diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
index ea4c8eaaa9..50527e10f6 100644
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -637,7 +637,6 @@ WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
 WC_FLAG_DONT_USE_AESNI
 WC_FORCE_LINUXKM_FORTIFY_SOURCE
-WC_LINUXKM_SUPPORT_DUMP_TO_FILE
 WC_LMS_FULL_HASH
 WC_NO_ASYNC_SLEEP
 WC_NO_RNG_SIMPLE
diff --git a/configure.ac b/configure.ac
index c3cbbb5be6..ca375b7a23 100644
--- a/configure.ac
+++ b/configure.ac
@@ -754,14 +754,14 @@ AC_ARG_ENABLE([benchmark],
 
 ENABLED_LINUXKM_PIE=$ENABLED_FIPS
 
-AC_ARG_ENABLE([linuxkm-pie],
-    [AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])],
-    [ENABLED_LINUXKM_PIE=$enableval])
-
 AC_ARG_ENABLE([kernel-reloc-tables],
     [AS_HELP_STRING([--enable-kernel-reloc-tables],[Enable containerized object build of wolfCrypt module in kernel build (default: disabled)])],
     [ENABLED_LINUXKM_PIE=$enableval])
 
+AC_ARG_ENABLE([linuxkm-pie],
+    [AS_HELP_STRING([--enable-linuxkm-pie],[Alias for --enable-kernel-reloc-tables])],
+    [ENABLED_LINUXKM_PIE=$enableval])
+
 if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_LINUXKM_PIE" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWC_SYM_RELOC_TABLES"
@@ -1701,13 +1701,13 @@ AC_ARG_WITH([liboqs],
 # Used:
 #  - SHA3, Shake128 and Shake256
 AC_ARG_ENABLE([mlkem],
-    [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])],
+    [AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: disabled)])],
     [ ENABLED_MLKEM=$enableval ],
     [ ENABLED_MLKEM=no ]
     )
 # note, inherits default from "mlkem" clause above.
 AC_ARG_ENABLE([kyber],
-    [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])],
+    [AS_HELP_STRING([--enable-kyber],[Alias for --enable-mlkem])],
     [ ENABLED_MLKEM=$enableval ]
     )
 
@@ -1837,13 +1837,13 @@ fi
 # Dilithium
 #  - SHA3, Shake128, Shake256 and AES-CTR
 AC_ARG_ENABLE([mldsa],
-    [AS_HELP_STRING([--enable-mldsa],[Enable MLDSA (default: disabled)])],
+    [AS_HELP_STRING([--enable-mldsa],[Enable ML-DSA/Dilithium (default: disabled)])],
     [ ENABLED_DILITHIUM=$enableval ],
     [ ENABLED_DILITHIUM=no ]
     )
 # note, inherits default from "mldsa" clause above.
 AC_ARG_ENABLE([dilithium],
-    [AS_HELP_STRING([--enable-dilithium],[Enable Dilithium/MLDSA (default: disabled)])],
+    [AS_HELP_STRING([--enable-dilithium],[Alias for --enable-mldsa])],
     [ ENABLED_DILITHIUM=$enableval ]
     )
 
@@ -4107,7 +4107,7 @@ AC_ARG_ENABLE([amdrdseed],
     )
 
 AC_ARG_ENABLE([amdrand],
-    [AS_HELP_STRING([--enable-amdrand],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])],
+    [AS_HELP_STRING([--enable-amdrand],[Alias for --enable-amdrdseed])],
     [ ENABLED_AMDRDSEED=$enableval ]
     )
 
@@ -6016,8 +6016,12 @@ AC_ARG_ENABLE([wolfEntropy],
     [ ENABLED_ENTROPY_MEMUSE=$enableval ],
     [ ENABLED_ENTROPY_MEMUSE=$ENABLED_ENTROPY_MEMUSE_DEFAULT ]
     )
+AC_ARG_ENABLE([wolfentropy],
+    [AS_HELP_STRING([--enable-wolfentropy],[Alias for --enable-wolfEntropy])],
+    [ ENABLED_ENTROPY_MEMUSE=$enableval ],
+    )
 AC_ARG_ENABLE([entropy-memuse],
-    [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
+    [AS_HELP_STRING([--enable-entropy-memuse],[Alias for --enable-wolfEntropy])],
     [ ENABLED_ENTROPY_MEMUSE=$enableval ]
     )
 
