grpc 1.69.0 → 1.70.1

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc}

@@ -1,4 +1,4 @@
-/* Copyright (c) 2014, Google Inc.
+/* Copyright 2014 The BoringSSL Authors
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -85,8 +85,8 @@ struct rand_thread_state {
 // objects in the process, one per thread. This is needed because FIPS requires
 // that they be zeroed on process exit, but thread-local destructors aren't
 // called when the whole process is exiting.
-DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list);
-DEFINE_STATIC_MUTEX(thread_states_list_lock);
+DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list, nullptr)
+DEFINE_STATIC_MUTEX(thread_states_list_lock)
 
 static void rand_thread_state_clear_all(void) __attribute__((destructor));
 static void rand_thread_state_clear_all(void) {
@@ -106,7 +106,8 @@ static void rand_thread_state_clear_all(void) {
 // rand_thread_state_free frees a |rand_thread_state|. This is called when a
 // thread exits.
 static void rand_thread_state_free(void *state_in) {
-  struct rand_thread_state *state = state_in;
+  struct rand_thread_state *state =
+      reinterpret_cast<rand_thread_state *>(state_in);
 
   if (state_in == NULL) {
     return;
@@ -168,12 +169,12 @@ static int rdrand(uint8_t *buf, size_t len) { return 0; }
 
 bcm_status BCM_rand_bytes_hwrng(uint8_t *buf, const size_t len) {
   if (!have_rdrand()) {
-    return bcm_status_failure;
+    return bcm_status::failure;
   }
   if (rdrand(buf, len)) {
-    return bcm_status_not_approved;
+    return bcm_status::not_approved;
   }
-  return bcm_status_failure;
+  return bcm_status::failure;
 }
 
 #if defined(BORINGSSL_FIPS)
@@ -195,8 +196,8 @@ struct entropy_buffer {
   int want_additional_input;
 };
 
-DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer);
-DEFINE_STATIC_MUTEX(entropy_buffer_lock);
+DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer, {})
+DEFINE_STATIC_MUTEX(entropy_buffer_lock)
 
 bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len,
                                      int want_additional_input) {
@@ -212,7 +213,7 @@ bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len,
   buffer->bytes_valid += entropy_len;
   buffer->want_additional_input |= want_additional_input && (entropy_len != 0);
   CRYPTO_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
-  return bcm_infallible_not_approved;
+  return bcm_infallible::not_approved;
 }
 
 // get_seed_entropy fills |out_entropy_len| bytes of |out_entropy| from the
@@ -275,7 +276,7 @@ static void rand_get_seed(struct rand_thread_state *state,
   // rate of failure is small enough not to be a problem in practice.
   if (CRYPTO_memcmp(state->last_block, entropy, sizeof(state->last_block)) ==
       0) {
-    fprintf(stderr, "CRNGT failed.\n");
+    fprintf(CRYPTO_get_stderr(), "CRNGT failed.\n");
     BORINGSSL_FIPS_abort();
   }
 
@@ -283,7 +284,7 @@ static void rand_get_seed(struct rand_thread_state *state,
   for (size_t i = CRNGT_BLOCK_SIZE; i < entropy_len; i += CRNGT_BLOCK_SIZE) {
     if (CRYPTO_memcmp(entropy + i - CRNGT_BLOCK_SIZE, entropy + i,
                       CRNGT_BLOCK_SIZE) == 0) {
-      fprintf(stderr, "CRNGT failed.\n");
+      fprintf(CRYPTO_get_stderr(), "CRNGT failed.\n");
       BORINGSSL_FIPS_abort();
     }
   }
@@ -329,7 +330,7 @@ static void rand_get_seed(struct rand_thread_state *state,
 bcm_infallible BCM_rand_bytes_with_additional_data(
     uint8_t *out, size_t out_len, const uint8_t user_additional_data[32]) {
   if (out_len == 0) {
-    return bcm_infallible_approved;
+    return bcm_infallible::approved;
   }
 
