From d05d6b959a5a2a1c161951e029d4d933e2cb3e85 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Wed, 13 Nov 2019 15:16:27 +0100
Subject: [PATCH] - fixes for splint cleanliness, long vs int in SSL set_mode.

---
 daemon/daemon.c            | 2 ++
 daemon/remote.c            | 2 +-
 doc/Changelog              | 1 +
 services/authzone.c        | 8 ++++----
 smallapp/unbound-anchor.c  | 4 +++-
 smallapp/unbound-control.c | 4 +++-
 smallapp/unbound-host.c    | 2 ++
 testcode/asynclook.c       | 2 ++
 testcode/petal.c           | 4 +++-
 testcode/streamtcp.c       | 2 ++
 util/net_help.c            | 4 ++--
 util/netevent.c            | 2 +-
 validator/autotrust.c      | 4 ++++
 validator/val_secalgo.c    | 2 ++
 14 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/daemon/daemon.c b/daemon/daemon.c
index e09138cb1..65c1900d6 100644
--- a/daemon/daemon.c
+++ b/daemon/daemon.c
@@ -221,7 +221,9 @@ daemon_init(void)
 	(void)sldns_key_EVP_load_gost_id();
 #  endif
 #  if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#    ifndef S_SPLINT_S
 	OpenSSL_add_all_algorithms();
+#    endif
 #  else
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 		| OPENSSL_INIT_ADD_ALL_DIGESTS
diff --git a/daemon/remote.c b/daemon/remote.c
index 1689154f5..1b67a3444 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -499,7 +499,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err,
 			goto close_exit;
 		}
 		SSL_set_accept_state(n->ssl);
-		(void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY);
+		(void)SSL_set_mode(n->ssl, (long)SSL_MODE_AUTO_RETRY);
 		if(!SSL_set_fd(n->ssl, newfd)) {
 			log_crypto_err("could not SSL_set_fd");
 			SSL_free(n->ssl);
diff --git a/doc/Changelog b/doc/Changelog
index 8e74e9b11..c4b3781c4 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 13 November 2019: Wouter
 	- iana portlist updated.
 	- contrib/fastrpz.patch updated to apply for current code.
+	- fixes for splint cleanliness, long vs int in SSL set_mode.
 
 11 November 2019: Wouter
 	- Fix #109: check number of arguments for stdin-pipes in
diff --git a/services/authzone.c b/services/authzone.c
index 792dc2049..585f86505 100644
--- a/services/authzone.c
+++ b/services/authzone.c
@@ -5971,15 +5971,15 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
 		}
 		if (auth_name != NULL) {
 			if (addr.ss_family == AF_INET
-			&&  ntohs(((struct sockaddr_in *)&addr)->sin_port)
+			&&  (int)ntohs(((struct sockaddr_in *)&addr)->sin_port)
 		            == env->cfg->ssl_port)
 				((struct sockaddr_in *)&addr)->sin_port
-					= htons(env->cfg->port);
+					= htons((uint16_t)env->cfg->port);
 			else if (addr.ss_family == AF_INET6
-			&&  ntohs(((struct sockaddr_in6 *)&addr)->sin6_port)
+			&&  (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port)
 		            == env->cfg->ssl_port)
                         	((struct sockaddr_in6 *)&addr)->sin6_port
-					= htons(env->cfg->port);
+					= htons((uint16_t)env->cfg->port);
 		}
 	}
 
diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index b3b25bda4..817cf6927 100644
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -782,7 +782,7 @@ TLS_initiate(SSL_CTX* sslctx, int fd)
 		return NULL;
 	}
 	SSL_set_connect_state(ssl);
-	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+	(void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY);
 	if(!SSL_set_fd(ssl, fd)) {
 		if(verb) printf("SSL_set_fd error\n");
 		SSL_free(ssl);
@@ -2379,7 +2379,9 @@ int main(int argc, char* argv[])
 	ERR_load_SSL_strings();
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#  ifndef S_SPLINT_S
 	OpenSSL_add_all_algorithms();
+#  endif
 #else
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 		| OPENSSL_INIT_ADD_ALL_DIGESTS
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index ebaa70559..20b4575c0 100644
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -615,7 +615,7 @@ setup_ssl(SSL_CTX* ctx, int fd)
 	if(!ssl)
 		ssl_err("could not SSL_new");
 	SSL_set_connect_state(ssl);
-	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+	(void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY);
 	if(!SSL_set_fd(ssl, fd))
 		ssl_err("could not SSL_set_fd");
 	while(1) {
@@ -888,7 +888,9 @@ int main(int argc, char* argv[])
 	ERR_load_SSL_strings();
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#  ifndef S_SPLINT_S
 	OpenSSL_add_all_algorithms();
+#  endif
 #else
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 		| OPENSSL_INIT_ADD_ALL_DIGESTS
diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c
index f02511fe5..c34f012fb 100644
--- a/smallapp/unbound-host.c
+++ b/smallapp/unbound-host.c
@@ -505,7 +505,9 @@ int main(int argc, char* argv[])
 	ERR_load_SSL_strings();
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#  ifndef S_SPLINT_S
 	OpenSSL_add_all_algorithms();
+#  endif
 #else
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 		| OPENSSL_INIT_ADD_ALL_DIGESTS
diff --git a/testcode/asynclook.c b/testcode/asynclook.c
index f82c6dcab..660f72a7d 100644
--- a/testcode/asynclook.c
+++ b/testcode/asynclook.c
@@ -482,7 +482,9 @@ int main(int argc, char** argv)
 	ERR_load_SSL_strings();
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#  ifndef S_SPLINT_S
 	OpenSSL_add_all_algorithms();
+#  endif
 #else
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 		| OPENSSL_INIT_ADD_ALL_DIGESTS
diff --git a/testcode/petal.c b/testcode/petal.c
index a733017a4..dcc31fdc5 100644
--- a/testcode/petal.c
+++ b/testcode/petal.c
@@ -301,7 +301,7 @@ setup_ssl(int s, SSL_CTX* ctx)
 	SSL* ssl = SSL_new(ctx);
 	if(!ssl) return NULL;
 	SSL_set_accept_state(ssl);
-	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+	(void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY);
 	if(!SSL_set_fd(ssl, s)) {
 		SSL_free(ssl);
 		return NULL;
@@ -657,7 +657,9 @@ int main(int argc, char* argv[])
 	ERR_load_SSL_strings();
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#  ifndef S_SPLINT_S
 	OpenSSL_add_all_algorithms();
+#  endif
 #else
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 		| OPENSSL_INIT_ADD_ALL_DIGESTS
diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index 668d6360b..64a169f8b 100644
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -485,7 +485,9 @@ int main(int argc, char** argv)
 		ERR_load_SSL_strings();
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#  ifndef S_SPLINT_S
 		OpenSSL_add_all_algorithms();
+#  endif
 #else
 		OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 			| OPENSSL_INIT_ADD_ALL_DIGESTS
diff --git a/util/net_help.c b/util/net_help.c
index 4f382077e..f2fe6a6dd 100644
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -1045,7 +1045,7 @@ void* incoming_ssl_fd(void* sslctx, int fd)
 		return NULL;
 	}
 	SSL_set_accept_state(ssl);
-	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+	(void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY);
 	if(!SSL_set_fd(ssl, fd)) {
 		log_crypto_err("could not SSL_set_fd");
 		SSL_free(ssl);
@@ -1067,7 +1067,7 @@ void* outgoing_ssl_fd(void* sslctx, int fd)
 		return NULL;
 	}
 	SSL_set_connect_state(ssl);
-	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+	(void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY);
 	if(!SSL_set_fd(ssl, fd)) {
 		log_crypto_err("could not SSL_set_fd");
 		SSL_free(ssl);
diff --git a/util/netevent.c b/util/netevent.c
index c54c570f6..a2e39dffc 100644
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -1309,7 +1309,7 @@ ssl_handle_write(struct comm_point* c)
 			return 1;
 	}
 	/* ignore return, if fails we may simply block */
-	(void)SSL_set_mode(c->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);
+	(void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE);
 	if(c->tcp_byte_count < sizeof(uint16_t)) {
 		uint16_t len = htons(sldns_buffer_limit(c->buffer));
 		ERR_clear_error();
diff --git a/validator/autotrust.c b/validator/autotrust.c
index fba14ff7c..be7830fb8 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -1175,7 +1175,9 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
 {
 	FILE* out;
 	char* fname = tp->autr->file;
+#ifndef S_SPLINT_S
 	long long llvalue;
+#endif
 	char tempf[2048];
 	log_assert(tp->autr);
 	if(!env) {
@@ -1184,6 +1186,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
 	}
 	/* unique name with pid number, thread number, and struct pointer
 	 * (the pointer uniquifies for multiple libunbound contexts) */
+#ifndef S_SPLINT_S
 #if defined(SIZE_MAX) && defined(UINT32_MAX) && (UINT32_MAX == SIZE_MAX || INT32_MAX == SIZE_MAX)
 	/* avoid warning about upcast on 32bit systems */
 	llvalue = (unsigned long)tp;
@@ -1197,6 +1200,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
 	snprintf(tempf, sizeof(tempf), "%s.%d-%d-%I64x", fname, (int)getpid(),
 		env->worker?*(int*)env->worker:0, llvalue);
 #endif
+#endif /* S_SPLINT_S */
 	verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf);
 	out = fopen(tempf, "w");
 	if(!out) {
diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index ff7739bcf..5e02f6bdb 100644
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -326,8 +326,10 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len)
 #ifdef HAVE_DSA_SIG_SET0
 	if(!DSA_SIG_set0(dsasig, R, S)) return 0;
 #else
+#  ifndef S_SPLINT_S
 	dsasig->r = R;
 	dsasig->s = S;
+#  endif /* S_SPLINT_S */
 #endif
 	*sig = NULL;
 	newlen = i2d_DSA_SIG(dsasig, sig);
-- 
2.47.3