@@ -11046,8 +11050,11 @@ AX_HARDEN_CC_COMPILER_FLAGS
 
 # -Wdeprecated-enum-enum-conversion is on by default in C++20, but conflicts with
 # our use of enum constructs to define fungible constants.
-AX_CHECK_COMPILE_FLAG([-Werror -Wno-deprecated-enum-enum-conversion],
-  [AX_APPEND_FLAG([-Wno-deprecated-enum-enum-conversion], [AM_CFLAGS])])
+if test "$KERNEL_MODE_DEFAULTS" != "yes"
+then
+    AX_CHECK_COMPILE_FLAG([-Werror -Wno-deprecated-enum-enum-conversion],
+      [AX_APPEND_FLAG([-Wno-deprecated-enum-enum-conversion], [AM_CFLAGS])])
+fi
 
 case $host_os in
     mingw*)
diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild
index 7922077810..17c9d4f137 100644
--- a/linuxkm/Kbuild
+++ b/linuxkm/Kbuild
@@ -39,10 +39,13 @@ endif
 
 WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include)
 
+# -moutline-atomics added in gcc 10.1 for ARMv8.0.
+AARCH64_NO_OUTLINE_ATOMICS := $(shell { echo -e 'int f(void) {\n  return 0;\n}\n' | $(CC) -mno-outline-atomics -x c -c - -o /dev/null 2>/dev/null; } && echo -mno-outline-atomics)
+
 ifeq "$(KERNEL_ARCH)" "aarch64"
-    WOLFSSL_CFLAGS += -mno-outline-atomics
+    WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS)
 else ifeq "$(KERNEL_ARCH)" "arm64"
-    WOLFSSL_CFLAGS += -mno-outline-atomics
+    WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS)
 else ifeq "$(KERNEL_ARCH)" "arm"
     # avoids R_ARM_THM_JUMP11 relocations, including a stubborn tail recursion
     # optimization from wc_sp_cmp to wc_sp_cmp_mag:
@@ -111,7 +114,21 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     # note, we need -fno-stack-protector to avoid references to
     # "__stack_chk_fail" from the wolfCrypt container.
     PIE_FLAGS := -DWC_CONTAINERIZE_THIS -fno-stack-protector -fno-toplevel-reorder
-    # some targets can't handle -fpie.  E.g. ARM32 on kernel <=5.10 has no handling for R_ARM_REL32.
+
+    ifndef NO_PIE_FLAG
+      ifeq ($(KERNEL_ARCH),arm)
+        ifeq ($(intcmp $(VERSION),5,1,0,0),1)
+          NO_PIE_FLAG :=
+          $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.)
+        else
+          ifeq ($(intcmp $(VERSION),5,0,1,0)-$(intcmp $(PATCHLEVEL),11,1,0,0),1-1)
+            NO_PIE_FLAG :=
+            $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.)
+          endif
+        endif
+      endif
+    endif
+
     ifdef NO_PIE_FLAG
         PIE_FLAGS += -DWC_NO_PIE_FLAG
     else
diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
index 9061308fb5..fc30b60eb2 100644
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -301,7 +301,13 @@
     #endif
 
     #if defined(WC_CONTAINERIZE_THIS) && defined(CONFIG_ARM64)
-        #define alt_cb_patch_nops my__alt_cb_patch_nops
+        /* alt_cb_patch_nops and queued_spin_lock_slowpath are defined early
+         * to allow shimming in system headers.
+         */
+        /* alt_cb_patch_nops added by d926079f17, release 6.1 */
+        #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
+            #define alt_cb_patch_nops my__alt_cb_patch_nops
+        #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
         #define queued_spin_lock_slowpath my__queued_spin_lock_slowpath
     #endif
 
@@ -509,6 +515,11 @@
     #endif /* !WOLFCRYPT_ONLY */
 #endif /* !WC_CONTAINERIZE_THIS */
 
+    #if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) && \
+        !defined(WC_LINUXKM_SUPPORT_DUMP_TO_FILE)
+        #define WC_LINUXKM_SUPPORT_DUMP_TO_FILE
+    #endif
+
     #ifdef WC_LINUXKM_SUPPORT_DUMP_TO_FILE
         #include <linux/fs.h>
         #include <linux/uaccess.h>
@@ -1116,12 +1127,16 @@
              * to allow shimming in system headers, but now we need the native
              * ones.
              */
+            #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
             #undef alt_cb_patch_nops
             typeof(my__alt_cb_patch_nops) *alt_cb_patch_nops;
+            #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
             #undef queued_spin_lock_slowpath
             typeof(my__queued_spin_lock_slowpath) *queued_spin_lock_slowpath;
         #else
+            #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
             typeof(alt_cb_patch_nops) *alt_cb_patch_nops;
+            #endif
             typeof(queued_spin_lock_slowpath) *queued_spin_lock_slowpath;
         #endif
         #endif
diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index 44e8a35dc7..14bed3ff57 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -268,16 +268,19 @@ static ssize_t dump_to_file(const char *path, const u8 *buf, size_t buf_len)
         return ret;
     }
 
