13 files changed, 41 insertions, 31 deletions

diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
index 6da22ea440..d44c6242a2 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -27,12 +27,12 @@
 
 static volatile int done = 0;
 
-void interrupt(int sig)
+static void interrupt(int sig)
 {
     done = 1;
 }
 
-void sigsetup(void)
+static void sigsetup(void)
 {
     struct sigaction sa;
 
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
index ef0787c30e..da7d0197f3 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -51,7 +51,8 @@ int main(int argc, char *argv[])
 
     /* Enable trust chain verification */
     SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-    SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL);
+    if (!SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL))
+        goto err;
 
     /* Lets make a SSL structure */
     ssl = SSL_new(ssl_ctx);
diff --git a/demos/cipher/aesccm.c b/demos/cipher/aesccm.c
index 3c4b9e7445..49a054f9d3 100644
--- a/demos/cipher/aesccm.c
+++ b/demos/cipher/aesccm.c
@@ -68,7 +68,7 @@ OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
 
-int aes_ccm_encrypt(void)
+static int aes_ccm_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -155,7 +155,7 @@ err:
     return ret;
 }
 
-int aes_ccm_decrypt(void)
+static int aes_ccm_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
diff --git a/demos/cipher/aesgcm.c b/demos/cipher/aesgcm.c
index 64fa8184f1..40465b269c 100644
--- a/demos/cipher/aesgcm.c
+++ b/demos/cipher/aesgcm.c
@@ -67,7 +67,7 @@ static const unsigned char gcm_tag[] = {
 OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
-int aes_gcm_encrypt(void)
+static int aes_gcm_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -144,7 +144,7 @@ err:
     return ret;
 }
 
-int aes_gcm_decrypt(void)
+static int aes_gcm_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
diff --git a/demos/cipher/aeskeywrap.c b/demos/cipher/aeskeywrap.c
index 3207b85663..4d5df4cd98 100644
--- a/demos/cipher/aeskeywrap.c
+++ b/demos/cipher/aeskeywrap.c
@@ -53,7 +53,7 @@ static const unsigned char wrap_ct[] = {
 OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
-int aes_wrap_encrypt(void)
+static int aes_wrap_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -111,7 +111,7 @@ err:
     return ret;
 }
 
-int aes_wrap_decrypt(void)
+static int aes_wrap_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
diff --git a/demos/cipher/ariacbc.c b/demos/cipher/ariacbc.c
index de84d995ec..73605d2d6c 100644
--- a/demos/cipher/ariacbc.c
+++ b/demos/cipher/ariacbc.c
@@ -52,7 +52,7 @@ static const unsigned char cbc_ct[] = {
 OSSL_LIB_CTX *libctx = NULL;
 const char *propq = NULL;
 
-int aria_cbc_encrypt(void)
+static int aria_cbc_encrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
@@ -108,7 +108,7 @@ err:
     return ret;
 }
 
-int aria_cbc_decrypt(void)
+static int aria_cbc_decrypt(void)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx;
diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c
index 279af82ead..3a1f0c7ba0 100644
--- a/demos/digest/EVP_MD_demo.c
+++ b/demos/digest/EVP_MD_demo.c
@@ -76,16 +76,16 @@ const unsigned char known_answer[] = {
     0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe,
 };
 
-int demonstrate_digest(void)
+static int demonstrate_digest(void)
 {
     OSSL_LIB_CTX *library_context;
     int ret = 0;
     const char *option_properties = NULL;
     EVP_MD *message_digest = NULL;
     EVP_MD_CTX *digest_context = NULL;
-    int digest_length;
+    unsigned int digest_length;
     unsigned char *digest_value = NULL;
-    int j;
+    unsigned int j;
 
     library_context = OSSL_LIB_CTX_new();
     if (library_context == NULL) {
diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c
index 409be9b78e..2360af2255 100644
--- a/demos/digest/EVP_MD_stdin.c
+++ b/demos/digest/EVP_MD_stdin.c
@@ -31,17 +31,17 @@
  * a BIO created to read from stdin
  */
 
-int demonstrate_digest(BIO *input)
+static int demonstrate_digest(BIO *input)
 {
     OSSL_LIB_CTX *library_context = NULL;
     int ret = 0;
     const char *option_properties = NULL;
     EVP_MD *message_digest = NULL;
     EVP_MD_CTX *digest_context = NULL;
-    int digest_length;
+    unsigned int digest_length;
     unsigned char *digest_value = NULL;
     unsigned char buffer[512];
-    int ii;
+    unsigned int ii;
 
     library_context = OSSL_LIB_CTX_new();
     if (library_context == NULL) {
diff --git a/demos/digest/EVP_MD_xof.c b/demos/digest/EVP_MD_xof.c
index a70e4dc412..9635e4539f 100644
--- a/demos/digest/EVP_MD_xof.c
+++ b/demos/digest/EVP_MD_xof.c
@@ -30,7 +30,7 @@
 const char message[] = "This is a test message.";
 
