressed size, otherwise < 0 for error */
@@ -262,7 +276,7 @@ int CRYPT_HUFFMAN_Compress(unsigned char* out, unsigned int outSz,
     if (out == NULL || in == NULL)
         return BAD_FUNC_ARG;
 
-    return Compress(out, outSz, in, inSz, flags);
+    return wc_Compress(out, outSz, in, inSz, flags);
 }
 
 
@@ -274,9 +288,12 @@ int CRYPT_HUFFMAN_DeCompress(unsigned char* out, unsigned int outSz,
     if (out == NULL || in == NULL)
         return BAD_FUNC_ARG;
 
-    return DeCompress(out, outSz, in, inSz);
+    return wc_DeCompress(out, outSz, in, inSz);
 }
 
+#endif
+
+#ifndef NO_RNG
 
 /* RNG Initialize, < 0 on error */
 int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng)
@@ -287,7 +304,7 @@ int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng)
     if (rng == NULL)
         return BAD_FUNC_ARG;
 
-    return InitRng((WC_RNG*)rng);
+    return wc_InitRng((WC_RNG*)rng);
 }
 
 
@@ -297,7 +314,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b)
     if (rng == NULL || b == NULL)
         return BAD_FUNC_ARG;
 
-    return RNG_GenerateByte((WC_RNG*)rng, (byte*)b);
+    return wc_RNG_GenerateByte((WC_RNG*)rng, (byte*)b);
 }
 
 
@@ -308,10 +325,12 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b,
     if (rng == NULL || b == NULL)
         return BAD_FUNC_ARG;
 
-    return RNG_GenerateBlock((WC_RNG*)rng, b, sz);
+    return wc_RNG_GenerateBlock((WC_RNG*)rng, b, sz);
 }
 
+#endif
 
+#ifndef NO_DES3
 /* Triple DES Key Set, may have iv, will have direction */
 int CRYPT_TDES_KeySet(CRYPT_TDES_CTX* tdes, const unsigned char* key,
                       const unsigned char* iv, int dir)
@@ -322,7 +341,7 @@ int CRYPT_TDES_KeySet(CRYPT_TDES_CTX* tdes, const unsigned char* key,
     if (tdes == NULL || key == NULL)
         return BAD_FUNC_ARG;
 
-    return Des3_SetKey((Des3*)tdes, key, iv, dir);
+    return wc_Des3_SetKey((Des3*)tdes, key, iv, dir);
 }
 
 
@@ -354,9 +373,12 @@ int CRYPT_TDES_CBC_Decrypt(CRYPT_TDES_CTX* tdes, unsigned char* out,
     if (tdes == NULL || out == NULL || in == NULL)
         return BAD_FUNC_ARG;
 
-    return Des3_CbcDecrypt((Des3*)tdes, out, in, inSz);
+    return wc_Des3_CbcDecrypt((Des3*)tdes, out, in, inSz);
 }
 
+#endif
+
+#ifndef NO_AES
 
 /* AES Key Set, may have iv, will have direction */
 int CRYPT_AES_KeySet(CRYPT_AES_CTX* aes, const unsigned char* key,
@@ -400,10 +422,11 @@ int CRYPT_AES_CBC_Decrypt(CRYPT_AES_CTX* aes, unsigned char* out,
     if (aes == NULL || out == NULL || in == NULL)
         return BAD_FUNC_ARG;
 
-    return AesCbcDecrypt((Aes*)aes, out, in, inSz);
+    return wc_AesCbcDecrypt((Aes*)aes, out, in, inSz);
 }
+#endif
 
-
+#ifdef WOLFSSL_AES_COUNTER
 /* AES CTR Encrypt (used for decrypt too, with ENCRYPT key setup) */
 int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out,
                           const unsigned char* in, unsigned int inSz)
@@ -413,7 +436,9 @@ int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out,
 
     return wc_AesCtrEncrypt((Aes*)aes, out, in, inSz);
 }
+#endif
 
+#ifdef WOLFSSL_AES_DIRECT
 
 /* AES Direct mode encrypt, one block at a time */
 int CRYPT_AES_DIRECT_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out,
@@ -439,7 +464,9 @@ int CRYPT_AES_DIRECT_Decrypt(CRYPT_AES_CTX* aes, unsigned char* out,
 
     return 0;
 }
+#endif
 
+#ifndef NO_RSA
 
 /* RSA Initialize */
 int CRYPT_RSA_Initialize(CRYPT_RSA_CTX* rsa)
@@ -451,7 +478,7 @@ int CRYPT_RSA_Initialize(CRYPT_RSA_CTX* rsa)
     if (rsa->holder == NULL)
         return -1;
 
-    return InitRsaKey((RsaKey*)rsa->holder, NULL);
+    return wc_InitRsaKey((RsaKey*)rsa->holder, NULL);
 }
 
 
@@ -461,7 +488,7 @@ int CRYPT_RSA_Free(CRYPT_RSA_CTX* rsa)
     if (rsa == NULL)
         return BAD_FUNC_ARG;
 
-    FreeRsaKey((RsaKey*)rsa->holder);
+    wc_FreeRsaKey((RsaKey*)rsa->holder);
     XFREE(rsa->holder, NULL, DYNAMIC_TYPE_RSA);
     rsa->holder = NULL;
 
@@ -479,7 +506,7 @@ int CRYPT_RSA_PublicKeyDecode(CRYPT_RSA_CTX* rsa, const unsigned char* in,
     if (rsa == NULL || in == NULL)
         return BAD_FUNC_ARG;
 
-    return RsaPublicKeyDecode(in, &idx, (RsaKey*)rsa->holder, inSz);
+    return wc_RsaPublicKeyDecode(in, &idx, (RsaKey*)rsa->holder, inSz);
 }
 
 
@@ -493,7 +520,7 @@ int CRYPT_RSA_PrivateKeyDecode(CRYPT_RSA_CTX* rsa, const unsigned char* in,
     if (rsa == NULL || in == NULL)
         return BAD_FUNC_ARG;
 
-    return RsaPrivateKeyDecode(in, &idx, (RsaKey*)rsa->holder, inSz);
+    return wc_RsaPrivateKeyDecode(in, &idx, (RsaKey*)rsa->holder, inSz);
 }
 
 
@@ -505,7 +532,7 @@ int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
     if (rsa == NULL || in == NULL || out == NULL || rng == NULL)
         return BAD_FUNC_ARG;
 
-    return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder,
+    return wc_RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder,
                             (WC_RNG*)rng);
 }
 
@@ -518,7 +545,7 @@ int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
     if (rsa == NULL || in == NULL || out == NULL)
         return BAD_FUNC_ARG;
 
-    return RsaPrivateDecrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder);
+    return wc_RsaPrivateDecrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder);
 }
 
 
@@ -528,7 +555,7 @@ int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX* rsa)
     if (rsa == NULL)
         return BAD_FUNC_ARG;
 
-    return RsaEncryptSize((RsaKey*)rsa->holder);
+    return wc_RsaEncryptSize((RsaKey*)rsa->holder);
 }
 
 
@@ -545,7 +572,9 @@ int CRYPT_RSA_SetRng(CRYPT_RSA_CTX* rsa, CRYPT_RNG_CTX* rng)
     return 0;
 #endif
 }
+#endif
 
+#ifdef HAVE_ECC
 
 /* ECC init */
 int CRYPT_ECC_Initialize(CRYPT_ECC_CTX* ecc)
@@ -698,6 +727,7 @@ int CRYPT_ECC_SignatureSizeGet(CRYPT_ECC_CTX* ecc)
     return wc_ecc_sig_size((ecc_key*)ecc->holder);
 }
 
+#endif
 
 /* Save error string from err to str which needs to be >= 80 chars */
 int CRYPT_ERROR_StringGet(int err, char* str)
@@ -705,7 +735,7 @@ int CRYPT_ERROR_StringGet(int err, char* str)
     if (str == NULL)
         return BAD_FUNC_ARG;
 
-    CTaoCryptErrorString(err, str);
+    wc_ErrorString(err, str);
 
     return 0;
 }
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index 4d71a3f26..c9cd779de 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -164,7 +164,7 @@ enum {
 
 /* AES */
 typedef struct CRYPT_AES_CTX {
-    int holder[78];   /* big enough to hold internal, but check on init */
+    int holder[90];   /* big enough to hold internal, but check on init */
 } CRYPT_AES_CTX;
 
 /* key */
diff --git a/mcapi/include.am b/mcapi/include.am
index 77170ac26..9448a5232 100644
--- a/mcapi/include.am
+++ b/mcapi/include.am
@@ -15,5 +15,5 @@ noinst_HEADERS += mcapi/crypto.h
 
 EXTRA_DIST += \
          mcapi/README \
-		 mcapi/PIC32MZ-serial.h
-
+         mcapi/PIC32MZ-serial.h \
+         mcapi/user_settings.h
diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c
index 82450f917..e5743f131 100644
--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -1,4 +1,4 @@
-/* test.c
+/* mcapi_test.c
  *
  * Copyright (C) 2006-2016 wolfSSL Inc.
  *
@@ -59,6 +59,8 @@
     #include <stdio.h>
     #include <stdlib.h>
     #include <p32xxxx.h>
+    #define _SUPPRESS_PLIB_WARNING
+    #define _DISABLE_OPENADC10_CONFIGPORT_WARNING
     #include <plib.h>
     #include <sys/appio.h>
     #define init_serial()  /* void out init_serial() */
diff --git a/mcapi/user_settings.h b/mcapi/user_settings.h
new file mode 100644
index 000000000..d98dfaabb
--- /dev/null
+++ b/mcapi/user_settings.h
@@ -0,0 +1,386 @@
+/* Example custom user settings for wolfSSL */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stddef.h> /* for size_t */
+
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef  WOLFSSL_SMALL_STACK
+#define WOLFSSL_SMALL_STACK
+
+#undef  MICROCHIP_PIC32
+#define MICROCHIP_PIC32
+
+#undef  WOLFSSL_MICROCHIP_PIC32MZ
+#define WOLFSSL_MICROCHIP_PIC32MZ
+
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#ifdef USE_FAST_MATH
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations */
+    //#define TFM_MIPS
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* ECC */
+#if 1
+    #undef  HAVE_ECC
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    #define ECC_USER_CURVES
+
+    //#define HAVE_ECC192
+    //#define HAVE_ECC224
+    #undef NO_ECC256
+    //#define HAVE_ECC384
+    //#define HAVE_ECC521
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    #ifdef USE_FAST_MATH
+        /* use reduced size math buffers for ecc points */
+        #undef  ALT_ECC_SIZE
+        #define ALT_ECC_SIZE
+
+        /* Enable TFM optimizations for ECC */
+        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC192
+        #endif
+        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC224
+        #endif
+        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC256
+        #endif
+        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC384
+        #endif
+        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC521
+        #endif
+    #endif
+#endif
+
+/* RSA */
+#undef NO_RSA
+#if 1
+    #ifdef USE_FAST_MATH
+        /* Maximum math bits (Max RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     2048
+    #endif
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+    
+    /* timing resistance */
+    #undef  WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
+#else
+    #define NO_RSA
+#endif
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_DECRYPT
+    #define HAVE_AES_DECRYPT
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    #undef  GCM_SMALL
+    #define GCM_SMALL
+
+    #undef  HAVE_AESCCM
+    #define HAVE_AESCCM
+
+    #undef  WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+#else
+    #define NO_AES
+#endif
+
+/* DES3 */
+#undef NO_DES3
+#if 1
+    #undef  WOLFSSL_DES_ECB
+    #define WOLFSSL_DES_ECB
+#else
+    #define NO_DES3
+#endif
+
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 0
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 1
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA2
+#endif
+
+/* MD5 */
+#undef  NO_MD5
+#if 1
+#else
+    #define NO_MD5
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+//#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_1024
+#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Time */
+/* ------------------------------------------------------------------------- */
+#if 0
+    /* Override Current Time */
+    /* Allows custom "custom_time()" function to be used for benchmark */
+    #define WOLFSSL_USER_CURRTIME
+    #define USER_TICKS
+    extern unsigned long custom_time(unsigned long* timer);
+    #define XTIME custom_time
+#else
+    #warning Time/RTC disabled
+    #undef  NO_ASN_TIME
+    #define NO_ASN_TIME
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
+
+#ifdef DEBUG_WOLFSSL
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef  USE_WOLFSSL_MEMORY
+        #define USE_WOLFSSL_MEMORY
+        #undef  WOLFSSL_TRACK_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+    #endif
+#else
+    #undef  NO_WOLFSSL_MEMORY
+    #define NO_WOLFSSL_MEMORY
+
+    #undef  NO_ERROR_STRINGS
+    //#define NO_ERROR_STRINGS
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef  KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+//#define HAVE_COMP_KEY
+
+#undef  HAVE_TLS_EXTENSIONS
+//#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+//#define HAVE_SUPPORTED_CURVES
+
+#undef  WOLFSSL_BASE64_ENCODE
+//#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+#define NO_DEV_RANDOM
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_DH
+#define NO_DH
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  NO_CODING
+//#define NO_CODING
+
+
+/* Suppress array-bounds */
+#pragma GCC diagnostic ignored "-Warray-bounds"
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/mcapi/wolfcrypt_mcapi.X/nbproject/configurations.xml b/mcapi/wolfcrypt_mcapi.X/nbproject/configurations.xml
index 4d3eec5fb..09fb14503 100644
--- a/mcapi/wolfcrypt_mcapi.X/nbproject/configurations.xml
+++ b/mcapi/wolfcrypt_mcapi.X/nbproject/configurations.xml
@@ -4,6 +4,7 @@
     <logicalFolder name="HeaderFiles"
                    displayName="Header Files"
                    projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
     </logicalFolder>
     <logicalFolder name="LinkerScript"
                    displayName="Linker Files"
@@ -110,8 +111,7 @@
         <property key="place-data-into-section" value="false"/>
         <property key="post-instruction-scheduling" value="default"/>
         <property key="pre-instruction-scheduling" value="default"/>
-        <property key="preprocessor-macros"
-                  value="WOLFSSL_SHA384;WOLFSSL_SHA512;HAVE_ECC;HAVE_LIBZ;HAVE_MCAPI"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS;HAVE_LIBZ;HAVE_MCAPI"/>
         <property key="strict-ansi" value="false"/>
         <property key="support-ansi" value="false"/>
         <property key="use-cci" value="false"/>
@@ -149,7 +149,7 @@
         <property key="preprocessor-macros" value=""/>
         <property key="remove-unused-sections" value="false"/>
         <property key="report-memory-usage" value="false"/>
-        <property key="stack-size" value="2048"/>
+        <property key="stack-size" value="20480"/>
         <property key="symbol-stripping" value=""/>
         <property key="trace-symbols" value=""/>
         <property key="warn-section-align" value="false"/>
diff --git a/mcapi/wolfcrypt_test.X/nbproject/configurations.xml b/mcapi/wolfcrypt_test.X/nbproject/configurations.xml
index 5c5065e7b..5112f0ab3 100644
--- a/mcapi/wolfcrypt_test.X/nbproject/configurations.xml
+++ b/mcapi/wolfcrypt_test.X/nbproject/configurations.xml
@@ -4,6 +4,7 @@
     <logicalFolder name="HeaderFiles"
                    displayName="Header Files"
                    projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
     </logicalFolder>
     <logicalFolder name="LinkerScript"
                    displayName="Linker Files"
@@ -110,8 +111,7 @@
         <property key="place-data-into-section" value="false"/>
         <property key="post-instruction-scheduling" value="default"/>
         <property key="pre-instruction-scheduling" value="default"/>
-        <property key="preprocessor-macros"
-                  value="NO_MAIN_DRIVER;USE_CERT_BUFFERS_1024;WOLFSSL_SHA384;WOLFSSL_SHA512;HAVE_ECC;HAVE_LIBZ;HAVE_MCAPI"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS;HAVE_LIBZ;HAVE_MCAPI"/>
         <property key="strict-ansi" value="false"/>
         <property key="support-ansi" value="false"/>
         <property key="use-cci" value="false"/>
diff --git a/mcapi/wolfssl.X/nbproject/configurations.xml b/mcapi/wolfssl.X/nbproject/configurations.xml
index 57c9e37f8..591ed069c 100644
--- a/mcapi/wolfssl.X/nbproject/configurations.xml
+++ b/mcapi/wolfssl.X/nbproject/configurations.xml
@@ -4,6 +4,7 @@
     <logicalFolder name="HeaderFiles"
                    displayName="Header Files"
                    projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
     </logicalFolder>
     <logicalFolder name="LinkerScript"
                    displayName="Linker Files"
@@ -37,10 +38,8 @@
         <itemPath>../../wolfcrypt/src/md5.c</itemPath>
         <itemPath>../../wolfcrypt/src/memory.c</itemPath>
         <itemPath>../../wolfcrypt/src/misc.c</itemPath>
-        <itemPath>../../wolfcrypt/src/pic32mz-hash.c</itemPath>
         <itemPath>../../wolfcrypt/src/pkcs7.c</itemPath>
         <itemPath>../../wolfcrypt/src/poly1305.c</itemPath>
-        <itemPath>../../wolfcrypt/src/pw.c</itemPath>
         <itemPath>../../wolfcrypt/src/pwdbased.c</itemPath>
         <itemPath>../../wolfcrypt/src/rabbit.c</itemPath>
         <itemPath>../../wolfcrypt/src/random.c</itemPath>
@@ -51,6 +50,21 @@
         <itemPath>../../wolfcrypt/src/sha512.c</itemPath>
         <itemPath>../../wolfcrypt/src/tfm.c</itemPath>
         <itemPath>../../wolfcrypt/src/wc_port.c</itemPath>
+        <itemPath>../../wolfcrypt/src/port/pic32/pic32mz-hash.c</itemPath>
+        <itemPath>../../wolfcrypt/src/port/pic32/pic32mz-crypt.c</itemPath>
+        <itemPath>../../wolfcrypt/src/hash.c</itemPath>
+        <itemPath>../../wolfcrypt/src/chacha20_poly1305.c</itemPath>
+        <itemPath>../../wolfcrypt/src/curve25519.c</itemPath>
+        <itemPath>../../wolfcrypt/src/ed25519.c</itemPath>
+        <itemPath>../../wolfcrypt/src/fe_low_mem.c</itemPath>
+        <itemPath>../../wolfcrypt/src/fe_operations.c</itemPath>
+        <itemPath>../../wolfcrypt/src/ge_low_mem.c</itemPath>
+        <itemPath>../../wolfcrypt/src/ge_operations.c</itemPath>
+        <itemPath>../../wolfcrypt/src/wc_encrypt.c</itemPath>
+        <itemPath>../../wolfcrypt/src/pkcs12.c</itemPath>
+        <itemPath>../../wolfcrypt/src/signature.c</itemPath>
+        <itemPath>../../wolfcrypt/src/wolfevent.c</itemPath>
+        <itemPath>../../wolfcrypt/src/wolfmath.c</itemPath>
       </logicalFolder>
       <logicalFolder name="src" displayName="wolfssl" projectFiles="true">
         <itemPath>../../src/crl.c</itemPath>
@@ -61,6 +75,7 @@
         <itemPath>../../src/sniffer.c</itemPath>
         <itemPath>../../src/ssl.c</itemPath>
         <itemPath>../../src/tls.c</itemPath>
+        <itemPath>../../src/tls13.c</itemPath>
       </logicalFolder>
     </logicalFolder>
     <logicalFolder name="ExternalFiles"
@@ -118,7 +133,7 @@
         <property key="enable-unroll-loops" value="false"/>
         <property key="exclude-floating-point" value="false"/>
         <property key="extra-include-directories"
-                  value="../../;../../mcapi;../../zlib-1.2.8;/Users/chrisc/yaSSL/products/cyassl/git/cyassl57/zlib-1.2.7"/>
+                  value="../../;../../mcapi;../../mplabx;../../zlib-1.2.8"/>
         <property key="generate-16-bit-code" value="false"/>
         <property key="generate-micro-compressed-code" value="false"/>
         <property key="isolate-each-function" value="false"/>
@@ -127,8 +142,7 @@
         <property key="place-data-into-section" value="false"/>
         <property key="post-instruction-scheduling" value="default"/>
         <property key="pre-instruction-scheduling" value="default"/>
-        <property key="preprocessor-macros"
-                  value="WOLFSSL_SHA512;WOLFSSL_SHA384;WOLFSSL_AES_COUNTER;WOLFSSL_AES_DIRECT;HAVE_ECC;HAVE_LIBZ;HAVE_MCAPI"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS;HAVE_LIBZ;HAVE_MCAPI"/>
         <property key="strict-ansi" value="false"/>
         <property key="support-ansi" value="false"/>
         <property key="use-cci" value="false"/>
diff --git a/mplabx/PIC32MZ-serial.h b/mplabx/PIC32MZ-serial.h
index 97bd1e0b5..a64bdb766 100644
--- a/mplabx/PIC32MZ-serial.h
+++ b/mplabx/PIC32MZ-serial.h
@@ -1,28 +1,96 @@
 void _mon_putc(char c);
 
