From 9c65eb04e69c54e10af3d49e7377bc8fcef19352 Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@aleksey.com>
Date: Wed, 1 Nov 2023 10:24:18 -0400
Subject: [PATCH 1/7] Added examples to the build and tests

---
 Makefile.am                          | 22 +++++-----------------
 configure.ac                         |  1 +
 examples/{Makefile => Makefile.unix} |  0
 examples/README.md                   |  4 ++--
 examples/decrypt1.c                  |  7 ++++---
 examples/decrypt2.c                  |  3 ++-
 examples/decrypt3.c                  |  1 +
 examples/encrypt1.c                  |  7 ++++---
 examples/encrypt2.c                  |  7 ++++---
 examples/encrypt3.c                  |  7 ++++++-
 examples/sign1.c                     |  7 ++++---
 examples/sign2.c                     |  7 ++++---
 examples/sign3.c                     |  7 ++++---
 examples/verify1.c                   |  7 ++++---
 examples/verify2.c                   |  6 ++++--
 15 files changed, 49 insertions(+), 44 deletions(-)
 rename examples/{Makefile => Makefile.unix} (100%)

diff --git a/Makefile.am b/Makefile.am
index 626efef10..e91d4e239 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,7 @@
 NULL =
 
 SAFE_VERSION	= @XMLSEC_VERSION_SAFE@
-SUBDIRS 	    = include src
+SUBDIRS 	    = include src examples
 if XMLSEC_APPS
 SUBDIRS += apps
 endif
@@ -41,7 +41,6 @@ DISTCLEANFILES = \
 
 EXTRA_DIST = \
 	m4 \
-	examples \
 	scripts \
 	tests \
 	win32 \
@@ -64,10 +63,6 @@ EXTRA_DIST = \
 	xmlsec1.m4 \
 	$(NULL)
 
-EXTRA_CLEAN = \
-	examples \
-	$(NULL)
-
 ABS_SRCDIR=@abs_srcdir@
 ABS_BUILDDIR=@abs_builddir@
 XMLSEC_OPENSSL_TEST_CONFIG=@OPENSSL_TEST_CONFIG@
@@ -103,7 +98,10 @@ docs-clean:
 docs-man:
 	@(cd man && $(MAKE) docs)
 
-check: check-all check-info
+check: check-examples check-all check-info
+
+check-examples:
+	@(cd examples && $(MAKE) check)
 
 check-all: $(TEST_APP)
 	for crypto in $(CHECK_CRYPTO_LIST) ; do \
@@ -192,13 +190,3 @@ perfcheck: $(TEST_APP)
 
 dist-hook:
 
-cleantar:
-	@($(RM) -f xmlsec*.tar.gz COPYING.LIB)
-
-tar-release: clean cleantar
-	@(unset CDPATH && $(MAKE) dist)
-
-rpm: cleantar tar-release
-	@(unset CDPATH && rpmbuild -ta $(distdir).tar.gz)
-
-rpm-release: clean cleantar rpm
diff --git a/configure.ac b/configure.ac
index eea5d6530..f2435af2f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2674,6 +2674,7 @@ include/Makefile
 include/xmlsec/Makefile
 src/Makefile
 apps/Makefile
+examples/Makefile
 docs/Makefile
 docs/api/Makefile
 man/Makefile
diff --git a/examples/Makefile b/examples/Makefile.unix
similarity index 100%
rename from examples/Makefile
rename to examples/Makefile.unix
diff --git a/examples/README.md b/examples/README.md
index fc134aef6..38a673697 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -5,8 +5,8 @@ This folder contains XML Security Library examples.
 ## Building examples
 
 ### Unixes
-Just run the usual `make` command (assuming that xmlsec, libxml2, libxslt and
-all other required libraries are already installed).
+Just run the usual `make` command. A simplified `Makefile.unix` makefile is
+also included to show how one can build examples outside of the xmlsec source tree.
 