   const uint64_t fork_generation = CRYPTO_get_fork_generation();
@@ -366,11 +367,12 @@ bcm_infallible BCM_rand_bytes_with_additional_data(
   }
 
   struct rand_thread_state stack_state;
-  struct rand_thread_state *state =
-      CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND);
+  struct rand_thread_state *state = reinterpret_cast<rand_thread_state *>(
+      CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND));
 
   if (state == NULL) {
-    state = OPENSSL_zalloc(sizeof(struct rand_thread_state));
+    state = reinterpret_cast<rand_thread_state *>(
+        OPENSSL_zalloc(sizeof(struct rand_thread_state)));
     if (state == NULL ||
         !CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state,
                                  rand_thread_state_free)) {
@@ -469,11 +471,11 @@ bcm_infallible BCM_rand_bytes_with_additional_data(
 #if defined(BORINGSSL_FIPS)
   CRYPTO_MUTEX_unlock_read(&state->clear_drbg_lock);
 #endif
-  return bcm_infallible_approved;
+  return bcm_infallible::approved;
 }
 
 bcm_infallible BCM_rand_bytes(uint8_t *out, size_t out_len) {
   static const uint8_t kZeroAdditionalData[32] = {0};
   BCM_rand_bytes_with_additional_data(out, out_len, kZeroAdditionalData);
-  return bcm_infallible_approved;
+  return bcm_infallible::approved;
 }

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc}

@@ -111,17 +111,17 @@
 #include <string.h>
 
 #include <openssl/bn.h>
-#include <openssl/mem.h>
 #include <openssl/err.h>
+#include <openssl/mem.h>
 
-#include "internal.h"
 #include "../../internal.h"
+#include "internal.h"
 
 
 #define BN_BLINDING_COUNTER 32
 
 struct bn_blinding_st {
-  BIGNUM *A;  // The base blinding factor, Montgomery-encoded.
+  BIGNUM *A;   // The base blinding factor, Montgomery-encoded.
   BIGNUM *Ai;  // The inverse of the blinding factor, Montgomery-encoded.
   unsigned counter;
 };
@@ -130,7 +130,8 @@ static int bn_blinding_create_param(BN_BLINDING *b, const BIGNUM *e,
                                     const BN_MONT_CTX *mont, BN_CTX *ctx);
 
 BN_BLINDING *BN_BLINDING_new(void) {
-  BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING));
+  BN_BLINDING *ret =
+      reinterpret_cast<BN_BLINDING *>(OPENSSL_zalloc(sizeof(BN_BLINDING)));
   if (ret == NULL) {
     return NULL;
   }

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc}

@@ -1,5 +1,5 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2005.
  */
 /* ====================================================================
  * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
@@ -63,12 +63,11 @@
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
-#include <openssl/sha.h>
 
-#include "internal.h"
-#include "../service_indicator/internal.h"
-#include "../bcm_interface.h"
 #include "../../internal.h"
+#include "../bcm_interface.h"
+#include "../service_indicator/internal.h"
+#include "internal.h"
 
 
 int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len,
@@ -216,8 +215,11 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
 
   int ret = 0;
   uint8_t *DB = NULL;
+  const uint8_t *H;
   EVP_MD_CTX ctx;
   EVP_MD_CTX_init(&ctx);
+  unsigned MSBits;
+  size_t emLen, maskedDBLen, salt_start;
   FIPS_service_indicator_lock_state();
 
   // Negative sLen has special meanings:
@@ -234,8 +236,8 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
     goto err;
   }
 
