diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c
index d5afdcbe6..a9f374543 100644
--- a/ctaocrypt/src/coding.c
+++ b/ctaocrypt/src/coding.c
@@ -104,16 +104,18 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
             break;
         
         inLen -= 4;
-        if (in[j] == ' ' || in[j] == '\r' || in[j] == '\n') {
+        if (inLen && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) {
             byte endLine = in[j++];
             inLen--;
-            while (endLine == ' ') {   /* allow trailing whitespace */
+            while (inLen && endLine == ' ') {   /* allow trailing whitespace */
                 endLine = in[j++];
                 inLen--;
             }
             if (endLine == '\r') {
-                endLine = in[j++];
-                inLen--;
+                if (inLen) {
+                    endLine = in[j++];
+                    inLen--;
+                }
             }
             if (endLine != '\n') {
                 CYASSL_MSG("Bad end of line in Base64 Decode");
diff --git a/cyassl/ctaocrypt/error.h b/cyassl/ctaocrypt/error.h
index 204600721..c7b24eb83 100644
--- a/cyassl/ctaocrypt/error.h
+++ b/cyassl/ctaocrypt/error.h
@@ -107,7 +107,7 @@ enum {
 };
 
 
-CYASSL_API void CTaoCryptErrorString(int error, char* buffer);
+CYASSL_API void CTaoCryptErrorString(int err, char* buff);
 
 
 #ifdef __cplusplus
diff --git a/cyassl/error.h b/cyassl/error.h
index 2f222051a..04bb689a8 100644
--- a/cyassl/error.h
+++ b/cyassl/error.h
@@ -130,7 +130,7 @@ enum CyaSSL_ErrorCodes {
 
 
 CYASSL_LOCAL
-void SetErrorString(int error, char* buffer);
+void SetErrorString(int err, char* buff);
 
 
 #ifdef __cplusplus
diff --git a/src/internal.c b/src/internal.c
index 4d59c343e..b58dee1c0 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2559,23 +2559,12 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
 #endif
     Sha sha = ssl->hashSha;
 #ifndef NO_SHA256
-    Sha256 sha256;
+    Sha256 sha256 = ssl->hashSha256;
 #endif
 #ifdef CYASSL_SHA384
-    Sha384 sha384;
+    Sha384 sha384 = ssl->hashSha384;
 #endif
 
-    if (IsAtLeastTLSv1_2(ssl)) {
-        #ifndef NO_SHA256
-            InitSha256(&sha256);
-            sha256 = ssl->hashSha256;
-        #endif
-        #ifdef CYASSL_SHA384
-            InitSha384(&sha384);
-            sha384 = ssl->hashSha384;
-        #endif
-    }
-
     if (ssl->options.tls)
         BuildTlsFinished(ssl, hashes, sender);
 #ifndef NO_MD5
@@ -2592,10 +2581,10 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
     ssl->hashSha = sha;
     if (IsAtLeastTLSv1_2(ssl)) {
     #ifndef NO_SHA256
-            ssl->hashSha256 = sha256;
+        ssl->hashSha256 = sha256;
     #endif
     #ifdef CYASSL_SHA384
-            ssl->hashSha384 = sha384;
+        ssl->hashSha384 = sha384;
     #endif
     }
 }
@@ -4591,23 +4580,12 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
     Md5 md5 = ssl->hashMd5;
     Sha sha = ssl->hashSha;
     #ifndef NO_SHA256
-        Sha256 sha256;
+        Sha256 sha256 = ssl->hashSha256;
     #endif
     #ifdef CYASSL_SHA384
-        Sha384 sha384;
+        Sha384 sha384 = ssl->hashSha384;
     #endif
     
-    if (IsAtLeastTLSv1_2(ssl)) {
-        #ifndef NO_SHA256
-            InitSha256(&sha256);
-            sha256 = ssl->hashSha256;
-        #endif
-        #ifdef CYASSL_SHA384
-            InitSha384(&sha384);
-            sha384 = ssl->hashSha384;
-        #endif
-    }
-
     if (ssl->options.tls) {
         Md5Final(&ssl->hashMd5, hashes->md5);
         ShaFinal(&ssl->hashSha, hashes->sha);
@@ -6211,7 +6189,7 @@ int SetCipherList(Suites* s, const char* list)
             s->hashSigAlgo[idx++] = rsa_sa_algo;
         }
 
-        s->hashSigAlgoSz = idx;
+        s->hashSigAlgoSz = (word16)idx;
     }
 
     return ret;