diff --git a/src/internal.c b/src/internal.c
index a5485493be..30c27fbcbd 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4967,7 +4967,7 @@ word32 MacSize(const WOLFSSL* ssl)
 }
 
 #ifndef NO_RSA
-#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) || \
+#if (!defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)) || \
     (defined(WC_RSA_PSS) && defined(HAVE_PK_CALLBACKS))
 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
 static int TypeHash(int hashAlgo)
@@ -29094,8 +29094,8 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
     return sigAlgo == ssl->options.sigAlgo;
 }
 
-#if defined(HAVE_ECC) && defined(WOLFSSL_TLS13) || \
-                                              defined(USE_ECDSA_KEYSZ_HASH_ALGO)
+#if defined(HAVE_ECC) && \
+    (defined(WOLFSSL_TLS13) || defined(USE_ECDSA_KEYSZ_HASH_ALGO))
 static int CmpEccStrength(int hashAlgo, int curveSz)
 {
     int dgstSz = GetMacDigestSize((byte)hashAlgo);
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index f6124f0756..e54c9cc996 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1077,7 +1077,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
 static int GetASN_Integer(const byte* input, word32 idx, int length,
                           int positive)
 {
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
+#if (!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
     /* Check contents consist of one or more octets. */
     if (length == 0) {
@@ -1125,7 +1125,7 @@ static int GetASN_Integer(const byte* input, word32 idx, int length,
  */
 int GetASN_BitString(const byte* input, word32 idx, int length)
 {
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
+#if (!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
     /* Check contents consist of one or more octets. */
     if (length == 0) {
@@ -26480,7 +26480,7 @@ static wcchar END_ENC_PRIV_KEY     = "-----END ENCRYPTED PRIVATE KEY-----";
 static wcchar BEGIN_PKCS7          = "-----BEGIN PKCS7-----";
 static wcchar END_PKCS7            = "-----END PKCS7-----";
 #endif
-#if defined(HAVE_ECC) || !defined(NO_DSA) && defined(WOLFSSL_PEM_TO_DER)
+#if (defined(HAVE_ECC) || !defined(NO_DSA)) && defined(WOLFSSL_PEM_TO_DER)
     static wcchar BEGIN_DSA_PRIV   = "-----BEGIN DSA PRIVATE KEY-----";
     static wcchar END_DSA_PRIV     = "-----END DSA PRIVATE KEY-----";
 #endif
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 44581a64dd..777fe9e2d6 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -5887,7 +5887,7 @@ static wc_test_ret_t sha3_384_test(void)
     a.inLen  = XSTRLEN(a.input);
     a.outLen = WC_SHA3_384_DIGEST_SIZE;
 
-#if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+#ifndef NO_INTM_HASH_TEST
     /* NIST test vector with a length that is a multiple of 4 */
     b.input  = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
                "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
@@ -5914,7 +5914,7 @@ static wc_test_ret_t sha3_384_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_SHA3_384_DIGEST_SIZE;
 
-#if defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+#ifndef NO_INTM_HASH_TEST
     test_sha[0] = b; /* hardware acc. pre-Versal can not handle "" string */
 #else
     test_sha[0] = a;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 988e4c371d..41c61b44b9 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -4549,7 +4549,7 @@ WOLFSSL_LOCAL int wolfSSL_quic_add_transport_extensions(WOLFSSL *ssl, int msg_ty
 #endif /* WOLFSSL_QUIC */
 
 /** Session Ticket - RFC 5077 (session 3.2) */
-#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
 /* Ticket nonce - for deriving PSK.
    Length allowed to be: 1..255. Only support
  * TLS13_TICKET_NONCE_STATIC_SZ length bytes.
@@ -4564,7 +4564,6 @@ typedef struct TicketNonce {
     byte data[MAX_TICKET_NONCE_STATIC_SZ];
 #endif /* WOLFSSL_TICKET_NONCE_MALLOC  && FIPS_VERSION_GE(5,3) */
 } TicketNonce;
-
 #endif
 
 /* wolfSSL session type */
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index 8d72cd5291..ebddb586af 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -30,10 +30,12 @@
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* api version compatibility */
-#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x009070dfL) ||\
-    defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
-    defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
-    defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
+#if defined(OPENSSL_VERSION_NUMBER) && \
+    ((OPENSSL_VERSION_NUMBER == 0x009070dfL) || \
+     (OPENSSL_VERSION_NUMBER == 0x0090810fL) || \
+     (OPENSSL_VERSION_NUMBER == 0x10100000L) || \
+     (OPENSSL_VERSION_NUMBER == 0x10001040L))
+
     /* valid version */
 #elif defined(OPENSSL_VERSION_NUMBER)
     /* unrecognized version, but continue. */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index ca8f4f81db..2b58808a1d 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -5322,8 +5322,8 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
         WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
 #endif
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) || \
-                                                       defined(WOLFSSL_CERT_REQ)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ))
 WOLFSSL_API int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req);
 WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
         const WOLFSSL_X509 *req, int loc);
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 0c1f208cf8..f67b02919f 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1828,7 +1828,7 @@ static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
 #endif /* !SINGLE_THREADED */
 
         if (ready_file) {
-        #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \
+        #if (!defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)) && \
             !defined(NETOS)
             XFILE srf = (XFILE)NULL;
             if (args)
@@ -2741,7 +2741,7 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
 
     static WC_INLINE int ChangeToWolfRoot(void)
     {
-        #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \
+        #if (!defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)) && \
             !defined(NETOS)
             int depth;
             for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 7352bab7d8..a6d55d89b6 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -957,7 +957,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
 #ifndef XINET_NTOP
     #if defined(__WATCOMC__)
-        #if defined(__OS2__) || defined(__NT__) && \
+        #if (defined(__OS2__) || defined(__NT__)) && \
                 (NTDDI_VERSION >= NTDDI_VISTA)
             #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
         #else
@@ -972,7 +972,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 #endif
 #ifndef XINET_PTON
     #if defined(__WATCOMC__)
-        #if defined(__OS2__) || defined(__NT__) && \
+        #if (defined(__OS2__) || defined(__NT__)) && \
                 (NTDDI_VERSION >= NTDDI_VISTA)
             #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
         #else