-  unsigned MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-  size_t emLen = RSA_size(rsa);
+  MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+  emLen = RSA_size(rsa);
   if (EM[0] & (0xFF << MSBits)) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_FIRST_OCTET_INVALID);
     goto err;
@@ -245,8 +247,7 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
     emLen--;
   }
   // |sLen| may be -2 for the non-standard salt length recovery mode.
-  if (emLen < hLen + 2 ||
-      (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) {
+  if (emLen < hLen + 2 || (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
     goto err;
   }
@@ -254,9 +255,9 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
     OPENSSL_PUT_ERROR(RSA, RSA_R_LAST_OCTET_INVALID);
     goto err;
   }
-  size_t maskedDBLen = emLen - hLen - 1;
-  const uint8_t *H = EM + maskedDBLen;
-  DB = OPENSSL_malloc(maskedDBLen);
+  maskedDBLen = emLen - hLen - 1;
+  H = EM + maskedDBLen;
+  DB = reinterpret_cast<uint8_t *>(OPENSSL_malloc(maskedDBLen));
   if (!DB) {
     goto err;
   }
@@ -272,7 +273,6 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
   // This step differs slightly from EMSA-PSS-VERIFY (RFC 8017) step 10 because
   // it accepts a non-standard salt recovery flow. DB should be some number of
   // zeros, a one, then the salt.
-  size_t salt_start;
   for (salt_start = 0; DB[salt_start] == 0 && salt_start < maskedDBLen - 1;
        salt_start++) {
     ;
@@ -313,7 +313,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, unsigned char *EM,
                                    const unsigned char *mHash,
                                    const EVP_MD *Hash, const EVP_MD *mgf1Hash,
                                    int sLenRequested) {
-  int ret = 0;
+  int ret = 0, digest_ok;
   size_t maskedDBLen, MSBits, emLen;
   size_t hLen;
   unsigned char *H, *salt = NULL, *p;
@@ -365,7 +365,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, unsigned char *EM,
   }
 
   if (sLen > 0) {
-    salt = OPENSSL_malloc(sLen);
+    salt = reinterpret_cast<uint8_t *>(OPENSSL_malloc(sLen));
     if (!salt) {
       goto err;
     }
@@ -376,11 +376,11 @@ int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, unsigned char *EM,
 
   EVP_MD_CTX ctx;
   EVP_MD_CTX_init(&ctx);
-  int digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) &&
-                  EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) &&
-                  EVP_DigestUpdate(&ctx, mHash, hLen) &&
-                  EVP_DigestUpdate(&ctx, salt, sLen) &&
-                  EVP_DigestFinal_ex(&ctx, H, NULL);
+  digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) &&
+              EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) &&
+              EVP_DigestUpdate(&ctx, mHash, hLen) &&
+              EVP_DigestUpdate(&ctx, salt, sLen) &&
+              EVP_DigestFinal_ex(&ctx, H, NULL);
   EVP_MD_CTX_cleanup(&ctx);
   if (!digest_ok) {
     goto err;

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc}

@@ -68,12 +68,12 @@
 #include <openssl/md5.h>
 #include <openssl/mem.h>
 #include <openssl/nid.h>
-#include <openssl/sha.h>
 #include <openssl/thread.h>
 
+#include "../../internal.h"
+#include "../bcm_interface.h"
 #include "../bn/internal.h"
 #include "../delocate.h"
-#include "../../internal.h"
 #include "internal.h"
 
 
@@ -206,7 +206,7 @@ RSA *RSA_new_private_key_large_e(const BIGNUM *n, const BIGNUM *e,
 RSA *RSA_new(void) { return RSA_new_method(NULL); }
 
 RSA *RSA_new_method(const ENGINE *engine) {
-  RSA *rsa = OPENSSL_zalloc(sizeof(RSA));
+  RSA *rsa = reinterpret_cast<RSA *>(OPENSSL_zalloc(sizeof(RSA)));
   if (rsa == NULL) {
     return NULL;
   }
@@ -216,7 +216,7 @@ RSA *RSA_new_method(const ENGINE *engine) {
   }
 
   if (rsa->meth == NULL) {
-    rsa->meth = (RSA_METHOD *) RSA_default_method();
+    rsa->meth = (RSA_METHOD *)RSA_default_method();
   }
   METHOD_ref(rsa->meth);
 