-static void init_serial() {
-    #ifdef MICROCHIP_PIC32
-#if defined (__32MZ2048ECH144__) || (__32MZ2048ECM144__)
-    /* Set up PB2 divisor for UART2 */
-    SYSKEY = 0x00000000;
-    SYSKEY = 0xAA996655;
-    SYSKEY = 0x556699AA;
-    PB2DIV = 0x00008808;
-    SYSKEY = 0x33333333;
- 
-    /* UART2 Init */
-//    U2BRG = 0x0C;
-    U2BRG = 0x047;
+#define BAUD_GEN(sysclk, baud) ((sysclk / (16 * baud)) - 1)
+
+#ifdef MICROCHIP_PIC32
+#if defined (__32MZ2048ECH144__) || defined(__32MZ2048ECM144__) || defined(__32MZ2048EFM144__)
+    /* Code generated from Harmony example then exported using Window -> PIC32 Memory View -> Configuration Bits into system_config.h */
+    #define SYS_CLK_FREQ                    200000000ul
+    #define SYS_CLK_BUS_PERIPHERAL_2        100000000ul
+
+    /* PIC32MZ2048EFM144 Configuration Bit Settings */
+
+    /*** DEVCFG0 ***/
+    #pragma config DEBUG =      OFF
+    #pragma config JTAGEN =     OFF
+    #pragma config ICESEL =     ICS_PGx2
+    #pragma config TRCEN =      OFF
+    #pragma config BOOTISA =    MIPS32
+    #pragma config FECCCON =    OFF_UNLOCKED
+    #pragma config FSLEEP =     OFF
+    #pragma config DBGPER =     PG_ALL
+    #pragma config SMCLR =      MCLR_NORM
+    #pragma config SOSCGAIN =   GAIN_2X
+    #pragma config SOSCBOOST =  ON
+    #pragma config POSCGAIN =   GAIN_2X
+    #pragma config POSCBOOST =  ON
+    #pragma config EJTAGBEN =   NORMAL
+    #pragma config CP =         OFF
+
+    /*** DEVCFG1 ***/
+    #pragma config FNOSC =      SPLL
+    #pragma config DMTINTV =    WIN_127_128
+    #pragma config FSOSCEN =    OFF
+    #pragma config IESO =       OFF
+    #pragma config POSCMOD =    EC
+    #pragma config OSCIOFNC =   OFF
+    #pragma config FCKSM =      CSECME
+    #pragma config WDTPS =      PS1048576
+    #pragma config WDTSPGM =    STOP
+    #pragma config FWDTEN =     OFF
+    #pragma config WINDIS =     NORMAL
+    #pragma config FWDTWINSZ =  WINSZ_25
+    #pragma config DMTCNT =     DMT31
+    #pragma config FDMTEN =     OFF
+
+    /*** DEVCFG2 ***/
+    #pragma config FPLLIDIV =   DIV_3
+    #pragma config FPLLRNG =    RANGE_5_10_MHZ
+    #pragma config FPLLICLK =   PLL_POSC
+    #pragma config FPLLMULT =   MUL_50
+    #pragma config FPLLODIV =   DIV_2
+    #pragma config UPLLFSEL =   FREQ_24MHZ
+
+    /*** DEVCFG3 ***/
+    #pragma config USERID =     0xffff
+    #pragma config FMIIEN =     ON
+    #pragma config FETHIO =     ON
+    #pragma config PGL1WAY =    ON
+    #pragma config PMDL1WAY =   ON
+    #pragma config IOL1WAY =    ON
+    #pragma config FUSBIDIO =   ON
+
+    /*** BF1SEQ0 ***/
+    #pragma config TSEQ =       0x0000
+    #pragma config CSEQ =       0xffff
+
+    /* #pragma config statements should precede project file includes. */
+    /* Use project enums instead of #define for ON and OFF. */
+
+    #include <xc.h>
+#endif
+#endif
+
+static void init_serial(unsigned int sysClk) {
+#ifdef MICROCHIP_PIC32
+#if defined (__32MZ2048ECH144__) || defined(__32MZ2048ECM144__) || defined(__32MZ2048EFM144__)
+    /* This is for pin B14 which is connected to the USB to UART connector J11 located under Ethernet connector */
+
+    /* Setup UART2 */
+#ifdef SYS_CLK_BUS_PERIPHERAL_2
+    U2BRG = BAUD_GEN(SYS_CLK_BUS_PERIPHERAL_2, 115200);
+#else
+    if (sysClk > 100000000)
+        sysClk /= 2;
+    U2BRG = BAUD_GEN(sysClk, 115200);
+#endif
     ANSELBCLR = 0x4000;
     ANSELGCLR = 0x0040;
     RPB14R = 0x02;
     U2RXR = 0x01;
     U2MODE = 0x8000;
     U2STA = 0x400;
-#elif defined __PIC32MX__
-    SYSTEMConfigPerformance(80000000);
-    DBINIT();
 #endif
- 
 #endif
+    (void)sysClk;
 }
diff --git a/mplabx/README b/mplabx/README
index a78955cde..66c0731a0 100644
--- a/mplabx/README
+++ b/mplabx/README
@@ -14,8 +14,8 @@ Included Project Files
 
 1. wolfSSL library (wolfssl.X)
 
-    This project builds a static wolfSSL library. Prior to building this
-    project, uncomment the MICROCHIP_PIC32 define located in:
+    This project builds a static wolfSSL library. The settings for this project
+    are in `user_settings.h`:
 
     <wolfssl_root>/wolfssl/wolfcrypt/settings.h
 
@@ -39,9 +39,10 @@ Included Project Files
 PIC32MX/PIC32MZ
 ---------------
 
-The projects are set for PIC32MX by default. For PIC32MZ, change project
-properties->Devices and add "WOLFSSL_MICROCHIP_PIC32MZ" to
-XC32-gcc->Preprocessing and messages-> Preprocessor macros.
+The projects are set for PIC32MZ by default. For PIC32MX, comment out the
+`WOLFSSL_MICROCHIP_PIC32MZ` line in `user_settings.h`.
+
+You also need to adjust the microcontroller device in the project properties.
 
 
 MIPS16 and MIPS32 Support
@@ -51,6 +52,14 @@ These projects support both MIPS16 and MIPS32 instruction sets. Switching
 between these two instruction sets can be done in each project's properties
 settings by checking the "Generate 16-bit code" checkbox.
 
+
+Legacy Peripheral Libraries
+___________________________
+
+If you get a linker error locating `ReadCoreTimer` and `WriteCoreTimer` you
+can enable wrappers in benchmark_main.c and test_main.c.
+
+
 Support
 -------
 Please send questions or comments to support@wolfssl.com
diff --git a/mplabx/benchmark_main.c b/mplabx/benchmark_main.c
index c7a31b4be..9419d6f0f 100644
--- a/mplabx/benchmark_main.c
+++ b/mplabx/benchmark_main.c
@@ -24,114 +24,55 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/benchmark/benchmark.h>
 
 #if defined(WOLFSSL_MICROCHIP_PIC32MZ)
     #define MICROCHIP_PIC32
-    #include <xc.h>
-    #pragma config ICESEL = ICS_PGx2
-            /* ICE/ICD Comm Channel Select (Communicate on PGEC2/PGED2) */
     #include <stdio.h>
     #include <stdlib.h>
     #include "PIC32MZ-serial.h"
-    #define  SYSTEMConfigPerformance /* void out SYSTEMConfigPerformance(); */
+    #include <xc.h>
+    #define SYSTEMConfigPerformance(a) /* void out SYSTEMConfigPerformance(); */
+    #define SYS_CLK 200000000
 #else
     #define PIC32_STARTER_KIT
-    #include <p32xxxx.h>
+    #define _SUPPRESS_PLIB_WARNING
+    #define _DISABLE_OPENADC10_CONFIGPORT_WARNING
     #include <plib.h>
     #include <sys/appio.h>
     #define init_serial() /* void out init_serial() ; */
+    #define SYS_CLK 80000000
 #endif
 
-void bench_des(void);
-void bench_arc4(void);
-void bench_hc128(void);
-void bench_rabbit(void);
-void bench_aes(int);
-void bench_aesgcm(void);
-
-void bench_md5(void);
-void bench_sha(void);
-void bench_sha256(void);
-void bench_sha512(void);
-int  bench_ripemd(void);
-
-void bench_rsa(void);
-void bench_rsaKeyGen(void);
-void bench_dh(void);
-#ifdef HAVE_ECC
-void bench_eccKeyGen(void);
-void bench_eccKeyAgree(void);
+#if 1
+/* enable this if ReadCoreTimer and WriteCoreTimer are missing */
+unsigned int ReadCoreTimer(void)
+{
+    unsigned int timer;
+    timer = __builtin_mfc0(9, 0);
+    return timer;
+}
+void WriteCoreTimer(unsigned int t)
+{
+    /* do nothing here */
+    (void)t;
+}
 #endif
 
 /*
  * Main driver for wolfCrypt benchmarks.
  */
-int main(int argc, char** argv) {
-    volatile int i ;
-    int j ;
-
-    PRECONbits.PFMWS = 2;
-    PRECONbits.PREFEN = 0b11;
-
-    init_serial() ;  /* initialize PIC32MZ serial I/O */
-    SYSTEMConfigPerformance(80000000);
+int main(int argc, char** argv)
+{
+    SYSTEMConfigPerformance(SYS_CLK);
     DBINIT();
+    
+    init_serial(SYS_CLK) ;  /* initialize PIC32MZ serial I/O */
+    
     printf("wolfCrypt Benchmark:\n");
 
-#ifndef NO_AES
-    bench_aes(0);
-    bench_aes(1);
-#endif
-#ifdef HAVE_AESGCM
-    bench_aesgcm();
-#endif
-#ifndef NO_RC4
-    bench_arc4();
-#endif
-#ifdef HAVE_HC128
-    bench_hc128();
-#endif
-#ifndef NO_RABBIT
-    bench_rabbit();
-#endif
-#ifndef NO_DES3
-    bench_des();
-#endif
+    benchmark_test(NULL);
 
-    printf("\n");
-
-#ifndef NO_MD5
-    bench_md5();
-#endif
-    bench_sha();
-#ifndef NO_SHA256
-    bench_sha256();
-#endif
-#ifdef WOLFSSL_SHA512
-    bench_sha512();
-#endif
-#ifdef CYASSL_RIPEMD
-    bench_ripemd();
-#endif
-
-    printf("\n");
-
-#ifndef NO_RSA
-    bench_rsa();
-#endif
-
-#ifndef NO_DH
-    bench_dh();
-#endif
-
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-    bench_rsaKeyGen();
-#endif
-
-#ifdef HAVE_ECC
-    bench_eccKeyGen();
-    bench_eccKeyAgree();
-#endif
     printf("End of wolfCrypt Benchmark:\n");
     return 0;
 }
diff --git a/mplabx/include.am b/mplabx/include.am
index b63cdecaa..0536e9006 100644
--- a/mplabx/include.am
+++ b/mplabx/include.am
@@ -3,8 +3,8 @@
 #
 
 EXTRA_DIST += \
-         mplabx/PIC32MZ-serial.h \
 		 mplabx/README \
 		 mplabx/benchmark_main.c \
-		 mplabx/test_main.c
-
+		 mplabx/test_main.c \
+         mplabx/PIC32MZ-serial.h \
+         mplabx/user_settings.h
diff --git a/mplabx/test_main.c b/mplabx/test_main.c
index 258200697..d2cedc927 100644
--- a/mplabx/test_main.c
+++ b/mplabx/test_main.c
@@ -25,24 +25,27 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/test/test.h>
 
 #if defined(WOLFSSL_MICROCHIP_PIC32MZ)
     #define MICROCHIP_PIC32
-    #include <xc.h>
-    #pragma config ICESEL = ICS_PGx2
-            /* ICE/ICD Comm Channel Select (Communicate on PGEC2/PGED2) */
     #include <stdio.h>
     #include <stdlib.h>
     #include "PIC32MZ-serial.h"
-    #define  SYSTEMConfigPerformance /* void out SYSTEMConfigPerformance(); */
+    #include <xc.h>
+    #define SYSTEMConfigPerformance(a) /* void out SYSTEMConfigPerformance(); */
+    #define SYS_CLK 200000000
 #else
     #define PIC32_STARTER_KIT
     #include <stdio.h>
     #include <stdlib.h>
     #include <p32xxxx.h>
+    #define _SUPPRESS_PLIB_WARNING
+    #define _DISABLE_OPENADC10_CONFIGPORT_WARNING
     #include <plib.h>
     #include <sys/appio.h>
     #define init_serial()  /* void out init_serial() */
+    #define SYS_CLK 80000000
 #endif
 
 /* func_args from test.h, so don't have to pull in other junk */
@@ -52,17 +55,35 @@ typedef struct func_args {
     int    return_code;
 } func_args;
 