 ### Windows
 - Add paths to include and library files for xmlsec, libxml2, libxslt and
diff --git a/examples/decrypt1.c b/examples/decrypt1.c
index 85386ff77..317992cbe 100644
--- a/examples/decrypt1.c
+++ b/examples/decrypt1.c
@@ -18,6 +18,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -33,7 +34,7 @@
 #include <xmlsec/xmlenc.h>
 #include <xmlsec/crypto.h>
 
-int decrypt_file(const char* enc_file, const char* key_file);
+int decrypt_file(const char* enc_file, char* key_file);
 
 int
 main(int argc, char **argv) {
@@ -142,7 +143,7 @@ main(int argc, char **argv) {
  * Returns 0 on success or a negative value if an error occurs.
  */
 int
-decrypt_file(const char* enc_file, const char* key_file) {
+decrypt_file(const char* enc_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
     xmlSecEncCtxPtr encCtx = NULL;
@@ -180,7 +181,7 @@ decrypt_file(const char* enc_file, const char* key_file) {
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(encCtx->encKey, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(encCtx->encKey, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         goto done;
     }
diff --git a/examples/decrypt2.c b/examples/decrypt2.c
index 3b1f5d670..5eab1aa35 100644
--- a/examples/decrypt2.c
+++ b/examples/decrypt2.c
@@ -19,6 +19,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -193,7 +194,7 @@ load_des_keys(char** files, int files_size) {
         }
 
         /* set key name to the file name, this is just an example! */
-        if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
+        if(xmlSecKeySetName(key, BAD_CAST basename(files[i])) < 0) {
             fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
             xmlSecKeyDestroy(key);
             xmlSecKeysMngrDestroy(mngr);
diff --git a/examples/decrypt3.c b/examples/decrypt3.c
index 96150a483..da6694186 100644
--- a/examples/decrypt3.c
+++ b/examples/decrypt3.c
@@ -21,6 +21,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
diff --git a/examples/encrypt1.c b/examples/encrypt1.c
index 14f0f97b2..9eaa5d011 100644
--- a/examples/encrypt1.c
+++ b/examples/encrypt1.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -35,7 +36,7 @@
 #include <xmlsec/xmlenc.h>
 #include <xmlsec/crypto.h>
 
-int encrypt_file(const char* tmpl_file, const char* key_file,
+int encrypt_file(const char* tmpl_file, char* key_file,
                  const unsigned char* data, size_t dataSize);
 int
 main(int argc, char **argv) {
@@ -147,7 +148,7 @@ main(int argc, char **argv) {
  * Returns 0 on success or a negative value if an error occurs.
  */
 int
-encrypt_file(const char* tmpl_file, const char* key_file,
+encrypt_file(const char* tmpl_file, char* key_file,
              const unsigned char* data, size_t dataSize) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
@@ -187,7 +188,7 @@ encrypt_file(const char* tmpl_file, const char* key_file,
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(encCtx->encKey, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(encCtx->encKey, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         goto done;
     }
diff --git a/examples/encrypt2.c b/examples/encrypt2.c
index 8118d8cc0..8cfab38ce 100644
--- a/examples/encrypt2.c
+++ b/examples/encrypt2.c
@@ -21,6 +21,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -37,7 +38,7 @@
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
-int encrypt_file(const char* xml_file, const char* key_file);
+int encrypt_file(const char* xml_file, char* key_file);
 
 int
 main(int argc, char **argv) {
@@ -146,7 +147,7 @@ main(int argc, char **argv) {
  * Returns 0 on success or a negative value if an error occurs.
  */
 int
-encrypt_file(const char* xml_file, const char* key_file) {
+encrypt_file(const char* xml_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr encDataNode = NULL;
     xmlNodePtr keyInfoNode = NULL;
@@ -205,7 +206,7 @@ encrypt_file(const char* xml_file, const char* key_file) {
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(encCtx->encKey, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(encCtx->encKey, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         goto done;
     }
diff --git a/examples/encrypt3.c b/examples/encrypt3.c
index d63740074..a400a5f28 100644
--- a/examples/encrypt3.c
+++ b/examples/encrypt3.c
@@ -21,6 +21,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -190,7 +191,7 @@ load_rsa_keys(char* key_file) {
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(key, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(key, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         xmlSecKeyDestroy(key);
         xmlSecKeysMngrDestroy(mngr);
@@ -306,6 +307,10 @@ encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name)
         goto done;
     }
 
