wolfCrypt as crypto backend for VeraCrypt (#1227)

* wolfCrypt as crypto backend for VeraCrypt * Refactor to use EncryptionModeWolfCryptXTS class
2024-11-10 05:03:33 +01:00 · 2023-11-12 16:51:31 -07:00 · 2023-11-12 16:51:31 -07:00 · 9247ce1bb9
commit 9247ce1bb9
parent 458be85f84
36 changed files with 1104 additions and 220 deletions
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@ -1687,23 +1687,26 @@ namespace VeraCrypt
 				if (_stricmp (request.BootEncryptionAlgorithmName, "AES") == 0)
 					ea = AES;
                        #ifndef WOLFCRYPT_BACKEND
 				else if (_stricmp (request.BootEncryptionAlgorithmName, "Camellia") == 0)
 					ea = CAMELLIA;	
                                else if (_stricmp (request.BootEncryptionAlgorithmName, "Serpent") == 0)
 					ea = SERPENT;
 				else if (_stricmp (request.BootEncryptionAlgorithmName, "Twofish") == 0)
 					ea = TWOFISH;
-				else if (_stricmp (request.BootEncryptionAlgorithmName, "Camellia") == 0)
+                        #endif
 					ea = CAMELLIA;
 				if (_stricmp(request.BootPrfAlgorithmName, "SHA-256") == 0)
 					pkcs5_prf = SHA256;
 				else if (_stricmp(request.BootPrfAlgorithmName, "BLAKE2s-256") == 0)
 					pkcs5_prf = BLAKE2S;
                              else if (_stricmp(request.BootPrfAlgorithmName, "SHA-512") == 0)
 					pkcs5_prf = SHA512;
                        #ifndef WOLFCRYPT_BACKEND
 				else if (_stricmp(request.BootPrfAlgorithmName, "BLAKE2s-256") == 0)
 					pkcs5_prf = BLAKE2S;	
 				else if (_stricmp(request.BootPrfAlgorithmName, "Whirlpool") == 0)
 					pkcs5_prf = WHIRLPOOL;
 				else if (_stricmp(request.BootPrfAlgorithmName, "Streebog") == 0)
 					pkcs5_prf = STREEBOG;
                        #endif
 				else if (strlen(request.BootPrfAlgorithmName) == 0) // case of version < 1.0f
 					pkcs5_prf = BLAKE2S;
 			}
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@ -57,14 +57,18 @@ static Cipher Ciphers[] =
 //	  ID		Name			(Bytes)		(Bytes)		(Bytes)
 #ifdef TC_WINDOWS_BOOT
 	{ AES,		"AES",			16,			32,			AES_KS				},
 #ifndef WOLFCRYPT_BACKEND
        { SERPENT,	"Serpent",		16,			32,			140*4				},
 	{ TWOFISH,	"Twofish",		16,			32,			TWOFISH_KS			},
 #endif
 #else
 	{ AES,		L"AES",			16,			32,			AES_KS				},
 #ifndef WOLFCRYPT_BACKEND
 	{ SERPENT,	L"Serpent",		16,			32,			140*4				},
 	{ TWOFISH,	L"Twofish",		16,			32,			TWOFISH_KS			},
 	{ CAMELLIA,	L"Camellia",	16,			32,			CAMELLIA_KS			},
 	{ KUZNYECHIK,	L"Kuznyechik",16,		32,			KUZNYECHIK_KS },
 #endif
 #endif
 	{ 0,		0,				0,			0,			0					}
 };
@ -79,6 +83,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 	{ { 0,							0 }, { 0, 0},		0, 0 },	// Must be all-zero
 	{ { AES,							0 }, { XTS, 0 },	1, 1 },
 #ifndef WOLFCRYPT_BACKEND
 	{ { SERPENT,					0 }, { XTS, 0 },	1, 1 },
 	{ { TWOFISH,					0 }, { XTS, 0 },	1, 1 },
 	{ { CAMELLIA,					0 }, { XTS, 0 },	1, 1 },
@ -93,6 +98,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 	{ { SERPENT, CAMELLIA,		0 }, { XTS, 0 },	0, 1 },
 	{ { AES, KUZNYECHIK,		0 }, { XTS, 0 },	0, 1 },
 	{ { CAMELLIA, SERPENT, KUZNYECHIK,	0 }, { XTS, 0 },	0, 1 },
 #endif
 	{ { 0,							0 }, { 0,    0},	0, 0 }		// Must be all-zero
 #else // TC_WINDOWS_BOOT
@ -100,6 +106,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 	// Encryption algorithms available for boot drive encryption
 	{ { 0,						0 }, { 0, 0 },		0 },	// Must be all-zero
 	{ { AES,					0 }, { XTS, 0 },	1 },
 #ifndef WOLFCRYPT_BACKEND
 	{ { SERPENT,				0 }, { XTS, 0 },	1 },
 	{ { TWOFISH,				0 }, { XTS, 0 },	1 },
 	{ { TWOFISH, AES,			0 }, { XTS, 0 },	1 },
@ -107,6 +114,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 	{ { AES, SERPENT,			0 }, { XTS, 0 },	1 },
 	{ { AES, TWOFISH, SERPENT,	0 }, { XTS, 0 },	1 },
 	{ { SERPENT, TWOFISH,		0 }, { XTS, 0 },	1 },
 #endif
 	{ { 0,						0 }, { 0, 0 },		0 },	// Must be all-zero
 #endif
@ -119,10 +127,12 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 static Hash Hashes[] =
 {	// ID				Name					Deprecated	System Encryption
 	{ SHA512,		L"SHA-512",				FALSE,	FALSE },
 	{ WHIRLPOOL,	L"Whirlpool",			FALSE,	FALSE },
 	{ BLAKE2S,		L"BLAKE2s-256",				FALSE,	TRUE },
 	{ SHA256,		L"SHA-256",				FALSE,	TRUE },
    #ifndef WOLFCRYPT_BACKEND
        { BLAKE2S,		L"BLAKE2s-256",				FALSE,	TRUE },
        { WHIRLPOOL,	L"Whirlpool",			FALSE,	FALSE },
 	{ STREEBOG,		L"Streebog",	FALSE,	FALSE },
    #endif
        { 0, 0, 0 }
 };
 #endif
@ -147,6 +157,7 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
 #endif
 		break;
 #ifndef WOLFCRYPT_BACKEND	
 	case SERPENT:
 		serpent_set_key (key, ks);
 		break;
@ -167,6 +178,7 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
 		break;
 #endif // !defined(TC_WINDOWS_BOOT)
 #endif
 	default:
 		// Unknown/wrong cipher ID
 		return ERR_CIPHER_INIT_FAILURE;
@ -189,6 +201,7 @@ void EncipherBlock(int cipher, void *data, void *ks)
 			aes_encrypt (data, data, ks);
 		break;
 #ifndef WOLFCRYPT_BACKEND
 	case TWOFISH:		twofish_encrypt (ks, data, data); break;
 	case SERPENT:		serpent_encrypt (data, data, ks); break;
 #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_CAMELLIA)
@ -197,6 +210,7 @@ void EncipherBlock(int cipher, void *data, void *ks)
 #if !defined(TC_WINDOWS_BOOT)
 	case KUZNYECHIK:		kuznyechik_encrypt_block(data, data, ks); break;
 #endif // !defined(TC_WINDOWS_BOOT) 
 #endif
 	default:			TC_THROW_FATAL_EXCEPTION;	// Unknown/wrong ID
 	}
 }
@ -230,6 +244,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	}
 #ifndef WOLFCRYPT_BACKEND	
 #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
 	else if (cipher == SERPENT
 			&& (blockCount >= 4)
@ -266,6 +281,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	}
 #endif
 #endif
 	else
 	{
@ -284,6 +300,7 @@ void DecipherBlock(int cipher, void *data, void *ks)
 {
 	switch (cipher)
 	{
 #ifndef WOLFCRYPT_BACKEND	
 	case SERPENT:	serpent_decrypt (data, data, ks); break;
 	case TWOFISH:	twofish_decrypt (ks, data, data); break;
 #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_CAMELLIA)
@ -292,6 +309,7 @@ void DecipherBlock(int cipher, void *data, void *ks)
 #if !defined(TC_WINDOWS_BOOT)
 	case KUZNYECHIK:	kuznyechik_decrypt_block(data, data, ks); break;
 #endif // !defined(TC_WINDOWS_BOOT)
 #endif
 #ifndef TC_WINDOWS_BOOT
@ -341,6 +359,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	}
 #ifndef WOLFCRYPT_BACKEND	
 #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
 	else if (cipher == SERPENT
 			&& (blockCount >= 4)
@ -377,6 +396,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	}
 #endif
 #endif
 	else
 	{
@ -524,6 +544,14 @@ BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2)
 		if (EAInit (ci->ea, key2, ci->ks2) != ERR_SUCCESS)
 			return FALSE;
            #ifdef WOLFCRYPT_BACKEND
                if (xts_encrypt_key256 (key2, (aes_encrypt_ctx *) ci->ks) != EXIT_SUCCESS)
 			return ERR_CIPHER_INIT_FAILURE;
 		if (xts_decrypt_key256 (key2, (aes_decrypt_ctx *) (ci->ks + sizeof(aes_encrypt_ctx))) != EXIT_SUCCESS)
 			return ERR_CIPHER_INIT_FAILURE;
            #endif
                /* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit
 		on the volume to be tweaked with zero tweaks (i.e. 512 bytes of the volume would be encrypted in ECB
 		mode). However, to create a TrueCrypt volume with such a weak key, each human being on Earth would have
@ -1093,11 +1121,11 @@ void EncipherBlock(int cipher, void *data, void *ks)
 		aes_hw_cpu_encrypt ((byte *) ks, data);
 	else
 		aes_encrypt (data, data, ks); 
-#elif defined (TC_WINDOWS_BOOT_SERPENT)
+#elif defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 	serpent_encrypt (data, data, ks);
-#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 	twofish_encrypt (ks, data, data);
-#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 	camellia_encrypt (data, data, ks);
 #endif
 }
@ -1109,11 +1137,11 @@ void DecipherBlock(int cipher, void *data, void *ks)
 		aes_hw_cpu_decrypt ((byte *) ks + sizeof (aes_encrypt_ctx) + 14 * 16, data);
 	else
 		aes_decrypt (data, data, (aes_decrypt_ctx *) ((byte *) ks + sizeof(aes_encrypt_ctx))); 
-#elif defined (TC_WINDOWS_BOOT_SERPENT)
+#elif defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 	serpent_decrypt (data, data, ks);
-#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 	twofish_decrypt (ks, data, data);
-#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 	camellia_decrypt (data, data, ks);
 #endif
 }
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@ -6143,11 +6143,13 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 		*/
 		{
 			BYTE digest [MAX_DIGESTSIZE];
 		#ifndef WOLFCRYPT_BACKEND	
                        WHIRLPOOL_CTX	wctx;
 			STREEBOG_CTX		stctx;
                        blake2s_state   bctx;
               #endif
 			sha512_ctx		s2ctx;
 			sha256_ctx		s256ctx;
 			STREEBOG_CTX		stctx;
 			int hid, i;
@ -6172,7 +6174,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 						sha256_hash (lpTestBuffer, benchmarkBufferSize, &s256ctx);
 						sha256_end ((unsigned char *) digest, &s256ctx);
 						break;
-
+                              #ifndef WOLFCRYPT_BACKEND
 					case BLAKE2S:
 						blake2s_init(&bctx);
 						blake2s_update(&bctx, lpTestBuffer, benchmarkBufferSize);
@ -6192,6 +6194,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 						break;
 					}
 			        #endif	
                                }
 				if (QueryPerformanceCounter (&performanceCountEnd) == 0)
@ -6240,7 +6243,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 					/* PKCS-5 test with HMAC-SHA-256 used as the PRF */
 					derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
 					break;
-
+                          #ifndef WOLFCRYPT_BACKEND
 				case BLAKE2S:
 					/* PKCS-5 test with HMAC-BLAKE2s used as the PRF */
 					derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
@ -6256,6 +6259,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 					derive_key_streebog("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
 					break;
 				}
 	                   #endif	
                        }
 			if (QueryPerformanceCounter (&performanceCountEnd) == 0)
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@ -262,19 +262,17 @@ BOOL Randmix ()
 	if (bRandmixEnabled)
 	{
 		unsigned char hashOutputBuffer [MAX_DIGESTSIZE];
        #ifndef WOLFCRYPT_BACKEND		
                WHIRLPOOL_CTX	wctx;
                blake2s_state   bctx;
 		STREEBOG_CTX	stctx;
        #endif
 		sha512_ctx		sctx;
 		sha256_ctx		s256ctx;
 		STREEBOG_CTX	stctx;
 		int poolIndex, digestIndex, digestSize;
 		switch (HashFunction)
 		{
 		case BLAKE2S:
 			digestSize = BLAKE2S_DIGESTSIZE;
 			break;
 		case SHA512:
 			digestSize = SHA512_DIGESTSIZE;
 			break;
@ -283,6 +281,11 @@ BOOL Randmix ()
 			digestSize = SHA256_DIGESTSIZE;
 			break;
        #ifndef WOLFCRYPT_BACKEND	
               case BLAKE2S:
 			digestSize = BLAKE2S_DIGESTSIZE;
 			break;
 		case WHIRLPOOL:
 			digestSize = WHIRLPOOL_DIGESTSIZE;
 			break;
@ -290,7 +293,7 @@ BOOL Randmix ()
 		case STREEBOG:
 			digestSize = STREEBOG_DIGESTSIZE;
 			break;
-
+        #endif
 		default:
 			TC_THROW_FATAL_EXCEPTION;
 		}
@ -303,12 +306,6 @@ BOOL Randmix ()
 			/* Compute the message digest of the entire pool using the selected hash function. */
 			switch (HashFunction)
 			{
 			case BLAKE2S:
 				blake2s_init(&bctx);
 				blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE);
 				blake2s_final(&bctx, hashOutputBuffer);
 				break;
 			case SHA512:
 				sha512_begin (&sctx);
 				sha512_hash (pRandPool, RNG_POOL_SIZE, &sctx);
@ -321,6 +318,13 @@ BOOL Randmix ()
 				sha256_end (hashOutputBuffer, &s256ctx);
 				break;
                #ifndef WOLFCRYPT_BACKEND
                      case BLAKE2S:
 				blake2s_init(&bctx);
 				blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE);
 				blake2s_final(&bctx, hashOutputBuffer);
 				break;
 			case WHIRLPOOL:
 				WHIRLPOOL_init (&wctx);
 				WHIRLPOOL_add (pRandPool, RNG_POOL_SIZE, &wctx);
@ -332,7 +336,7 @@ BOOL Randmix ()
 				STREEBOG_add (&stctx, pRandPool, RNG_POOL_SIZE);
 				STREEBOG_finalize (&stctx, hashOutputBuffer);
 				break;
-
+                #endif
 			default:
 				// Unknown/wrong ID
 				TC_THROW_FATAL_EXCEPTION;
@ -349,10 +353,6 @@ BOOL Randmix ()
 		burn (hashOutputBuffer, MAX_DIGESTSIZE);
 		switch (HashFunction)
 		{
 		case BLAKE2S:
 			burn (&bctx, sizeof(bctx));
 			break;
 		case SHA512:
 			burn (&sctx, sizeof(sctx));
 			break;
@ -361,6 +361,11 @@ BOOL Randmix ()
 			burn (&s256ctx, sizeof(s256ctx));
 			break;
        #ifndef WOLFCRYPT_BACKEND
               case BLAKE2S:
 			burn (&bctx, sizeof(bctx));
 			break;
 		case WHIRLPOOL:
 			burn (&wctx, sizeof(wctx));
 			break;
@ -368,7 +373,7 @@ BOOL Randmix ()
 		case STREEBOG:
 			burn (&stctx, sizeof(sctx));
 			break;
-
+        #endif
 		default:
 			// Unknown/wrong ID
 			TC_THROW_FATAL_EXCEPTION;
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@ -311,6 +311,9 @@ AES_TEST aes_ecb_vectors[AES_TEST_COUNT] = {
 0x8e,0xa2,0xb7,0xca,0x51,0x67,0x45,0xbf,0xea,0xfc,0x49,0x90,0x4b,0x49,0x60,0x89
 };
 #ifndef WOLFCRYPT_BACKEND
 // Serpent ECB test vectors
 #define SERPENT_TEST_COUNT 1
@ -419,6 +422,7 @@ KUZNYECHIK_TEST kuznyechik_vectors[KUZNYECHIK_TEST_COUNT] = {
 }
 };
 #endif
 /* Test vectors from FIPS 198a, RFC 4231, RFC 2104, RFC 2202, and other sources. */
@ -784,6 +788,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
 					break;
 				}
 			}
               #ifndef WOLFCRYPT_BACKEND
 			else if (wcscmp (name, L"Serpent") == 0)
 			{
 				switch (testCase)
@ -1148,7 +1153,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
 					break;
 				}
 			}
-
+                #endif
 			if (crc == 0x9f5edd58)
 				return FALSE;
@ -1200,6 +1205,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
 				return FALSE;
 			nTestsPerformed++;
 		}
        #ifndef WOLFCRYPT_BACKEND
 		else if (wcscmp (name, L"Serpent") == 0)
 		{
 			if (crc != 0x3494d480)
@ -1284,7 +1290,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
 				return FALSE;
 			nTestsPerformed++;
 		}
-
+        #endif
 		if (crc == 0x9f5edd58)
 			return FALSE;
@ -1357,6 +1363,7 @@ static BOOL DoAutoTestAlgorithms (void)
 			bFailed = TRUE;
 	}
    #ifndef WOLFCRYPT_BACKEND
 	/* Serpent */
 	for (i = 0; i < SERPENT_TEST_COUNT; i++)
@ -1437,6 +1444,7 @@ static BOOL DoAutoTestAlgorithms (void)
 	}
 	if (i != KUZNYECHIK_TEST_COUNT)
 		bFailed = TRUE;
    #endif
 	/* PKCS #5 and HMACs */
 	if (!test_pkcs5 ())
@ -1565,6 +1573,7 @@ BOOL test_hmac_sha512 ()
 	return (nTestsPerformed == 6);
 }
 #ifndef WOLFCRYPT_BACKEND
 BOOL test_hmac_blake2s ()
 {
 	unsigned int i;
@ -1609,6 +1618,7 @@ BOOL test_hmac_whirlpool ()
 	return TRUE;
 }
 #endif
 /* http://www.tc26.ru/methods/recommendation/%D0%A2%D0%9A26%D0%90%D0%9B%D0%93.pdf */
 /* https://tools.ietf.org/html/draft-smyshlyaev-gost-usage-00 */
@ -1633,6 +1643,7 @@ static const unsigned char gost3411_2012_hmac_r1[] = {
 };
 #ifndef WOLFCRYPT_BACKEND
 BOOL test_hmac_streebog ()
 {
 	CRYPTOPP_ALIGN_DATA(16) char digest[64]; /* large enough to hold digets and test vector inputs */
@ -1653,6 +1664,7 @@ int __cdecl StreebogHash (unsigned char* input, unsigned long inputLen, unsigned
 	STREEBOG_finalize (&ctx, output);
 	return STREEBOG_DIGESTSIZE;
 }
 #endif
 BOOL test_pkcs5 ()
 {
@ -1666,6 +1678,7 @@ BOOL test_pkcs5 ()
 	if (!test_hmac_sha512())
 		return FALSE;
 #ifndef WOLFCRYPT_BACKEND
 	/* HMAC-BLAKE2s tests */
 	if (test_hmac_blake2s() == FALSE)
 		return FALSE;
@ -1685,7 +1698,7 @@ BOOL test_pkcs5 ()
 	/* STREEBOG hash tests */
 	if (RunHashTest (StreebogHash, Streebog512TestVectors, (HasSSE2() || HasSSE41())? TRUE : FALSE) == FALSE)
 		return FALSE;
-
+#endif
 	/* PKCS-5 test 1 with HMAC-SHA-256 used as the PRF (https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00) */
 	derive_key_sha256 ("passwd", 6, "\x73\x61\x6C\x74", 4, 1, dk, 64);
 	if (memcmp (dk, "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5\x09\x11\x20\x41\xd3\xa1\x97\x83", 64) != 0)
@ -1717,6 +1730,7 @@ BOOL test_pkcs5 ()
 	if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
 		return FALSE;
 #ifndef WOLFCRYPT_BACKEND
 	/* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */
 	derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)
@ -1746,6 +1760,6 @@ BOOL test_pkcs5 ()
 	derive_key_streebog ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 96);
