diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c
index 90a602ba8..b89856455 100644
--- a/ctaocrypt/src/aes.c
+++ b/ctaocrypt/src/aes.c
@@ -2733,12 +2733,13 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 {
     byte A[AES_BLOCK_SIZE];
     byte B[AES_BLOCK_SIZE];
-    word32 i, lenSz;
+    byte lenSz;
+    word32 i;
 
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - nonceSz;
+    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B[0] = (authInSz > 0 ? 64 : 0)
-         + (8 * ((authTagSz - 2) / 2))
+         + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++)
         B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF;
@@ -2750,7 +2751,7 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         roll_x(aes, in, inSz, A);
     XMEMCPY(authTag, A, authTagSz);
 
-    B[0] = (lenSz - 1);
+    B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
         B[AES_BLOCK_SIZE - 1 - i] = 0;
     AesEncrypt(aes, B, A);
@@ -2786,14 +2787,16 @@ int  AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     byte A[AES_BLOCK_SIZE];
     byte B[AES_BLOCK_SIZE];
     byte* o;
-    word32 i, lenSz, oSz; int result = 0;
+    byte lenSz;
+    word32 i, oSz;
+    int result = 0;
 
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - nonceSz;
+    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
 
-    B[0] = (lenSz - 1);
+    B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
         B[AES_BLOCK_SIZE - 1 - i] = 0;
     B[15] = 1;
@@ -2822,7 +2825,7 @@ int  AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     oSz = inSz;
 
     B[0] = (authInSz > 0 ? 64 : 0)
-         + (8 * ((authTagSz - 2) / 2))
+         + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++)
         B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF;
@@ -2833,7 +2836,7 @@ int  AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     if (inSz > 0)
         roll_x(aes, o, oSz, A);
 
-    B[0] = (lenSz - 1);
+    B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
         B[AES_BLOCK_SIZE - 1 - i] = 0;
     AesEncrypt(aes, B, B);
diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index 11ba84c5b..7e4e8ea24 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -1140,7 +1140,7 @@ CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
 #endif /* CYASSL_CALLBACKS */
 
 
-CYASSL_API long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX*, long);
+CYASSL_API int  CyaSSL_CTX_OCSP_set_options(CYASSL_CTX*, int);
 CYASSL_API int  CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX*, const char*);
 
 /* OCSP Options */
diff --git a/src/internal.c b/src/internal.c
index 85e7abec4..ff4ddb1c2 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3683,7 +3683,7 @@ static INLINE void AeadIncrementExpIV(CYASSL* ssl)
 #endif
 
 
-static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
+static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
 {
     (void)out;
     (void)input;
@@ -3834,7 +3834,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
 
 
 static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
-                           word32 sz)
+                           word16 sz)
 {
     (void)plain;
     (void)input;
diff --git a/src/io.c b/src/io.c
index 4511d4f8a..804fed931 100644
--- a/src/io.c
+++ b/src/io.c
@@ -679,7 +679,8 @@ static int process_http_response(int sfd, byte** respBuf,
         }
         else {
             *end = 0;
-            len -= end - start + 2;
+            len -= (int)(end - start) + 2;
+                /* adjust len to remove the first line including the /r/n */
 
             if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) {
                 start += 9;
diff --git a/src/ssl.c b/src/ssl.c
index ae2b9142c..7aedd0fc2 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -4797,14 +4797,14 @@ int CyaSSL_GetSessionIndex(CYASSL* ssl)
 }
 
 
-int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session)
+int CyaSSL_GetSessionAtIndex(int idx, CYASSL_SESSION* session)
 {
     int row, col, result = SSL_FAILURE;
 
     CYASSL_ENTER("CyaSSL_GetSessionAtIndex");
 
-    row = index >> SESSIDX_ROW_SHIFT;
-    col = index & SESSIDX_IDX_MASK;
+    row = idx >> SESSIDX_ROW_SHIFT;
+    col = idx & SESSIDX_IDX_MASK;
 
     if (LockMutex(&session_mutex) != 0) {
         return BAD_MUTEX_ERROR;
@@ -10353,7 +10353,7 @@ const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
 #endif /* SESSION_CERTS */
 
 
-long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options)
+int CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, int options)
 {
     CYASSL_ENTER("CyaSSL_CTX_OCSP_set_options");
 #ifdef HAVE_OCSP
@@ -10361,9 +10361,9 @@ long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options)
         ctx->ocsp.enabled = (options & CYASSL_OCSP_ENABLE) != 0;
         ctx->ocsp.useOverrideUrl = (options & CYASSL_OCSP_URL_OVERRIDE) != 0;
         ctx->ocsp.useNonce = (options & CYASSL_OCSP_NO_NONCE) == 0;
-        return 1;
+        return SSL_SUCCESS;
     }
-    return 0;
+    return SSL_FAILURE;
 #else
     (void)ctx;
     (void)options;
diff --git a/src/tls.c b/src/tls.c
index b4bcaf44b..eba962834 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -450,15 +450,17 @@ int CyaSSL_GetHmacType(CYASSL* ssl)
         #endif
         #ifndef NO_SHA
         case sha_mac:
-        default:
         {
             return SHA;
         }
         break;
         #endif
+        default:
+        {
+            return SSL_FATAL_ERROR;
+        }
+        break;
     }
-
-    return -1;
 }