diff --git a/wolfCLU/clu_src/crypto/clu_decrypt.c b/wolfCLU/clu_src/crypto/clu_decrypt.c
index 976c40a1..56957e1e 100644
--- a/wolfCLU/clu_src/crypto/clu_decrypt.c
+++ b/wolfCLU/clu_src/crypto/clu_decrypt.c
@@ -116,7 +116,7 @@ int wolfCLU_decrypt(char* alg, char* mode, byte* pwdKey, byte* key, int size,
             /* replicates old pwdKey if pwdKeys match */
             if (keyType == 1) {
                 if (wc_PBKDF2(key, pwdKey, (int) strlen((const char*)pwdKey), salt, 
-                            SALT_SIZE, 4096, size, SHA256) != 0) {
+                            SALT_SIZE, 4096, size, WC_SHA256) != 0) {
                     printf("pwdKey set error.\n");
                     wolfCLU_freeBins(input, output, NULL, NULL, NULL);
                     return ENCRYPT_ERROR;
diff --git a/wolfCLU/clu_src/genkey/clu_genkey.c b/wolfCLU/clu_src/genkey/clu_genkey.c
index dce38690..40358a2b 100644
--- a/wolfCLU/clu_src/genkey/clu_genkey.c
+++ b/wolfCLU/clu_src/genkey/clu_genkey.c
@@ -421,6 +421,9 @@ int wolfCLU_genKey_RSA(RNG* rng, char* fName, int directive, int fmt, int
 #endif
 }
 
+#endif /* WOLFSSL_KEY_GEN && !NO_ASN*/
+
+
 /*
  * makes a cyptographically secure key by stretching a user entered pwdKey
  */
@@ -443,11 +446,10 @@ int wolfCLU_genKey_PWDBASED(RNG* rng, byte* pwdKey, int size, byte* salt, int pa
 
     /* stretches pwdKey */
     ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) strlen((const char*)pwdKey), salt, SALT_SIZE,
-                                                            4096, size, SHA256);
+                                                            4096, size, WC_SHA256);
     if (ret != 0)
         return ret;
 
     return 0;
 }
 
-#endif /* WOLFSSL_KEY_GEN && !NO_ASN*/
diff --git a/wolfCLU/clu_src/genkey/clu_genkey_setup.c b/wolfCLU/clu_src/genkey/clu_genkey_setup.c
index 632c820c..d285d21b 100644
--- a/wolfCLU/clu_src/genkey/clu_genkey_setup.c
+++ b/wolfCLU/clu_src/genkey/clu_genkey_setup.c
@@ -112,7 +112,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
     #endif /* HAVE_ED25519 */
 
     } else if (XSTRNCMP(keyType, "ecc", 3) == 0) {
-    #ifdef HAVE_ECC
+    #if defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN)
         /* ECC flags */
         int directiveArg;
         int sizeArg;
@@ -173,7 +173,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         return NOT_COMPILED_IN;
     #endif /* HAVE_ECC */
     } else if (XSTRNCMP(keyType, "rsa", 3) == 0) {
-    #ifndef NO_RSA
+    #if defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
         /* RSA flags */
         int directiveArg;
         int sizeArg;