diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index b65270e5670..063cdb99e04 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -105,6 +105,7 @@ jobs:
           '--enable-sessionexport --enable-dtls --enable-dtls13',
           '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
           '--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
+          '--enable-cryptocb --enable-keygen CPPFLAGS="-DWOLF_CRYPTO_CB_FIND"',
           '--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC',
           'CPPFLAGS=-DNO_WOLFSSL_CLIENT',
           'CPPFLAGS=-DNO_WOLFSSL_SERVER',
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
index 7a6faffe56a..3cf78ebf3ef 100644
--- a/wolfcrypt/src/sha3.c
+++ b/wolfcrypt/src/sha3.c
@@ -646,6 +646,12 @@ static int InitSha3(wc_Sha3* sha3)
 #ifdef WOLFSSL_HASH_FLAGS
     sha3->flags = 0;
 #endif
+#ifdef WOLF_CRYPTO_CB
+    /* Cached hash variant is tied to sponge state; clear it whenever the
+     * state is reset so reuse for a different SHA3 variant dispatches
+     * correctly through the crypto callback. */
+    sha3->hashType = WC_HASH_TYPE_NONE;
+#endif
 
 #ifdef USE_INTEL_SPEEDUP
     {
diff --git a/wolfcrypt/src/wc_mlkem.c b/wolfcrypt/src/wc_mlkem.c
index 0ef4870014d..1bbdd67c9db 100644
--- a/wolfcrypt/src/wc_mlkem.c
+++ b/wolfcrypt/src/wc_mlkem.c
@@ -602,11 +602,11 @@ int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng)
     }
 
 #ifdef WOLF_CRYPTO_CB
-    if ((ret == 0)
-    #ifndef WOLF_CRYPTO_CB_FIND
-        && (key->devId != INVALID_DEVID)
-    #endif
-    ) {
+#ifndef WOLF_CRYPTO_CB_FIND
+    if ((ret == 0) && (key->devId != INVALID_DEVID)) {
+#else
+    if (ret == 0) {
+#endif
         ret = wc_CryptoCb_MakePqcKemKey(rng, WC_PQC_KEM_TYPE_KYBER,
                                         key->type, key);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
@@ -1287,11 +1287,11 @@ int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* c, unsigned char* k,
     if (ret == 0) {
         ret = wc_MlKemKey_CipherTextSize(key, &ctlen);
     }
-    if ((ret == 0)
-    #ifndef WOLF_CRYPTO_CB_FIND
-        && (key->devId != INVALID_DEVID)
-    #endif
-    ) {
+#ifndef WOLF_CRYPTO_CB_FIND
+    if ((ret == 0) && (key->devId != INVALID_DEVID)) {
+#else
+    if (ret == 0) {
+#endif
         ret = wc_CryptoCb_PqcEncapsulate(c, ctlen, k, KYBER_SS_SZ, rng,
                                          WC_PQC_KEM_TYPE_KYBER, key);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
@@ -1767,11 +1767,11 @@ int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss,
     }
 
 #ifdef WOLF_CRYPTO_CB
-    if ((ret == 0)
-    #ifndef WOLF_CRYPTO_CB_FIND
-        && (key->devId != INVALID_DEVID)
-    #endif
-    ) {
+#ifndef WOLF_CRYPTO_CB_FIND
+    if ((ret == 0) && (key->devId != INVALID_DEVID)) {
+#else
+    if (ret == 0) {
+#endif
         ret = wc_CryptoCb_PqcDecapsulate(ct, ctSz, ss, KYBER_SS_SZ,
                                          WC_PQC_KEM_TYPE_KYBER, key);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))