+
+#if 1
+/* enable this if ReadCoreTimer and WriteCoreTimer are missing */
+unsigned int ReadCoreTimer(void)
+{
+    unsigned int timer;
+    timer = __builtin_mfc0(9, 0);
+    return timer;
+}
+void WriteCoreTimer(unsigned int t)
+{
+    /* do nothing here */
+    (void)t;
+}
+#endif
+
 /*
  * Main driver for WolfCrypt tests.
  */
-int main(int argc, char** argv) {
-    int i ;
-
-    init_serial() ;  /* initialize PIC32MZ serial I/O */
-    SYSTEMConfigPerformance(80000000);
-    DBINIT();
-    printf("WolfCrypt Test:\n");
+int main(int argc, char** argv)
+{
     func_args args;
+    
+    SYSTEMConfigPerformance(SYS_CLK);
+    DBINIT();
+    
+    init_serial(SYS_CLK) ;  /* initialize PIC32MZ serial I/O */
+    
+    printf("WolfCrypt Test:\n");
 
     args.argc = argc;
     args.argv = argv;
@@ -72,7 +93,7 @@ int main(int argc, char** argv) {
     if (args.return_code == 0) {
         printf("All tests passed!\n");
     }
-    
+
     return 0;
 }
 
diff --git a/mplabx/user_settings.h b/mplabx/user_settings.h
new file mode 100644
index 000000000..d98dfaabb
--- /dev/null
+++ b/mplabx/user_settings.h
@@ -0,0 +1,386 @@
+/* Example custom user settings for wolfSSL */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stddef.h> /* for size_t */
+
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef  WOLFSSL_SMALL_STACK
+#define WOLFSSL_SMALL_STACK
+
+#undef  MICROCHIP_PIC32
+#define MICROCHIP_PIC32
+
+#undef  WOLFSSL_MICROCHIP_PIC32MZ
+#define WOLFSSL_MICROCHIP_PIC32MZ
+
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#ifdef USE_FAST_MATH
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations */
+    //#define TFM_MIPS
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* ECC */
+#if 1
+    #undef  HAVE_ECC
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    #define ECC_USER_CURVES
+
+    //#define HAVE_ECC192
+    //#define HAVE_ECC224
+    #undef NO_ECC256
+    //#define HAVE_ECC384
+    //#define HAVE_ECC521
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    #ifdef USE_FAST_MATH
+        /* use reduced size math buffers for ecc points */
+        #undef  ALT_ECC_SIZE
+        #define ALT_ECC_SIZE
+
+        /* Enable TFM optimizations for ECC */
+        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC192
+        #endif
+        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC224
+        #endif
+        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC256
+        #endif
+        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC384
+        #endif
+        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC521
+        #endif
+    #endif
+#endif
+
+/* RSA */
+#undef NO_RSA
+#if 1
+    #ifdef USE_FAST_MATH
+        /* Maximum math bits (Max RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     2048
+    #endif
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+    
+    /* timing resistance */
+    #undef  WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
+#else
+    #define NO_RSA
+#endif
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_DECRYPT
+    #define HAVE_AES_DECRYPT
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    #undef  GCM_SMALL
+    #define GCM_SMALL
+
+    #undef  HAVE_AESCCM
+    #define HAVE_AESCCM
+
+    #undef  WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+#else
+    #define NO_AES
+#endif
+
+/* DES3 */
+#undef NO_DES3
+#if 1
+    #undef  WOLFSSL_DES_ECB
+    #define WOLFSSL_DES_ECB
+#else
+    #define NO_DES3
+#endif
+
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 0
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 1
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA2
+#endif
+
+/* MD5 */
+#undef  NO_MD5
+#if 1
+#else
+    #define NO_MD5
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+//#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_1024
+#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Time */
+/* ------------------------------------------------------------------------- */
+#if 0
+    /* Override Current Time */
+    /* Allows custom "custom_time()" function to be used for benchmark */
+    #define WOLFSSL_USER_CURRTIME
+    #define USER_TICKS
+    extern unsigned long custom_time(unsigned long* timer);
+    #define XTIME custom_time
+#else
+    #warning Time/RTC disabled
+    #undef  NO_ASN_TIME
+    #define NO_ASN_TIME
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
+
+#ifdef DEBUG_WOLFSSL
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef  USE_WOLFSSL_MEMORY
+        #define USE_WOLFSSL_MEMORY
+        #undef  WOLFSSL_TRACK_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+    #endif
+#else
+    #undef  NO_WOLFSSL_MEMORY
+    #define NO_WOLFSSL_MEMORY
+
+    #undef  NO_ERROR_STRINGS
+    //#define NO_ERROR_STRINGS
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef  KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+//#define HAVE_COMP_KEY
+
+#undef  HAVE_TLS_EXTENSIONS
+//#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+//#define HAVE_SUPPORTED_CURVES
+
+#undef  WOLFSSL_BASE64_ENCODE
+//#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+#define NO_DEV_RANDOM
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_DH
+#define NO_DH
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  NO_CODING
+//#define NO_CODING
+
+
+/* Suppress array-bounds */
+#pragma GCC diagnostic ignored "-Warray-bounds"
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/mplabx/wolfcrypt_benchmark.X/nbproject/configurations.xml b/mplabx/wolfcrypt_benchmark.X/nbproject/configurations.xml
index cdd096f4e..f3235b6bb 100755
--- a/mplabx/wolfcrypt_benchmark.X/nbproject/configurations.xml
+++ b/mplabx/wolfcrypt_benchmark.X/nbproject/configurations.xml
@@ -4,6 +4,7 @@
     <logicalFolder name="HeaderFiles"
                    displayName="Header Files"
                    projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
     </logicalFolder>
     <logicalFolder name="LinkerScript"
                    displayName="Linker Files"
@@ -84,17 +85,16 @@
         <property key="enable-symbols" value="true"/>
         <property key="enable-unroll-loops" value="false"/>
         <property key="exclude-floating-point" value="false"/>
-        <property key="extra-include-directories" value="../../"/>
+        <property key="extra-include-directories" value="../../;../"/>
         <property key="generate-16-bit-code" value="false"/>
         <property key="generate-micro-compressed-code" value="false"/>
         <property key="isolate-each-function" value="false"/>
         <property key="make-warnings-into-errors" value="false"/>
-        <property key="optimization-level" value="-O1"/>
+        <property key="optimization-level" value="-O3"/>
         <property key="place-data-into-section" value="false"/>
         <property key="post-instruction-scheduling" value="default"/>
         <property key="pre-instruction-scheduling" value="default"/>
-        <property key="preprocessor-macros"
-                  value="NO_MAIN_DRIVER;USE_CERT_BUFFERS_1024;BENCH_EMBEDDED;HAVE_ECC;WOLFSSL_SHA512"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS"/>
         <property key="strict-ansi" value="false"/>
         <property key="support-ansi" value="false"/>
         <property key="use-cci" value="false"/>
diff --git a/mplabx/wolfcrypt_benchmark.X/nbproject/project.xml b/mplabx/wolfcrypt_benchmark.X/nbproject/project.xml
index 52724d60e..91468cb01 100755
--- a/mplabx/wolfcrypt_benchmark.X/nbproject/project.xml
+++ b/mplabx/wolfcrypt_benchmark.X/nbproject/project.xml
@@ -8,7 +8,7 @@
             <make-project-type>0</make-project-type>
             <c-extensions>c</c-extensions>
             <cpp-extensions/>
-            <header-extensions/>
+            <header-extensions>h</header-extensions>
             <sourceEncoding>ISO-8859-1</sourceEncoding>
             <asminc-extensions/>
             <make-dep-projects>
diff --git a/mplabx/wolfcrypt_test.X/nbproject/configurations.xml b/mplabx/wolfcrypt_test.X/nbproject/configurations.xml
index 48a1d646c..8c33f45fd 100755
--- a/mplabx/wolfcrypt_test.X/nbproject/configurations.xml
+++ b/mplabx/wolfcrypt_test.X/nbproject/configurations.xml
@@ -4,6 +4,7 @@
     <logicalFolder name="HeaderFiles"
                    displayName="Header Files"
                    projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
     </logicalFolder>
     <logicalFolder name="LinkerScript"
                    displayName="Linker Files"
@@ -84,7 +85,7 @@
         <property key="enable-symbols" value="false"/>
         <property key="enable-unroll-loops" value="false"/>
         <property key="exclude-floating-point" value="false"/>
-        <property key="extra-include-directories" value="../../"/>
+        <property key="extra-include-directories" value="../../;../"/>
         <property key="generate-16-bit-code" value="false"/>
         <property key="generate-micro-compressed-code" value="false"/>
         <property key="isolate-each-function" value="false"/>
@@ -93,8 +94,7 @@
         <property key="place-data-into-section" value="false"/>
         <property key="post-instruction-scheduling" value="default"/>
         <property key="pre-instruction-scheduling" value="default"/>
-        <property key="preprocessor-macros"
-                  value="NO_MAIN_DRIVER;USE_CERT_BUFFERS_1024;WOLFSSL_SHA384;WOLFSSL_SHA512;HAVE_ECC"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS"/>
         <property key="strict-ansi" value="false"/>
         <property key="support-ansi" value="false"/>
         <property key="use-cci" value="false"/>
@@ -148,7 +148,7 @@
         <property key="preprocessor-macros" value=""/>
         <property key="remove-unused-sections" value="true"/>
         <property key="report-memory-usage" value="false"/>
-        <property key="stack-size" value=""/>
+        <property key="stack-size" value="20480"/>
         <property key="symbol-stripping" value=""/>
         <property key="trace-symbols" value=""/>
         <property key="warn-section-align" value="false"/>
diff --git a/mplabx/wolfcrypt_test.X/nbproject/project.xml b/mplabx/wolfcrypt_test.X/nbproject/project.xml
index b9a11fa11..c2ffc29aa 100755
--- a/mplabx/wolfcrypt_test.X/nbproject/project.xml
+++ b/mplabx/wolfcrypt_test.X/nbproject/project.xml
@@ -8,7 +8,7 @@
             <make-project-type>0</make-project-type>
             <c-extensions>c</c-extensions>
             <cpp-extensions/>
-            <header-extensions/>
+            <header-extensions>h</header-extensions>
             <sourceEncoding>ISO-8859-1</sourceEncoding>
             <asminc-extensions/>
             <make-dep-projects>
diff --git a/mplabx/wolfssl.X/nbproject/configurations.xml b/mplabx/wolfssl.X/nbproject/configurations.xml
index 043adc04e..452ea7135 100755
--- a/mplabx/wolfssl.X/nbproject/configurations.xml
+++ b/mplabx/wolfssl.X/nbproject/configurations.xml
@@ -4,6 +4,7 @@
     <logicalFolder name="HeaderFiles"
                    displayName="Header Files"
                    projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
     </logicalFolder>
     <logicalFolder name="LinkerScript"
                    displayName="Linker Files"
@@ -49,7 +50,7 @@
         <itemPath>../../wolfcrypt/src/sha512.c</itemPath>
         <itemPath>../../wolfcrypt/src/tfm.c</itemPath>
         <itemPath>../../wolfcrypt/src/wc_port.c</itemPath>
-        <itemPath>../../wolfcrypt/src/port/pic32/pic32mz-hash.c</itemPath>
+        <itemPath>../../wolfcrypt/src/port/pic32/pic32mz-crypt.c</itemPath>
         <itemPath>../../wolfcrypt/src/hash.c</itemPath>
         <itemPath>../../wolfcrypt/src/chacha20_poly1305.c</itemPath>
         <itemPath>../../wolfcrypt/src/curve25519.c</itemPath>
@@ -59,6 +60,10 @@
         <itemPath>../../wolfcrypt/src/ge_low_mem.c</itemPath>
         <itemPath>../../wolfcrypt/src/ge_operations.c</itemPath>
         <itemPath>../../wolfcrypt/src/wc_encrypt.c</itemPath>
+        <itemPath>../../wolfcrypt/src/pkcs12.c</itemPath>
+        <itemPath>../../wolfcrypt/src/signature.c</itemPath>
+        <itemPath>../../wolfcrypt/src/wolfevent.c</itemPath>
+        <itemPath>../../wolfcrypt/src/wolfmath.c</itemPath>
       </logicalFolder>
       <logicalFolder name="f1" displayName="wolfssl" projectFiles="true">
         <itemPath>../../src/crl.c</itemPath>
@@ -69,6 +74,7 @@
         <itemPath>../../src/sniffer.c</itemPath>
         <itemPath>../../src/ssl.c</itemPath>
         <itemPath>../../src/tls.c</itemPath>
+        <itemPath>../../src/tls13.c</itemPath>
       </logicalFolder>
     </logicalFolder>
     <logicalFolder name="ExternalFiles"
@@ -126,7 +132,7 @@
         <property key="enable-symbols" value="false"/>
         <property key="enable-unroll-loops" value="false"/>
         <property key="exclude-floating-point" value="false"/>
-        <property key="extra-include-directories" value="../../;..\"/>
+        <property key="extra-include-directories" value="../../;../"/>
         <property key="generate-16-bit-code" value="false"/>
         <property key="generate-micro-compressed-code" value="false"/>
         <property key="isolate-each-function" value="false"/>
@@ -135,8 +141,7 @@
         <property key="place-data-into-section" value="false"/>
         <property key="post-instruction-scheduling" value="default"/>
         <property key="pre-instruction-scheduling" value="default"/>
-        <property key="preprocessor-macros"
-                  value="WOLFSSL_SHA512;WOLFSSL_SHA384;HAVE_ECC"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS"/>
         <property key="strict-ansi" value="false"/>
         <property key="support-ansi" value="false"/>
         <property key="use-cci" value="false"/>
diff --git a/mplabx/wolfssl.X/nbproject/project.xml b/mplabx/wolfssl.X/nbproject/project.xml
index efab333a4..92994f1f0 100755
--- a/mplabx/wolfssl.X/nbproject/project.xml
+++ b/mplabx/wolfssl.X/nbproject/project.xml
@@ -8,7 +8,7 @@
             <make-project-type>0</make-project-type>
             <c-extensions>c</c-extensions>
             <cpp-extensions/>
-            <header-extensions/>
+            <header-extensions>h</header-extensions>
             <sourceEncoding>ISO-8859-1</sourceEncoding>
             <asminc-extensions/>
             <make-dep-projects/>
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 5084aff58..9e3ad4200 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -2737,7 +2737,7 @@ exit_rsa_pub:
 #endif
 
     /* capture resulting encrypt length */
-    idx = RSA_BUF_SIZE; /* fixed at 2048 bit */
+    idx = rsaKeySz/8;
 
     /* begin private async RSA */
     bench_stats_start(&count, &start);
@@ -3676,10 +3676,10 @@ exit_ed_verify:
     #if defined(WOLFSSL_MICROCHIP_PIC32MZ)
         #define CLOCK 80000000.0
     #else
-        #include <peripheral/timer.h>
         #define CLOCK 40000000.0
     #endif
-
+    extern void WriteCoreTimer(word32 t);
+    extern word32 ReadCoreTimer(void);
     double current_time(int reset)
     {
         unsigned int ns;
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 1689cd79f..d61233650 100755
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -583,9 +583,27 @@
     #endif /* HAVE_AES_DECRYPT */
 
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
-    /* NOTE: no support for AES-CCM/Direct */
-    #define DEBUG_WOLFSSL
-    #include "wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h"
+
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
+
+    #if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT)
+
+    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+    {
+        return wc_Pic32AesCrypt(aes->key_ce, aes->keylen, NULL, 0,
+            outBlock, inBlock, AES_BLOCK_SIZE,
+            PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB);
+    }
+
+    #ifdef HAVE_AES_DECRYPT
+    static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+    {
+        return wc_Pic32AesCrypt(aes->key_ce, aes->keylen, NULL, 0,
+            outBlock, inBlock, AES_BLOCK_SIZE,
+            PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB);
+    }
+    #endif /* HAVE_AES_DECRYPT */
+    #endif
 
 #elif defined(WOLFSSL_NRF51_AES)
     /* Use built-in AES hardware - AES 128 ECB Encrypt Only */
@@ -1563,8 +1581,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 }
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
 
-
-#ifdef HAVE_AES_DECRYPT
+#if defined(HAVE_AES_DECRYPT)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
 
 /* load 4 Td Tables into cache by cache line stride */
@@ -1757,8 +1774,9 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
     XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
 }
-#endif /* HAVE_AES_DECRYPT */
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
+#endif /* HAVE_AES_DECRYPT */
+
 #endif /* NEED_AES_TABLES */
 
 
@@ -1948,8 +1966,11 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
                 const byte* iv, int dir)
     {
-        word32 temp, *rk = aes->key;
+        word32 *rk = aes->key;
+    #ifdef NEED_AES_TABLES
+        word32 temp;
         unsigned int i = 0;
+    #endif
 
     #ifdef WOLFSSL_AESNI
         aes->use_aesni = 0;
@@ -1959,28 +1980,21 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     #endif /* WOLFSSL_AES_COUNTER */
 
         aes->keylen = keylen;
-        aes->rounds = keylen/4 + 6;
+        aes->rounds = (keylen/4) + 6;
 
         XMEMCPY(rk, userKey, keylen);
     #ifdef LITTLE_ENDIAN_ORDER
         ByteReverseWords(rk, rk, keylen);
     #endif
 
-        #ifdef WOLFSSL_PIC32MZ_CRYPT
-        {
-            word32 *akey1 = aes->key_ce;
-            word32 *areg = aes->iv_ce;
-            XMEMCPY(akey1, userKey, keylen);
-            if (iv)
-                XMEMCPY(areg, iv, AES_BLOCK_SIZE);
-            else
-                XMEMSET(areg,  0, AES_BLOCK_SIZE);
-        }
-        #endif
+    #ifdef WOLFSSL_PIC32MZ_CRYPT
+        XMEMCPY((word32*)aes->key_ce, userKey, keylen);
+    #endif
 
-        switch(keylen)
-        {
-#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128
+#ifdef NEED_AES_TABLES
+
+        switch (keylen) {
+    #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128
         case 16:
             while (1)
             {
@@ -1999,9 +2013,9 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
                 rk += 4;
             }
             break;
-#endif /* 128 */
+    #endif /* 128 */
 