 	if (memcmp (dk, "\xd0\x53\xa2\x30\x6f\x45\x81\xeb\xbc\x06\x81\xc5\xe7\x53\xa8\x5d\xc7\xf1\x23\x33\x1e\xbe\x64\x2c\x3b\x0f\x26\xd7\x00\xe1\x95\xc9\x65\x26\xb1\x85\xbe\x1e\xe2\xf4\x9b\xfc\x6b\x14\x84\xda\x24\x61\xa0\x1b\x9e\x79\x5c\xee\x69\x6e\xf9\x25\xb1\x1d\xca\xa0\x31\xba\x02\x6f\x9e\x99\x0f\xdb\x25\x01\x5b\xf1\xc7\x10\x19\x53\x3b\x29\x3f\x18\x00\xd6\xfc\x85\x03\xdc\xf2\xe5\xe9\x5a\xb1\x1e\x61\xde", 96) != 0)
 		return FALSE;
-
+#endif
 	return TRUE;
 }
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@ -369,30 +369,33 @@ KeyReady:	;
 			switch (pkcs5_prf)
 			{
 			case BLAKE2S:
 				derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 			case SHA512:
 				derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 			case WHIRLPOOL:
 				derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 			case SHA256:
 				derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
                #ifndef WOLFCRYPT_BACKEND
                        case BLAKE2S:
 				derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 	                case WHIRLPOOL:
 				derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
                        case STREEBOG:
 				derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
                #endif	
                        default:
 				// Unknown/wrong ID
 				TC_THROW_FATAL_EXCEPTION;
@ -650,6 +653,7 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
 	//
 	// we have: TC_BOOT_SECTOR_USER_MESSAGE_OFFSET = TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET + TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE
 #ifndef WOLFCRYPT_BACKEND
        WHIRLPOOL_CTX whirlpool;
 	sha512_ctx sha2;
@ -667,6 +671,26 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
 	WHIRLPOOL_finalize (&whirlpool, fingerprint);
 	sha512_end (&fingerprint [WHIRLPOOL_DIGESTSIZE], &sha2);
 #else
 	sha512_ctx sha2_512;
 	sha256_ctx sha2_256;
 	sha512_begin (&sha2_512);
 	sha256_begin (&sha2_256);
 	sha512_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_512);
 	sha256_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_256);
 	sha512_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_512);
 	sha256_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_256);
 	sha512_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_512);
 	sha256_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_256);
 	sha512_end (&fingerprint, &sha2_512);
 	sha256_end (&fingerprint [SHA512_DIGESTSIZE], &sha2_256);
 	sha256_end (&fingerprint [SHA512_DIGESTSIZE + SHA256_DIGESTSIZE], &sha2_256);
 #endif
 }
 #endif
@ -711,11 +735,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 #endif
 	{
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk, cryptoInfo->ks);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk, cryptoInfo->ks);
 	#else
 		status = EAInit (dk, cryptoInfo->ks);
@ -729,11 +753,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 #endif
 		// Secondary key schedule
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk + 32, cryptoInfo->ks2);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk + 32, cryptoInfo->ks2);
 	#else
 		EAInit (dk + 32, cryptoInfo->ks2);
@ -790,11 +814,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 		// Init the encryption algorithm with the decrypted master key
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk, cryptoInfo->ks);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk, cryptoInfo->ks);
 	#else
 		status = EAInit (dk, cryptoInfo->ks);
@ -809,11 +833,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 		// The secondary master key (if cascade, multiple concatenated)
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk + 32, cryptoInfo->ks2);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk + 32, cryptoInfo->ks2);
 	#else
 		EAInit (dk + 32, cryptoInfo->ks2);
@ -976,6 +1000,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 				PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 			break;
        #ifndef WOLFCRYPT_BACKEND
 		case BLAKE2S:
 			derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 				PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
@ -990,7 +1015,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 			derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 				PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 			break;
-
+        #endif
 		default:
 			// Unknown/wrong ID
 			crypto_close (cryptoInfo);
--- a/src/Common/Xts.c
+++ b/src/Common/Xts.c
@ -54,10 +54,14 @@ void EncryptBufferXTS (unsigned __int8 *buffer,
 					   unsigned __int8 *ks2,
 					   int cipher)
 {
    #ifndef WOLFCRYPT_BACKEND
        if (CipherSupportsIntraDataUnitParallelization (cipher))
 		EncryptBufferXTSParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
 	else
 		EncryptBufferXTSNonParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
    #else
        xts_encrypt(buffer, buffer, length, startDataUnitNo, ks);
    #endif
 }
 #if (CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && CRYPTOPP_BOOL_X64)
@ -380,10 +384,14 @@ void DecryptBufferXTS (unsigned __int8 *buffer,
 					   unsigned __int8 *ks2,
 					   int cipher)
 {
    #ifndef WOLFCRYPT_BACKEND
 	if (CipherSupportsIntraDataUnitParallelization (cipher))
 		DecryptBufferXTSParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
 	else
 		DecryptBufferXTSNonParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
    #else
        xts_decrypt(buffer, buffer, length, startDataUnitNo, ks);
    #endif
 }
--- a/src/Core/RandomNumberGenerator.cpp
+++ b/src/Core/RandomNumberGenerator.cpp
@ -257,7 +257,11 @@ namespace VeraCrypt
 	void RandomNumberGenerator::Test ()
 	{
 		shared_ptr <Hash> origPoolHash = PoolHash;
 	    #ifndef WOLFCRYPT_BACKEND
                PoolHash.reset (new Blake2s());
            #else
                PoolHash.reset (new Sha256());
            #endif
 		Pool.Zero();
 		Buffer buffer (1);
@ -267,14 +271,22 @@ namespace VeraCrypt
 			AddToPool (buffer);
 		}
 	    #ifndef WOLFCRYPT_BACKEND
 		if (Crc32::ProcessBuffer (Pool) != 0x9c743238)
            #else
                if (Crc32::ProcessBuffer (Pool) != 0xac95ac1a)
            #endif
 		        throw TestFailed (SRC_POS);
 		buffer.Allocate (PoolSize);
 		buffer.CopyFrom (PeekPool());
 		AddToPool (buffer);
 	    #ifndef WOLFCRYPT_BACKEND
                if (Crc32::ProcessBuffer (Pool) != 0xd2d09c8d)
            #else
                if (Crc32::ProcessBuffer (Pool) != 0xb79f3c12)
            #endif
 		        throw TestFailed (SRC_POS);
 		PoolHash = origPoolHash;
--- a/src/Core/Unix/Linux/CoreLinux.cpp
+++ b/src/Core/Unix/Linux/CoreLinux.cpp
@ -22,6 +22,9 @@
 #include "Platform/SystemInfo.h"
 #include "Platform/TextReader.h"
 #include "Volume/EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "Volume/EncryptionModeWolfCryptXTS.h"
 #endif
 #include "Driver/Fuse/FuseService.h"
 #include "Core/Unix/CoreServiceProxy.h"
@ -302,7 +305,12 @@ namespace VeraCrypt
 	void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const
 	{
-		bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS));
+		bool xts = (typeid (*volume->GetEncryptionMode()) == 
            #ifdef WOLFCRYPT_BACKEND
                        typeid (EncryptionModeWolfCryptXTS));
            #else
                        typeid (EncryptionModeXTS));
            #endif 
                bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
 			|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik))
 			|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish))
--- a/src/Core/VolumeCreator.cpp
+++ b/src/Core/VolumeCreator.cpp
@ -12,6 +12,9 @@
 #include "Volume/EncryptionTest.h"
 #include "Volume/EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "Volume/EncryptionModeWolfCryptXTS.h"
 #endif
 #include "Core.h"
 #ifdef TC_UNIX
@ -360,7 +363,12 @@ namespace VeraCrypt
 			// Data area keys
 			options->EA->SetKey (MasterKey.GetRange (0, options->EA->GetKeySize()));
                    #ifdef WOLFCRYPT_BACKEND
                        shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());
                        options->EA->SetKeyXTS (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));
                    #else
                        shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
