diff --git a/tools/passwd/secrets.cpp b/tools/passwd/secrets.cpp
index a9a270c2f..508ec60c4 100644
--- a/tools/passwd/secrets.cpp
+++ b/tools/passwd/secrets.cpp
@@ -36,12 +36,11 @@
 
 using std::string;
 
-
 #ifdef OPENSSL_VERSION_PREREQ
-#if OPENSSL_VERSION_PREREQ(3,0)
-  #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length
-  #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length
-  #define EVP_CIPHER_blocksize EVP_CIPHER_get_blocksize
+#if OPENSSL_VERSION_PREREQ(3, 0)
+#define EVP_CIPHER_key_length EVP_CIPHER_get_key_length
+#define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length
+#define EVP_CIPHER_blocksize EVP_CIPHER_get_blocksize
 #endif
 #endif
 
@@ -97,10 +96,6 @@ void CSPasswdLogging::log(int priority, const char* format, ...)
 namespace
 {
 using HexLookupTable = std::array<uint8_t, 256>;
-HexLookupTable init_hex_lookup_table() noexcept;
-
-// Hex char -> byte val lookup table.
-const HexLookupTable hex_lookup_table = init_hex_lookup_table();
 
 /* used in the bin2hex function */
 const char hex_upper[] = "0123456789ABCDEF";
@@ -135,6 +130,9 @@ HexLookupTable init_hex_lookup_table() noexcept
   return rval;
 }
 
+// Hex char -> byte val lookup table.
+const HexLookupTable hex_lookup_table = init_hex_lookup_table();
+
 bool hex2bin(const char* in, unsigned int in_len, uint8_t* out)
 {
   // Input length must be multiple of two.