-#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192
+    #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192
         case 24:
             /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */
             while (1)
@@ -2023,9 +2037,9 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
                 rk += 6;
             }
             break;
-#endif /* 192 */
+    #endif /* 192 */
 
-#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256
+    #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256
         case 32:
             while (1)
             {
@@ -2054,15 +2068,14 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
                 rk += 8;
             }
             break;
-#endif /* 256 */
+    #endif /* 256 */
 
         default:
             return BAD_FUNC_ARG;
-        }
+        } /* switch */
 
-#ifdef HAVE_AES_DECRYPT
-        if (dir == AES_DECRYPTION)
-        {
+    #ifdef HAVE_AES_DECRYPT
+        if (dir == AES_DECRYPTION) {
             unsigned int j;
             rk = aes->key;
 
@@ -2099,9 +2112,10 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
                     Td[3][Te[1][GETBYTE(rk[3], 0)] & 0xff];
             }
         }
-#else
+    #else
         (void)dir;
-#endif /* HAVE_AES_DECRYPT */
+    #endif /* HAVE_AES_DECRYPT */
+#endif /* NEED_AES_TABLES */
 
         return wc_AesSetIV(aes, iv);
     }
@@ -2180,6 +2194,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     else
         XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
 
+#ifdef WOLFSSL_PIC32MZ_CRYPT
+    XMEMCPY(aes->iv_ce, aes->reg, AES_BLOCK_SIZE);
+#endif
+
     return 0;
 }
 
@@ -2188,9 +2206,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     #if defined(HAVE_COLDFIRE_SEC)
         #error "Coldfire SEC doesn't yet support AES direct"
 
-    #elif defined(WOLFSSL_PIC32MZ_CRYPT)
-        #error "PIC32MZ doesn't yet support AES direct"
-
     #elif defined(FREESCALE_LTC)
         /* Allow direct access to one block encrypt */
         void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
@@ -2767,116 +2782,26 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     #endif /* HAVE_AES_DECRYPT */
 
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
-    /* core hardware crypt engine driver */
-    static void wc_AesCrypt(Aes *aes, byte* out, const byte* in, word32 sz,
-                                            int dir, int algo, int cryptoalgo)
-    {
-        securityAssociation *sa_p;
-        bufferDescriptor *bd_p;
-        volatile securityAssociation sa __attribute__((aligned (8)));
-        volatile bufferDescriptor bd __attribute__((aligned (8)));
-        volatile int k;
-
-        /* get uncached address */
-        sa_p = KVA0_TO_KVA1(&sa);
-        bd_p = KVA0_TO_KVA1(&bd);
-
-        /* Sync cache and physical memory */
-        if (PIC32MZ_IF_RAM(in)) {
-            XMEMCPY((void *)KVA0_TO_KVA1(in), (void *)in, sz);
-        }
-        XMEMSET((void *)KVA0_TO_KVA1(out), 0, sz);
-        /* Set up the Security Association */
-        XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa));
-        sa_p->SA_CTRL.ALGO = algo; /* AES */
-        sa_p->SA_CTRL.LNC = 1;
-        sa_p->SA_CTRL.LOADIV = 1;
-        sa_p->SA_CTRL.FB = 1;
-        sa_p->SA_CTRL.ENCTYPE = dir; /* Encryption/Decryption */
-        sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
-
-        if (cryptoalgo == PIC32_CRYPTOALGO_AES_GCM) {
-            switch(aes->keylen) {
-                case 32:
-                    sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_256;
-                    break;
-                case 24:
-                    sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_192;
-                    break;
-                case 16:
-                    sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128;
-                    break;
-            }
-        } else
-            sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128;
-
-        ByteReverseWords(
-        (word32 *)KVA0_TO_KVA1(sa.SA_ENCKEY + 8 - aes->keylen/sizeof(word32)),
-                         (word32 *)aes->key_ce, aes->keylen);
-        ByteReverseWords(
-        (word32*)KVA0_TO_KVA1(sa.SA_ENCIV), (word32 *)aes->iv_ce, 16);
-
-        XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd));
-        /* Set up the Buffer Descriptor */
-        bd_p->BD_CTRL.BUFLEN = sz;
-        if (cryptoalgo == PIC32_CRYPTOALGO_AES_GCM) {
-            if(sz % 0x10)
-                bd_p->BD_CTRL.BUFLEN = (sz/0x10 + 1) * 0x10;
-        }
-        bd_p->BD_CTRL.LIFM = 1;
-        bd_p->BD_CTRL.SA_FETCH_EN = 1;
-        bd_p->BD_CTRL.LAST_BD = 1;
-        bd_p->BD_CTRL.DESC_EN = 1;
-
-        bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa);
-        bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in);
-        bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out);
-        bd_p->MSGLEN = sz;
-
-        CECON = 1 << 6;
-        while (CECON);
-
-        /* Run the engine */
-        CEBDPADDR = (unsigned int)KVA_TO_PA(&bd);
-        CEINTEN = 0x07;
-        CECON = 0x27;
-
-        WAIT_ENGINE;
-
-        if((cryptoalgo == PIC32_CRYPTOALGO_CBC) ||
-           (cryptoalgo == PIC32_CRYPTOALGO_TCBC)||
-           (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) {
-            /* set iv for the next call */
-            if (dir == PIC32_ENCRYPTION) {
-                XMEMCPY((void *)aes->iv_ce,
-                        (void*)KVA0_TO_KVA1(out + sz - AES_BLOCK_SIZE),
-                        AES_BLOCK_SIZE);
-            } else {
-                ByteReverseWords((word32*)aes->iv_ce,
-                        (word32 *)KVA0_TO_KVA1(in + sz - AES_BLOCK_SIZE),
-                        AES_BLOCK_SIZE);
-            }
-        }
-        XMEMCPY((byte *)out, (byte *)KVA0_TO_KVA1(out), sz);
-        ByteReverseWords((word32*)out, (word32 *)out, sz);
-    }
 
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
-        wc_AesCrypt(aes, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_AES,
-                                                      PIC32_CRYPTOALGO_RCBC );
-        return 0;
+        return wc_Pic32AesCrypt(
+            aes->key_ce, aes->keylen, aes->iv_ce, AES_BLOCK_SIZE,
+            out, in, sz, PIC32_ENCRYPTION,
+            PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC);
     }
     #ifdef HAVE_AES_DECRYPT
     int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
-        wc_AesCrypt(aes, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES,
-                                                      PIC32_CRYPTOALGO_RCBC);
-        return 0;
+        return wc_Pic32AesCrypt(
+            aes->key_ce, aes->keylen, aes->iv_ce, AES_BLOCK_SIZE,
+            out, in, sz, PIC32_DECRYPTION,
+            PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC);
     }
     #endif /* HAVE_AES_DECRYPT */
 
 #else
+
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
         word32 blocks = (sz / AES_BLOCK_SIZE);
@@ -3226,67 +3151,76 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #endif /* WOLFSSL_STM32_CUBEMX */
 
     #elif defined(WOLFSSL_PIC32MZ_CRYPT)
+        static void Pic32AesIncIV(Aes* aes) {
+            int i;
+            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+                if (++((byte *)aes->iv_ce)[i])
+                    break;
+            }
+        }
         int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         {
-            int i;
-            char out_block[AES_BLOCK_SIZE];
-            int odd;
-            int even;
-            char *tmp; /* (char *)aes->tmp, for short */
-
+            int ret = 0;
+            byte out_block[AES_BLOCK_SIZE];
+            int odd, even, blocks;
+            byte *tmp;
+            
             if (aes == NULL || out == NULL || in == NULL) {
                 return BAD_FUNC_ARG;
             }
 
-            tmp = (char *)aes->tmp;
-            if(aes->left) {
-                if((aes->left + sz) >= AES_BLOCK_SIZE){
+            tmp = (byte *)aes->tmp;
+            if (aes->left) {
+                if ((aes->left + sz) >= AES_BLOCK_SIZE) {
                     odd = AES_BLOCK_SIZE - aes->left;
                 } else {
                     odd = sz;
                 }
-                XMEMCPY(tmp+aes->left, in, odd);
-                if((odd+aes->left) == AES_BLOCK_SIZE){
-                    wc_AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
+                XMEMCPY(tmp + aes->left, in, odd);
+                if ((odd + aes->left) == AES_BLOCK_SIZE) {
+                    ret = wc_Pic32AesCrypt(
+                        aes->key_ce, aes->keylen, aes->iv_ce, AES_BLOCK_SIZE,
+                        out_block, tmp, AES_BLOCK_SIZE,
                         PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
-                    XMEMCPY(out, out_block+aes->left, odd);
+                    XMEMCPY(out, out_block + aes->left, odd);
                     aes->left = 0;
                     XMEMSET(tmp, 0x0, AES_BLOCK_SIZE);
-                    /* Increment IV */
-                    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
-                        if (++((byte *)aes->iv_ce)[i])
-                            break;
-                    }
+                    Pic32AesIncIV(aes);
                 }
                 in += odd;
                 out+= odd;
                 sz -= odd;
             }
-            odd = sz % AES_BLOCK_SIZE;  /* if there is tail fragment */
-            if(sz / AES_BLOCK_SIZE) {
-                even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE;
-                wc_AesCrypt(aes, out, in, even, PIC32_ENCRYPTION, PIC32_ALGO_AES,
-                                                        PIC32_CRYPTOALGO_RCTR);
+
+            blocks = sz / AES_BLOCK_SIZE;
+            if (blocks) {
+                even = blocks * AES_BLOCK_SIZE;
+                ret = wc_Pic32AesCrypt(
+                    aes->key_ce, aes->keylen, aes->iv_ce, AES_BLOCK_SIZE,
+                    out, in, even,
+                    PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
                 out += even;
                 in  += even;
-                do {  /* Increment IV */
-                    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
-                        if (++((byte *)aes->iv_ce)[i])
-                            break;
-                    }
+                do {
+                    Pic32AesIncIV(aes);
                     even -= AES_BLOCK_SIZE;
-                } while((int)even > 0);
+                } while (even > 0);
             }
-            if(odd) {
-                XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left);
-                XMEMCPY(tmp+aes->left, in, odd);
-                wc_AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
-                        PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
-                XMEMCPY(out, out_block+aes->left,odd);
+
+            /* if there is tail fragment */
+            odd = sz % AES_BLOCK_SIZE;
+            if (odd) {
+                XMEMSET(tmp + aes->left, 0x0, AES_BLOCK_SIZE - aes->left);
+                XMEMCPY(tmp + aes->left, in, odd);
+                ret = wc_Pic32AesCrypt(
+                    aes->key_ce, aes->keylen, aes->iv_ce, AES_BLOCK_SIZE,
+                    out_block, tmp, AES_BLOCK_SIZE,
+                    PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
+                XMEMCPY(out, out_block + aes->left, odd);
                 aes->left += odd;
             }
 
-            return 0;
+            return ret;
         }
 
     #elif defined(HAVE_COLDFIRE_SEC)
@@ -7180,12 +7114,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
 #endif
 
-#ifdef WOLFSSL_PIC32MZ_CRYPT
-    ctr = (char *)aes->iv_ce;
-#else
     ctr = counter;
-#endif
-
     XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
     if (ivSz == NONCE_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
@@ -7198,8 +7127,15 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #ifdef WOLFSSL_PIC32MZ_CRYPT
     if (blocks) {
-        wc_AesCrypt(aes, out, in, blocks * AES_BLOCK_SIZE,
-             PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
+        /* use intitial IV for PIC32 HW, but don't use it below */
+        XMEMCPY(aes->iv_ce, ctr, AES_BLOCK_SIZE);
+
+        ret = wc_Pic32AesCrypt(
+            aes->key_ce, aes->keylen, aes->iv_ce, AES_BLOCK_SIZE,
+            out, in, (blocks * AES_BLOCK_SIZE),
+            PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
+        if (ret != 0)
+            return ret;
     }
     /* process remainder using partial handling */
 #endif
@@ -7443,12 +7379,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
 #endif
 
-#ifdef WOLFSSL_PIC32MZ_CRYPT
-    ctr = (char *)aes->iv_ce;
-#else
     ctr = counter;
-#endif
-
     XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
     if (ivSz == NONCE_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
@@ -7470,8 +7401,15 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #ifdef WOLFSSL_PIC32MZ_CRYPT
     if (blocks) {
-        wc_AesCrypt(aes, out, in, blocks * AES_BLOCK_SIZE,
-             PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
+        /* use intitial IV for PIC32 HW, but don't use it below */
+        XMEMCPY(aes->iv_ce, ctr, AES_BLOCK_SIZE);
+
+        ret = wc_Pic32AesCrypt(
+            aes->key_ce, aes->keylen, aes->iv_ce, AES_BLOCK_SIZE,
+            out, in, (blocks * AES_BLOCK_SIZE),
+            PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
+        if (ret != 0)
+            return ret;
     }
     /* process remainder using partial handling */
 #endif
@@ -7523,27 +7461,83 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
 
 #ifdef HAVE_AESCCM
 
+int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+{
+    return wc_AesSetKey(aes, key, keySz, NULL, AES_ENCRYPTION);
+}
+
 #if defined(HAVE_COLDFIRE_SEC)
     #error "Coldfire SEC doesn't currently support AES-CCM mode"
 
-#elif defined(WOLFSSL_PIC32MZ_CRYPT)
-    #error "PIC32MZ doesn't currently support AES-CCM mode"
+#elif defined(FREESCALE_LTC)
 
-#endif
-
-int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+/* return 0 on success */
+int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                   const byte* nonce, word32 nonceSz,
+                   byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
 {
-    byte nonce[AES_BLOCK_SIZE];
+    byte *key;
+    uint32_t keySize;
+    status_t status;
 
-    if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
+    /* sanity check on arguments */
+    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
+            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
         return BAD_FUNC_ARG;
 
-    XMEMSET(nonce, 0, sizeof(nonce));
-    return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
+    key = (byte*)aes->key;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = LTC_AES_EncryptTagCcm(LTC_BASE, in, out, inSz,
+        nonce, nonceSz, authIn, authInSz, key, keySize, authTag, authTagSz);
+
+    return (kStatus_Success == status) ? 0 : BAD_FUNC_ARG;
 }
 
+#ifdef HAVE_AES_DECRYPT
+int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                   const byte* nonce, word32 nonceSz,
+                   const byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    byte *key;
+    uint32_t keySize;
+    status_t status;
+
+    /* sanity check on arguments */
+    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
+            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+        return BAD_FUNC_ARG;
+
+    key = (byte*)aes->key;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = LTC_AES_DecryptTagCcm(LTC_BASE, in, out, inSz,
+        nonce, nonceSz, authIn, authInSz, key, keySize, authTag, authTagSz);
+
+    if (status == kStatus_Success) {
+        return 0;
+    }
+    else {
+        XMEMSET(out, 0, inSz);
+        return AES_CCM_AUTH_E;
+    }
+}
+#endif /* HAVE_AES_DECRYPT */
+
+
+/* software AES CCM */
+#else
 
-#ifndef FREESCALE_LTC
 static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
 {
     /* process the bulk of the data */
@@ -7562,7 +7556,6 @@ static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
     }
 }
 
-
 static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
 {
     word32 authLenSz;
@@ -7616,7 +7609,6 @@ static INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
         if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
-#endif /* !FREESCALE_LTC */
 
 /* return 0 on success */
 int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
@@ -7624,29 +7616,12 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-#ifdef FREESCALE_LTC
-    byte *key;
-    uint32_t keySize;
-    status_t status;
-
-    key = (byte*)aes->key;
-
-    status = wc_AesGetKeySize(aes, &keySize);
-    if (status != 0) {
-        return status;
-    }
-
-    status = LTC_AES_EncryptTagCcm(LTC_BASE, in, out, inSz,
-        nonce, nonceSz, authIn, authInSz, key, keySize, authTag, authTagSz);
-
-    return (kStatus_Success == status) ? 0 : BAD_FUNC_ARG;
-#else
     byte A[AES_BLOCK_SIZE];
     byte B[AES_BLOCK_SIZE];
     byte lenSz;
     word32 i;
-    byte mask     = 0xFF;
-    word32 wordSz = (word32)sizeof(word32);
+    byte mask = 0xFF;
+    const word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
     if (aes == NULL || out == NULL || in == NULL || nonce == NULL
@@ -7699,7 +7674,6 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     ForceZero(B, AES_BLOCK_SIZE);
 
     return 0;
-#endif /* FREESCALE_LTC */
 }
 
 #ifdef HAVE_AES_DECRYPT
@@ -7708,38 +7682,14 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-#ifdef FREESCALE_LTC
-    byte *key;
-    uint32_t keySize;
-    status_t status;
-
-    key = (byte*)aes->key;
-
-    status = wc_AesGetKeySize(aes, &keySize);
-    if (status != 0) {
-        return status;
-    }
-
-    status = LTC_AES_DecryptTagCcm(LTC_BASE, in, out, inSz,
-        nonce, nonceSz, authIn, authInSz, key, keySize, authTag, authTagSz);
-
-    if (status == kStatus_Success) {
-        return 0;
-    }
-    else {
-        XMEMSET(out, 0, inSz);
-        return AES_CCM_AUTH_E;
-    }
-#else /* FREESCALE_LTC */
-
     byte A[AES_BLOCK_SIZE];
     byte B[AES_BLOCK_SIZE];
     byte* o;
     byte lenSz;
     word32 i, oSz;
     int result = 0;
-    byte mask     = 0xFF;
-    word32 wordSz = (word32)sizeof(word32);
+    byte mask = 0xFF;
+    const word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
     if (aes == NULL || out == NULL || in == NULL || nonce == NULL
@@ -7814,9 +7764,10 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     o = NULL;
 
     return result;
-#endif /* FREESCALE_LTC */
 }
 #endif /* HAVE_AES_DECRYPT */
+#endif /* software AES CCM */
+
 #endif /* HAVE_AESCCM */
 