                    #endif
                        mode->SetKey (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));
 			options->EA->SetMode (mode);
--- a/src/Crypto/Aes.h
+++ b/src/Crypto/Aes.h
@ -35,6 +35,11 @@
 #include "Common/Tcdefs.h"
 #ifdef WOLFCRYPT_BACKEND
    #include <wolfssl/options.h>
    #include <wolfssl/wolfcrypt/aes.h>
 #endif
 #ifndef EXIT_SUCCESS
 #define EXIT_SUCCESS    0
 #define EXIT_FAILURE    1
@ -93,11 +98,19 @@ typedef union
 typedef struct
 {   uint_32t ks[KS_LENGTH];
    aes_inf inf;
 #ifdef WOLFCRYPT_BACKEND
    XtsAes  wc_enc_xts;
    Aes     wc_enc_aes;
 #endif
 } aes_encrypt_ctx;
 typedef struct
 {   uint_32t ks[KS_LENGTH];
    aes_inf inf;
 #ifdef WOLFCRYPT_BACKEND
    XtsAes  wc_dec_xts;
    Aes     wc_dec_aes;
 #endif
 } aes_decrypt_ctx;
 /* This routine must be called before first use if non-static       */
@ -152,6 +165,13 @@ AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_de
 #endif
 #ifdef WOLFCRYPT_BACKEND
 AES_RETURN xts_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
 AES_RETURN xts_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
 AES_RETURN xts_encrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_encrypt_ctx cx[1]);
 AES_RETURN xts_decrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_decrypt_ctx cx[1]);
 #endif
 #if defined(AES_MODES)
 /* Multiple calls to the following subroutines for multiple block   */
--- a/src/Crypto/Sha2.h
+++ b/src/Crypto/Sha2.h
@ -12,6 +12,13 @@
 #include "Common/Endian.h"
 #include "Crypto/config.h"
 #ifdef WOLFCRYPT_BACKEND
    #include <wolfssl/options.h>
    #include <wolfssl/wolfcrypt/sha256.h>
    #include <wolfssl/wolfcrypt/sha512.h>
    #include <wolfssl/wolfcrypt/hash.h>
 #endif
 #if defined(__cplusplus)
 extern "C" {
 #endif
@ -28,6 +35,10 @@ extern "C" {
 #define SHA2_ALIGN	CRYPTOPP_ALIGN_DATA(16)
 #endif
 #ifdef WOLFCRYPT_BACKEND
 typedef struct wc_Sha512 sha512_ctx;
 typedef struct wc_Sha256 sha256_ctx;
 #else
 typedef struct
 {   uint_64t count[2];
    SHA2_ALIGN uint_64t hash[8];
@ -39,6 +50,7 @@ typedef struct
    SHA2_ALIGN uint_32t hash[8];
    SHA2_ALIGN uint_32t wbuf[16];
 } sha256_ctx;
 #endif
 void sha512_begin(sha512_ctx* ctx);
--- a/src/Crypto/cpu.h
+++ b/src/Crypto/cpu.h
@ -214,7 +214,7 @@ extern "C" {
 #endif
 #define CRYPTOPP_CPUID_AVAILABLE
-#ifndef CRYPTOPP_DISABLE_AESNI
+#if !defined(CRYPTOPP_DISABLE_AESNI) && !defined(WOLFCRYPT_BACKEND)
 #define TC_AES_HW_CPU
 #endif
--- a/src/Crypto/wolfCrypt.c
+++ b/src/Crypto/wolfCrypt.c
@ -0,0 +1,243 @@
 /* See src/Crypto/wolfCrypt.md */
 #include "Aes.h"
 #include "Sha2.h"
 #include "../Common/Crypto.h"
 #include <wolfssl/wolfcrypt/hmac.h>
 AES_RETURN aes_init()
 {
 #if defined( AES_ERR_CHK )
    return EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
 {
    int ret = 0;
    ret = wc_AesInit(&cx->wc_enc_aes, NULL, INVALID_DEVID);
    if (key_len == 128 || key_len == 192 || key_len == 256)
        key_len = key_len/8;
    if (ret == 0) {
        ret = wc_AesSetKey(&cx->wc_enc_aes, key, key_len, NULL, AES_ENCRYPTION);
    }
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
 {
    int ret = 0;
    ret = wc_AesInit(&cx->wc_dec_aes, NULL, INVALID_DEVID);
    if (key_len == 128 || key_len == 192 || key_len == 256)
        key_len = key_len/8;
    if (ret == 0) {
        ret = wc_AesSetKey(&cx->wc_dec_aes, key, key_len, NULL, AES_DECRYPTION);
    }
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
 {
    return aes_encrypt_key(key, 128, cx);
 }
 AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
 {
    return aes_encrypt_key(key, 192, cx);
 }
 AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
 {
    return aes_encrypt_key(key, 256, cx);
 }
 AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
 {
    return aes_decrypt_key(key, 128, cx);
 }
 AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
 {
    return aes_decrypt_key(key, 192, cx);
 }
 AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
 {
    return aes_decrypt_key(key, 256, cx);
 }
 AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
 {
    int ret = wc_AesEncryptDirect(&cx->wc_enc_aes, out, in);
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
 {
    int ret = wc_AesDecryptDirect(&cx->wc_dec_aes, out, in);
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN xts_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
 {
    int ret = 0;
    cx->wc_enc_xts.aes = cx->wc_enc_aes;
    ret = wc_AesInit(&cx->wc_enc_xts.tweak, NULL, INVALID_DEVID);
    if (key_len == 128 || key_len == 192 || key_len == 256)
        key_len = key_len/8;
    if (ret == 0) {
        ret = wc_AesSetKey(&cx->wc_enc_xts.tweak, key, key_len, NULL, AES_ENCRYPTION);
    }
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN xts_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
 {
    int ret = 0;
    cx->wc_dec_xts.aes = cx->wc_dec_aes;
    ret = wc_AesInit(&cx->wc_dec_xts.tweak, NULL, INVALID_DEVID);
    if (key_len == 128 || key_len == 192 || key_len == 256)
        key_len = key_len/8;
    if (ret == 0) {
        ret = wc_AesSetKey(&cx->wc_dec_xts.tweak, key, key_len, NULL, AES_ENCRYPTION);
    }
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN xts_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
 {
    return xts_encrypt_key(key, 256, cx);
 }
 AES_RETURN xts_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
 {
    return xts_decrypt_key(key, 256, cx);
 }
 AES_RETURN xts_encrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_encrypt_ctx cx[1])
 {
    int ret = wc_AesXtsEncryptConsecutiveSectors(&cx->wc_enc_xts, out, in, length, sector, ENCRYPTION_DATA_UNIT_SIZE);
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 AES_RETURN xts_decrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_decrypt_ctx cx[1])
 {
    int ret = wc_AesXtsDecryptConsecutiveSectors(&cx->wc_dec_xts, out, in, length, sector, ENCRYPTION_DATA_UNIT_SIZE);
 #if defined( AES_ERR_CHK )
    return ret ? EXIT_FAILURE : EXIT_SUCCESS;
 #else
    return;
 #endif
 }
 void sha256_begin(sha256_ctx* ctx)
 {
    wc_InitSha256(ctx);
 }
 void sha256_hash(const unsigned char * source, uint_32t sourceLen, sha256_ctx *ctx)
 {
    wc_Sha256Update(ctx, source, sourceLen);
 }
 void sha256_end(unsigned char * result, sha256_ctx* ctx)
 {
    wc_Sha256Final(ctx, result);
 }
 void sha256(unsigned char * result, const unsigned char* source, uint_32t sourceLen)
 {
    wc_Sha256 sha256;
    wc_InitSha256(&sha256);
    wc_Sha256Update(&sha256, source, sourceLen);
    wc_Sha256Final(&sha256, result);
    wc_Sha256Free(&sha256);
 }
 void sha512_begin(sha512_ctx* ctx)
 {
    wc_InitSha512(ctx);
 }
 void sha512_hash(const unsigned char * source, uint_64t sourceLen, sha512_ctx *ctx)
 {
    wc_Sha512Update(ctx, source, sourceLen);
 }
 void sha512_end(unsigned char * result, sha512_ctx* ctx)
 {
    wc_Sha512Final(ctx, result);
 }
 void sha512(unsigned char * result, const unsigned char* source, uint_64t sourceLen)
 {
    wc_Sha512 sha512;
    wc_InitSha512(&sha512);
    wc_Sha512Update(&sha512, source, sourceLen);
    wc_Sha512Final(&sha512, result);
    wc_Sha512Free(&sha512);
 }
 void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) {
    (void) iterations;
    wc_HKDF(WC_SHA512, (byte*)pwd, (word32)pwd_len, (byte*)salt, (word32)salt_len, NULL, 0, (byte*)dk, (word32)dklen);
 }
 void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) {
    (void) iterations;
    wc_HKDF(WC_SHA256, (byte*)pwd, (word32)pwd_len, (byte*)salt, (word32)salt_len, NULL, 0, (byte*)dk, (word32)dklen);
 }
--- a/src/Crypto/wolfCrypt.md
+++ b/src/Crypto/wolfCrypt.md
@ -0,0 +1,25 @@
 # wolfSSL as crypto provider for VeraCrypt
 [wolfCrypt](https://www.wolfssl.com/products/wolfcrypt/) is wolfSSL's cutting edge crypto engine and a 
 potential FIPS solution for users of VeraCrypt. Follow the steps below to setup VeraCrypt with wolfCrypt. 
 ## Building wolfSSL
 Clone wolfSSL and build it as shown below.
 ```
 git clone https://github.com/wolfssl/wolfssl && cd wolfssl
 ./autogen.sh
 ./configure --enable-xts CFLAGS="-DNO_OLD_WC_NAMES"
 make
 sudo make install
 ```
 ## Building VeraCrypt with wolfSSL
 Build VeraCrypt with the `WOLFCRYPT` command line option.