+    /* we don't specify key name */
+    encCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
+    encCtx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
+
     /* encrypt the data */
     if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
         fprintf(stderr,"Error: encryption failed\n");
diff --git a/examples/sign1.c b/examples/sign1.c
index 11003782d..cbe43fabd 100644
--- a/examples/sign1.c
+++ b/examples/sign1.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -35,7 +36,7 @@
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/crypto.h>
 
-int sign_file(const char* tmpl_file, const char* key_file);
+int sign_file(const char* tmpl_file, char* key_file);
 
 int
 main(int argc, char **argv) {
@@ -143,7 +144,7 @@ main(int argc, char **argv) {
  * Returns 0 on success or a negative value if an error occurs.
  */
 int
-sign_file(const char* tmpl_file, const char* key_file) {
+sign_file(const char* tmpl_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
     xmlSecDSigCtxPtr dsigCtx = NULL;
@@ -181,7 +182,7 @@ sign_file(const char* tmpl_file, const char* key_file) {
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         goto done;
     }
diff --git a/examples/sign2.c b/examples/sign2.c
index 3fcbf72fd..06e5c105f 100644
--- a/examples/sign2.c
+++ b/examples/sign2.c
@@ -22,6 +22,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -38,7 +39,7 @@
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
-int sign_file(const char* xml_file, const char* key_file);
+int sign_file(const char* xml_file, char* key_file);
 
 int
 main(int argc, char **argv) {
@@ -147,7 +148,7 @@ main(int argc, char **argv) {
  * Returns 0 on success or a negative value if an error occurs.
  */
 int
-sign_file(const char* xml_file, const char* key_file) {
+sign_file(const char* xml_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr signNode = NULL;
     xmlNodePtr refNode = NULL;
@@ -217,7 +218,7 @@ sign_file(const char* xml_file, const char* key_file) {
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         goto done;
     }
diff --git a/examples/sign3.c b/examples/sign3.c
index cba609fcb..6ea568226 100644
--- a/examples/sign3.c
+++ b/examples/sign3.c
@@ -26,6 +26,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -42,7 +43,7 @@
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
-int sign_file(const char* xml_file, const char* key_file, const char* cert_file);
+int sign_file(const char* xml_file, char* key_file, const char* cert_file);
 
 int
 main(int argc, char **argv) {
@@ -153,7 +154,7 @@ main(int argc, char **argv) {
  * Returns 0 on success or a negative value if an error occurs.
  */
 int
-sign_file(const char* xml_file, const char* key_file, const char* cert_file) {
+sign_file(const char* xml_file, char* key_file, const char* cert_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr signNode = NULL;
     xmlNodePtr refNode = NULL;
@@ -242,7 +243,7 @@ sign_file(const char* xml_file, const char* key_file, const char* cert_file) {
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         goto done;
     }
diff --git a/examples/verify1.c b/examples/verify1.c
index 7c339934d..a4eae4353 100644
--- a/examples/verify1.c
+++ b/examples/verify1.c
@@ -18,6 +18,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -33,7 +34,7 @@
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/crypto.h>
 
-int verify_file(const char* xml_file, const char* key_file);
+int verify_file(const char* xml_file, char* key_file);
 
 int
 main(int argc, char **argv) {
@@ -141,7 +142,7 @@ main(int argc, char **argv) {
  * Returns 0 on success or a negative value if an error occurs.
  */
 int
-verify_file(const char* xml_file, const char* key_file) {
+verify_file(const char* xml_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
     xmlSecDSigCtxPtr dsigCtx = NULL;
@@ -179,7 +180,7 @@ verify_file(const char* xml_file, const char* key_file) {
     }
 
     /* set key name to the file name, this is just an example! */
-    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST key_file) < 0) {
+    if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST basename(key_file)) < 0) {
         fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
         goto done;
     }
diff --git a/examples/verify2.c b/examples/verify2.c
index b4b2351ee..aadca61a2 100644
--- a/examples/verify2.c
+++ b/examples/verify2.c
@@ -18,6 +18,8 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <libgen.h>
+#include <libgen.h>
 
 #include <libxml/tree.h>
 #include <libxml/xmlmemory.h>
@@ -193,8 +195,8 @@ load_keys(char** files, int files_size) {
         }
 