 
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index 2a474f718..dd85bb0e7 100755
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -658,7 +658,7 @@
         return 0;
 
     }
-#elif (defined FREESCALE_LTC_DES)
+#elif defined(FREESCALE_LTC_DES)
 
     #include "fsl_ltc.h"
     int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
@@ -744,6 +744,7 @@
             return -1;
 
     }
+
 #elif defined(FREESCALE_MMCAU)
     /*
      * Freescale mmCAU hardware DES/3DES support through the CAU/mmCAU library.
@@ -1010,139 +1011,105 @@
 
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
-    #include "wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h"
+    /* PIC32MZ DES hardware requires size multiple of block size */
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 
     int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
     {
-        word32 *dkey = des->key;
-        word32 *dreg = des->reg;
+        if (des == NULL || key == NULL || iv == NULL)
+            return BAD_FUNC_ARG;
 
-        XMEMCPY((byte *)dkey, (byte *)key, 8);
-        ByteReverseWords(dkey, dkey, 8);
-        XMEMCPY((byte *)dreg, (byte *)iv, 8);
-        ByteReverseWords(dreg, dreg, 8);
+        XMEMCPY(des->key, key, DES_KEYLEN);
+        XMEMCPY(des->reg, iv, DES_IVLEN);
 
         return 0;
     }
 
     int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
     {
-        word32 *dkey1 = des->key[0];
-        word32 *dreg = des->reg;
+        if (des == NULL || key == NULL || iv == NULL)
+            return BAD_FUNC_ARG;
 
-        XMEMCPY(dkey1, key, 24);
-        ByteReverseWords(dkey1, dkey1, 24);
-        XMEMCPY(dreg, iv, 8);
-        ByteReverseWords(dreg, dreg, 8);
+        XMEMCPY(des->key[0], key, DES3_KEYLEN);
+        XMEMCPY(des->reg, iv, DES3_IVLEN);
 
         return 0;
     }
 
-    void DesCrypt(word32 *key, word32 *iv, byte* out, const byte* in, word32 sz,
-                  int dir, int algo, int cryptoalgo)
-    {
-        securityAssociation *sa_p;
-        bufferDescriptor *bd_p;
-        const byte *in_p, *in_l;
-        byte *out_p, *out_l;
-        volatile securityAssociation sa __attribute__((aligned (8)));
-        volatile bufferDescriptor bd __attribute__((aligned (8)));
-        volatile int k;
-
-        /* get uncached address */
-
-        in_l = in;
-        out_l = out;
-        sa_p = KVA0_TO_KVA1(&sa);
-        bd_p = KVA0_TO_KVA1(&bd);
-        in_p = KVA0_TO_KVA1(in_l);
-        out_p= KVA0_TO_KVA1(out_l);
-
-        if(PIC32MZ_IF_RAM(in_p))
-            XMEMCPY((void *)in_p, (void *)in, sz);
-        XMEMSET((void *)out_p, 0, sz);
-
-        /* Set up the Security Association */
-        XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa));
-        sa_p->SA_CTRL.ALGO = algo;
-        sa_p->SA_CTRL.LNC = 1;
-        sa_p->SA_CTRL.LOADIV = 1;
-        sa_p->SA_CTRL.FB = 1;
-        sa_p->SA_CTRL.ENCTYPE = dir; /* Encryption/Decryption */
-        sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
-        sa_p->SA_CTRL.KEYSIZE = 1; /* KEY is 192 bits */
-        XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCKEY[algo==PIC32_ALGO_TDES ? 2 : 6]),
-                (byte *)key, algo==PIC32_ALGO_TDES ? 24 : 8);
-        XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCIV[2]), (byte *)iv, 8);
-
-        XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd));
-        /* Set up the Buffer Descriptor */
-        bd_p->BD_CTRL.BUFLEN = sz;
-        bd_p->BD_CTRL.LIFM = 1;
-        bd_p->BD_CTRL.SA_FETCH_EN = 1;
-        bd_p->BD_CTRL.LAST_BD = 1;
-        bd_p->BD_CTRL.DESC_EN = 1;
-
-        bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa); /* (unsigned int)sa_p; */
-        bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in); /* (unsigned int)in_p; */
-        bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); /* (unsigned int)out_p; */
-        bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd);
-        bd_p->MSGLEN = sz;
-
-        /* Fire in the hole! */
-        CECON = 1 << 6;
-        while (CECON);
-
-        /* Run the engine */
-        CEBDPADDR = (unsigned int)KVA_TO_PA(&bd); /* (unsigned int)bd_p; */
-        CEINTEN = 0x07;
-        CECON = 0x27;
-
-        WAIT_ENGINE;
-
-        if((cryptoalgo == PIC32_CRYPTOALGO_CBC) ||
-           (cryptoalgo == PIC32_CRYPTOALGO_TCBC)||
-           (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) {
-            /* set iv for the next call */
-            if(dir == PIC32_ENCRYPTION) {
-	            XMEMCPY((void *)iv, (void*)&(out_p[sz-DES_IVLEN]), DES_IVLEN);
-	        } else {
-                ByteReverseWords((word32*)iv, (word32 *)&(in_p[sz-DES_IVLEN]),
-                                 DES_IVLEN);
-            }
-        }
-
-        ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz);
-    }
-
     int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
     {
-        DesCrypt(des->key, des->reg, out, in, sz,
-                PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC );
-        return 0;
+        word32 blocks = sz / DES_BLOCK_SIZE;
+
+        if (des == NULL || out == NULL || in == NULL)
+            return BAD_FUNC_ARG;
+
+        return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
+            out, in, (blocks * DES_BLOCK_SIZE),
+            PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
     }
 
     int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
     {
-        DesCrypt(des->key, des->reg, out, in, sz,
-                PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
-        return 0;
+        word32 blocks = sz / DES_BLOCK_SIZE;
+
+        if (des == NULL || out == NULL || in == NULL)
+            return BAD_FUNC_ARG;
+
+        return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
+            out, in, (blocks * DES_BLOCK_SIZE),
+            PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
     }
 
     int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
     {
-        DesCrypt(des->key[0], des->reg, out, in, sz,
-                PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
-        return 0;
+        word32 blocks = sz / DES_BLOCK_SIZE;
+
+        if (des == NULL || out == NULL || in == NULL)
+            return BAD_FUNC_ARG;
+
+        return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
+            out, in, (blocks * DES_BLOCK_SIZE),
+            PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
     }
 
     int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
     {
-        DesCrypt(des->key[0], des->reg, out, in, sz,
-                PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
-        return 0;
+        word32 blocks = sz / DES_BLOCK_SIZE;
+
+        if (des == NULL || out == NULL || in == NULL)
+            return BAD_FUNC_ARG;
+
+        return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
+            out, in, (blocks * DES_BLOCK_SIZE),
+            PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
     }
 
+    #ifdef WOLFSSL_DES_ECB
+        int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+        {
+            word32 blocks = sz / DES_BLOCK_SIZE;
+
+            if (des == NULL || out == NULL || in == NULL)
+                return BAD_FUNC_ARG;
+
+            return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
+                out, in, (blocks * DES_BLOCK_SIZE),
+                    PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_ECB);
+        }
+
+        int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+        {
+            word32 blocks = sz / DES_BLOCK_SIZE;
+
+            if (des == NULL || out == NULL || in == NULL)
+                return BAD_FUNC_ARG;
+
+            return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
+                out, in, (blocks * DES_BLOCK_SIZE),
+                PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TECB);
+        }
+    #endif /* WOLFSSL_DES_ECB */
+
 #else
     #define NEED_SOFT_DES
 
@@ -1706,8 +1673,6 @@
         int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
         {
             word32 blocks = sz / DES_BLOCK_SIZE;
-            /* printf("wc_Des3_EcbEncrypt(%016x, %016x, %d)\n",
-                *(unsigned long *)in, *(unsigned long *)out, sz) ; */
 
             if (des == NULL || out == NULL || in == NULL) {
                 return BAD_FUNC_ARG;
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index f4e9ac9ff..d1551eca3 100755
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -97,6 +97,7 @@ ECC Curve Sizes:
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/types.h>
 
 #ifdef HAVE_ECC_ENCRYPT
     #include <wolfssl/wolfcrypt/hmac.h>
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index d5a1e1ce6..4aa9ce483 100755
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -103,20 +103,7 @@
 #else /* else build without fips */
 
 
-#ifdef WOLFSSL_PIC32MZ_HASH
-    #define wc_InitMd5   wc_InitMd5_sw
-    #define wc_Md5Update wc_Md5Update_sw
-    #define wc_Md5Final  wc_Md5Final_sw
-
-    #define wc_InitSha   wc_InitSha_sw
-    #define wc_ShaUpdate wc_ShaUpdate_sw
-    #define wc_ShaFinal  wc_ShaFinal_sw
-
-    #define wc_InitSha256   wc_InitSha256_sw
-    #define wc_Sha256Update wc_Sha256Update_sw
-    #define wc_Sha256Final  wc_Sha256Final_sw
-#endif /* WOLFSSL_PIC32MZ_HASH */
-
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 
 int wc_HmacSizeByType(int type)
diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am
index 21e4392e7..0de4ad10c 100644
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@@ -47,7 +47,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/ti/ti-des3.c \
               wolfcrypt/src/port/ti/ti-hash.c \
               wolfcrypt/src/port/ti/ti-ccm.c \
-              wolfcrypt/src/port/pic32/pic32mz-hash.c \
+              wolfcrypt/src/port/pic32/pic32mz-crypt.c \
               wolfcrypt/src/port/nrf51.c \
               wolfcrypt/src/port/arm/armv8-aes.c \
               wolfcrypt/src/port/arm/armv8-sha256.c \
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index 1323689da..8f7a31681 100755
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -36,6 +36,7 @@
 
 #include <wolfssl/wolfcrypt/md5.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -185,11 +186,8 @@
     }
 
 #elif defined(WOLFSSL_PIC32MZ_HASH)
-    #define wc_InitMd5   wc_InitMd5_sw
-    #define wc_Md5Update wc_Md5Update_sw
-    #define wc_Md5Final  wc_Md5Final_sw
-
-    #define NEED_SOFT_MD5
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
+    #define HAVE_MD5_CUST_API
 
 #else
     #define NEED_SOFT_MD5
@@ -421,19 +419,21 @@ int wc_Md5Final(Md5* md5, byte* hash)
     }
     XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
 
+#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
+    ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
+#endif
+
     /* put lengths in bits */
     md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) +
                  (md5->hiLen << 3);
     md5->loLen = md5->loLen << 3;
 
     /* store lengths */
-#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-    ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
-#endif
     /* ! length ordering dependent on digest endian type ! */
     XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
     XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32));
 