 ```
 make WXSTATIC=1 wxbuild && make WXSTATIC=1 clean && make WXSTATIC=1 WOLFCRYPT=1 && make WXSTATIC=1 WOLFCRYPT=1 package
 ```
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@ -4475,9 +4475,11 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 				}
 				SetFocus (GetDlgItem (hwndDlg, IDC_PIM));
-
+                            #ifndef WOLFCRYPT_BACKEND
 				SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect () && hash_algo != SHA512 && hash_algo != WHIRLPOOL? "PIM_SYSENC_HELP" : "PIM_HELP"));
-
+                            #else
 				SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect () && hash_algo != SHA512? "PIM_SYSENC_HELP" : "PIM_HELP"));
                            #endif
 				ToHyperlink (hwndDlg, IDC_LINK_PIM_INFO);
 				if (CreatingHiddenSysVol())
--- a/src/Main/Forms/BenchmarkDialog.cpp
+++ b/src/Main/Forms/BenchmarkDialog.cpp
@ -12,6 +12,9 @@
 #include "System.h"
 #include "Volume/EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "Volume/EncryptionModeWolfCryptXTS.h"
 #endif
 #include "Main/GraphicUserInterface.h"
 #include "BenchmarkDialog.h"
@ -209,8 +212,12 @@ namespace VeraCrypt
 						Buffer key (ea->GetKeySize());
 						ea->SetKey (key);
-
+                                            #ifdef WOLFCRYPT_BACKEND
 						shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS);
 						ea->SetKeyXTS (key);
                                            #else
 						shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
                                            #endif
                                                xts->SetKey (key);
 						ea->SetMode (xts);
--- a/src/Main/Forms/EncryptionTestDialog.cpp
+++ b/src/Main/Forms/EncryptionTestDialog.cpp
@ -12,6 +12,9 @@
 #include "System.h"
 #include "Volume/EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "Volume/EncryptionModeWolfCryptXTS.h"
 #endif
 #include "Volume/EncryptionTest.h"
 #include "Main/GraphicUserInterface.h"
 #include "EncryptionTestDialog.h"
@ -94,7 +97,12 @@ namespace VeraCrypt
 					throw StringConversionFailed (SRC_POS);
 				}
                            #ifdef WOLFCRYPT_BACKEND
 				shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS);
 				ea->SetKeyXTS (secondaryKey);
                            #else
 				shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
                            #endif
                                xts->SetKey (secondaryKey);
 				ea->SetMode (xts);
--- a/src/Main/Forms/WaitDialog.cpp
+++ b/src/Main/Forms/WaitDialog.cpp
@ -8,6 +8,9 @@
 #include "System.h"
 #include "Volume/EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "Volume/EncryptionModeWolfCryptXTS.h"
 #endif
 #include "Main/GraphicUserInterface.h"
 #include "Common/PCSCException.h"
 #include "Common/SecurityToken.h"
--- a/src/Makefile
+++ b/src/Makefile
@ -24,6 +24,7 @@
 # SSE41:		Enable SSE4.1 support in compiler
 # NOSSE2:		Disable SEE2 support in compiler
 # WITHGTK3:		Build wxWidgets against GTK3
 # WOLFCRYPT:		Build with wolfCrypt as crypto provider (see Crypto/wolfCrypt.md)
 #------ Targets ------
 # all
@ -145,6 +146,7 @@ export PLATFORM_UNSUPPORTED := 0
 export CPU_ARCH ?= unknown
 export SIMD_SUPPORTED := 0
 export DISABLE_AESNI ?= 0
 export ENABLE_WOLFCRYPT ?= 0
 export GCC_GTEQ_440 := 0
 export GCC_GTEQ_430 := 0
@ -185,6 +187,13 @@ ifeq "$(origin NOAESNI)" "command line"
 	DISABLE_AESNI := 1
 endif
 ifeq "$(origin WOLFCRYPT)" "command line"
 	ENABLE_WOLFCRYPT := 1
        C_CXX_FLAGS += -DWOLFCRYPT_BACKEND
        export LIBS += -lwolfssl
 	export LD_LIBRARY_PATH=/usr/local/lib
 endif
 #------ Linux configuration ------
 ifeq "$(shell uname -s)" "Linux"
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@ -94,11 +94,12 @@ namespace VeraCrypt
 		CipherList l;
 		l.push_back (shared_ptr <Cipher> (new CipherAES ()));
        #ifndef WOLFCRYPT_BACKEND
 		l.push_back (shared_ptr <Cipher> (new CipherSerpent ()));
 		l.push_back (shared_ptr <Cipher> (new CipherTwofish ()));
 		l.push_back (shared_ptr <Cipher> (new CipherCamellia ()));
 		l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ()));
-
+        #endif
 		return l;
 	}
@ -115,6 +116,37 @@ namespace VeraCrypt
 		Initialized = true;
 	}
    #ifdef WOLFCRYPT_BACKEND
        void Cipher::SetKeyXTS (const ConstBufferPtr &key)
 	{
 		if (key.Size() != GetKeySize ())
 			throw ParameterIncorrect (SRC_POS);
 		if (!Initialized)
 			ScheduledKey.Allocate (GetScheduledKeySize ());
 		SetCipherKeyXTS (key);
 		Key.CopyFrom (key);
 		Initialized = true;
 	}
         void Cipher::EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
 	{
 		if (!Initialized)
 			throw NotInitialized (SRC_POS);
 		EncryptXTS (data, length, startDataUnitNo);
 	}
        void Cipher::DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
 	{
 		if (!Initialized)
 			throw NotInitialized (SRC_POS);
 		DecryptXTS (data, length, startDataUnitNo);
 	}
    #endif
 #define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
 #undef TC_EXCEPTION_NODECL
 #define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
@ -186,6 +218,26 @@ namespace VeraCrypt
 #endif
 			Cipher::EncryptBlocks (data, blockCount);
 	}
    #ifdef WOLFCRYPT_BACKEND
        void CipherAES::EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
 	{
 	    xts_encrypt (data, data, length, startDataUnitNo, (aes_encrypt_ctx *) ScheduledKey.Ptr());
 	}
        void CipherAES::DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
 	{
 	    xts_decrypt (data, data, length, startDataUnitNo, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx)));
 	}
        void CipherAES::SetCipherKeyXTS (const byte *key)
 	{
 		if (xts_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS)
 			throw CipherInitError (SRC_POS);
 		if (xts_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
 			throw CipherInitError (SRC_POS);
 	}
    #endif
 	size_t CipherAES::GetScheduledKeySize () const
 	{
@ -218,6 +270,7 @@ namespace VeraCrypt
 			throw CipherInitError (SRC_POS);
 	}
    #ifndef WOLFCRYPT_BACKEND
 	// Serpent
 	void CipherSerpent::Decrypt (byte *data) const
 	{
@ -465,5 +518,6 @@ namespace VeraCrypt
 		return false;
 #endif
 	}
    #endif	
        bool Cipher::HwSupportEnabled = true;
 }
--- a/src/Volume/Cipher.h
+++ b/src/Volume/Cipher.h
@ -28,7 +28,14 @@ namespace VeraCrypt
 		virtual void DecryptBlock (byte *data) const;
 		virtual void DecryptBlocks (byte *data, size_t blockCount) const;
            #ifndef WOLFCRYPT_BACKEND
                static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; }
 	    #else
                static void EnableHwSupport (bool enable) { HwSupportEnabled = false; }
                virtual void EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const;
                virtual void DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const;
                virtual void SetKeyXTS (const ConstBufferPtr &key);
          #endif        
                virtual void EncryptBlock (byte *data) const;
 		virtual void EncryptBlocks (byte *data, size_t blockCount) const;
 		static CipherList GetAvailableCiphers ();
@ -50,6 +57,11 @@ namespace VeraCrypt
 		virtual void Encrypt (byte *data) const = 0;
 		virtual size_t GetScheduledKeySize () const = 0;
 		virtual void SetCipherKey (const byte *key) = 0;
            #ifdef WOLFCRYPT_BACKEND
                virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0;
 		virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0;
                virtual void SetCipherKeyXTS (const byte *key) = 0;
            #endif
 		static bool HwSupportEnabled;
 		bool Initialized;
@ -69,6 +81,36 @@ namespace VeraCrypt
 		CipherException (const string &message, const wstring &subject) : Exception (message, subject) { }
 	};
 #ifdef WOLFCRYPT_BACKEND
 #define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
 	class TC_JOIN (Cipher,NAME) : public Cipher \
 	{ \
 	public: \
 		TC_JOIN (Cipher,NAME) () { } \
 		virtual ~TC_JOIN (Cipher,NAME) () { } \
 \