         /* set key name to the file name, this is just an example! */
-        if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
-            fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+        if(xmlSecKeySetName(key, BAD_CAST basename(files[i])) < 0) {
+            fprintf(stderr,"Error:  failed to set key name for key from \"%s\"\n", files[i]);
             xmlSecKeyDestroy(key);
             xmlSecKeysMngrDestroy(mngr);
             return(NULL);

From 6d08ce7cb6e2f49e7341b9dd99d85310300dcf09 Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@aleksey.com>
Date: Wed, 1 Nov 2023 12:04:45 -0400
Subject: [PATCH 2/7] Added forgotten makefile

---
 examples/Makefile.am | 96 ++++++++++++++++++++++++++++++++++++++++++++
 examples/decrypt3.c  | 41 ++++++++++++++-----
 examples/encrypt3.c  |  2 +-
 3 files changed, 128 insertions(+), 11 deletions(-)
 create mode 100644 examples/Makefile.am

diff --git a/examples/Makefile.am b/examples/Makefile.am
new file mode 100644
index 000000000..c37d4c836
--- /dev/null
+++ b/examples/Makefile.am
@@ -0,0 +1,96 @@
+NULL =
+examples_dir = $(top_srcdir)/examples
+
+bin_PROGRAMS = sign1 sign2 sign3 \
+	verify1 verify2 verify3 verify4 \
+	encrypt1 encrypt2 encrypt3 \
+	decrypt1 decrypt2 decrypt3 \
+	xmldsigverify
+
+sign1_SOURCES = sign1.c
+sign2_SOURCES = sign2.c
+sign3_SOURCES = sign3.c
+verify1_SOURCES = verify1.c
+verify2_SOURCES = verify2.c
+verify3_SOURCES = verify3.c
+verify4_SOURCES = verify4.c
+encrypt1_SOURCES = encrypt1.c
+encrypt2_SOURCES = encrypt2.c
+encrypt3_SOURCES = encrypt3.c
+decrypt1_SOURCES = decrypt1.c
+decrypt2_SOURCES = decrypt2.c
+decrypt3_SOURCES = decrypt3.c
+xmldsigverify_SOURCES = xmldsigverify.c
+
+CLEANFILES = \
+	*.xml \
+	$(NULL)
+
+# link all examples statically to make life simpler
+XMLSEC_LIBS = \
+	$(top_builddir)/src/libxmlsec1.la \
+	$(top_builddir)/src/@XMLSEC_DEFAULT_CRYPTO@/lib$(XMLSEC_CRYPTO_LIB).la \
+	$(NULL)
+
+AM_CFLAGS = \
+	-DPACKAGE=\"@PACKAGE@\" \
+	-I../include \
+	-I$(top_srcdir)/include \
+	$(XMLSEC_DEFINES) \
+	$(XMLSEC_APP_DEFINES) \
+	$(XMLSEC_CRYPTO_CFLAGS) \
+	$(LIBXSLT_CFLAGS) \
+	$(LIBXML_CFLAGS) \
+	$(LIBLTDL_CFLAGS) \
+	$(NULL)
+
+ LDFLAGS = \
+	@XMLSEC_STATIC_BINARIES@ \
+	@XMLSEC_EXTRA_LDFLAGS@ \
+	$(NULL)
+
+LDADD = \
+	$(LIBXSLT_LIBS) \
+	$(LIBXML_LIBS) \
+	$(XMLSEC_LIBS) \
+	$(LIBLTDL_LIBS) \
+	$(NULL)
+
+DEPENDENCIES = \
+	$(CRYPTO_DEPS) \
+	$(XMLSEC_LIBS) \
+	$(NULL)
+
+
+check:
+	./sign1     $(examples_dir)/sign1-tmpl.xml    $(examples_dir)/rsakey.pem  > sign1-out.xml
+	./sign2     $(examples_dir)/sign2-doc.xml     $(examples_dir)/rsakey.pem  > sign2-out.xml
+	./sign3     $(examples_dir)/sign3-doc.xml     $(examples_dir)/rsakey.pem $(examples_dir)/rsacert.pem > sign3-out.xml
+	./verify1   $(examples_dir)/sign1-res.xml     $(examples_dir)/rsapub.pem
+	./verify1   $(examples_dir)/sign2-res.xml     $(examples_dir)/rsapub.pem
+	./verify1   sign1-out.xml                     $(examples_dir)/rsapub.pem
+	./verify1   sign2-out.xml                     $(examples_dir)/rsapub.pem