-    fp = filp_open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+    fp = filp_open(path, O_WRONLY | O_CREAT, 0644);
     if (IS_ERR(fp)) {
         pr_err("libwolfssl: cannot open %s: %ld\n", path, PTR_ERR(fp));
         return PTR_ERR(fp);
     }
 
     WC_SANITIZE_DISABLE();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
-    /* kernel_write() exported by 7bb307e894d51 */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
+    /* kernel_write() fixed by e13ec939e9 */
     ret = kernel_write(fp, buf, buf_len, &pos);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
+    /* kernel_write() exported by 7bb307e894d51 */
+    ret = kernel_write(fp, (char *)buf, buf_len, pos);
 #else
     ret = vfs_write(fp, buf, buf_len, &pos);
 #endif
@@ -575,12 +578,26 @@ static int wolfssl_init(void)
 
 #ifdef WC_SYM_RELOC_TABLES
     if (text_dump_path) {
-        if (dump_to_file(text_dump_path, (u8 *)__wc_text_start, (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) == 0)
-            pr_info("libwolfssl: dumped .wolfcrypt_text (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start), text_dump_path);
+        if (dump_to_file(text_dump_path,
+                         (u8 *)__wc_text_start,
+                         (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start))
+            > 0)
+        {
+            pr_info("libwolfssl: dumped .wolfcrypt_text (%zu bytes) to %s.\n",
+                    (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start),
+                    text_dump_path);
+        }
     }
     if (rodata_dump_path) {
-        if (dump_to_file(rodata_dump_path, (u8 *)__wc_rodata_start, (size_t)(__wc_rodata_end - __wc_rodata_start)) == 0)
-            pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), text_dump_path);
+        if (dump_to_file(rodata_dump_path,
+                         (u8 *)__wc_rodata_start,
+                         (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start))
+            > 0)
+        {
+            pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n",
+                    (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start),
+                    rodata_dump_path);
+        }
     }
 #else
     if ((text_dump_path != NULL) ||
@@ -1536,7 +1553,9 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 
 #ifdef CONFIG_ARM64
 #ifndef CONFIG_ARCH_TEGRA
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
     wolfssl_linuxkm_pie_redirect_table.alt_cb_patch_nops = alt_cb_patch_nops;
+#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
     wolfssl_linuxkm_pie_redirect_table.queued_spin_lock_slowpath = queued_spin_lock_slowpath;
 #endif
 #endif
diff --git a/tests/api.c b/tests/api.c
index 0cda4e114a..5c3e9383ff 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -18879,7 +18879,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     const unsigned char* p;
     unsigned char *der = NULL;
     unsigned char *tmp = NULL;
-    int derLen;
+    int derLen = -1;
     unsigned char pub_buf[65];
     unsigned char pub_spki_buf[91];
     const int pub_len = 65;
@@ -18989,7 +18989,7 @@ static int test_wolfSSL_d2i_and_i2d_DSAparams(void)
     };
     int derInLen = sizeof(derIn);
     byte* derOut = NULL;
-    int derOutLen;
+    int derOutLen = -1;
     byte* p = derIn;
 
     /* Check that params can be successfully decoded. */
diff --git a/tests/api/test_pkcs7.c b/tests/api/test_pkcs7.c
index 5f3644869f..dab2431fcd 100644
--- a/tests/api/test_pkcs7.c
+++ b/tests/api/test_pkcs7.c
@@ -3143,7 +3143,7 @@ int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
     byte rid[256];
     byte cms[1024];
     XFILE cmsFile = XBADFILE;
-    int ret;
+    int ret = -1;
     word32 ridSz = sizeof(rid);
     XFILE skiHexFile = XBADFILE;
     byte skiHex[256];
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index d1712774d8..b0f8c07aad 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -5008,12 +5008,15 @@ char* wolfSSL_strnstr(const char* s1, const char* s2, unsigned int n)
 #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \
     defined(WC_SYM_RELOC_TABLES)
 #ifndef CONFIG_ARCH_TEGRA
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
 noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr,
                                    __le32 *updptr, int nr_inst)
 {
     return WC_PIE_INDIRECT_SYM(alt_cb_patch_nops)
         (alt, origptr, updptr, nr_inst);
 }
+#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
 
