diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 80bef3511..7d1a83285 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1237,10 +1237,10 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
 {
     int ret;
     const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
-    unsigned char *p, *end;
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
     defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    unsigned char *p, *end;
     size_t sig_len, params_len;
     unsigned char hash[64];
     md_type_t md_alg = POLARSSL_MD_NONE;
@@ -1287,8 +1287,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
 
     SSL_DEBUG_BUF( 3,   "server key exchange", ssl->in_msg + 4, ssl->in_hslen - 4 );
 
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
     p   = ssl->in_msg + 4;
     end = ssl->in_msg + ssl->in_hslen;
+#endif
 
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA )
@@ -1318,6 +1322,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
     {
+        unsigned char *p = ssl->in_msg + 4;
+        unsigned char *end = ssl->in_msg + ssl->in_hslen;
+
         if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
         {
             SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
@@ -1329,6 +1336,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
     {
+        unsigned char *p = ssl->in_msg + 4;
+        unsigned char *end = ssl->in_msg + ssl->in_hslen;
+
         if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
         {
             SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
@@ -1336,7 +1346,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
         }
         if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
         {
-            SSL_DEBUG_MSG( 1, ( "failed to parsebad server key exchange message" ) );
+            SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
             return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
         }
     }
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1b48a9771..115bf0ad7 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1809,16 +1809,16 @@ static int ssl_write_certificate_request( ssl_context *ssl )
 static int ssl_write_server_key_exchange( ssl_context *ssl )
 {
     int ret;
-    size_t n = 0, len;
-    unsigned char *p = ssl->out_msg + 4;
+    size_t n = 0;
     const ssl_ciphersuite_t *ciphersuite_info;
 
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
     defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                       \
     defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    unsigned char *p = ssl->out_msg + 4;
     unsigned char *dig_signed = p;
-    size_t dig_signed_len = 0;
+    size_t dig_signed_len = 0, len;
     ((void) dig_signed);
     ((void) dig_signed_len);
 #endif
@@ -2355,7 +2355,6 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
 {
     int ret;
     const ssl_ciphersuite_t *ciphersuite_info;
-    unsigned char *p, *end;
 
     ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
 
@@ -2379,12 +2378,12 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
     }
 
-    p = ssl->in_msg + 4;
-    end = ssl->in_msg + ssl->in_msglen;
-
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA )
     {
+        unsigned char *p = ssl->in_msg + 4;
+        unsigned char *end = ssl->in_msg + ssl->in_msglen;
+
         if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
         {
             SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
@@ -2436,6 +2435,9 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
     {
+        unsigned char *p = ssl->in_msg + 4;
+        unsigned char *end = ssl->in_msg + ssl->in_msglen;
+
         if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
         {
             SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
@@ -2462,6 +2464,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
     {
         size_t n;
+        unsigned char *p = ssl->in_msg + 4;
+        unsigned char *end = ssl->in_msg + ssl->in_msglen;
 
         if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
         {
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index ac3bdeee9..efe671616 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -49,7 +49,7 @@ int main( int argc, char *argv[] )
     ((void) argv);
 
     printf("POLARSSL_ECDSA_C and/or "
-           "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C not defined\n"
+           "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C not defined\n");
     return( 0 );
 }
 #else
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 6b03266ad..30906b161 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -406,7 +406,9 @@ int main( int argc, char *argv[] )
 
         ssl_set_own_cert( &ssl, &clicert, &pkey );
 
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
         ssl_set_hostname( &ssl, opt.server_name );
+#endif
 
         /*
          * 4. Handshake
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 676412f72..81188ae43 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -335,7 +335,10 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     unsigned char clear[200];
     unsigned char ad[200];
     unsigned char tag[20];
-    size_t key_len, iv_len, cipher_len, clear_len, ad_len, tag_len;
+    size_t key_len, iv_len, cipher_len, clear_len;
+#if defined(POLARSSL_CIPHER_MODE_AEAD)
+    size_t ad_len, tag_len;
+#endif
     cipher_context_t ctx;
     unsigned char output[200];
     size_t outlen, total_len;
@@ -352,8 +355,13 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     iv_len = unhexify( iv, hex_iv );
     cipher_len = unhexify( cipher, hex_cipher );
     clear_len = unhexify( clear, hex_clear );
+#if defined(POLARSSL_CIPHER_MODE_AEAD)
     ad_len = unhexify( ad, hex_ad );
     tag_len = unhexify( tag, hex_tag );
+#else
+    ((void) hex_ad);
+    ((void) hex_tag);
+#endif
 
     /* Prepare context */
     TEST_ASSERT( 0 == cipher_init_ctx( &ctx,