diff --git a/src/wp_dec_epki2pki.c b/src/wp_dec_epki2pki.c
index 7284a254..76ac0173 100644
--- a/src/wp_dec_epki2pki.c
+++ b/src/wp_dec_epki2pki.c
@@ -207,7 +207,7 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
     else if (data == NULL) {
         done = 1;
     }
-    if (wc_GetPkcs8TraditionalOffset(data, &tradIdx, (word32)len) <= 0) {
+    if ((!done) && ok && wc_GetPkcs8TraditionalOffset(data, &tradIdx, (word32)len) <= 0) {
         /* This is not PKCS8, we are done */
         done = 1;
         ok = 1;
diff --git a/src/wp_params.c b/src/wp_params.c
index 4e68b052..b52d745c 100644
--- a/src/wp_params.c
+++ b/src/wp_params.c
@@ -45,16 +45,22 @@ int wp_mp_read_unsigned_bin_le(mp_int* mp, const unsigned char* data,
 
     WOLFPROV_ENTER(WP_LOG_COMP_PROVIDER, "wp_mp_read_unsigned_bin_le");
 
-    /* Make big-endian. */
-    for (i = 0; i < len; i++) {
-        rdata[i] = data[len - 1 - i];
+    if (len > sizeof(rdata)) {
+        ok = 0;
     }
 
-    /* Read big-endian data in. */
-    rc = mp_read_unsigned_bin(mp, rdata, (word32)len);
-    if (rc != 0) {
-        WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "mp_read_unsigned_bin", rc);
-        ok = 0;
+    if (ok) {
+        /* Make big-endian. */
+        for (i = 0; i < len; i++) {
+            rdata[i] = data[len - 1 - i];
+        }
+
+        /* Read big-endian data in. */
+        rc = mp_read_unsigned_bin(mp, rdata, (word32)len);
+        if (rc != 0) {
+            WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "mp_read_unsigned_bin", rc);
+            ok = 0;
+        }
     }
 
     WOLFPROV_LEAVE(WP_LOG_COMP_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
diff --git a/test/test_pkcs7_x509.c b/test/test_pkcs7_x509.c
index d1eaa9c8..321a8e34 100644
--- a/test/test_pkcs7_x509.c
+++ b/test/test_pkcs7_x509.c
@@ -121,9 +121,16 @@ int test_pkcs7_x509_sign_verify(void* data)
     X509_gmtime_adj(X509_get_notAfter(cert), 31536000L);
     X509_set_pubkey(cert, pkey);
 
-    X509_NAME *name = X509_get_subject_name(cert);
-    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)"Test Signer", -1, -1, 0);
+    X509_NAME *name = X509_NAME_new();
+    if (!name) {
+        PRINT_MSG("X509_NAME_new failed");
+        return -1;
+    }
+    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
+        (unsigned char *)"Test Signer", -1, -1, 0);
+    X509_set_subject_name(cert, name);
     X509_set_issuer_name(cert, name);
+    X509_NAME_free(name);
     X509_sign(cert, pkey, EVP_sha256());
 
     /* === Step 3: Create the data to be signed === */
@@ -206,11 +213,11 @@ static int test_x509_name(const X509_NAME *name) {
     }
 
     for (int i = 0; i < count; i++) {
-        X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
+        const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
         if (!entry) continue;
 
-        ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
-        ASN1_STRING *data = X509_NAME_ENTRY_get_data(entry);
+        const ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
+        const ASN1_STRING *data = X509_NAME_ENTRY_get_data(entry);
 
         char obj_buf[80];
         OBJ_obj2txt(obj_buf, sizeof(obj_buf), obj, 1);