+	./verify2   $(examples_dir)/sign1-res.xml     $(examples_dir)/rsakey.pem
+	./verify2   $(examples_dir)/sign2-res.xml     $(examples_dir)/rsakey.pem
+	./verify2   sign1-out.xml                     $(examples_dir)/rsakey.pem
+	./verify2   sign2-out.xml                     $(examples_dir)/rsakey.pem
+	./verify3   $(examples_dir)/sign3-res.xml     $(examples_dir)/ca2cert.pem $(examples_dir)/cacert.pem
+	./verify3   sign3-out.xml                     $(examples_dir)/ca2cert.pem $(examples_dir)/cacert.pem
+	./verify4   $(examples_dir)/verify4-res.xml   $(examples_dir)/ca2cert.pem $(examples_dir)/cacert.pem
+	./encrypt1  $(examples_dir)/encrypt1-tmpl.xml $(examples_dir)/deskey.bin  > encrypt1-out.xml
+	./encrypt2  $(examples_dir)/encrypt2-doc.xml  $(examples_dir)/deskey.bin  > encrypt2-out.xml
+	./encrypt3  $(examples_dir)/encrypt3-doc.xml  $(examples_dir)/rsakey.pem  > encrypt3-out.xml
+	./decrypt1  $(examples_dir)/encrypt1-res.xml  $(examples_dir)/deskey.bin  > decrypt1-1-out.xml
+	./decrypt1  $(examples_dir)/encrypt2-res.xml  $(examples_dir)/deskey.bin  > decrypt1-2-out.xml
+	./decrypt1  encrypt1-out.xml                  $(examples_dir)/deskey.bin  > decrypt1-3-out.xml
+	./decrypt1  encrypt2-out.xml                  $(examples_dir)/deskey.bin  > decrypt1-4-out.xml
+	./decrypt2  $(examples_dir)/encrypt1-res.xml  $(examples_dir)/deskey.bin  > decrypt2-1-out.xml
+	./decrypt2  $(examples_dir)/encrypt2-res.xml  $(examples_dir)/deskey.bin  > decrypt2-2-out.xml
+	./decrypt2  encrypt1-out.xml                  $(examples_dir)/deskey.bin  > decrypt2-3-out.xml
+	./decrypt2  encrypt2-out.xml                  $(examples_dir)/deskey.bin  > decrypt2-4-out.xml
+	./decrypt3  $(examples_dir)/encrypt1-res.xml  $(examples_dir)             > decrypt3-1-out.xml
+	./decrypt3  $(examples_dir)/encrypt2-res.xml  $(examples_dir)             > decrypt3-2-out.xml
+	./decrypt3  $(examples_dir)/encrypt3-res.xml  $(examples_dir)             > decrypt3-3-out.xml
+	./decrypt3  encrypt1-out.xml                  $(examples_dir)             > decrypt3-4-out.xml
+	./decrypt3  encrypt2-out.xml                  $(examples_dir)             > decrypt3-5-out.xml
+	./decrypt3  encrypt3-out.xml                  $(examples_dir)             > decrypt3-6-out.xml
diff --git a/examples/decrypt3.c b/examples/decrypt3.c
index da6694186..ba1e1a0c1 100644
--- a/examples/decrypt3.c
+++ b/examples/decrypt3.c
@@ -38,7 +38,7 @@
 #include <xmlsec/crypto.h>
 
 xmlSecKeyStoreId  files_keys_store_get_klass(void);
-xmlSecKeysMngrPtr create_files_keys_mngr(void);
+xmlSecKeysMngrPtr create_files_keys_mngr(char* keys_folder);
 int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
 
 int
@@ -50,9 +50,9 @@ main(int argc, char **argv) {
 
     assert(argv);
 
-    if(argc != 2) {
+    if((argc < 2) || (argc > 3)) {
         fprintf(stderr, "Error: wrong number of arguments.\n");
-        fprintf(stderr, "Usage: %s <enc-file>\n", argv[0]);
+        fprintf(stderr, "Usage: %s <enc-file> [<keys-folder>]\n", argv[0]);
         return(1);
     }
 