 		virtual size_t GetBlockSize () const { return BLOCK_SIZE; }; \
 		virtual size_t GetKeySize () const { return KEY_SIZE; }; \
 		virtual wstring GetName () const { return L###NAME; }; \
 		virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \
 		TC_CIPHER_ADD_METHODS \
 \
 	protected: \
 		virtual void Decrypt (byte *data) const; \
 		virtual void Encrypt (byte *data) const; \
 		virtual size_t GetScheduledKeySize () const; \
 		virtual void SetCipherKey (const byte *key); \
                virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \
 		virtual void SetCipherKeyXTS (const byte *key); \
                virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \
 \
 	private: \
 		TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \
 		TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
 	}
 #else
 #define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
 	class TC_JOIN (Cipher,NAME) : public Cipher \
@ -94,6 +136,8 @@ namespace VeraCrypt
 		TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
 	}
 #endif
 #define TC_CIPHER_ADD_METHODS \
 	virtual void DecryptBlocks (byte *data, size_t blockCount) const; \
 	virtual void EncryptBlocks (byte *data, size_t blockCount) const; \
--- a/src/Volume/EncryptionAlgorithm.cpp
+++ b/src/Volume/EncryptionAlgorithm.cpp
@ -12,6 +12,9 @@
 #include "EncryptionAlgorithm.h"
 #include "EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "EncryptionModeWolfCryptXTS.h"
 #endif
 namespace VeraCrypt
 {
@ -62,6 +65,7 @@ namespace VeraCrypt
 		EncryptionAlgorithmList l;
 		l.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
        #ifndef WOLFCRYPT_BACKEND
 		l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
 		l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
 		l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@ -76,7 +80,7 @@ namespace VeraCrypt
 		l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
 		l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
 		l.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
-
+        #endif
 		return l;
 	}
@ -215,6 +219,24 @@ namespace VeraCrypt
 		}
 	}
    #ifdef WOLFCRYPT_BACKEND
        void EncryptionAlgorithm::SetKeyXTS (const ConstBufferPtr &key)
 	{
 		if (Ciphers.size() < 1)
 			throw NotInitialized (SRC_POS);
 		if (GetKeySize() != key.Size())
 			throw ParameterIncorrect (SRC_POS);
 		size_t keyOffset = 0;
 		foreach_ref (Cipher &c, Ciphers)
 		{
 			c.SetKeyXTS (key.GetRange (keyOffset, c.GetKeySize()));
 			keyOffset += c.GetKeySize();
 		}
 	}
    #endif
        void EncryptionAlgorithm::ValidateState () const
 	{
 		if (Ciphers.size() < 1 || Mode.get() == nullptr)
@ -226,9 +248,14 @@ namespace VeraCrypt
 	{
 		Ciphers.push_back (shared_ptr <Cipher> (new CipherAES()));
            #ifdef WOLFCRYPT_BACKEND
                SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
            #else
 		SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
            #endif
        }
 #ifndef WOLFCRYPT_BACKEND
 	// AES-Twofish
 	AESTwofish::AESTwofish ()
 	{
@ -353,4 +380,5 @@ namespace VeraCrypt
 		SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
 	}
 #endif
 }
--- a/src/Volume/EncryptionAlgorithm.h
+++ b/src/Volume/EncryptionAlgorithm.h
@ -46,6 +46,9 @@ namespace VeraCrypt
 		virtual bool IsModeSupported (const EncryptionMode &mode) const;
 		virtual bool IsModeSupported (const shared_ptr <EncryptionMode> mode) const;
 		virtual void SetKey (const ConstBufferPtr &key);
            #ifdef WOLFCRYPT_BACKEND
 		virtual void SetKeyXTS (const ConstBufferPtr &key);
            #endif
                virtual void SetMode (shared_ptr <EncryptionMode> mode);
 	protected:
--- a/src/Volume/EncryptionMode.cpp
+++ b/src/Volume/EncryptionMode.cpp
@ -12,6 +12,9 @@
 #include "EncryptionMode.h"
 #include "EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "EncryptionModeWolfCryptXTS.h"
 #endif
 #include "EncryptionThreadPool.h"
 namespace VeraCrypt
@ -38,7 +41,11 @@ namespace VeraCrypt
 	{
 		EncryptionModeList l;
            #ifdef WOLFCRYPT_BACKEND
 		l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
            #else
 		l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
            #endif
 		return l;
 	}
--- a/src/Volume/EncryptionModeWolfCryptXTS.cpp
+++ b/src/Volume/EncryptionModeWolfCryptXTS.cpp
@ -0,0 +1,119 @@
 #include "Crypto/cpu.h"
 #include "Crypto/misc.h"
 #include "EncryptionModeWolfCryptXTS.h"
 #include "Common/Crypto.h"
 namespace VeraCrypt
 {
 	void EncryptionModeWolfCryptXTS::Encrypt (byte *data, uint64 length) const
 	{
 		EncryptBuffer (data, length, 0);
 	}
 	void EncryptionModeWolfCryptXTS::EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
 	{
 		if_debug (ValidateState());
 		CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin();
 		for (CipherList::const_iterator iCipher = Ciphers.begin(); iCipher != Ciphers.end(); ++iCipher)
 		{
 			EncryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
 			++iSecondaryCipher;
 		}
 		assert (iSecondaryCipher == SecondaryCiphers.end());
 	}
 	void EncryptionModeWolfCryptXTS::EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
 	{
                cipher.EncryptBlockXTS(buffer, length, startDataUnitNo);
 	}
 	void EncryptionModeWolfCryptXTS::EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
 	{
 		EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
 	}
 	size_t EncryptionModeWolfCryptXTS::GetKeySize () const
 	{
 		if (Ciphers.empty())
 			throw NotInitialized (SRC_POS);
 		size_t keySize = 0;
 		foreach_ref (const Cipher &cipher, SecondaryCiphers)
 		{
 			keySize += cipher.GetKeySize();
 		}
 		return keySize;
 	}
 	void EncryptionModeWolfCryptXTS::Decrypt (byte *data, uint64 length) const
 	{
 		DecryptBuffer (data, length, 0);
 	}
 	void EncryptionModeWolfCryptXTS::DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
 	{
 		if_debug (ValidateState());
 		CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end();
 		for (CipherList::const_reverse_iterator iCipher = Ciphers.rbegin(); iCipher != Ciphers.rend(); ++iCipher)
 		{
 			--iSecondaryCipher;
 			DecryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
 		}
 		assert (iSecondaryCipher == SecondaryCiphers.begin());
 	}
 	void EncryptionModeWolfCryptXTS::DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
 	{
                cipher.DecryptBlockXTS(buffer, length, startDataUnitNo);
        }
 	void EncryptionModeWolfCryptXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
 	{
 		DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
 	}
 	void EncryptionModeWolfCryptXTS::SetCiphers (const CipherList &ciphers)
 	{
 		EncryptionMode::SetCiphers (ciphers);
 		SecondaryCiphers.clear();
 		foreach_ref (const Cipher &cipher, ciphers)
 		{
 			SecondaryCiphers.push_back (cipher.GetNew());
 		}
 		if (SecondaryKey.Size() > 0)
 			SetSecondaryCipherKeys();
 	}
 	void EncryptionModeWolfCryptXTS::SetKey (const ConstBufferPtr &key)
 	{
 		SecondaryKey.Allocate (key.Size());
 		SecondaryKey.CopyFrom (key);
 		if (!SecondaryCiphers.empty())
 			SetSecondaryCipherKeys();
        }
 	void EncryptionModeWolfCryptXTS::SetSecondaryCipherKeys ()
 	{
 		size_t keyOffset = 0;
 		foreach_ref (Cipher &cipher, SecondaryCiphers)
 		{
                        cipher.SetKeyXTS (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize()));
                        keyOffset += cipher.GetKeySize();
 		}
 		KeySet = true;
 	}
 }
--- a/src/Volume/EncryptionModeWolfCryptXTS.h
+++ b/src/Volume/EncryptionModeWolfCryptXTS.h
@ -0,0 +1,54 @@
 /*
 Derived from source code of TrueCrypt 7.1a, which is
 Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
 by the TrueCrypt License 3.0.
 Modifications and additions to the original source code (contained in this file)
 and all other portions of this file are Copyright (c) 2013-2017 IDRIX
 and are governed by the Apache License 2.0 the full text of which is
 contained in the file License.txt included in VeraCrypt binary and source
 code distribution packages.
