diff --git a/src/internal.c b/src/internal.c
index d7d2ecadc..af8be1bb1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2838,7 +2838,7 @@ void FreeX509(WOLFSSL_X509* x509)
 
 #endif /* !NO_DH || HAVE_ECC */
 
-#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
+#ifndef NO_CERTS
 /* Encode the signature algorithm into buffer.
  *
  * hashalgo  The hash algorithm.
@@ -2876,7 +2876,10 @@ static INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
 #endif
         /* ED448: 0x0808 */
     }
+    (void)hashAlgo;
+    (void)output;
 }
+
 static void SetDigest(WOLFSSL* ssl, int hashAlgo)
 {
     switch (hashAlgo) {
@@ -2906,7 +2909,7 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo)
         #endif /* WOLFSSL_SHA512 */
     } /* switch */
 }
-#endif
+#endif /* !NO_CERTS */
 
 #ifndef NO_RSA
 static int TypeHash(int hashAlgo)
@@ -4597,7 +4600,8 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
     return ret;
 }
 
-#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_CURVE25519)
+#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
+    defined(HAVE_CURVE25519)
 static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
 {
     int ret = 0;
@@ -19521,9 +19525,13 @@ exit_scke:
  */
 int DecodePrivateKey(WOLFSSL *ssl, word16* length)
 {
-    int      ret;
+    int      ret = BAD_FUNC_ARG;
+#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
     int      keySz;
     word32   idx;
+#else
+    (void)length;
+#endif
 
     /* make sure private key exists */
     if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 1b91c8090..da8e3ae82 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1007,11 +1007,10 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
     return 0;
 }
 
-#if (!defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
-                          (defined(WOLFSSL_KEY_GEN) && \
-                           !defined(HAVE_USER_RSA)))) || \
-    (defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || \
-                           defined(WOLFSSL_KEY_GEN)))
+#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)
+
+#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || \
+    defined(HAVE_ECC) || defined(HAVE_ED25519)
 /* Set the DER/BER encoding of the ASN.1 BIT_STRING header.
  *
  * len         Length of data to encode.
@@ -1066,8 +1065,8 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     return idx;
 }
 #endif /* WOLFSSL_CERT_EXT */
-#endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN &&
-                                           !HAVE_USER_RSA)) */
+#endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 */
+#endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN */
 
 
 
@@ -2177,6 +2176,8 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
         ret = 0;
     }
 
+    (void)keySz;
+
     return ret;
 }
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index f220480cf..9d8f9a56f 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -920,7 +920,8 @@ int wolfcrypt_test(void* args)
 #endif /* NO_MAIN_DRIVER */
 
 /* helper to save DER, convert to PEM and save PEM */
-#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
+#if !defined(NO_ASN) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
+    (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
 #define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB)