diff --git a/src/ltc/misc/pbes/pbes2.c b/src/ltc/misc/pbes/pbes2.c
index fcf5c30..f41d4dc 100644
--- a/src/ltc/misc/pbes/pbes2.c
+++ b/src/ltc/misc/pbes/pbes2.c
@@ -84,7 +84,7 @@
 int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res)
 {
    unsigned long klen;
-   ltc_asn1_list *lkdf, *lenc, *loptseq, *lhmac;
+   ltc_asn1_list *lkdf, *lenc, *loptseq, *liter, *lhmac;
    int err;
 
    LTC_ARGCHK(s   != NULL);
@@ -109,7 +109,7 @@
     * 21:d=4  hl=2 l=   9 prim:         OBJECT         :PBKDF2 (== *lkdf)
     * 32:d=4  hl=2 l=  28 cons:         SEQUENCE
     * 34:d=5  hl=2 l=   8 prim:           OCTET STRING [HEX DUMP]:28BA4ABF6AA76A3D (== res->salt)
-    * 44:d=5  hl=2 l=   2 prim:           INTEGER      :0800 (== res->iterations)
+    * 44:d=5  hl=2 l=   2 prim:           INTEGER      :0800 (== res->iterations, *liter)
     * 48:d=5  hl=2 l=  12 cons:           SEQUENCE     (== *loptseq   - this sequence is optional, may be missing)
     * 50:d=6  hl=2 l=   8 prim:             OBJECT     :hmacWithSHA256 (== *lhmac)
     * 60:d=6  hl=2 l=   0 prim:             NULL
@@ -129,9 +129,16 @@
       return CRYPT_INVALID_PACKET;
    }
 
-   loptseq = lkdf->next->child->next->next;
+   liter = lkdf->next->child->next;
+   loptseq = liter->next;
    res->salt = lkdf->next->child;
-   res->iterations = mp_get_int(lkdf->next->child->next->data);
+   res->iterations = mp_get_int(liter->data);
+
+   /* There's an optional INTEGER keyLength after the iterations, skip that if it's there.
+    * c.f. RFC 2898 A.2 PBKDF2 */
+   if(LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_INTEGER)) {
+      loptseq = loptseq->next;
+   }
 
    /* this sequence is optional */
    lhmac = NULL;
diff --git a/src/ltc/pk/ecc/ecc_verify_hash.c b/src/ltc/pk/ecc/ecc_verify_hash.c
index d18ef93..98b8ac1 100644
--- a/src/ltc/pk/ecc/ecc_verify_hash.c
+++ b/src/ltc/pk/ecc/ecc_verify_hash.c
@@ -76,11 +76,11 @@
    }
    else if (sigformat == LTC_ECCSIG_RFC7518) {
       /* RFC7518 format - raw (r,s) */
-      i = mp_unsigned_bin_size(key->dp.order);
-      if (siglen != (2*i)) {
+      if ((siglen % 2) == 1) {
          err = CRYPT_INVALID_PACKET;
          goto error;
       }
+      i = siglen / 2;
       if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig,   i)) != CRYPT_OK)                       { goto error; }
       if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK)                       { goto error; }
    }
diff --git a/src/update-libtom.pl b/src/update-libtom.pl
index f35cb89..b00873f 100755
--- a/src/update-libtom.pl
+++ b/src/update-libtom.pl
@@ -5,7 +5,7 @@
 use File::Slurper qw(read_text write_text);
 use FindBin;
 
-my $ltc_branch = "pr/pkcs8-improved";
+my $ltc_branch = "develop";
 my $ltm_branch = "no-stdint-h";
 my $tmpdir = "/tmp/libtom.git.checkout.$$";