@@ -116,7 +116,7 @@ main(int argc, char **argv) {
     }
 
     /* create keys manager and load keys */
-    mngr = create_files_keys_mngr();
+    mngr = create_files_keys_mngr((argc > 2) ? argv[2] : NULL);
     if(mngr == NULL) {
         return(-1);
     }
@@ -235,7 +235,7 @@ decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
  * Returns pointer to newly created keys manager or NULL if an error occurs.
  */
 xmlSecKeysMngrPtr
-create_files_keys_mngr(void) {
+create_files_keys_mngr(char* keys_folder) {
     xmlSecKeyStorePtr keysStore;
     xmlSecKeysMngrPtr mngr;
 
@@ -246,6 +246,9 @@ create_files_keys_mngr(void) {
         return(NULL);
     }
 
+    /* save the keys folder (see files_keys_store_find_key) */
+    keysStore->reserved0 = keys_folder;
+
     /* create keys manager */
     mngr = xmlSecKeysMngrCreate();
     if(mngr == NULL) {
@@ -325,7 +328,9 @@ files_keys_store_get_klass(void) {
 static xmlSecKeyPtr
 files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
     xmlSecKeyPtr key;
+    const char* keys_folder;
     const xmlChar* p;
+    char path[FILENAME_MAX];
 
     assert(store);
     assert(keyInfoCtx);
@@ -336,7 +341,7 @@ files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKe
         return(NULL);
     }
 
-    /* we don't want to open files in a folder other than "current";
+    /* we don't want to open files in a folder other than specified;
      * to prevent it limit the characters in the key name to alpha/digit,
      * '.', '-' or '_'.
      */
@@ -346,18 +351,34 @@ files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKe
         }
     }
 
+    /* we saved keys folder in reserved0 field  (see create_files_keys_mngr) */
+    keys_folder = (const char*)store->reserved0;
+    if(keys_folder != NULL) {
+#if defined(_MSC_VER)
+        sprintf_s(path, sizeof(path), "%s/%s", keys_folder, (const char*)name);
+#else  /* defined(_MSC_VER) */
+        sprintf(path, "%s/%s", keys_folder, (const char*)name);
+#endif /* defined(_MSC_VER) */
+    } else {
+#if defined(_MSC_VER)
+    strcpy_s(path, sizeof(path), (const char*)name);
+#else  /* defined(_MSC_VER) */
+    strcpy(path, (const char*)name);
+#endif /* defined(_MSC_VER) */
+    }
+
     if((keyInfoCtx->keyReq.keyId == xmlSecKeyDataDsaId) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataRsaId)) {
         /* load key from a pem file, if key is not found then it's an error (is it?) */
-        key = xmlSecCryptoAppKeyLoadEx((const char*)name, xmlSecKeyDataTypePrivate, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+        key = xmlSecCryptoAppKeyLoadEx(path, xmlSecKeyDataTypePrivate, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
         if(key == NULL) {
-            fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", name);
+            fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", path);
             return(NULL);
         }
     } else {
         /* otherwise it's a binary key, if key is not found then it's an error (is it?) */
-        key = xmlSecKeyReadBinaryFile(keyInfoCtx->keyReq.keyId, (const char*)name);
+        key = xmlSecKeyReadBinaryFile(keyInfoCtx->keyReq.keyId,path);
         if(key == NULL) {
-            fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name);
+            fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", path);
             return(NULL);
         }
     }
diff --git a/examples/encrypt3.c b/examples/encrypt3.c
index a400a5f28..63c4c704d 100644
--- a/examples/encrypt3.c
+++ b/examples/encrypt3.c
@@ -122,7 +122,7 @@ main(int argc, char **argv) {
     }
 
     /* we use key filename as key name here */
-    if(encrypt_file(mngr, argv[1], argv[2]) < 0) {
+    if(encrypt_file(mngr, argv[1], basename(argv[2])) < 0) {
         xmlSecKeysMngrDestroy(mngr);
         return(-1);
     }