 /* Expected output when an output length of 20 bytes is used. */
-static const char known_answer[] = {
+static const unsigned char known_answer[] = {
   0x52, 0x97, 0x93, 0x78, 0x27, 0x58, 0x7d, 0x62,
   0x8b, 0x00, 0x25, 0xb5, 0xec, 0x39, 0x5e, 0x2d,
   0x7f, 0x3e, 0xd4, 0x19
diff --git a/demos/guide/quic-multi-stream.c b/demos/guide/quic-multi-stream.c
index d31ea245c8..7ca25ff15c 100644
--- a/demos/guide/quic-multi-stream.c
+++ b/demos/guide/quic-multi-stream.c
@@ -108,8 +108,8 @@ static BIO *create_socket_bio(const char *hostname, const char *port,
     return bio;
 }
 
-int write_a_request(SSL *stream, const char *request_start,
-                    const char *hostname)
+static int write_a_request(SSL *stream, const char *request_start,
+                           const char *hostname)
 {
     const char *request_end = "\r\n\r\n";
     size_t written;
diff --git a/demos/pkey/EVP_PKEY_DSA_keygen.c b/demos/pkey/EVP_PKEY_DSA_keygen.c
index 579f5f790a..42112bcbbc 100644
--- a/demos/pkey/EVP_PKEY_DSA_keygen.c
+++ b/demos/pkey/EVP_PKEY_DSA_keygen.c
@@ -21,7 +21,7 @@
  * See the EVP_PKEY_DSA_paramgen demo if you need to
  * use non default parameters.
  */
-EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq)
+static EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq)
 {
     EVP_PKEY *dsaparamkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
diff --git a/demos/pkey/EVP_PKEY_DSA_paramvalidate.c b/demos/pkey/EVP_PKEY_DSA_paramvalidate.c
index 4754789f9c..a56c147869 100644
--- a/demos/pkey/EVP_PKEY_DSA_paramvalidate.c
+++ b/demos/pkey/EVP_PKEY_DSA_paramvalidate.c
@@ -55,8 +55,8 @@ static const char digest[] = "SHA384";
  * Create a new dsa param key that is the combination of an existing param key
  * plus extra parameters.
  */
-EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams,
-                                OSSL_LIB_CTX *libctx, const char *propq)
+static EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams,
+                                       OSSL_LIB_CTX *libctx, const char *propq)
 {
     EVP_PKEY_CTX *out = NULL;
     EVP_PKEY_CTX *ctx = NULL;
diff --git a/demos/sslecho/main.c b/demos/sslecho/main.c
index 3114dcfcde..c75eac2bc3 100644
--- a/demos/sslecho/main.c
+++ b/demos/sslecho/main.c
@@ -29,7 +29,7 @@ typedef unsigned char   bool;
  */
 static volatile bool    server_running = true;
 
-int create_socket(bool isServer)
+static int create_socket(bool isServer)
 {
     int s;
     int optval = 1;
@@ -67,7 +67,7 @@ int create_socket(bool isServer)
     return s;
 }
 
-SSL_CTX* create_context(bool isServer)
+static SSL_CTX* create_context(bool isServer)
 {
     const SSL_METHOD *method;
     SSL_CTX *ctx;
@@ -87,7 +87,7 @@ SSL_CTX* create_context(bool isServer)
     return ctx;
 }
 
-void configure_server_context(SSL_CTX *ctx)
+static void configure_server_context(SSL_CTX *ctx)
 {
     /* Set the key and cert */
     if (SSL_CTX_use_certificate_chain_file(ctx, "cert.pem") <= 0) {
@@ -101,7 +101,7 @@ void configure_server_context(SSL_CTX *ctx)
     }
 }
 
-void configure_client_context(SSL_CTX *ctx)
+static void configure_client_context(SSL_CTX *ctx)
 {
     /*
      * Configure the client to abort the handshake if certificate verification
@@ -119,7 +119,7 @@ void configure_client_context(SSL_CTX *ctx)
     }
 }
 
-void usage(void)
+static void usage(void)
 {
     printf("Usage: sslecho s\n");
     printf("       --or--\n");
@@ -207,7 +207,10 @@ int main(int argc, char **argv)
 
             /* Create server SSL structure using newly accepted client socket */
             ssl = SSL_new(ssl_ctx);
-            SSL_set_fd(ssl, client_skt);
+            if (!SSL_set_fd(ssl, client_skt)) {
+                ERR_print_errors_fp(stderr);
+                exit(EXIT_FAILURE);
+            }
 
             /* Wait for SSL connection from the client */
             if (SSL_accept(ssl) <= 0) {
@@ -279,11 +282,17 @@ int main(int argc, char **argv)
 
         /* Create client SSL structure using dedicated client socket */
         ssl = SSL_new(ssl_ctx);
-        SSL_set_fd(ssl, client_skt);
+        if (!SSL_set_fd(ssl, client_skt)) {
+            ERR_print_errors_fp(stderr);
+            goto exit;
+        }
         /* Set hostname for SNI */
         SSL_set_tlsext_host_name(ssl, rem_server_ip);
         /* Configure server hostname check */
-        SSL_set1_host(ssl, rem_server_ip);
+        if (!SSL_set1_host(ssl, rem_server_ip)) {
+            ERR_print_errors_fp(stderr);
+            goto exit;
+        }
 
         /* Now do SSL connect with server */
         if (SSL_connect(ssl) == 1) {