diff --git a/mongoose.c b/mongoose.c
index f45de9ac83..110b18b019 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -9271,7 +9271,7 @@ int mg_aes_gcm_encrypt(unsigned char *output,  //
   int ret = 0;      // our return value
   gcm_context ctx;  // includes the AES context structure
 
-  gcm_setkey(&ctx, key, (const uint) key_len);
+  gcm_setkey(&ctx, key, (uint) key_len);
 
   ret = gcm_crypt_and_tag(&ctx, MG_ENCRYPT, iv, iv_len, aead, aead_len, input,
                           output, input_length, tag, tag_len);
@@ -9291,7 +9291,7 @@ int mg_aes_gcm_decrypt(unsigned char *output, const unsigned char *input,
   size_t tag_len = 0;
   unsigned char *tag_buf = NULL;
 
-  gcm_setkey(&ctx, key, (const uint) key_len);
+  gcm_setkey(&ctx, key, (uint) key_len);
 
   ret = gcm_crypt_and_tag(&ctx, MG_DECRYPT, iv, iv_len, NULL, 0, input, output,
                           input_length, tag_buf, tag_len);
@@ -9471,7 +9471,7 @@ static int mg_der_to_tlv(uint8_t *der, size_t dersz, struct mg_der_tlv *tlv) {
 static int mg_der_find(uint8_t *der, size_t dersz, uint8_t *oid, size_t oidsz,
                        struct mg_der_tlv *tlv) {
   uint8_t *p, *end;
-  struct mg_der_tlv child;
+  struct mg_der_tlv child = {0, 0, NULL};
   if (mg_der_to_tlv(der, dersz, tlv) < 0) {
     return -1;                  // invalid DER
   } else if (tlv->type == 6) {  // found OID, check value
@@ -9974,7 +9974,7 @@ static void mg_tls_server_send_cert_verify(struct mg_connection *c) {
       {&init_SHA256, &update_SHA256, &finish_SHA256, 64, 32, tmp},
       {{0}, 0, 0, {0}}};
   int neg1, neg2;
-  uint8_t sig[64];
+  uint8_t sig[64] = {0};
 
   mg_tls_calc_cert_verify_hash(c, (uint8_t *) hash);
 
diff --git a/src/tls_aes128.c b/src/tls_aes128.c
index a5ecc5570c..e4ce43b9bf 100644
--- a/src/tls_aes128.c
+++ b/src/tls_aes128.c
@@ -1095,7 +1095,7 @@ int mg_aes_gcm_encrypt(unsigned char *output,  //
   int ret = 0;      // our return value
   gcm_context ctx;  // includes the AES context structure
 
-  gcm_setkey(&ctx, key, (const uint) key_len);
+  gcm_setkey(&ctx, key, (uint) key_len);
 
   ret = gcm_crypt_and_tag(&ctx, MG_ENCRYPT, iv, iv_len, aead, aead_len, input,
                           output, input_length, tag, tag_len);
@@ -1115,7 +1115,7 @@ int mg_aes_gcm_decrypt(unsigned char *output, const unsigned char *input,
   size_t tag_len = 0;
   unsigned char *tag_buf = NULL;
 
-  gcm_setkey(&ctx, key, (const uint) key_len);
+  gcm_setkey(&ctx, key, (uint) key_len);
 
   ret = gcm_crypt_and_tag(&ctx, MG_DECRYPT, iv, iv_len, NULL, 0, input, output,
                           input_length, tag_buf, tag_len);
diff --git a/src/tls_builtin.c b/src/tls_builtin.c
index ae76c99323..007f9860d5 100644
--- a/src/tls_builtin.c
+++ b/src/tls_builtin.c
@@ -163,7 +163,7 @@ static int mg_der_to_tlv(uint8_t *der, size_t dersz, struct mg_der_tlv *tlv) {
 static int mg_der_find(uint8_t *der, size_t dersz, uint8_t *oid, size_t oidsz,
                        struct mg_der_tlv *tlv) {
   uint8_t *p, *end;
-  struct mg_der_tlv child;
+  struct mg_der_tlv child = {0, 0, NULL};
   if (mg_der_to_tlv(der, dersz, tlv) < 0) {
     return -1;                  // invalid DER
   } else if (tlv->type == 6) {  // found OID, check value
@@ -666,7 +666,7 @@ static void mg_tls_server_send_cert_verify(struct mg_connection *c) {
       {&init_SHA256, &update_SHA256, &finish_SHA256, 64, 32, tmp},
       {{0}, 0, 0, {0}}};
   int neg1, neg2;
-  uint8_t sig[64];
+  uint8_t sig[64] = {0};
 
   mg_tls_calc_cert_verify_hash(c, (uint8_t *) hash);