+    /* final transform and result to hash */
     XTRANSFORM(md5, local);
 #ifdef BIG_ENDIAN_ORDER
     ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
diff --git a/wolfcrypt/src/port/pic32/pic32mz-crypt.c b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
new file mode 100644
index 000000000..3ea7b99d4
--- /dev/null
+++ b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
@@ -0,0 +1,508 @@
+/* pic32mz-crypt.c
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
+
+#ifdef WOLFSSL_PIC32MZ_CRYPT
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/des3.h>
+#endif
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#include <wolfssl/wolfcrypt/md5.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#endif
+
+
+#if defined(WOLFSSL_PIC32MZ_CRYPT) || defined(WOLFSSL_PIC32MZ_HASH)
+
+static int Pic32GetBlockSize(int algo)
+{
+    switch (algo) {
+        case PIC32_ALGO_HMAC1:
+            return PIC32_BLOCKSIZE_HMAC;
+        case PIC32_ALGO_SHA256:
+            return PIC32_BLOCKSIZE_SHA256;
+        case PIC32_ALGO_SHA1:
+            return PIC32_BLOCKSIZE_SHA1;
+        case PIC32_ALGO_MD5:
+            return PIC32_BLOCKSIZE_MD5;
+        case PIC32_ALGO_AES:
+            return PIC32_BLOCKSIZE_AES;
+        case PIC32_ALGO_TDES:
+            return PIC32_BLOCKSIZE_TDES;
+        case PIC32_ALGO_DES:
+            return PIC32_BLOCKSIZE_DES;
+    }
+    return 0;
+}
+
+static int Pic32Crypto(const byte* in, int inLen, word32* out, int outLen,
+    int dir, int algo, int cryptoalgo,
+
+    /* For DES/AES only */
+    word32* key, int keyLen, word32* iv, int ivLen)
+{
+    int ret = 0;
+    int blockSize = Pic32GetBlockSize(algo);
+    volatile bufferDescriptor bd __attribute__((aligned (8)));
+    securityAssociation sa __attribute__((aligned (8)));
+    securityAssociation *sa_p;
+    bufferDescriptor *bd_p;
+    byte *in_p;
+    byte *out_p;
+    word32* dst;
+    word32 padRemain;
+    int timeout = 0xFFFFFF;
+
+    /* check args */
+    if (in == NULL || inLen <= 0 || out == NULL || blockSize == 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* check pointer alignment - must be word aligned */
+    if (((size_t)in % sizeof(word32)) || ((size_t)out % sizeof(word32))) {
+        return BUFFER_E; /* buffer is not aligned */
+    }
+
+    /* get uncached address */
+    sa_p = KVA0_TO_KVA1(&sa);
+    bd_p = KVA0_TO_KVA1(&bd);
+    out_p= KVA0_TO_KVA1(out);
+
+    if (in) {
+        in_p = KVA0_TO_KVA1(in);
+
+        /* Sync cache if in physical memory (not flash) */
+        if (PIC32MZ_IF_RAM(in_p)) {
+            XMEMCPY(in_p, in, inLen);
+        }
+    }
+
+    /* Set up the Security Association */
+    XMEMSET(sa_p, 0, sizeof(sa));
+    sa_p->SA_CTRL.ALGO = algo;
+    sa_p->SA_CTRL.ENCTYPE = dir;
+    sa_p->SA_CTRL.FB = 1; /* first block */
+    sa_p->SA_CTRL.LNC = 1; /* Load new set of keys */
+    if (key) {
+        /* cipher */
+        sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
+
+        switch (keyLen) {
+            case 32:
+                sa_p->SA_CTRL.KEYSIZE = PIC32_KEYSIZE_256;
+                break;
+            case 24:
+            case 8: /* DES */
+                sa_p->SA_CTRL.KEYSIZE = PIC32_KEYSIZE_192;
+                break;
+            case 16:
+                sa_p->SA_CTRL.KEYSIZE = PIC32_KEYSIZE_128;
+                break;
+        }
+
+        dst = (word32*)KVA0_TO_KVA1(sa.SA_ENCKEY +
+            (sizeof(sa.SA_ENCKEY)/sizeof(word32)) - (keyLen/sizeof(word32)));
+        ByteReverseWords(dst, key, keyLen);
+
+        if (iv && ivLen > 0) {
+            sa_p->SA_CTRL.LOADIV = 1;
+            dst = (word32*)KVA0_TO_KVA1(sa.SA_ENCIV +
+                (sizeof(sa.SA_ENCIV)/sizeof(word32)) - (ivLen/sizeof(word32)));
+            ByteReverseWords(dst, iv, ivLen);
+        }
+    }
+    else {
+        /* hashing */
+        sa_p->SA_CTRL.LOADIV = 1;
+        sa_p->SA_CTRL.IRFLAG = 0; /* immediate result for hashing */
+
+        dst = (word32*)KVA0_TO_KVA1(sa.SA_AUTHIV +
+            (sizeof(sa.SA_AUTHIV)/sizeof(word32)) - (outLen/sizeof(word32)));
+        ByteReverseWords(dst, out, outLen);
+    }
+
+    /* Set up the Buffer Descriptor */
+    XMEMSET(bd_p, 0, sizeof(bd));
+    bd_p->BD_CTRL.BUFLEN = inLen;
+    padRemain = (inLen % 4); /* make sure buffer is 4-byte multiple */
+    if (padRemain != 0) {
+        bd_p->BD_CTRL.BUFLEN += (4 - padRemain);
+    }
+    bd_p->BD_CTRL.SA_FETCH_EN = 1; /* Fetch the security association */
+    bd_p->BD_CTRL.PKT_INT_EN = 1;  /* enable interrupt */
+    bd_p->BD_CTRL.LAST_BD = 1;     /* last buffer desc in chain */
+    bd_p->BD_CTRL.LIFM = 1;        /* last in frame */
+    bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa);
+    bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in);
+    if (key) {
+        /* cipher */
+        if (in != (byte*)out)
+            XMEMSET(out_p, 0, outLen); /* clear output buffer */
+        bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out);
+    }
+    else {
+        /* hashing */
+        /* digest result returned in UPDPTR */
+        bd_p->UPDPTR = (unsigned int)KVA_TO_PA(out);
+    }
+    bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd);
+    bd_p->MSGLEN = inLen;          /* actual message size */
+    bd_p->BD_CTRL.DESC_EN = 1;     /* enable this descriptor */
+
+    /* begin access to hardware */
+    ret = wolfSSL_CryptHwMutexLock();
+    if (ret == 0) {
+        /* Software Reset the Crypto Engine */
+        CECON = 1 << 6;
+        while (CECON);
+
+        /* Run the engine */
+        CEBDPADDR = (unsigned int)KVA_TO_PA(&bd);
+        CEINTEN = 0x07; /* enable DMA Packet Completion Interrupt */
+
+        /* input swap, enable BD fetch and start DMA */
+    #if PIC32_NO_OUT_SWAP
+        CECON = 0x25;
+    #else
+        CECON = 0xa5; /* bit 7 = enable out swap */
+    #endif
+
+        /* wait for operation to complete */
+        while (CEINTSRCbits.PKTIF == 0 && --timeout > 0) {};
+
+        /* Clear the interrupt flags */
+        CEINTSRC = 0xF;
+
+        /* check for errors */
+        if (CESTATbits.ERROP || timeout <= 0) {
+        #if 1
+            printf("PIC32 Crypto: ERROP %x, ERRPHASE %x, TIMEOUT %d\n",
+                CESTATbits.ERROP, CESTATbits.ERRPHASE, timeout);
+        #endif
+            ret = ASYNC_OP_E;
+        }
+
+        wolfSSL_CryptHwMutexUnLock();
+
+        if (iv && ivLen > 0) {
+            /* set iv for the next call */
+            if (dir == PIC32_ENCRYPTION) {
+                XMEMCPY(iv, KVA0_TO_KVA1(out + (outLen - ivLen)), ivLen);
+            #if !PIC32_NO_OUT_SWAP
+                /* hardware already swapped output, so we need to swap back */
+                ByteReverseWords(iv, iv, ivLen);
+            #endif
+            }
+            else {
+                ByteReverseWords(iv, KVA0_TO_KVA1(in + (inLen - ivLen)), ivLen);
+            }
+        }
+
+        if (outLen > 0) {
+            /* copy result to output */
+        #if PIC32_NO_OUT_SWAP
+            /* swap bytes */
+            ByteReverseWords(out, (word32*)out_p, outLen);
+        #else
+            /* sync cache */
+            #ifdef _SYS_DEVCON_LOCAL_H
+                SYS_DEVCON_DataCacheInvalidate((word32)out, outLen);
+            #else
+                XMEMCPY(out, out_p, outLen);
+            #endif
+        #endif
+        }
+        else {
+            /* sync cache */
+        #if PIC32_NO_OUT_SWAP
+            /* swap bytes */
+            ByteReverseWords(out, (word32*)out_p, PIC32_DIGEST_SIZE);
+        #else
+            /* sync cache */
+            #ifdef _SYS_DEVCON_LOCAL_H
+                SYS_DEVCON_DataCacheInvalidate((word32)out, PIC32_DIGEST_SIZE);
+            #else
+                XMEMCPY(out, out_p, PIC32_DIGEST_SIZE);
+            #endif
+        #endif
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_PIC32MZ_CRYPT || WOLFSSL_PIC32MZ_HASH */
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo)
+{
+    return Pic32Crypto(in, inLen, out, outLen, PIC32_ENCRYPTION, algo, 0,
+        NULL, 0, NULL, 0);
+}
+
+static int wc_Pic32HashUpdate(hashUpdCache* cache, byte* stdBuf, word32 stdBufLen,
+ const byte* data, word32 len, void* heap)
+{
+    /* cache updates */
+    word32 newLenUpd, newLenPad, padRemain;
+    byte* newBuf;
+    int isNewBuf = 0;
+
+    /* calculate new len */
+    newLenUpd = cache->updLen + len;
+
+    /* calculate padded len - pad buffer at 64-bytes for hardware */
+    newLenPad = newLenUpd;
+    padRemain = (newLenUpd % PIC32_BLOCKSIZE_HASH);
+    if (padRemain != 0) {
+        newLenPad += (PIC32_BLOCKSIZE_HASH - padRemain);
+    }
+
+    /* determine buffer source */
+    if (newLenPad <= stdBufLen) {
+        /* use standard buffer */
+        newBuf = stdBuf;
+    }
+    else if (newLenPad > cache->bufLen) {
+        /* alloc buffer */
+        newBuf = (byte*)XMALLOC(newLenPad, heap, DYNAMIC_TYPE_HASH_TMP);
+        if (newBuf == NULL) {
+            if (cache->buf != stdBuf) {
+                XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP);
+            }
+            return MEMORY_E;
+        }
+        isNewBuf = 1;
+    }
+    else {
+        /* use existing buffer */
+        newBuf = cache->buf;
+    }
+    if (cache->buf && cache->updLen > 0) {
+        XMEMCPY(newBuf, cache->buf, cache->updLen);
+        if (isNewBuf && cache->buf != stdBuf) {
+            XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP);
+        }
+    }
+    XMEMCPY(newBuf + cache->updLen, data, len);
+
+    cache->buf = newBuf;
+    cache->updLen = newLenUpd;
+    cache->bufLen = newLenPad;
+
+    return 0;
+}
+
+static int wc_Pic32HashFinal(hashUpdCache* cache, byte* stdBuf, byte* hash,
+    int digestSz, int algo, void* heap)
+{
+    int ret;
+    word32 digest[PIC32_DIGEST_SIZE / sizeof(word32)] = {0};
+
+    /* if room add the pad */
+    if (cache->updLen < cache->bufLen) {
+        cache->buf[cache->updLen] = 0x80;
+    }
+
+    ret = wc_Pic32Hash(cache->buf, cache->updLen, digest, digestSz, algo);
+    if (ret == 0) {
+        XMEMCPY(hash, digest, digestSz);
+    }
+    if (cache->buf != stdBuf) {
+        XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP);
+    }
+    cache->buf = NULL;
+    cache->bufLen = 0;
+    cache->updLen = 0;
+
+    return ret;
+}
+
+/* API's for compatability with Harmony wrappers - not used */
+#ifndef NO_MD5
+    int wc_InitMd5_ex(Md5* md5, void* heap, int devId)
+    {
+        if (md5 == NULL)
+            return BAD_FUNC_ARG;
+
+        XMEMSET(md5, 0, sizeof(Md5));
+        md5->heap = heap;
+        (void)devId;
+        return 0;
+    }
+
+    int wc_Md5Update(Md5* md5, const byte* data, word32 len)
+    {
+        if (md5 == NULL || (data == NULL && len > 0))
+            return BAD_FUNC_ARG;
+        return wc_Pic32HashUpdate(&md5->cache, (byte*)md5->buffer,
+            sizeof(md5->buffer), data, len, md5->heap);
+    }
+
+    int wc_Md5Final(Md5* md5, byte* hash)
+    {
+        int ret;
+
+        if (md5 == NULL || hash == NULL)
+            return BAD_FUNC_ARG;
+
+        ret = wc_Pic32HashFinal(&md5->cache, (byte*)md5->buffer,
+            hash, MD5_DIGEST_SIZE, PIC32_ALGO_MD5, md5->heap);
+
+        wc_InitMd5_ex(md5, md5->heap, INVALID_DEVID);  /* reset state */
+
+        return ret;
+    }
+
+    void wc_Md5SizeSet(Md5* md5, word32 len)
+    {
+        (void)md5;
+        (void)len;
+    }
+#endif /* !NO_MD5 */
+#ifndef NO_SHA
+    int wc_InitSha_ex(Sha* sha, void* heap, int devId)
+    {
+        if (sha == NULL)
+            return BAD_FUNC_ARG;
+
+        XMEMSET(sha, 0, sizeof(Sha));
+        sha->heap = heap;
+        (void)devId;
+        return 0;
+    }
+
+    int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+    {
+        if (sha == NULL || (data == NULL && len > 0))
+            return BAD_FUNC_ARG;
+        return wc_Pic32HashUpdate(&sha->cache, (byte*)sha->buffer,
+            sizeof(sha->buffer), data, len, sha->heap);
+    }
+
+    int wc_ShaFinal(Sha* sha, byte* hash)
+    {
+        int ret;
+
+        if (sha == NULL || hash == NULL)
+            return BAD_FUNC_ARG;
+
+        ret = wc_Pic32HashFinal(&sha->cache, (byte*)sha->buffer,
+            hash, SHA_DIGEST_SIZE, PIC32_ALGO_SHA1, sha->heap);
+
+        wc_InitSha_ex(sha, sha->heap, INVALID_DEVID);  /* reset state */
+
+        return ret;
+    }
+    void wc_ShaSizeSet(Sha* sha, word32 len)
+    {
+        (void)sha;
+        (void)len;
+    }
+#endif /* !NO_SHA */
+#ifndef NO_SHA256
+    int wc_InitSha256_ex(Sha256* sha256, void* heap, int devId)
+    {
+        if (sha256 == NULL)
+            return BAD_FUNC_ARG;
+
+        XMEMSET(sha256, 0, sizeof(Sha256));
+        sha256->heap = heap;
+        (void)devId;
+        return 0;
+    }
+
+    int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
+    {
+        if (sha256 == NULL || (data == NULL && len > 0))
+            return BAD_FUNC_ARG;
+        return wc_Pic32HashUpdate(&sha256->cache, (byte*)sha256->buffer,
+            sizeof(sha256->buffer), data, len, sha256->heap);
+    }
+
+    int wc_Sha256Final(Sha256* sha256, byte* hash)
+    {
+        int ret;
+
+        if (sha256 == NULL || hash == NULL)
+            return BAD_FUNC_ARG;
+
+        ret = wc_Pic32HashFinal(&sha256->cache, (byte*)sha256->buffer,
+            hash, SHA256_DIGEST_SIZE, PIC32_ALGO_SHA256, sha256->heap);
+
+        wc_InitSha256_ex(sha256, sha256->heap, INVALID_DEVID);  /* reset state */
+
+        return ret;
+    }
+
+    void wc_Sha256SizeSet(Sha256* sha256, word32 len)
+    {
+        (void)sha256;
+        (void)len;
+    }
+#endif /* !NO_SHA256 */
+#endif
+
+
+#ifdef WOLFSSL_PIC32MZ_CRYPT
+#if !defined(NO_AES)
+    int wc_Pic32AesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen,
+        byte* out, const byte* in, word32 sz,
+        int dir, int algo, int cryptoalgo)
+    {
+        return Pic32Crypto(in, sz, (word32*)out, sz, dir, algo, cryptoalgo,
+            key, keyLen, iv, ivLen);
+    }
+#endif /* !NO_AES */
+
+#ifndef NO_DES3
+    int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen,
+        byte* out, const byte* in, word32 sz,
+        int dir, int algo, int cryptoalgo)
+    {
+        return Pic32Crypto(in, sz, (word32*)out, sz, dir, algo, cryptoalgo,
+            key, keyLen, iv, ivLen);
+    }
+#endif /* !NO_DES3 */
+#endif /* WOLFSSL_PIC32MZ_CRYPT */
+
+#endif /* WOLFSSL_MICROCHIP_PIC32MZ */
diff --git a/wolfcrypt/src/port/pic32/pic32mz-hash.c b/wolfcrypt/src/port/pic32/pic32mz-hash.c
deleted file mode 100644
index ccc0c757c..000000000
--- a/wolfcrypt/src/port/pic32/pic32mz-hash.c
+++ /dev/null
@@ -1,357 +0,0 @@
-/* pic32mz-hash.c
- *
- * Copyright (C) 2006-2016 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/md5.h>
-#include <wolfssl/wolfcrypt/sha.h>
-#include <wolfssl/wolfcrypt/sha256.h>
-
-#include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
-
-#if !defined(NO_MD5) && !defined(NO_SHA) && !defined(NO_SHA256)
-
-static uint8_t dataBuffer[PIC32MZ_MAX_BD][PIC32_BLOCK_SIZE] __attribute__((aligned (4), coherent));
-
-static void reset_engine(pic32mz_desc *desc, int algo)
-{
-    int i;
-    pic32mz_desc* uc_desc = KVA0_TO_KVA1(desc);
-
-    CECON = 1 << 6;
-    while (CECON);
-
-    /* Make sure everything is clear first before we make settings. */
-    XMEMSET((void *)&uc_desc->sa, 0, sizeof(uc_desc->sa));
-
-    /* Set up the security association */
-    uc_desc->sa.SA_CTRL.ALGO = algo ;
-    uc_desc->sa.SA_CTRL.LNC = 1;
-    uc_desc->sa.SA_CTRL.FB = 1;
-    uc_desc->sa.SA_CTRL.ENCTYPE = 1;
-    uc_desc->sa.SA_CTRL.LOADIV = 1;
-
-    /* Set up the buffer descriptor */
-    uc_desc->err = 0 ;
-    for (i = 0; i < PIC32MZ_MAX_BD; i++)
-    {
-        XMEMSET((void *)&uc_desc->bd[i], 0, sizeof(uc_desc->bd[i]));
-        uc_desc->bd[i].BD_CTRL.LAST_BD = 1;
-        uc_desc->bd[i].BD_CTRL.LIFM = 1;
-        uc_desc->bd[i].BD_CTRL.PKT_INT_EN = 1;
-        uc_desc->bd[i].SA_ADDR = KVA_TO_PA(&uc_desc->sa);
-        uc_desc->bd[i].SRCADDR = KVA_TO_PA(&dataBuffer[i]);
-        if (PIC32MZ_MAX_BD > i+1)
-            uc_desc->bd[i].NXTPTR = KVA_TO_PA(&uc_desc->bd[i+1]);
-        else
-            uc_desc->bd[i].NXTPTR = KVA_TO_PA(&uc_desc->bd[0]);
-        XMEMSET((void *)&dataBuffer[i], 0, PIC32_BLOCK_SIZE);
-    }
-    uc_desc->bd[0].BD_CTRL.SA_FETCH_EN = 1; /* Fetch the security association on the first BD */
-    desc->dbPtr = 0;
-    desc->currBd = 0;
-    desc->msgSize = 0;
-    desc->processed = 0;
-    CEBDPADDR = KVA_TO_PA(&(desc->bd[0]));
-
-    CEPOLLCON = 10;
-
-    CECON = 0x27;
-}
-
-#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x80000)
-
-static void update_engine(pic32mz_desc *desc, const byte *input, word32 len,
-                    word32 *hash)
-{
-   int total ;
-    pic32mz_desc    *uc_desc = KVA0_TO_KVA1(desc);
-
-    uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
-    /* Add the data to the current buffer. If the buffer fills, start processing it
-       and fill the next one. */
-    while (len)
-    {
-        /* If the engine is processing the current BD, spin.
-        if (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN)
-            continue; */
-        if (desc->msgSize)
-        {
-            /* If we've been given the message size, we can process along the
-               way.
-               Enable the current buffer descriptor if it is full. */
-            if (desc->dbPtr >= PIC32_BLOCK_SIZE)
-            {
-                /* Wrap up the buffer descriptor and enable it so the engine can process */
-                uc_desc->bd[desc->currBd].MSGLEN = desc->msgSize;
-                uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = desc->dbPtr;
-                uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0;
-                uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0;
-                /* SYS_DEVCON_DataCacheClean((word32)desc, sizeof(pic32mz_desc)); */
-                uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN = 1;
-                /* Move to the next buffer descriptor, or wrap around. */
-                desc->currBd++;
-                if (desc->currBd >= PIC32MZ_MAX_BD)
-                    desc->currBd = 0;
-                /* Wait until the engine has processed the new BD. */
-                while (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN);
-                uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
-                desc->dbPtr = 0;
-            }
-            if (!PIC32MZ_IF_RAM(input)) /* If we're inputting from flash, let the BD have 
-                                         the address and max the buffer size */
-            {
-                uc_desc->bd[desc->currBd].SRCADDR = KVA_TO_PA(input);
-                total = (len > PIC32MZ_MAX_BLOCK ? PIC32MZ_MAX_BLOCK : len);
-                desc->dbPtr = total;
-                len -= total;
-                input += total;
-            }
-            else
-            {
-                if (len > PIC32_BLOCK_SIZE - desc->dbPtr)
-                {
-                    /* We have more data than can be put in the buffer. Fill what we can.*/
-                    total = PIC32_BLOCK_SIZE - desc->dbPtr;
-                    XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total);
-                    len -= total;
-                    desc->dbPtr = PIC32_BLOCK_SIZE;
-                    input += total;
-                }
-                else
-                {
-                    /* Fill up what we have, but don't turn on the engine.*/
-                    XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len);
-                    desc->dbPtr += len;
-                    len = 0;
-                }
-            }
-        }
-        else
-        {
-            /* We have to buffer everything and keep track of how much has been
-               added in order to get a total size. If the buffer fills, we move
-               to the next one. If we try to add more when the last buffer is
-               full, we error out. */
-            if (desc->dbPtr == PIC32_BLOCK_SIZE)
-            {
-                /* We filled the last BD buffer, so move on to the next one */
-                uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0;
-                uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0;
-                uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = PIC32_BLOCK_SIZE;
-                desc->currBd++;
-                uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
-                desc->dbPtr = 0;
-                if (desc->currBd >= PIC32MZ_MAX_BD)
-                {
-                    desc->err = 1;
-                }
-            }
-            if (len > PIC32_BLOCK_SIZE - desc->dbPtr)
-            {
-                /* We have more data than can be put in the buffer. Fill what we can. */
-                total = PIC32_BLOCK_SIZE - desc->dbPtr;
-                XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total);
-                len -= total;
-                desc->processed += total;
-                desc->dbPtr = PIC32_BLOCK_SIZE;
-                input += total;
-            }
-            else
-            {
-                /* Fill up what we have */
-                XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len);
-                desc->dbPtr += len;
-                desc->processed += len;
-                len = 0;
-            }
-        }
-    }
-}
-
-static void start_engine(pic32mz_desc *desc) {
-    /* Wrap up the last buffer descriptor and enable it */
-    int i ;
-    int bufferLen ;
-    pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
-
-    bufferLen = desc->dbPtr;
-    if (bufferLen % 4)
-        bufferLen = (bufferLen + 4) - (bufferLen % 4);
-    uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = bufferLen;
-    uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 1;
-    uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 1;
-    if (desc->msgSize == 0)
-    {
-        /* We were not given the size, so now we have to go through every BD
-           and give it what will be processed, and enable them. */
-        for (i = desc->currBd; i >= 0; i--)
-        {
-            uc_desc->bd[i].MSGLEN = desc->processed;
-            uc_desc->bd[i].BD_CTRL.DESC_EN = 1;
-        }
-    }
-    else
-    {
-        uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN = 1;
-    }
-}
-
-void wait_engine(pic32mz_desc *desc, char *hash, int hash_sz) {
-    unsigned int i;
-    unsigned int *intptr;
-    pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
-    enum {true = 1, false = 0} engineRunning = true;
-
-    while (engineRunning)
-    {
-        engineRunning = false;
-        for (i = 0; i < PIC32MZ_MAX_BD; i++)
-            engineRunning = engineRunning || uc_desc->bd[i].BD_CTRL.DESC_EN;
-    }
-    XMEMCPY(hash, KVA0_TO_KVA1(hash), hash_sz) ;
-
-    #ifdef DEBUG_CYASSL
-    print_mem(KVA0_TO_KVA1(hash), hash_sz) ;
-    print_mem(             hash , hash_sz) ;
-    #endif
-    for (i = 0, intptr = (unsigned int *)hash; i < hash_sz/sizeof(unsigned int);
-                                                                  i++, intptr++)
-    {
-        *intptr = ntohl(*intptr);
-    }
-}
-
-#endif
-
-#ifndef NO_MD5
-void wc_InitMd5(Md5* md5)
-{
-    WOLFSSL_ENTER("InitMd5\n") ;
-    XMEMSET((void *)md5, 0xcc, sizeof(Md5)) ;
-    XMEMSET((void *)KVA0_TO_KVA1(md5), 0xcc, sizeof(Md5)) ;
-    reset_engine(&(md5->desc), PIC32_ALGO_MD5) ;
-
-}
-
-void wc_Md5Update(Md5* md5, const byte* data, word32 len)
-{
-     WOLFSSL_ENTER("Md5Update\n") ;
-     update_engine(&(md5->desc), data, len, md5->digest) ;
-}
-
-void wc_Md5Final(Md5* md5, byte* hash)
-{
-     WOLFSSL_ENTER("Md5Final\n") ;
-    start_engine(&(md5->desc)) ;
-    wait_engine(&(md5->desc), (char *)md5->digest, MD5_HASH_SIZE) ;
-    XMEMCPY(hash, md5->digest, MD5_HASH_SIZE) ;
-    wc_InitMd5(md5);  /* reset state */
-}
-
-void Md5SizeSet(Md5* md5, word32 len)
-{
-    WOLFSSL_ENTER("Md5SizeSet\n");
-    md5->desc.msgSize = len;
-}
-#endif
-
-#ifndef NO_SHA
-int wc_InitSha(Sha* sha)
-{
-    WOLFSSL_ENTER("InitSha\n") ;
-    XMEMSET((void *)sha, 0xcc, sizeof(Sha)) ;
-    XMEMSET((void *)KVA0_TO_KVA1(sha), 0xcc, sizeof(Sha)) ;
-    reset_engine(&(sha->desc), PIC32_ALGO_SHA1) ;
-    return 0;
-}
-
-int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-{
-    WOLFSSL_ENTER("ShaUpdate\n") ;
-    update_engine(&(sha->desc), data, len, sha->digest) ;
-    return 0;
-}
-
-int wc_ShaFinal(Sha* sha, byte* hash)
-{
-    WOLFSSL_ENTER("ShaFinal\n") ;
-    start_engine(&(sha->desc)) ;
-    wait_engine(&(sha->desc), (char *)sha->digest, SHA1_HASH_SIZE) ;
-    XMEMCPY(hash, sha->digest, SHA1_HASH_SIZE) ;
-
-    wc_InitSha(sha);  /* reset state */
-    return 0;
-}
-
-void ShaSizeSet(Sha* sha, word32 len)
-{
-    sha->desc.msgSize = len;
-}
-#endif /* NO_SHA */
-
-#ifndef NO_SHA256
-int wc_InitSha256(Sha256* sha256)
-{
-    WOLFSSL_ENTER("InitSha256\n") ;
-    XMEMSET((void *)sha256, 0xcc, sizeof(Sha256)) ;
-    XMEMSET((void *)KVA0_TO_KVA1(sha256), 0xcc, sizeof(Sha256)) ;
-    reset_engine(&(sha256->desc), PIC32_ALGO_SHA256) ;
-    return 0;
-}
-
-int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
-{
-    WOLFSSL_ENTER("Sha256Update\n") ;
-    update_engine(&(sha256->desc), data, len, sha256->digest) ;
-
-    return 0;
-}
-
-int wc_Sha256Final(Sha256* sha256, byte* hash)
-{
-    WOLFSSL_ENTER("Sha256Final\n") ;
-    start_engine(&(sha256->desc)) ;
-    wait_engine(&(sha256->desc), (char *)sha256->digest, SHA256_HASH_SIZE) ;
-    XMEMCPY(hash, sha256->digest, SHA256_HASH_SIZE) ;
-    wc_InitSha256(sha256);  /* reset state */
-
-    return 0;
-}
-
-void Sha256SizeSet(Sha256* sha256, word32 len)
-{
-    WOLFSSL_ENTER("Sha256SizeSet\n");
-    sha256->desc.msgSize = len;
-}
-
-#endif /* NO_SHA256 */
-
-#endif
-
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index c51e7d1f5..738977305 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -28,22 +28,6 @@
 