 */
 #ifndef TC_HEADER_Volume_EncryptionModeWolfCryptXTS
 #define TC_HEADER_Volume_EncryptionModeWolfCryptXTS
 #include "Platform/Platform.h"
 #include "EncryptionMode.h"
 namespace VeraCrypt
 {
 	class EncryptionModeWolfCryptXTS : public EncryptionMode
 	{
 	public:
 		EncryptionModeWolfCryptXTS () { }
 		virtual ~EncryptionModeWolfCryptXTS () { }
 		virtual void Decrypt (byte *data, uint64 length) const;
 		virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
 		virtual void Encrypt (byte *data, uint64 length) const;
 		virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
 		virtual const SecureBuffer &GetKey () const { return SecondaryKey; }
 		virtual size_t GetKeySize () const;
 		virtual wstring GetName () const { return L"XTS"; };
 		virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS); }
 		virtual void SetCiphers (const CipherList &ciphers);
 	        virtual void SetKey (const ConstBufferPtr &key);
 	protected:
 		void DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
 		void DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
 		void EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
 		void EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
 		void SetSecondaryCipherKeys ();
 		SecureBuffer SecondaryKey;
 		CipherList SecondaryCiphers;
 	private:
 		EncryptionModeWolfCryptXTS (const EncryptionModeWolfCryptXTS &);
 		EncryptionModeWolfCryptXTS &operator= (const EncryptionModeWolfCryptXTS &);
 	};
 }
 #endif // TC_HEADER_Volume_EncryptionModeWolfCryptXTS
--- a/src/Volume/EncryptionTest.cpp
+++ b/src/Volume/EncryptionTest.cpp
@ -16,6 +16,9 @@
 #include "EncryptionAlgorithm.h"
 #include "EncryptionMode.h"
 #include "EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "EncryptionModeWolfCryptXTS.h"
 #endif
 #include "EncryptionTest.h"
 #include "Pkcs5Kdf.h"
@ -64,6 +67,7 @@ namespace VeraCrypt
 		}
 	};
    #ifndef WOLFCRYPT_BACKEND
 	static const CipherTestVector SerpentTestVectors[] =
 	{
 		{
@ -151,6 +155,7 @@ namespace VeraCrypt
 			}
 		}
 	};
    #endif
 	static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount)
 	{
@ -190,6 +195,7 @@ namespace VeraCrypt
 			if (origCrc != Crc32::ProcessBuffer (testData))
 				throw TestFailed (SRC_POS);
        #ifndef WOLFCRYPT_BACKEND
 			CipherSerpent serpent;
 			TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors));
@ -201,6 +207,7 @@ namespace VeraCrypt
 			CipherKuznyechik kuznyechik;
 			TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors));
        #endif
 	}
 	const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] =
@ -437,9 +444,16 @@ namespace VeraCrypt
 		for (i = 0; i < array_capacity (XtsTestVectors); i++)
 		{
 			AES aes;
                    #ifdef WOLFCRYPT_BACKEND
                        shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS);
                    #else
                        shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
                    #endif
                        aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1)));
                    #ifdef WOLFCRYPT_BACKEND
                        aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
                    #endif
 			xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
 			aes.SetMode (xts);
@ -494,7 +508,11 @@ namespace VeraCrypt
 			// Test all EAs that support this mode of operation
 			foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
 			{
                            #ifdef WOLFCRYPT_BACKEND
                                shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
                            #else
                                shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
                            #endif
 				if (!ea.IsModeSupported (mode))
 					continue;
@ -508,6 +526,9 @@ namespace VeraCrypt
 				mode->SetKey (modeKey);
 				ea.SetMode (mode);
                            #ifdef WOLFCRYPT_BACKEND
 				ea.SetKeyXTS (modeKey);
                            #endif
                                // Each data unit will contain the same plaintext
 				for (i = 0; i < nbrUnits; i++)
@ -556,6 +577,7 @@ namespace VeraCrypt
 						break;
 					}
 				}
                        #ifndef WOLFCRYPT_BACKEND
 				else if (typeid (ea) == typeid (Serpent))
 				{
 					switch (testCase)
@ -920,7 +942,7 @@ namespace VeraCrypt
 						break;
 					}
 				}
-
+                        #endif
 				if (crc == 0x9f5edd58)
 					throw TestFailed (SRC_POS);
@ -941,7 +963,11 @@ namespace VeraCrypt
 		// Test all EAs that support this mode of operation
 		foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
 		{
                    #ifdef WOLFCRYPT_BACKEND
 			shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
                    #else
 			shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
                    #endif
 			if (!ea.IsModeSupported (mode))
 				continue;
@ -955,6 +981,9 @@ namespace VeraCrypt
 			mode->SetKey (modeKey);
 			ea.SetMode (mode);
                    #ifdef WOLFCRYPT_BACKEND
                        ea.SetKeyXTS (modeKey);
                    #endif
 			// Each data unit will contain the same plaintext
 			for (i = 0; i < nbrUnits; i++)
@ -974,6 +1003,7 @@ namespace VeraCrypt
 					throw TestFailed (SRC_POS);
 				nTestsPerformed++;
 			}
                #ifndef WOLFCRYPT_BACKEND
 			else if (typeid (ea) == typeid (Serpent))
 			{
 				if (crc != 0x3494d480)
@ -1058,6 +1088,7 @@ namespace VeraCrypt
 					throw TestFailed (SRC_POS);
 				nTestsPerformed++;
 			}
                #endif
 			if (crc == 0x9f5edd58)
 				throw TestFailed (SRC_POS);
@ -1069,8 +1100,11 @@ namespace VeraCrypt
 			nTestsPerformed++;
 		}
-
+            #ifndef WOLFCRYPT_BACKEND
 		if (nTestsPerformed != 150)
            #else
               if (nTestsPerformed != 10)
            #endif
 			throw TestFailed (SRC_POS);
 	}
@ -1081,6 +1115,7 @@ namespace VeraCrypt
 		ConstBufferPtr salt (saltData, sizeof (saltData));
 		Buffer derivedKey (4);
         #ifndef WOLFCRYPT_BACKEND
 		Pkcs5HmacBlake2s pkcs5HmacBlake2s;
 		pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5);
 		if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0)
@ -1105,5 +1140,16 @@ namespace VeraCrypt
 		pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5);
 		if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0)
 			throw TestFailed (SRC_POS);
         #else
               Pkcs5HmacSha256 pkcs5HmacSha256;
 		pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5);
 		if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0)
 			throw TestFailed (SRC_POS);
 		Pkcs5HmacSha512 pkcs5HmacSha512;	
                pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5);
 		if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0)
 			throw TestFailed (SRC_POS);
        #endif	
        }
 }
--- a/src/Volume/Hash.cpp
+++ b/src/Volume/Hash.cpp
@ -24,11 +24,12 @@ namespace VeraCrypt
 		HashList l;
 		l.push_back (shared_ptr <Hash> (new Sha512 ()));
 		l.push_back (shared_ptr <Hash> (new Whirlpool ()));
 		l.push_back (shared_ptr <Hash> (new Blake2s ()));
 		l.push_back (shared_ptr <Hash> (new Sha256 ()));
        #ifndef WOLFCRYPT_BACKEND
 		l.push_back (shared_ptr <Hash> (new Blake2s ()));
                l.push_back (shared_ptr <Hash> (new Whirlpool ()));
 		l.push_back (shared_ptr <Hash> (new Streebog ()));
-
+        #endif
 		return l;
 	}
@ -44,6 +45,7 @@ namespace VeraCrypt
 			throw ParameterIncorrect (SRC_POS);
 	}
    #ifndef WOLFCRYPT_BACKEND
 	// RIPEMD-160
 	Blake2s::Blake2s ()
 	{
@ -67,6 +69,7 @@ namespace VeraCrypt
 		if_debug (ValidateDataParameters (data));
 		blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size());
 	}
    #endif
 	// SHA-256
 	Sha256::Sha256 ()
@ -116,6 +119,7 @@ namespace VeraCrypt
 		sha512_hash (data.Get(), (int) data.Size(), (sha512_ctx *) Context.Ptr());
 	}
    #ifndef WOLFCRYPT_BACKEND
 	// Whirlpool
 	Whirlpool::Whirlpool ()
 	{
@ -163,4 +167,5 @@ namespace VeraCrypt
 		if_debug (ValidateDataParameters (data));
 		STREEBOG_add ((STREEBOG_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
 	}
    #endif
 }
--- a/src/Volume/Hash.h
+++ b/src/Volume/Hash.h
@ -48,6 +48,7 @@ namespace VeraCrypt
 		Hash &operator= (const Hash &);
 	};
    #ifndef WOLFCRYPT_BACKEND
 	// Blake2s
 	class Blake2s : public Hash
 	{
@ -70,6 +71,7 @@ namespace VeraCrypt
 		Blake2s (const Blake2s &);
 		Blake2s &operator= (const Blake2s &);
 	};
    #endif
 	// SHA-256
 	class Sha256 : public Hash
@ -117,6 +119,7 @@ namespace VeraCrypt
 		Sha512 &operator= (const Sha512 &);
 	};
    #ifndef WOLFCRYPT_BACKEND
 	// Whirlpool
 	class Whirlpool : public Hash
 	{
@ -162,6 +165,7 @@ namespace VeraCrypt
 		Streebog (const Streebog &);
 		Streebog &operator= (const Streebog &);
 	};
    #endif
 }
 #endif // TC_HEADER_Encryption_Hash
--- a/src/Volume/Pkcs5Kdf.cpp
+++ b/src/Volume/Pkcs5Kdf.cpp
@ -56,10 +56,11 @@ namespace VeraCrypt
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
        #ifndef WOLFCRYPT_BACKEND
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
                l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
-
+        #endif
 		return l;
 	}
@ -69,6 +70,7 @@ namespace VeraCrypt
 			throw ParameterIncorrect (SRC_POS);
 	}
    #ifndef WOLFCRYPT_BACKEND
 	void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
 	{
 		ValidateParameters (key, password, salt, iterationCount);
@ -80,6 +82,7 @@ namespace VeraCrypt
 		ValidateParameters (key, password, salt, iterationCount);
 		derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
 	}
    #endif
 	void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
 	{
@ -99,6 +102,7 @@ namespace VeraCrypt
 		derive_key_sha512 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
 	}
    #ifndef WOLFCRYPT_BACKEND
 	void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
 	{
 		ValidateParameters (key, password, salt, iterationCount);
@ -116,4 +120,5 @@ namespace VeraCrypt
 		ValidateParameters (key, password, salt, iterationCount);
 		derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
 	}
    #endif
 }
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@ -48,6 +48,7 @@ namespace VeraCrypt
 		Pkcs5Kdf &operator= (const Pkcs5Kdf &);
 	};
    #ifndef WOLFCRYPT_BACKEND
 	class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf
 	{
 	public:
@ -81,6 +82,7 @@ namespace VeraCrypt
 		Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &);
 		Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &);
 	};
    #endif
 	class Pkcs5HmacSha256_Boot : public Pkcs5Kdf
 	{
@ -132,7 +134,7 @@ namespace VeraCrypt
 		Pkcs5HmacSha512 (const Pkcs5HmacSha512 &);
 		Pkcs5HmacSha512 &operator= (const Pkcs5HmacSha512 &);
 	};
-
+    #ifndef WOLFCRYPT_BACKEND
 	class Pkcs5HmacWhirlpool : public Pkcs5Kdf
 	{
 	public:
@ -183,6 +185,7 @@ namespace VeraCrypt
 		Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &);
 		Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &);
 	};
    #endif
 }
 #endif // TC_HEADER_Encryption_Pkcs5
--- a/src/Volume/Volume.make
+++ b/src/Volume/Volume.make
@ -16,7 +16,6 @@ OBJSNOOPT :=
 OBJS += Cipher.o
 OBJS += EncryptionAlgorithm.o
 OBJS += EncryptionMode.o
 OBJS += EncryptionModeXTS.o
 OBJS += EncryptionTest.o
 OBJS += EncryptionThreadPool.o
 OBJS += Hash.o
@ -30,7 +29,14 @@ OBJS += VolumeLayout.o
 OBJS += VolumePassword.o
 OBJS += VolumePasswordCache.o
-ifeq "$(PLATFORM)" "MacOSX"
