diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c
index 6c729f9b0..2a2bf46c4 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_seco.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c
@@ -858,6 +858,7 @@ static hsm_err_t wc_SEC_AES_Common(unsigned int args[4], CAAM_BUFFER* buf,
     int sz, hsm_op_cipher_one_go_algo_t algo,
     uint8_t* in, int inSz, uint8_t* out, int outSz)
 {
+    int dir;
     hsm_hdl_t cipher_hdl;
     open_svc_cipher_args_t  open_args;
     op_cipher_one_go_args_t cipher_args;
@@ -872,7 +873,8 @@ static hsm_err_t wc_SEC_AES_Common(unsigned int args[4], CAAM_BUFFER* buf,
         cipher_args.iv_size = buf[1].Length;
 
         cipher_args.cipher_algo = algo;
-        if (args[0] == CAAM_DEC) {
+        dir = args[0] & 0xFFFF; /* extract direction enc/dec from input args */
+        if (dir == CAAM_DEC) {
             cipher_args.flags = HSM_CIPHER_ONE_GO_FLAGS_DECRYPT;
         }
         else {
@@ -928,8 +930,9 @@ static hsm_err_t wc_SECO_AESCCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
     hsm_err_t err;
     uint8_t* in;
     uint8_t* out;
-    int      inSz;
-    int      outSz;
+    int inSz;
+    int outSz;
+    int dir;
 
     byte* cipherAndTag   = NULL;
     int   cipherAndTagSz = 0;
@@ -952,7 +955,8 @@ static hsm_err_t wc_SECO_AESCCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
     cipherAndTagSz = buf[4].Length + buf[2].Length;
     cipherAndTag   = (byte*)XMALLOC(cipherAndTagSz, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
-    if (args[0] == CAAM_ENC) {
+    dir = args[0] & 0xFFFF; /* get if doing enc or dec */
+    if (dir == CAAM_ENC) {
         in = (uint8_t*)buf[2].TheAddress;
         inSz  = buf[2].Length;
         out   = cipherAndTag;
@@ -971,7 +975,7 @@ static hsm_err_t wc_SECO_AESCCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
     err = wc_SEC_AES_Common(args, buf, sz, HSM_CIPHER_ONE_GO_ALGO_AES_CCM,
             in, inSz, out, outSz);
     if (err == HSM_NO_ERROR) {
-        if (args[0] == CAAM_ENC) {
+        if (dir == CAAM_ENC) {
             XMEMCPY((uint8_t*)buf[4].TheAddress, cipherAndTag + inSz,
                 buf[4].Length);
             XMEMCPY((uint8_t*)buf[3].TheAddress, cipherAndTag, buf[3].Length);
@@ -994,14 +998,16 @@ static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
     int      outSz;
     byte* cipherAndTag   = NULL;
     int   cipherAndTagSz = 0;
+    int   dir;
 
+    dir = args[0] & 0xFFFF; /* extract direction enc/dec from input args */
     XMEMSET(&open_args, 0, sizeof(open_args));
     err = hsm_open_cipher_service(key_store_hdl, &open_args, &cipher_hdl);
     if (err == HSM_NO_ERROR) {
         cipherAndTagSz = buf[4].Length + buf[2].Length;
         cipherAndTag   = (byte*)XMALLOC(cipherAndTagSz, NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
-        if (args[0] == CAAM_ENC) {
+        if (dir == CAAM_ENC) {
             in = (uint8_t*)buf[2].TheAddress;
             inSz  = buf[2].Length;
             out   = cipherAndTag;
@@ -1027,7 +1033,7 @@ static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
         auth_args.aad      = (uint8_t*)buf[5].TheAddress;
         auth_args.aad_size = buf[5].Length;
 
-        if (args[0] == CAAM_DEC) {
+        if (dir == CAAM_DEC) {
             auth_args.flags = HSM_AUTH_ENC_FLAGS_DECRYPT;
         }
         else {
@@ -1056,7 +1062,7 @@ static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
     }
 
     if (err == HSM_NO_ERROR) {
-        if (args[0] == CAAM_ENC) {
+        if (dir == CAAM_ENC) {
             XMEMCPY((uint8_t*)buf[4].TheAddress, cipherAndTag + inSz,
                 buf[4].Length);
             XMEMCPY((uint8_t*)buf[3].TheAddress, cipherAndTag, buf[3].Length);