 #ifndef NO_PWDBASED
 
-#ifdef WOLFSSL_PIC32MZ_HASH
-    #ifndef NO_MD5
-        #define wc_InitMd5   wc_InitMd5_sw
-        #define wc_Md5Update wc_Md5Update_sw
-        #define wc_Md5Final  wc_Md5Final_sw
-    #endif /* NO_MD5 */
-
-    #define wc_InitSha   wc_InitSha_sw
-    #define wc_ShaUpdate wc_ShaUpdate_sw
-    #define wc_ShaFinal  wc_ShaFinal_sw
-
-    #define wc_InitSha256   wc_InitSha256_sw
-    #define wc_Sha256Update wc_Sha256Update_sw
-    #define wc_Sha256Final  wc_Sha256Final_sw
-#endif
-
 #include <wolfssl/wolfcrypt/pwdbased.h>
 #include <wolfssl/wolfcrypt/hmac.h>
 #include <wolfssl/wolfcrypt/integer.h>
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 08f039231..3f74d3fdb 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1228,10 +1228,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         #if !defined(WOLFSSL_MICROCHIP_PIC32MZ)
             #include <peripheral/timer.h>
         #endif
+        extern word32 ReadCoreTimer(void);
         #define PIC32_SEED_COUNT ReadCoreTimer
     #endif
 
-    #ifdef WOLFSSL_MIC32MZ_RNG
+    #ifdef WOLFSSL_PIC32MZ_RNG
         #include "xc.h"
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
@@ -1240,21 +1241,31 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
             word32 *rnd32 = (word32 *)rnd;
             word32 size = sz;
             byte* op = output;
+            
+#if ((__PIC32_FEATURE_SET0 == 'E') && (__PIC32_FEATURE_SET1 == 'C'))
+            RNGNUMGEN1 = _CP0_GET_COUNT();
+            RNGPOLY1 = _CP0_GET_COUNT();
+            RNGPOLY2 = _CP0_GET_COUNT();
+            RNGNUMGEN2 = _CP0_GET_COUNT();
+#else
+            // All others can be seeded from the TRNG
+            RNGCONbits.TRNGMODE = 1;
+            RNGCONbits.TRNGEN = 1;
+            while (RNGCNT < 64);
+            RNGCONbits.LOAD = 1;
+            while (RNGCONbits.LOAD == 1);
+            while (RNGCNT < 64);
+            RNGPOLY2 = RNGSEED2;
+            RNGPOLY1 = RNGSEED1;
+#endif
 
-            /* This part has to be replaced with better random seed */
-            RNGNUMGEN1 = ReadCoreTimer();
-            RNGPOLY1 = ReadCoreTimer();
-            RNGPOLY2 = ReadCoreTimer();
-            RNGNUMGEN2 = ReadCoreTimer();
-        #ifdef DEBUG_WOLFSSL
-            printf("GenerateSeed::Seed=%08x, %08x\n", RNGNUMGEN1, RNGNUMGEN2);
-        #endif
             RNGCONbits.PLEN = 0x40;
             RNGCONbits.PRNGEN = 1;
-            for(i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
+            for (i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
                 volatile int x;
                 x = RNGNUMGEN1;
                 x = RNGNUMGEN2;
+                (void)x;
             }
             do {
                 rnd32[0] = RNGNUMGEN1;
@@ -1268,7 +1279,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
             } while(size);
             return 0;
         }
-    #else  /* WOLFSSL_MIC32MZ_RNG */
+    #else  /* WOLFSSL_PIC32MZ_RNG */
         /* uses the core timer, in nanoseconds to seed srand */
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
@@ -1282,7 +1293,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
             }
             return 0;
         }
-    #endif /* WOLFSSL_MIC32MZ_RNG */
+    #endif /* WOLFSSL_PIC32MZ_RNG */
 
 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
       defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS)
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 67adb7ff8..47490bc58 100755
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -90,10 +90,7 @@
 
 /* Hardware Acceleration */
 #if defined(WOLFSSL_PIC32MZ_HASH)
-    #define USE_SHA_SOFTWARE_IMPL
-    #define wc_InitSha   wc_InitSha_sw
-    #define wc_ShaUpdate wc_ShaUpdate_sw
-    #define wc_ShaFinal  wc_ShaFinal_sw
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 
 #elif defined(STM32F2_HASH) || defined(STM32F4_HASH)
 
@@ -244,13 +241,13 @@
     #endif
 
     #define USE_SHA_SOFTWARE_IMPL /* Only for API's, actual transform is here */
-    #define XSHATRANSFORM   ShaTransform
+    #define XTRANSFORM(S,B)   Transform((S),(B))
 
     static int InitSha(Sha* sha)
     {
         int ret = 0;
         ret = wolfSSL_CryptHwMutexLock();
-        if(ret != 0) {
+        if (ret != 0) {
             return ret;
         }
     #ifdef FREESCALE_MMCAU_CLASSIC_SHA
@@ -267,7 +264,7 @@
         return ret;
     }
 
-    static int ShaTransform(Sha* sha, byte* data)
+    static int Transform(Sha* sha, byte* data)
     {
         int ret = wolfSSL_CryptHwMutexLock();
         if(ret == 0) {
@@ -310,8 +307,8 @@
 #ifdef USE_SHA_SOFTWARE_IMPL
 
 /* Check if custom Sha transform is used */
-#ifndef XSHATRANSFORM
-    #define XSHATRANSFORM   ShaTransform
+#ifndef XTRANSFORM
+    #define XTRANSFORM(S,B)   Transform((S),(B))
 
     #define blk0(i) (W[i] = sha->buffer[i])
     #define blk1(i) (W[(i)&15] = \
@@ -334,7 +331,7 @@
     #define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \
         rotlFixed((v),5); (w) = rotlFixed((w),30);
 
-    static void ShaTransform(Sha* sha, byte* data)
+    static void Transform(Sha* sha, byte* data)
     {
         word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
 
@@ -443,7 +440,7 @@ int wc_InitSha_ex(Sha* sha, void* heap, int devId)
     return ret;
 }
 
-int wc_ShaUpdate (Sha* sha, const byte* data, word32 len)
+int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
 {
     byte* local;
 
@@ -478,7 +475,7 @@ int wc_ShaUpdate (Sha* sha, const byte* data, word32 len)
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
             ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
 #endif
-            XSHATRANSFORM(sha, local);
+            XTRANSFORM(sha, local);
             AddLength(sha, SHA_BLOCK_SIZE);
             sha->buffLen = 0;
         }
@@ -517,20 +514,20 @@ int wc_ShaFinal(Sha* sha, byte* hash)
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
         ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
 #endif
-        XSHATRANSFORM(sha, local);
+        XTRANSFORM(sha, local);
         sha->buffLen = 0;
     }
     XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
 
-    /* put lengths in bits */
-    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
-    (sha->hiLen << 3);
-    sha->loLen = sha->loLen << 3;
-
-    /* store lengths */
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
     ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
 #endif
+
+    /* store lengths */
+    /* put lengths in bits */
+    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) + (sha->hiLen << 3);
+    sha->loLen = sha->loLen << 3;
+
     /* ! length ordering dependent on digest endian type ! */
     XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
     XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
@@ -542,7 +539,7 @@ int wc_ShaFinal(Sha* sha, byte* hash)
                      2 * sizeof(word32));
 #endif
 
-    XSHATRANSFORM(sha, local);
+    XTRANSFORM(sha, local);
 #ifdef LITTLE_ENDIAN_ORDER
     ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
 #endif
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 40ee9afe6..f044c1aa9 100755
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -100,6 +100,7 @@
 #endif
 
 
+#ifndef WOLFSSL_PIC32MZ_HASH
 static int InitSha256(Sha256* sha256)
 {
     int ret = 0;
@@ -107,6 +108,7 @@ static int InitSha256(Sha256* sha256)
     if (sha256 == NULL)
         return BAD_FUNC_ARG;
 
+    XMEMSET(sha256->digest, 0, sizeof(sha256->digest));
     sha256->digest[0] = 0x6A09E667L;
     sha256->digest[1] = 0xBB67AE85L;
     sha256->digest[2] = 0x3C6EF372L;
@@ -122,6 +124,7 @@ static int InitSha256(Sha256* sha256)
 
     return ret;
 }
+#endif
 
 
 /* Hardware Acceleration */
@@ -198,7 +201,7 @@ static int InitSha256(Sha256* sha256)
     static int (*Transform_p)(Sha256* sha256) /* = _Transform */;
     static int transform_check = 0;
     static word32 intel_flags;
-    #define XTRANSFORM(sha256, B)  (*Transform_p)(sha256)
+    #define XTRANSFORM(S, B)  (*Transform_p)((S))
 
     static void Sha256_SetTransform(void)
     {
@@ -283,7 +286,7 @@ static int InitSha256(Sha256* sha256)
         #include "fsl_mmcau.h"
     #endif
 
-    #define XTRANSFORM(sha256, B) Transform(sha256, B)
+    #define XTRANSFORM(S, B)  Transform((S), (B))
 
     int wc_InitSha256_ex(Sha256* sha256, void* heap, int devId)
     {
@@ -325,27 +328,11 @@ static int InitSha256(Sha256* sha256)
     }
 
 #elif defined(WOLFSSL_PIC32MZ_HASH)
-    #define NEED_SOFT_SHA256
-
-    #define wc_InitSha256   wc_InitSha256_sw
-    #define wc_Sha256Update wc_Sha256Update_sw
-    #define wc_Sha256Final  wc_Sha256Final_sw
-
-    int wc_InitSha256_ex(Sha256* sha256, void* heap, int devId)
-    {
-        if (sha256 == NULL)
-            return BAD_FUNC_ARG;
-
-        sha256->heap = heap;
-
-        return InitSha256(sha256);
-    }
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 
 #else
     #define NEED_SOFT_SHA256
 
-    #define XTRANSFORM(sha256, B) Transform(sha256)
-
     int wc_InitSha256_ex(Sha256* sha256, void* heap, int devId)
     {
         int ret = 0;
@@ -407,6 +394,10 @@ static int InitSha256(Sha256* sha256)
          (d) += t0; \
          (h)  = t0 + t1;
 
+    #ifndef XTRANSFORM
+         #define XTRANSFORM(S, B) Transform((S))
+     #endif
+
     static int Transform(Sha256* sha256)
     {
         word32 S[8], t0, t1;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 04aba2bc0..95a427c74 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3907,7 +3907,7 @@ int aes_test(void)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
     Aes enc;
     byte cipher[AES_BLOCK_SIZE * 4];
-#ifdef HAVE_AES_DECRYPT
+#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
     Aes dec;
     byte plain [AES_BLOCK_SIZE * 4];
 #endif
@@ -4191,7 +4191,9 @@ int aes_test(void)
         if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher)))
             return -4216;
 