@@ -238,8 +238,7 @@ RSA *RSA_new_method(const ENGINE *engine) {
 
 RSA *RSA_new_method_no_e(const ENGINE *engine, const BIGNUM *n) {
   RSA *rsa = RSA_new_method(engine);
-  if (rsa == NULL ||
-      !bn_dup_into(&rsa->n, n)) {
+  if (rsa == NULL || !bn_dup_into(&rsa->n, n)) {
     RSA_free(rsa);
     return NULL;
   }
@@ -342,8 +341,7 @@ void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1,
 }
 
 int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
-  if ((rsa->n == NULL && n == NULL) ||
-      (rsa->e == NULL && e == NULL)) {
+  if ((rsa->n == NULL && n == NULL) || (rsa->e == NULL && e == NULL)) {
     return 0;
   }
 
@@ -365,8 +363,7 @@ int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
 }
 
 int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) {
-  if ((rsa->p == NULL && p == NULL) ||
-      (rsa->q == NULL && q == NULL)) {
+  if ((rsa->p == NULL && p == NULL) || (rsa->q == NULL && q == NULL)) {
     return 0;
   }
 
@@ -440,7 +437,7 @@ int RSA_is_opaque(const RSA *rsa) {
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
                          CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
   return CRYPTO_get_ex_new_index_ex(g_rsa_ex_data_class_bss_get(), argl, argp,
-                                 free_func);
+                                    free_func);
 }
 
 int RSA_set_ex_data(RSA *rsa, int idx, void *arg) {
@@ -472,49 +469,52 @@ struct pkcs1_sig_prefix {
 // different hash functions.
 static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = {
     {
-     NID_md5,
-     MD5_DIGEST_LENGTH,
-     18,
-     {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-      0x02, 0x05, 0x05, 0x00, 0x04, 0x10},
+        NID_md5,
+        MD5_DIGEST_LENGTH,
+        18,
+        {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+         0x02, 0x05, 0x05, 0x00, 0x04, 0x10},
     },
     {
-     NID_sha1,
-     SHA_DIGEST_LENGTH,
-     15,
-     {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
-      0x00, 0x04, 0x14},
+        NID_sha1,
+        BCM_SHA_DIGEST_LENGTH,
+        15,
+        {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+         0x00, 0x04, 0x14},
     },
     {
-     NID_sha224,
-     SHA224_DIGEST_LENGTH,
-     19,
-     {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
-      0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c},
+        NID_sha224,
+        BCM_SHA224_DIGEST_LENGTH,
+        19,
+        {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+         0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c},
     },
     {
-     NID_sha256,
-     SHA256_DIGEST_LENGTH,
-     19,
-     {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
-      0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20},
+        NID_sha256,
+        BCM_SHA256_DIGEST_LENGTH,
+        19,
+        {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+         0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20},
     },
     {
-     NID_sha384,
-     SHA384_DIGEST_LENGTH,
-     19,
-     {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
-      0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30},
+        NID_sha384,
+        BCM_SHA384_DIGEST_LENGTH,
+        19,
+        {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+         0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30},
     },
     {
-     NID_sha512,
-     SHA512_DIGEST_LENGTH,
-     19,
-     {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
-      0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40},
+        NID_sha512,
+        BCM_SHA512_DIGEST_LENGTH,
+        19,
+        {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+         0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40},
     },
     {
-     NID_undef, 0, 0, {0},
+        NID_undef,
+        0,
+        0,
+        {0},
     },
 };
 
@@ -540,7 +540,6 @@ static int rsa_check_digest_size(int hash_nid, size_t digest_len) {
 
   OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE);
   return 0;
-
 }
 
 int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
@@ -567,7 +566,7 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
 
