diff --git a/src/crl.c b/src/crl.c
index 8a617dd34..787901f66 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -138,7 +138,6 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
         crle->tbsSz = dcrl->sigIndex - dcrl->certBegin;
         crle->signatureSz = dcrl->sigLength;
         crle->signatureOID = dcrl->signatureOID;
-        crle->sigParamsSz = dcrl->sigParamsLength;
         crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap,
                                           DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->toBeSigned == NULL)
@@ -151,6 +150,8 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
             return -1;
         }
 
+    #ifdef WC_RSA_PSS
+        crle->sigParamsSz = dcrl->sigParamsLength;
         if (dcrl->sigParamsLength > 0) {
             crle->sigParams = (byte*)XMALLOC(crle->sigParamsSz, heap,
                                              DYNAMIC_TYPE_CRL_ENTRY);
@@ -164,6 +165,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
             XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex,
                 crle->sigParamsSz);
         }
+    #endif
         XMEMCPY(crle->toBeSigned, buff + dcrl->certBegin, crle->tbsSz);
         XMEMCPY(crle->signature, dcrl->signature, crle->signatureSz);
     #ifndef NO_SKID
@@ -221,8 +223,10 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
         XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
     if (crle->toBeSigned != NULL)
         XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+#ifdef WC_RSA_PSS
     if (crle->sigParams != NULL)
         XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY);
+#endif
 #if defined(OPENSSL_EXTRA)
     if (crle->issuer != NULL) {
         FreeX509Name(crle->issuer);
@@ -759,16 +763,24 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
                                           DYNAMIC_TYPE_CRL_ENTRY);
         dupl->signature = (byte*)XMALLOC(dupl->signatureSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
+#ifdef WC_RSA_PSS
         dupl->sigParams = (byte*)XMALLOC(dupl->sigParamsSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
-        if (dupl->toBeSigned == NULL || dupl->signature == NULL ||
-                dupl->sigParams == NULL) {
+#endif
+        if (dupl->toBeSigned == NULL || dupl->signature == NULL) {
             CRL_Entry_free(dupl, heap);
             return NULL;
         }
         XMEMCPY(dupl->toBeSigned, ent->toBeSigned, dupl->tbsSz);
-        XMEMCPY(dupl->sigParams, ent->sigParams, dupl->sigParamsSz);
         XMEMCPY(dupl->signature, ent->signature, dupl->signatureSz);
+
+#ifdef WC_RSA_PSS
+        if (dupl->sigParams == NULL) {
+            CRL_Entry_free(dupl, heap);
+            return NULL;
+        }
+        XMEMCPY(dupl->sigParams, ent->sigParams, dupl->sigParamsSz);
+#endif
     }
     else {
         dupl->toBeSigned = NULL;