fix all the warnings in our demos and make them enableable

Fix up the warnings in the demos and make them configurable with
enable-demos

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24047)

Configure

@@ -77,6 +77,8 @@ EOF
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
 #               support isn't compiled.
+#
+# enable-demos  Enable the building of the example code in the demos directory
 # no-hw         do not compile support for any crypto hardware.
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
@@ -443,6 +445,7 @@ my @disablables = (
     "crypto-mdebug",
     "ct",
     "default-thread-pool",
+    "demos",
     "deprecated",
     "des",
     "devcryptoeng",
@@ -570,6 +573,7 @@ our %disabled = ( # "what"         => "comment"
                   "buildtest-c++"       => "default",
                   "crypto-mdebug"       => "default",
                   "crypto-mdebug-backtrace" => "default",
+                  "demos"               => "default",
                   "devcryptoeng"        => "default",
                   "ec_nistp_64_gcc_128" => "default",
                   "egd"                 => "default",

build.info

@@ -1,10 +1,13 @@
 # Note that some of these directories are filtered in Configure.  Look for
 # %skipdir there for further explanations.
 
-SUBDIRS=crypto ssl apps util tools fuzz providers doc demos
+SUBDIRS=crypto ssl apps util tools fuzz providers doc
 IF[{- !$disabled{tests} -}]
   SUBDIRS=test
 ENDIF
+IF[{- !$disabled{demos} -}]
+  SUBDIRS=demos
+ENDIF
 IF[{- !$disabled{'deprecated-3.0'} -}]
   SUBDIRS=engines
 ENDIF

demos/bio/saccept.c

@@ -27,12 +27,12 @@
 
 static volatile int done = 0;
 
-void interrupt(int sig)
+static void interrupt(int sig)
 {
     done = 1;
 }
 
-void sigsetup(void)
+static void sigsetup(void)
 {
     struct sigaction sa;
 

demos/bio/sconnect.c

@@ -51,7 +51,8 @@ int main(int argc, char *argv[])
 
     /* Enable trust chain verification */
     SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-    SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL);
+    if (!SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL))
+        goto err;
 
     /* Lets make a SSL structure */
     ssl = SSL_new(ssl_ctx);

demos/cipher/aesccm.c

@@ -68,7 +68,7 @@ OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
 
-int aes_ccm_encrypt(void)
+static int aes_ccm_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -155,7 +155,7 @@ err:
     return ret;
 }
 
-int aes_ccm_decrypt(void)
+static int aes_ccm_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;

demos/cipher/aesgcm.c

@@ -67,7 +67,7 @@ static const unsigned char gcm_tag[] = {
 OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
-int aes_gcm_encrypt(void)
+static int aes_gcm_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -144,7 +144,7 @@ err:
     return ret;
 }
 
-int aes_gcm_decrypt(void)
+static int aes_gcm_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;

demos/cipher/aeskeywrap.c

@@ -53,7 +53,7 @@ static const unsigned char wrap_ct[] = {
 OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
-int aes_wrap_encrypt(void)
+static int aes_wrap_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -111,7 +111,7 @@ err:
     return ret;
 }
 
-int aes_wrap_decrypt(void)
+static int aes_wrap_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;

demos/cipher/ariacbc.c

@@ -52,7 +52,7 @@ static const unsigned char cbc_ct[] = {
 OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
-int aria_cbc_encrypt(void)
+static int aria_cbc_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -108,7 +108,7 @@ err:
     return ret;
 }
 
-int aria_cbc_decrypt(void)
+static int aria_cbc_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;

demos/digest/EVP_MD_demo.c

@@ -76,16 +76,16 @@ const unsigned char known_answer[] = {
     0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe,
 };
 
-int demonstrate_digest(void)
+static int demonstrate_digest(void)
 {
     OSSL_LIB_CTX *library_context;
     int ret = 0;
     const char *option_properties = NULL;
     EVP_MD *message_digest = NULL;
     EVP_MD_CTX *digest_context = NULL;
-    int digest_length;
+    unsigned int digest_length;
     unsigned char *digest_value = NULL;
-    int j;
+    unsigned int j;
 
     library_context = OSSL_LIB_CTX_new();
     if (library_context == NULL) {

demos/digest/EVP_MD_stdin.c

@@ -31,17 +31,17 @@
  * a BIO created to read from stdin
  */
 
-int demonstrate_digest(BIO *input)
+static int demonstrate_digest(BIO *input)
 {
     OSSL_LIB_CTX *library_context = NULL;
     int ret = 0;
     const char *option_properties = NULL;
     EVP_MD *message_digest = NULL;
     EVP_MD_CTX *digest_context = NULL;
-    int digest_length;
+    unsigned int digest_length;
     unsigned char *digest_value = NULL;
     unsigned char buffer[512];
-    int ii;
+    unsigned int ii;
 
     library_context = OSSL_LIB_CTX_new();
     if (library_context == NULL) {

demos/digest/EVP_MD_xof.c

@@ -30,7 +30,7 @@
 const char message[] = "This is a test message.";
 