-#if !defined(STM32F2_CRYPTO) && !defined(STM32F4_CRYPTO) /* test not supported on STM32 crypto HW */
+    /* test not supported on STM32 crypto HW or PIC32MZ HW */
+#if !defined(STM32F2_CRYPTO) && !defined(STM32F4_CRYPTO) && \
+    !defined(WOLFSSL_PIC32MZ_CRYPT)
         /* and an additional 9 bytes to reuse tmp left buffer */
         ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher));
         if (ret != 0) {
@@ -4547,9 +4549,14 @@ int aesgcm_test(void)
         0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
     };
 
+    /* FIPS, QAT and STM32F2/4 HW Crypto only support 12-byte IV */
 #if !defined(HAVE_FIPS) && !defined(HAVE_INTEL_QA) && \
         !defined(STM32F2_CRYPTO) && !defined(STM32F4_CRYPTO) && \
+        !defined(WOLFSSL_PIC32MZ_CRYPT) && \
         !defined(WOLFSSL_XILINX_CRYPT)
+
+    #define ENABLE_NON_12BYTE_IV_TEST
+
     /* Test Case 12, uses same plaintext and AAD data. */
     const byte k2[] =
     {
@@ -4587,7 +4594,7 @@ int aesgcm_test(void)
         0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
         0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
     };
-#endif /* !HAVE_FIPS && !HAVE_INTEL_QA && !STM32F2_CRYPTO && !STM32F4_CRYPTO */
+#endif
 
     byte resultT[sizeof(t1)];
     byte resultP[sizeof(p)];
@@ -4732,10 +4739,8 @@ int aesgcm_test(void)
             return -4315;
     }
 
-    /* FIPS, QAT and STM32F2/4 HW Crypto only support 12-byte IV */
-#if !defined(HAVE_FIPS) && !defined(HAVE_INTEL_QA) && \
-        !defined(STM32F2_CRYPTO) && !defined(STM32F4_CRYPTO) && \
-        !defined(WOLFSSL_XILINX_CRYPT)
+    /* test with IV != 12 bytes */
+#ifdef ENABLE_NON_12BYTE_IV_TEST
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -4763,7 +4768,7 @@ int aesgcm_test(void)
         return -4319;
     if (XMEMCMP(p, resultP, sizeof(resultP)))
         return -4320;
-#endif /* !HAVE_FIPS && !HAVE_INTEL_QA && !STM32F2_CRYPTO && !STM32F4_CRYPTO */
+#endif /* ENABLE_NON_12BYTE_IV_TEST */
 
     wc_AesFree(&enc);
 
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 4a561a5c5..aa5fb9465 100755
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -101,8 +101,8 @@ typedef struct Aes {
     word32  left;            /* unused bytes left from last call */
 #endif
 #ifdef WOLFSSL_PIC32MZ_CRYPT
-    word32 key_ce[AES_BLOCK_SIZE*2/sizeof(word32)] ;
-    word32 iv_ce [AES_BLOCK_SIZE  /sizeof(word32)] ;
+    word32 key_ce[AES_BLOCK_SIZE*2/sizeof(word32)];
+    word32 iv_ce [AES_BLOCK_SIZE  /sizeof(word32)];
 #endif
 #ifdef WOLFSSL_XILINX_CRYPT
     XSecure_Aes xilAes;
diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index 27c690e4f..635292e12 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -49,8 +49,8 @@ enum {
     MD5_PAD_SIZE    = 56
 };
 
-#if defined(WOLFSSL_PIC32MZ_HASH)
-    #include "port/pic32/pic32mz-crypt.h"
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
@@ -66,13 +66,11 @@ typedef struct Md5 {
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
     word32  buffer[MD5_BLOCK_SIZE  / sizeof(word32)];
-#if !defined(WOLFSSL_PIC32MZ_HASH)
     word32  digest[MD5_DIGEST_SIZE / sizeof(word32)];
-#else
-    word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
-    pic32mz_desc desc; /* Crypt Engine descriptor */
-#endif
     void*   heap;
+#ifdef WOLFSSL_PIC32MZ_HASH
+    hashUpdCache cache; /* cache for updates */
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -89,6 +87,9 @@ WOLFSSL_API void wc_Md5Free(Md5*);
 WOLFSSL_API int  wc_Md5GetHash(Md5*, byte*);
 WOLFSSL_API int  wc_Md5Copy(Md5*, Md5*);
 
+#ifdef WOLFSSL_PIC32MZ_HASH
+WOLFSSL_API void wc_Md5SizeSet(Md5* md5, word32 len);
+#endif
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
index f8105d703..7f4f61662 100644
--- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
+++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
@@ -23,13 +23,36 @@
 #ifndef PIC32MZ_CRYPT_H
 #define PIC32MZ_CRYPT_H
 
-#ifdef  WOLFSSL_MICROCHIP_PIC32MZ
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+
+#ifndef MICROCHIP_PIC32
+    #define MICROCHIP_PIC32
+#endif
+
+/* If algos aren't enabled then turn off */
+#ifdef WOLFSSL_PIC32MZ_HASH
+    #if defined(NO_MD5) && defined(NO_SHA) && defined(NO_SHA256)
+        #undef WOLFSSL_PIC32MZ_HASH
+    #endif
+#endif
+
+#ifdef WOLFSSL_PIC32MZ_CRYPT
+    #if defined(NO_AES) && defined(NO_DES3)
+        #undef WOLFSSL_PIC32MZ_CRYPT
+    #endif
+#endif
+
 
-#define MICROCHIP_PIC32
 #include <xc.h>
 #include <sys/endian.h>
 #include <sys/kmem.h>
 
+
+/* PIC32 Crypto Structures */
 typedef struct saCtrl {
     unsigned int CRYPTOALGO : 4;
     unsigned int MULTITASK : 3;
@@ -63,11 +86,12 @@ typedef struct bdCtrl {
     unsigned int CBD_INT_EN : 1;
     unsigned int PKT_INT_EN : 1;
     unsigned int LIFM : 1;
-    unsigned int LAST_BD: 1;
-    unsigned int : 2;
+    unsigned int LAST_BD : 1;
+    unsigned int CRDMA_EN : 1;
+    unsigned int UPD_RES : 1;
     unsigned int SA_FETCH_EN : 1;
-    unsigned int : 8;
-    unsigned int DESC_EN : 1;
+    unsigned int SEC_CODE : 8;
+    volatile unsigned int DESC_EN : 1;
 } bdCtrl;
 
 typedef struct bufferDescriptor {
@@ -82,58 +106,93 @@ typedef struct bufferDescriptor {
 } bufferDescriptor;
 
 
-#define PIC32_ENCRYPTION      0b1
-#define PIC32_DECRYPTION      0b0
+/* Cache Updates Struct */
+typedef struct hashUpdCache {
+    unsigned char*  buf;
+    unsigned int    bufLen;
+    unsigned int    updLen;
+} hashUpdCache;
 
+
+/* Direction */
+#define PIC32_ENCRYPTION     0b1
+#define PIC32_DECRYPTION     0b0
+
+/* Algorithm */
 #define PIC32_ALGO_HMAC1     0b01000000
 #define PIC32_ALGO_SHA256    0b00100000
 #define PIC32_ALGO_SHA1      0b00010000
 #define PIC32_ALGO_MD5       0b00001000
+
 #define PIC32_ALGO_AES       0b00000100
 #define PIC32_ALGO_TDES      0b00000010
 #define PIC32_ALGO_DES       0b00000001
 
-#define PIC32_CRYPTOALGO_AES_GCM 0b1110
-#define PIC32_CRYPTOALGO_RCTR    0b1101
-#define PIC32_CRYPTOALGO_RCBC    0b1001
-#define PIC32_CRYPTOALGO_REBC    0b1000
-#define PIC32_CRYPTOALGO_TCBC    0b0101
-#define PIC32_CRYPTOALGO_CBC     0b0001
+/* Crypto Algo */
+/* AES */
+#define PIC32_CRYPTOALGO_AES_GCM  0b1110
+#define PIC32_CRYPTOALGO_RCTR     0b1101
+#define PIC32_CRYPTOALGO_RCBC_MAC 0b1100
+#define PIC32_CRYPTOALGO_ROFB     0b1011
+#define PIC32_CRYPTOALGO_RCFB     0b1010
+#define PIC32_CRYPTOALGO_RCBC     0b1001
+#define PIC32_CRYPTOALGO_RECB     0b1000
+/* Triple-DES */
+#define PIC32_CRYPTOALGO_TOFB     0b0111
+#define PIC32_CRYPTOALGO_TCFB     0b0110
+#define PIC32_CRYPTOALGO_TCBC     0b0101
+#define PIC32_CRYPTOALGO_TECB     0b0100
+/* DES */
+#define PIC32_CRYPTOALGO_OFB      0b0011
+#define PIC32_CRYPTOALGO_CFB      0b0010
+#define PIC32_CRYPTOALGO_CBC      0b0001
+#define PIC32_CRYPTOALGO_ECB      0b0000
 
-#define PIC32_AES_KEYSIZE_256     0b10
-#define PIC32_AES_KEYSIZE_192     0b01
-#define PIC32_AES_KEYSIZE_128     0b00
+/* Key Size */
+#define PIC32_KEYSIZE_256         0b10
+#define PIC32_KEYSIZE_192         0b01
+#define PIC32_KEYSIZE_128         0b00
 
-#define PIC32_AES_BLOCK_SIZE 16
-#define MD5_HASH_SIZE 16
-#define SHA1_HASH_SIZE 20
-#define SHA256_HASH_SIZE 32
-#define PIC32_HASH_SIZE 32
+/* PIC32 Minimum Buffer/Block Sizes */
+#define PIC32_BLOCKSIZE_HASH    64
+#define PIC32_BLOCKSIZE_HMAC    PIC32_BLOCKSIZE_HASH
+#define PIC32_BLOCKSIZE_MD5     PIC32_BLOCKSIZE_HASH
+#define PIC32_BLOCKSIZE_SHA1    PIC32_BLOCKSIZE_HASH
+#define PIC32_BLOCKSIZE_SHA256  PIC32_BLOCKSIZE_HASH
+#define PIC32_BLOCKSIZE_AES     16
+#define PIC32_BLOCKSIZE_TDES    24
+#define PIC32_BLOCKSIZE_DES     8
 
-#define PIC32MZ_MAX_BD   2
-typedef struct {      /* Crypt Engine descriptor */
-    int bdCount ;
-    int err   ;
-    volatile bufferDescriptor 
-        bd[PIC32MZ_MAX_BD] __attribute__((aligned (8), coherent));
-    securityAssociation 
-        sa                 __attribute__((aligned (8), coherent));
-} pic32mz_desc ;
+#define PIC32_DIGEST_SIZE       32
 
-#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x80000)
 
-#define WAIT_ENGINE \
-    { volatile int v ; while (CESTATbits.ACTIVE) ; for(v=0; v<100; v++) ; }
+/* Helper Macros */
+#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x1D000000)
 
-#ifdef DEBUG_CYASSL
-static void print_mem(const unsigned char *p, int size) {
-    for(; size>0; size--, p++) {
-        if(size%4 == 0)printf(" ") ;
-            printf("%02x", (int)*p) ;
-    }
-    puts("") ;
-}
+/* If EF part then Crypto engine supports swapping output bytes */
+#define PIC32_NO_OUT_SWAP    ((__PIC32_FEATURE_SET0 == 'E') && \
+                              (__PIC32_FEATURE_SET1 == 'C'))
+
+
+#ifndef NO_AES
+int wc_Pic32AesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen,
+        byte* out, const byte* in, word32 sz,
+        int dir, int algo, int cryptoalgo);
+#endif
+#ifndef NO_DES3
+int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen,
+        byte* out, const byte* in, word32 sz,
+        int dir, int algo, int cryptoalgo);
 #endif
 
+#ifdef WOLFSSL_PIC32MZ_HASH
+int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo);
 #endif
+
+#endif /* WOLFSSL_MICROCHIP_PIC32MZ */
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
 #endif /* PIC32MZ_CRYPT_H */
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 18656952b..039c238e2 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -217,19 +217,15 @@
     #define NO_FILESYSTEM
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
-    #define NEED_AES_TABLES
     #define WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MAX
+    #define NO_BIG_INT
 #endif
 
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ
-    #define WOLFSSL_PIC32MZ_CE
     #define WOLFSSL_PIC32MZ_CRYPT
-    #define HAVE_AES_ENGINE
     #define WOLFSSL_PIC32MZ_RNG
-    /* #define WOLFSSL_PIC32MZ_HASH */
-    #define WOLFSSL_AES_COUNTER
-    #define HAVE_AESGCM
-    #define NO_BIG_INT
+    #define WOLFSSL_PIC32MZ_HASH
 #endif
 
 #ifdef MICROCHIP_TCPIP_V5
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index db72e9118..db483cd49 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -42,8 +42,8 @@
 
 #ifndef HAVE_FIPS /* avoid redefining structs */
 
-#ifdef WOLFSSL_PIC32MZ_HASH
-    #include "port/pic32/pic32mz-crypt.h"
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
@@ -71,14 +71,10 @@ typedef struct Sha {
         word32  loLen;     /* length in bytes   */
         word32  hiLen;     /* length in bytes   */
         word32  buffer[SHA_BLOCK_SIZE  / sizeof(word32)];
-    #ifndef WOLFSSL_PIC32MZ_HASH
         word32  digest[SHA_DIGEST_SIZE / sizeof(word32)];
-    #else
-        word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
-    #endif
         void*   heap;
     #ifdef WOLFSSL_PIC32MZ_HASH
-        pic32mz_desc desc; /* Crypt Engine descriptor */
+        hashUpdCache cache; /* cache for updates */
     #endif
     #ifdef WOLFSSL_ASYNC_CRYPT
         WC_ASYNC_DEV asyncDev;
@@ -102,6 +98,10 @@ WOLFSSL_API void wc_ShaFree(Sha*);
 WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
 WOLFSSL_API int wc_ShaCopy(Sha*, Sha*);
 
+#ifdef WOLFSSL_PIC32MZ_HASH
+WOLFSSL_API void wc_ShaSizeSet(Sha* sha, word32 len);
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index 8ef8d4678..973b34eee 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -45,8 +45,8 @@
 
 #ifndef HAVE_FIPS /* avoid redefinition of structs */
 
-#ifdef WOLFSSL_PIC32MZ_HASH
-    #include "port/pic32/pic32mz-crypt.h"
+#ifdef WOLFSSL_MICROCHIP_PIC32MZ
+    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
@@ -75,7 +75,7 @@ typedef struct Sha256 {
     word32  hiLen;     /* length in bytes   */
     void*   heap;
 #ifdef WOLFSSL_PIC32MZ_HASH
-    pic32mz_desc desc; /* Crypt Engine descriptor */
+    hashUpdCache cache; /* cache for updates */
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
@@ -98,6 +98,10 @@ WOLFSSL_API void wc_Sha256Free(Sha256*);
 WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
 WOLFSSL_API int wc_Sha256Copy(Sha256* src, Sha256* dst);
 
+#ifdef WOLFSSL_PIC32MZ_HASH
+WOLFSSL_API void wc_Sha256SizeSet(Sha256*, word32);
+#endif
+
 #ifdef WOLFSSL_SHA224
 
 #ifndef HAVE_FIPS /* avoid redefinition of structs */
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 4149b1ecc..30ef7a944 100755
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -305,10 +305,14 @@
 	    #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
 	    #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
 	    #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
-	    #ifndef USE_WINDOWS_API
-	        #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
-	    #else
+
+        #ifdef MICROCHIP_PIC32
+            /* XC32 does not support strncasecmp, so use case sensitive one */
+            #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
+        #elif defined(USE_WINDOWS_API)
 	        #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
+        #else
+	        #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
 	    #endif
 
         /* snprintf is used in asn.c for GetTimeString and PKCS7 test */
@@ -435,6 +439,7 @@
         DYNAMIC_TYPE_ECC_BUFFER   = 85,
         DYNAMIC_TYPE_QSH          = 86,
         DYNAMIC_TYPE_SALT         = 87,
+        DYNAMIC_TYPE_HASH_TMP     = 88,
 	};
 
 	/* max error buffer string size */
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index d10522cbf..27c16b858 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -160,9 +160,9 @@
         #error Need a mutex type in multithreaded mode
     #endif /* USE_WINDOWS_API */
 #endif /* SINGLE_THREADED */
-        
-/* Enable crypt HW mutex for Freescale MMCAU */
-#if defined(FREESCALE_MMCAU)
+
+/* Enable crypt HW mutex for Freescale MMCAU or PIC32MZ */
+#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ)
     #ifndef WOLFSSL_CRYPT_HW_MUTEX
         #define WOLFSSL_CRYPT_HW_MUTEX  1
     #endif
@@ -173,9 +173,9 @@
 #endif
 
 #if WOLFSSL_CRYPT_HW_MUTEX
-    /* wolfSSL_CryptHwMutexInit is called on first wolfSSL_CryptHwMutexLock, 
-       however it's recommended to call this directly on Hw init to avoid possible 
-       race condition where two calls to wolfSSL_CryptHwMutexLock are made at 
+    /* wolfSSL_CryptHwMutexInit is called on first wolfSSL_CryptHwMutexLock,
+       however it's recommended to call this directly on Hw init to avoid possible
+       race condition where two calls to wolfSSL_CryptHwMutexLock are made at
        the same time. */
     int wolfSSL_CryptHwMutexInit(void);
     int wolfSSL_CryptHwMutexLock(void);