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
 OBJS += EncryptionModeXTS.o
 else
 OBJS += EncryptionModeWolfCryptXTS.o
 endif
 ifeq "$(ENABLE_WOLFCRYPT)" "0"
    ifeq "$(PLATFORM)" "MacOSX"
        OBJSEX += ../Crypto/Aes_asm.oo
        OBJS += ../Crypto/Aes_hw_cpu.o
        OBJS += ../Crypto/Aescrypt.o
@ -45,18 +51,18 @@ ifeq "$(PLATFORM)" "MacOSX"
            OBJSEX += ../Crypto/sha512_avx1.oo
            OBJSEX += ../Crypto/sha512_avx2.oo
            OBJSEX += ../Crypto/sha512_sse4.oo
-else ifeq "$(CPU_ARCH)" "x86"
+    else ifeq "$(CPU_ARCH)" "x86"
            OBJS += ../Crypto/Aes_x86.o
-ifeq "$(DISABLE_AESNI)" "0"
+    ifeq "$(DISABLE_AESNI)" "0"
            OBJS += ../Crypto/Aes_hw_cpu.o
-endif
+    endif
            OBJS += ../Crypto/sha256-x86-nayuki.o
            OBJS += ../Crypto/sha512-x86-nayuki.o
-else ifeq "$(CPU_ARCH)" "x64"
+    else ifeq "$(CPU_ARCH)" "x64"
            OBJS += ../Crypto/Aes_x64.o
-ifeq "$(DISABLE_AESNI)" "0"
+    ifeq "$(DISABLE_AESNI)" "0"
            OBJS += ../Crypto/Aes_hw_cpu.o
-endif
+    endif
            OBJS += ../Crypto/Twofish_x64.o
            OBJS += ../Crypto/Camellia_x64.o
            OBJS += ../Crypto/Camellia_aesni_x64.o
@ -67,21 +73,24 @@ endif
            OBJS += ../Crypto/sha512_avx1_x64.o
            OBJS += ../Crypto/sha512_avx2_x64.o
            OBJS += ../Crypto/sha512_sse4_x64.o
-else
+    else
            OBJS += ../Crypto/Aescrypt.o
-endif
+    endif
-ifeq "$(GCC_GTEQ_430)" "1"
+    ifeq "$(GCC_GTEQ_430)" "1"
-OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
+    OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
-OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
+    OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
    else
    OBJS += ../Crypto/blake2s_SSE41.o
    OBJS += ../Crypto/blake2s_SSSE3.o
    endif
 else
-OBJS += ../Crypto/blake2s_SSE41.o
+    OBJS += ../Crypto/wolfCrypt.o
 OBJS += ../Crypto/blake2s_SSSE3.o
 endif
 ifeq "$(ENABLE_WOLFCRYPT)" "0"
 OBJS += ../Crypto/Aeskey.o
 OBJS += ../Crypto/Aestab.o
 OBJS += ../Crypto/cpu.o
 OBJS += ../Crypto/blake2s.o
 OBJS += ../Crypto/blake2s_SSE2.o
 OBJS += ../Crypto/SerpentFast.o
@ -93,6 +102,10 @@ OBJS += ../Crypto/Camellia.o
 OBJS += ../Crypto/Streebog.o
 OBJS += ../Crypto/kuznyechik.o
 OBJS += ../Crypto/kuznyechik_simd.o
 OBJS += ../Common/Pkcs5.o
 endif
 OBJS += ../Crypto/cpu.o
 OBJSNOOPT += ../Crypto/jitterentropy-base.o0
@ -110,54 +123,55 @@ OBJS += ../Common/EMVCard.o
 OBJS += ../Common/EMVToken.o
 OBJS += ../Common/Endian.o
 OBJS += ../Common/GfMul.o
 OBJS += ../Common/Pkcs5.o
 OBJS += ../Common/SecurityToken.o
 VolumeLibrary: Volume.a
-ifeq "$(PLATFORM)" "MacOSX"
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
-../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
+    ifeq "$(PLATFORM)" "MacOSX"
    ../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm
            $(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm
            lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo
            rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o
-../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
+    ../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S 
-../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
+    ../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S
-../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S
+    ../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_aesni_asm.oo ../Crypto/Camellia_aesni_x64.S
-../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S
+    ../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS32) -p gas -o ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x86-nayuki.S
            $(AS) $(ASFLAGS64) -p gas -o ../Crypto/sha256-x64-nayuki.o ../Crypto/sha256-x64-nayuki.S
            lipo -create ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -output ../Crypto/sha256-nayuki.oo
            rm -fr ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o
-../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm
+    ../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx1.oo ../Crypto/sha256_avx1_x64.asm
-../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm
+    ../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx2.oo ../Crypto/sha256_avx2_x64.asm
-../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm
+    ../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -o ../Crypto/sha256_sse4.oo ../Crypto/sha256_sse4_x64.asm
-../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S
+    ../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S
            @echo Assembling $(<F)
            $(AS) -p gas $(ASFLAGS64) -o ../Crypto/sha512-nayuki.oo ../Crypto/sha512-x64-nayuki.S
-../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm
+    ../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx1.oo ../Crypto/sha512_avx1_x64.asm
-../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm
+    ../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm
-../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm
+    ../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm
            @echo Assembling $(<F)
            $(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm
    endif
 endif
 include $(BUILD_INC)/Makefile.inc
--- a/src/Volume/VolumeHeader.cpp
+++ b/src/Volume/VolumeHeader.cpp
@ -12,6 +12,9 @@
 #include "Crc32.h"
 #include "EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "EncryptionModeWolfCryptXTS.h"
 #endif
 #include "Pkcs5Kdf.h"
 #include "Pkcs5Kdf.h"
 #include "VolumeHeader.h"
@ -76,7 +79,11 @@ namespace VeraCrypt
 		}
 		EA = options.EA;
            #ifdef WOLFCRYPT_BACKEND
                shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());
            #else
                shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
            #endif
                EA->SetMode (mode);
 		EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf);
@ -100,7 +107,11 @@ namespace VeraCrypt
 			foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
 			{
                            #ifdef WOLFCRYPT_BACKEND
                                if (typeid (*mode) != typeid (EncryptionModeWolfCryptXTS))
                            #else
                                if (typeid (*mode) != typeid (EncryptionModeXTS))
                            #endif
                                    mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
 				foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms)
@ -108,9 +119,16 @@ namespace VeraCrypt
 					if (!ea->IsModeSupported (mode))
 						continue;
                                    #ifndef WOLFCRYPT_BACKEND
 					if (typeid (*mode) == typeid (EncryptionModeXTS))
 					{
                                           ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
                                    #else
 					if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
 					{
                                              ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
 						ea->SetKeyXTS (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
                                    #endif
 						mode = mode->GetNew();
 						mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
@ -206,9 +224,16 @@ namespace VeraCrypt
 		ea = ea->GetNew();
 		mode = mode->GetNew();
            #ifndef WOLFCRYPT_BACKEND
 		if (typeid (*mode) == typeid (EncryptionModeXTS))
 		{
                    ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
            #else
 		if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
 		{
                       ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
 			ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
            #endif
 			mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
 		}
 		else
@ -250,10 +275,17 @@ namespace VeraCrypt
 		shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew();
 		shared_ptr <EncryptionAlgorithm> ea = EA->GetNew();
            #ifndef WOLFCRYPT_BACKEND
 		if (typeid (*mode) == typeid (EncryptionModeXTS))
 		{
 			mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
                        ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
            #else
 		if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
 		{
                        ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
                        ea->SetKeyXTS (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
            #endif
                        mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
 		}
 		else
 		{
--- a/src/Volume/VolumeLayout.cpp
+++ b/src/Volume/VolumeLayout.cpp
@ -12,6 +12,9 @@
 #include "Volume/EncryptionMode.h"
 #include "Volume/EncryptionModeXTS.h"
 #ifdef WOLFCRYPT_BACKEND
 #include "Volume/EncryptionModeWolfCryptXTS.h"
 #endif
 #include "VolumeLayout.h"
 #include "Boot/Windows/BootCommon.h"
@ -66,6 +69,7 @@ namespace VeraCrypt
 		HeaderSize = TC_VOLUME_HEADER_SIZE_LEGACY;
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
        #ifndef WOLFCRYPT_BACKEND
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@ -76,6 +80,9 @@ namespace VeraCrypt
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
                SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
        #else
                SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
        #endif
 	}
 	uint64 VolumeLayoutV1Normal::GetDataOffset (uint64 volumeHostSize) const
@ -97,6 +104,7 @@ namespace VeraCrypt
 		BackupHeaderOffset = -TC_VOLUME_HEADER_GROUP_SIZE;
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
        #ifndef WOLFCRYPT_BACKEND
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@ -111,8 +119,11 @@ namespace VeraCrypt
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
 		SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
        #else
 		SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
        #endif
        }
 	uint64 VolumeLayoutV2Normal::GetDataOffset (uint64 volumeHostSize) const
@ -142,6 +153,7 @@ namespace VeraCrypt
 		BackupHeaderOffset = -TC_HIDDEN_VOLUME_HEADER_OFFSET;
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
        #ifndef WOLFCRYPT_BACKEND
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@ -158,6 +170,9 @@ namespace VeraCrypt
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
 		SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
        #else
 		SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
        #endif
 	}
 	uint64 VolumeLayoutV2Hidden::GetDataOffset (uint64 volumeHostSize) const
@ -194,6 +209,7 @@ namespace VeraCrypt
 		HeaderSize = TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE;
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
        #ifndef WOLFCRYPT_BACKEND
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@ -210,6 +226,10 @@ namespace VeraCrypt
 		SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
                SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
        #else
 		SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
        #endif
        }
 	uint64 VolumeLayoutSystemEncryption::GetDataOffset (uint64 volumeHostSize) const
@ -226,10 +246,12 @@ namespace VeraCrypt
 	{
 		Pkcs5KdfList l;
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
        #ifndef WOLFCRYPT_BACKEND
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
        #endif
                return l;
 	}
 }