 /* Expected output when an output length of 20 bytes is used. */
-static const char known_answer[] = {
+static const unsigned char known_answer[] = {
   0x52, 0x97, 0x93, 0x78, 0x27, 0x58, 0x7d, 0x62,
   0x8b, 0x00, 0x25, 0xb5, 0xec, 0x39, 0x5e, 0x2d,
   0x7f, 0x3e, 0xd4, 0x19

demos/guide/quic-multi-stream.c

@@ -108,8 +108,8 @@ static BIO *create_socket_bio(const char *hostname, const char *port,
     return bio;
 }
 
-int write_a_request(SSL *stream, const char *request_start,
-                    const char *hostname)
+static int write_a_request(SSL *stream, const char *request_start,
+                           const char *hostname)
 {
     const char *request_end = "\r\n\r\n";
     size_t written;

demos/pkey/EVP_PKEY_DSA_keygen.c

@@ -21,7 +21,7 @@
  * See the EVP_PKEY_DSA_paramgen demo if you need to
  * use non default parameters.
  */
-EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq)
+static EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq)
 {
     EVP_PKEY *dsaparamkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;

demos/pkey/EVP_PKEY_DSA_paramvalidate.c

@@ -55,8 +55,8 @@ static const char digest[] = "SHA384";
  * Create a new dsa param key that is the combination of an existing param key
  * plus extra parameters.
  */
-EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams,
-                                OSSL_LIB_CTX *libctx, const char *propq)
+static EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams,
+                                       OSSL_LIB_CTX *libctx, const char *propq)
 {
     EVP_PKEY_CTX *out = NULL;
     EVP_PKEY_CTX *ctx = NULL;

demos/sslecho/main.c

@@ -29,7 +29,7 @@ typedef unsigned char   bool;
  */
 static volatile bool    server_running = true;
 
-int create_socket(bool isServer)
+static int create_socket(bool isServer)
 {
     int s;
     int optval = 1;
@@ -67,7 +67,7 @@ int create_socket(bool isServer)
     return s;
 }
 
-SSL_CTX* create_context(bool isServer)
+static SSL_CTX* create_context(bool isServer)
 {
     const SSL_METHOD *method;
     SSL_CTX *ctx;
@@ -87,7 +87,7 @@ SSL_CTX* create_context(bool isServer)
     return ctx;
 }
 
-void configure_server_context(SSL_CTX *ctx)
+static void configure_server_context(SSL_CTX *ctx)
 {
     /* Set the key and cert */
     if (SSL_CTX_use_certificate_chain_file(ctx, "cert.pem") <= 0) {
@@ -101,7 +101,7 @@ void configure_server_context(SSL_CTX *ctx)
     }
 }
 
-void configure_client_context(SSL_CTX *ctx)
+static void configure_client_context(SSL_CTX *ctx)
 {
     /*
      * Configure the client to abort the handshake if certificate verification
@@ -119,7 +119,7 @@ void configure_client_context(SSL_CTX *ctx)
     }
 }
 
-void usage(void)
+static void usage(void)
 {
     printf("Usage: sslecho s\n");
     printf("       --or--\n");
@@ -207,7 +207,10 @@ int main(int argc, char **argv)
 
             /* Create server SSL structure using newly accepted client socket */
             ssl = SSL_new(ssl_ctx);
-            SSL_set_fd(ssl, client_skt);
+            if (!SSL_set_fd(ssl, client_skt)) {
+                ERR_print_errors_fp(stderr);
+                exit(EXIT_FAILURE);
+            }
 
             /* Wait for SSL connection from the client */
             if (SSL_accept(ssl) <= 0) {
@@ -279,11 +282,17 @@ int main(int argc, char **argv)
 
         /* Create client SSL structure using dedicated client socket */
         ssl = SSL_new(ssl_ctx);
-        SSL_set_fd(ssl, client_skt);
+        if (!SSL_set_fd(ssl, client_skt)) {
+            ERR_print_errors_fp(stderr);
+            goto exit;
+        }
         /* Set hostname for SNI */
         SSL_set_tlsext_host_name(ssl, rem_server_ip);
         /* Configure server hostname check */
-        SSL_set1_host(ssl, rem_server_ip);
+        if (!SSL_set1_host(ssl, rem_server_ip)) {
+            ERR_print_errors_fp(stderr);
+            goto exit;
+        }
 
         /* Now do SSL connect with server */
         if (SSL_connect(ssl) == 1) {