From 5227df0356297bb35fec2de977a924b2175c6513 Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@aleksey.com>
Date: Wed, 1 Nov 2023 12:43:54 -0400
Subject: [PATCH 3/7] fix compile warnings in the examples

---
 examples/xmldsigverify.c | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/examples/xmldsigverify.c b/examples/xmldsigverify.c
index ff68120e3..c60c73f4f 100644
--- a/examples/xmldsigverify.c
+++ b/examples/xmldsigverify.c
@@ -34,7 +34,7 @@
 int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys);
 int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_certs);
 int verify_request(xmlSecKeysMngrPtr mngr);
-int url_decode(char *buf, size_t size);
+unsigned int url_decode(char *buf, unsigned int size);
 
 int
 main() {
@@ -171,7 +171,7 @@ int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_load
     DIR* dir;
     struct dirent* entry;
     char filename[2048];
-    int len;
+    size_t len;
 
     assert(mngr);
     assert(path);
@@ -243,7 +243,7 @@ verify_request(xmlSecKeysMngrPtr mngr) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
     xmlSecDSigCtxPtr dsigCtx = NULL;
-    int ret;
+    size_t ret;
     int res = -1;
 
     assert(mngr);
@@ -257,17 +257,16 @@ verify_request(xmlSecKeysMngrPtr mngr) {
 
     while(!feof(stdin)) {
         ret = fread(buf, 1, sizeof(buf), stdin);
-        if(ret < 0) {
-            fprintf(stdout,"Error: read failed\n");
-            goto done;
+        if(ret <= 0) {
+            break;
         }
-        xmlBufferAdd(buffer, buf, (xmlSecSize)ret);
+        xmlBufferAdd(buffer, buf, (int)ret);
     }
 
     /* is the document submitted from the form? */
     if(strncmp((char*)xmlBufferContent(buffer), "_xmldoc=", 8) == 0) {
         xmlBufferShrink(buffer, 8);
-        buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer));
+        buffer->use = url_decode((char*)xmlBufferContent(buffer), (unsigned int)xmlBufferLength(buffer));
     }
 
     /**
@@ -359,8 +358,8 @@ verify_request(xmlSecKeysMngrPtr mngr) {
  * Returns length of the decoded result on success or
  * a negative value if an error occurs.
  */
-int url_decode(char *buf, size_t size) {
-    size_t ii, jj;
+unsigned int url_decode(char *buf, unsigned int size) {
+    unsigned int ii, jj;
     char ch;
 
     assert(buf);
@@ -376,7 +375,7 @@ int url_decode(char *buf, size_t size) {
             buf[jj] = buf[ii];
         }
     }
-    return((int)jj);
+    return(jj);
 }
 
 

From 181b9460691627835672a49650dc65a0214e3754 Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@aleksey.com>
Date: Wed, 1 Nov 2023 12:58:42 -0400
Subject: [PATCH 4/7] Added missing include

---
 include/xmlsec/crypto.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/xmlsec/crypto.h b/include/xmlsec/crypto.h
index 862bfe3b5..970e07c78 100644
--- a/include/xmlsec/crypto.h
+++ b/include/xmlsec/crypto.h
@@ -51,6 +51,7 @@
 #ifdef XMLSEC_CRYPTO_GNUTLS
 #include <xmlsec/gnutls/app.h>
 #include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
 #include <xmlsec/gnutls/symbols.h>
 #else /* XMLSEC_CRYPTO_GNUTLS */
 #ifdef XMLSEC_CRYPTO_GCRYPT

From bac596705609b71358a7101311753ae7dd8ec7a3 Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@aleksey.com>
Date: Wed, 1 Nov 2023 14:29:06 -0400
Subject: [PATCH 5/7] Fixing examples

