diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h
index fef71d2e7..77984e583 100644
--- a/src/headers/tomcrypt_custom.h
+++ b/src/headers/tomcrypt_custom.h
@@ -585,6 +585,22 @@
    #define LTC_PBES
 #endif
 
+#if defined(LTC_PBES) && !defined(LTC_PKCS_5)
+   #error LTC_PBES requires LTC_PKCS_5
+#endif
+
+#if defined(LTC_PBES) && !defined(LTC_PKCS_12)
+   #error LTC_PBES requires LTC_PKCS_12
+#endif
+
+#if defined(LTC_PKCS_5) && !defined(LTC_HMAC)
+   #error LTC_PKCS_5 requires LTC_HMAC
+#endif
+
+#if defined(LTC_PKCS_5) && !defined(LTC_HASH_HELPERS)
+   #error LTC_PKCS_5 requires LTC_HASH_HELPERS
+#endif
+
 #if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL)
    #error Pelican-MAC requires LTC_RIJNDAEL
 #endif
diff --git a/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c b/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c
index 0c3c4fab6..238222625 100644
--- a/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c
+++ b/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c
@@ -39,8 +39,9 @@ int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned lo
    unsigned long tmpbuf_len, tmp_inlen;
    ltc_asn1_list *decoded_list = NULL, *l;
 
-   LTC_ARGCHK(in    != NULL);
-   LTC_ARGCHK(inlen != 0);
+   LTC_ARGCHK(in       != NULL);
+   LTC_ARGCHK(inlen    != 0);
+   LTC_ARGCHK(callback != NULL);
 
    tmpbuf_len = inlen;
    tmpbuf = XCALLOC(1, tmpbuf_len);
@@ -81,7 +82,7 @@ int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned lo
                      && (l->data != NULL)
                      && LOOKS_LIKE_SPKI(l->child)) {
                   if (algorithm == PKA_EC) {
-                     err = ecc_import_subject_public_key_info(l->data, l->size, ctx);
+                     err = callback(l->data, l->size, ctx);
                   } else {
                      err = x509_decode_subject_public_key_info(l->data, l->size,
                                                                algorithm, tmpbuf, &tmpbuf_len,
diff --git a/src/pk/ecc/ecc_import_x509.c b/src/pk/ecc/ecc_import_x509.c
index 9baf3d11d..7d64c63f7 100644
--- a/src/pk/ecc/ecc_import_x509.c
+++ b/src/pk/ecc/ecc_import_x509.c
@@ -106,7 +106,10 @@ int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long in
 */
 int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key)
 {
-   return x509_decode_public_key_from_certificate(in, inlen, PKA_EC, LTC_ASN1_EOL, NULL, NULL, NULL, key);
+   return x509_decode_public_key_from_certificate(in, inlen,
+                                                  PKA_EC,
+                                                  LTC_ASN1_EOL, NULL, NULL,
+                                                  (public_key_decode_cb)ecc_import_subject_public_key_info, key);
 }
 
 #endif /* LTC_MECC */
diff --git a/src/pk/ecc/ecc_ssh_ecdsa_encode_name.c b/src/pk/ecc/ecc_ssh_ecdsa_encode_name.c
index fef49e3f0..09c8d6432 100644
--- a/src/pk/ecc/ecc_ssh_ecdsa_encode_name.c
+++ b/src/pk/ecc/ecc_ssh_ecdsa_encode_name.c
@@ -8,6 +8,8 @@
    Russ Williams
 */
 
+#ifdef LTC_SSH
+
 /**
   Curve/OID to SSH+ECDSA name string mapping
   @param buffer    [out] The destination for the name
@@ -60,3 +62,4 @@ int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key
    return err;
 }
 
+#endif