     // The length should already have been checked.
     assert(digest_len == sig_prefix->hash_len);
-    const uint8_t* prefix = sig_prefix->bytes;
+    const uint8_t *prefix = sig_prefix->bytes;
     size_t prefix_len = sig_prefix->len;
     size_t signed_msg_len = prefix_len + digest_len;
     if (signed_msg_len < prefix_len) {
@@ -575,7 +574,8 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
       return 0;
     }
 
-    uint8_t *signed_msg = OPENSSL_malloc(signed_msg_len);
+    uint8_t *signed_msg =
+        reinterpret_cast<uint8_t *>(OPENSSL_malloc(signed_msg_len));
     if (!signed_msg) {
       return 0;
     }
@@ -654,7 +654,7 @@ int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
   }
 
   size_t padded_len = RSA_size(rsa);
-  uint8_t *padded = OPENSSL_malloc(padded_len);
+  uint8_t *padded = reinterpret_cast<uint8_t *>(OPENSSL_malloc(padded_len));
   if (padded == NULL) {
     return 0;
   }
@@ -687,7 +687,7 @@ int rsa_verify_no_self_test(int hash_nid, const uint8_t *digest,
     return 0;
   }
 
-  buf = OPENSSL_malloc(rsa_size);
+  buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size));
   if (!buf) {
     return 0;
   }
@@ -733,7 +733,7 @@ int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *digest, size_t digest_len,
   }
 
   size_t em_len = RSA_size(rsa);
-  uint8_t *em = OPENSSL_malloc(em_len);
+  uint8_t *em = reinterpret_cast<uint8_t *>(OPENSSL_malloc(em_len));
   if (em == NULL) {
     return 0;
   }
@@ -769,8 +769,7 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv,
   // were checked by the caller.
   BN_CTX_start(ctx);
   BIGNUM *tmp = BN_CTX_get(ctx);
-  int ret = tmp != NULL &&
-            bn_mul_consttime(tmp, a, ainv, ctx) &&
+  int ret = tmp != NULL && bn_mul_consttime(tmp, a, ainv, ctx) &&
             bn_div_consttime(NULL, tmp, tmp, m, m_min_bits, ctx);
   if (ret) {
     *out_ok = constant_time_declassify_int(BN_is_one(tmp));
@@ -820,7 +819,8 @@ int RSA_check_key(const RSA *key) {
   }
 
   BIGNUM tmp, de, pm1, qm1, dmp1, dmq1;
-  int ok = 0;
+  int ok = 0, has_crt_values;
+  unsigned pm1_bits, qm1_bits;
   BN_init(&tmp);
   BN_init(&de);
   BN_init(&pm1);
@@ -857,8 +857,8 @@ int RSA_check_key(const RSA *key) {
     OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
     goto out;
   }
-  const unsigned pm1_bits = BN_num_bits(&pm1);
-  const unsigned qm1_bits = BN_num_bits(&qm1);
+  pm1_bits = BN_num_bits(&pm1);
+  qm1_bits = BN_num_bits(&qm1);
   if (!bn_mul_consttime(&de, key->d, key->e, ctx) ||
       !bn_div_consttime(NULL, &tmp, &de, &pm1, pm1_bits, ctx) ||
       !bn_div_consttime(NULL, &de, &de, &qm1, qm1_bits, ctx)) {
@@ -872,7 +872,7 @@ int RSA_check_key(const RSA *key) {
     goto out;
   }
 
-  int has_crt_values = key->dmp1 != NULL;
+  has_crt_values = key->dmp1 != NULL;
   if (has_crt_values != (key->dmq1 != NULL) ||
       has_crt_values != (key->iqmp != NULL)) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES);
@@ -913,20 +913,26 @@ out:
 