 void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val)
 {
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 7da4766f5f..6ee466ef02 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -698,7 +698,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pwdbased_test(void);
 #if defined(USE_CERT_BUFFERS_2048) && \
         defined(HAVE_PKCS12) && \
             !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
-            !defined(NO_CERTS) && !defined(NO_DES3)
+            !defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pkcs12_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ripemd_test(void);
@@ -2648,7 +2648,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #if defined(USE_CERT_BUFFERS_2048) && \
         defined(HAVE_PKCS12) && \
             !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
-            !defined(NO_CERTS) && !defined(NO_DES3)
+            !defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA)
     if ( (ret = pkcs12_test()) != 0)
         TEST_FAIL("PKCS12   test failed!\n", ret);
     else
@@ -4564,6 +4564,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
     } /* END LARGE HASH TEST */
 #endif /* NO_LARGE_HASH_TEST */
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */
     wc_ShaFree(&sha);
@@ -4587,6 +4588,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
 
@@ -5027,6 +5029,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
     }
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */
     wc_Sha224Free(&sha);
@@ -5050,6 +5053,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
     wc_Sha224Free(&sha);
@@ -5275,6 +5279,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     }
 #endif
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */
     wc_Sha256Free(&sha);
@@ -5298,6 +5303,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
 
@@ -5516,6 +5522,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
 #undef LARGE_HASH_TEST_INPUT_SZ
 #endif /* NO_LARGE_HASH_TEST */
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */
     wc_Sha512Free(&sha);
@@ -5539,6 +5546,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
 
@@ -5961,6 +5969,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
     } /* END LARGE HASH TEST */
 #endif /* NO_LARGE_HASH_TEST */
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */
     wc_Sha384Free(&sha);
@@ -5984,6 +5993,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
 
@@ -6013,6 +6023,7 @@ static wc_test_ret_t sha3_224_test(void)
     WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
     if (!WC_VAR_OK(shaCopy))
         return WC_TEST_RET_ENC_EC(MEMORY_E);
+    XMEMSET(shaCopy, 0, sizeof(*shaCopy));
 
     a.input  = "";
     a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
@@ -6037,8 +6048,10 @@ static wc_test_ret_t sha3_224_test(void)
     test_sha[2] = c;
 
     ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
-    if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != 0) {
+        XMEMSET(&sha, 0, sizeof(sha));
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
+    }
 
     for (i = 0; i < times; ++i) {
         ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
@@ -6083,6 +6096,7 @@ static wc_test_ret_t sha3_224_test(void)
     } /* END LARGE HASH TEST */
 #endif /* NO_LARGE_HASH_TEST */
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
     wc_Sha3_224_Free(&sha);
@@ -6106,6 +6120,7 @@ static wc_test_ret_t sha3_224_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA3_224_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
     wc_Sha3_224_Free(&sha);
@@ -6237,6 +6252,7 @@ static wc_test_ret_t sha3_256_test(void)
     }
 #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
     wc_Sha3_256_Free(&sha);
@@ -6260,6 +6276,7 @@ static wc_test_ret_t sha3_256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA3_256_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
     wc_Sha3_256_Free(&sha);
@@ -6391,6 +6408,7 @@ static wc_test_ret_t sha3_384_test(void)
     } /* END LARGE HASH TEST */
 #endif /* NO_LARGE_HASH_TEST */
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
     wc_Sha3_384_Free(&sha);
@@ -6414,6 +6432,7 @@ static wc_test_ret_t sha3_384_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA3_384_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
     wc_Sha3_384_Free(&sha);
@@ -6526,6 +6545,7 @@ static wc_test_ret_t sha3_512_test(void)
     } /* END LARGE HASH TEST */
 #endif /* NO_LARGE_HASH_TEST */
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
     wc_Sha3_512_Free(&sha);
@@ -6549,6 +6569,7 @@ static wc_test_ret_t sha3_512_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, WC_SHA3_512_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
     wc_Sha3_512_Free(&sha);
@@ -6940,6 +6961,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
     if (ret != 0)
         ERROR_OUT(ret, exit);
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
     wc_Shake128_Free(&sha);
@@ -6963,6 +6985,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, a.outLen) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
     wc_Shake128_Free(&sha);
@@ -7315,6 +7338,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
     if (ret != 0)
         ERROR_OUT(ret, exit);
 
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
     /* Copy cleanup test: verify Copy into a previously-used dst does not leak
      * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
     wc_Shake256_Free(&sha);
@@ -7338,6 +7362,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     if (XMEMCMP(hash, a.output, a.outLen) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
 
 exit:
     wc_Shake256_Free(&sha);
@@ -30444,7 +30469,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
 #if defined(USE_CERT_BUFFERS_2048) && \
         defined(HAVE_PKCS12) && \
             !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
-            !defined(NO_CERTS) && !defined(NO_DES3)
+            !defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
 {
     wc_test_ret_t ret = 0;