 
 // This is the product of the 132 smallest odd primes, from 3 to 751.
-static const BN_ULONG kSmallFactorsLimbs[] = {
-    TOBN(0xc4309333, 0x3ef4e3e1), TOBN(0x71161eb6, 0xcd2d655f),
-    TOBN(0x95e2238c, 0x0bf94862), TOBN(0x3eb233d3, 0x24f7912b),
-    TOBN(0x6b55514b, 0xbf26c483), TOBN(0x0a84d817, 0x5a144871),
-    TOBN(0x77d12fee, 0x9b82210a), TOBN(0xdb5b93c2, 0x97f050b3),
-    TOBN(0x4acad6b9, 0x4d6c026b), TOBN(0xeb7751f3, 0x54aec893),
-    TOBN(0xdba53368, 0x36bc85c4), TOBN(0xd85a1b28, 0x7f5ec78e),
-    TOBN(0x2eb072d8, 0x6b322244), TOBN(0xbba51112, 0x5e2b3aea),
-    TOBN(0x36ed1a6c, 0x0e2486bf), TOBN(0x5f270460, 0xec0c5727),
-    0x000017b1
-};
+static const BN_ULONG kSmallFactorsLimbs[] = {TOBN(0xc4309333, 0x3ef4e3e1),
+                                              TOBN(0x71161eb6, 0xcd2d655f),
+                                              TOBN(0x95e2238c, 0x0bf94862),
+                                              TOBN(0x3eb233d3, 0x24f7912b),
+                                              TOBN(0x6b55514b, 0xbf26c483),
+                                              TOBN(0x0a84d817, 0x5a144871),
+                                              TOBN(0x77d12fee, 0x9b82210a),
+                                              TOBN(0xdb5b93c2, 0x97f050b3),
+                                              TOBN(0x4acad6b9, 0x4d6c026b),
+                                              TOBN(0xeb7751f3, 0x54aec893),
+                                              TOBN(0xdba53368, 0x36bc85c4),
+                                              TOBN(0xd85a1b28, 0x7f5ec78e),
+                                              TOBN(0x2eb072d8, 0x6b322244),
+                                              TOBN(0xbba51112, 0x5e2b3aea),
+                                              TOBN(0x36ed1a6c, 0x0e2486bf),
+                                              TOBN(0x5f270460, 0xec0c5727),
+                                              0x000017b1};
 
 DEFINE_LOCAL_DATA(BIGNUM, g_small_factors) {
-  out->d = (BN_ULONG *) kSmallFactorsLimbs;
+  out->d = (BN_ULONG *)kSmallFactorsLimbs;
   out->width = OPENSSL_ARRAY_SIZE(kSmallFactorsLimbs);
   out->dmax = out->width;
   out->neg = 0;
@@ -961,9 +967,9 @@ int RSA_check_fips(RSA *key) {
   // composite, so too few iterations will cause us to reject the key, not use
   // an implausible one.
   enum bn_primality_result_t primality_result;
-  if (BN_num_bits(key->e) <= 16 ||
-      BN_num_bits(key->e) > 256 ||
-      !BN_is_odd(key->n) ||
+  if (BN_num_bits(key->e) <= 16 ||  //
+      BN_num_bits(key->e) > 256 ||  //
+      !BN_is_odd(key->n) ||         //
       !BN_is_odd(key->e) ||
       !BN_gcd(&small_gcd, key->n, g_small_factors(), ctx) ||
       !BN_is_one(&small_gcd) ||
@@ -990,7 +996,7 @@ int RSA_check_fips(RSA *key) {
   // perform a signing test.
   uint8_t data[32] = {0};
   unsigned sig_len = RSA_size(key);
-  uint8_t *sig = OPENSSL_malloc(sig_len);
+  uint8_t *sig = reinterpret_cast<uint8_t *>(OPENSSL_malloc(sig_len));
   if (sig == NULL) {
     return 0;
   }
@@ -1033,6 +1039,4 @@ int RSA_flags(const RSA *rsa) { return rsa->flags; }
 
 int RSA_test_flags(const RSA *rsa, int flags) { return rsa->flags & flags; }
 
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) {
-  return 1;
-}
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { return 1; }