---
 apps/Makefile.am         |  3 ++-
 configure.ac             | 14 ++++++++++----
 examples/Makefile.am     |  3 ++-
 examples/verify3.c       |  3 +++
 examples/verify4.c       |  3 +++
 examples/xmldsigverify.c |  6 ++++--
 6 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/apps/Makefile.am b/apps/Makefile.am
index 4fee33285..8409d06b1 100644
--- a/apps/Makefile.am
+++ b/apps/Makefile.am
@@ -47,7 +47,7 @@ AM_CFLAGS = \
 	-I../include \
 	-I$(top_srcdir)/include \
 	$(XMLSEC_DEFINES) \
-	$(XMLSEC_APP_DEFINES) \
+	@XMLSEC_EXTRA_APP_CFLAGS@ \
 	$(CRYPTO_INCLUDES) \
 	$(LIBXSLT_CFLAGS) \
 	$(LIBXML_CFLAGS) \
@@ -65,6 +65,7 @@ xmlsec1_SOURCES = \
 xmlsec1_LDFLAGS = \
 	@XMLSEC_STATIC_BINARIES@ \
 	@XMLSEC_EXTRA_LDFLAGS@ \
+	@XMLSEC_EXTRA_APP_LDFLAGS@ \
 	$(CRYPTO_LD_FLAGS) \
 	$(NULL)
 
diff --git a/configure.ac b/configure.ac
index f2435af2f..8f4e08b91 100644
--- a/configure.ac
+++ b/configure.ac
@@ -71,7 +71,8 @@ dnl ==========================================================================
 dnl XMLSec configs
 dnl ==========================================================================
 XMLSEC_DEFINES=
-XMLSEC_APP_DEFINES=
+XMLSEC_EXTRA_APP_CFLAGS=
+XMLSEC_EXTRA_APP_LDFLAGS=
 XMLSEC_EXTRA_LDFLAGS=
 XMLSEC_CRYPTO_EXTRA_LDFLAGS=
 
@@ -136,6 +137,8 @@ case "${host}" in
     dnl instead libxmlsec1-NN.dll, where NN is a number.
     XMLSEC_EXTRA_LDFLAGS="$XMLSEC_EXTRA_LDFLAGS -no-undefined -avoid-version"
     XMLSEC_CRYPTO_EXTRA_LDFLAGS="$XMLSEC_CRYPTO_EXTRA_LDFLAGS -no-undefined -avoid-version"
+    XMLSEC_EXTRA_APP_CFLAGS=-mconsole
+    XMLSEC_EXTRA_APP_LDFLAGS=-mconsole
     XMLSEC_SHLIBSFX=".dll.a"
 
     build_on_windows=yes
@@ -144,6 +147,8 @@ case "${host}" in
   *-*-cygwin*)
     XMLSEC_EXTRA_LDFLAGS="$XMLSEC_EXTRA_LDFLAGS -no-undefined"
     XMLSEC_CRYPTO_EXTRA_LDFLAGS="$XMLSEC_CRYPTO_EXTRA_LDFLAGS -no-undefined"
+    XMLSEC_EXTRA_APP_CFLAGS=-mconsole
+    XMLSEC_EXTRA_APP_LDFLAGS=-mconsole
 
     build_on_windows=yes
     AC_MSG_RESULT("Windows (Cygwin)")
@@ -2331,7 +2336,7 @@ if test "z$enable_static_linking" = "zyes" -o "z$enable_static_linking" = "ztrue
     if test "z$build_on_windows" = "zyes" ; then
         XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_STATIC=1"
     fi
-    XMLSEC_APP_DEFINES="$XMLSEC_APP_DEFINES -DXMLSEC_STATIC=1"
+    XMLSEC_EXTRA_APP_CFLAGS="$XMLSEC_EXTRA_APP_CFLAGS -DXMLSEC_STATIC=1"
     enable_crypto_dl="no"
     AC_MSG_RESULT([yes])
 else
@@ -2434,7 +2439,7 @@ elif test "z$LIBLTDL_FOUND" != "zyes" ; then
     AC_MSG_RESULT([disabled])
     AC_MSG_ERROR(xmlsec-crypto libraries dynamic loading support in xmlsec command line tool is requested but no LibLTDL is found)
 else
-    XMLSEC_APP_DEFINES="$XMLSEC_APP_DEFINES -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1"
+    XMLSEC_EXTRA_APP_CFLAGS="$XMLSEC_EXTRA_APP_CFLAGS -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1"
     XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING="0"
     AC_MSG_RESULT([yes])
 fi
@@ -2613,7 +2618,8 @@ AC_SUBST(CFLAGS)
 AC_SUBST(CPPFLAGS)
 AC_SUBST(LDFLAGS)
 AC_SUBST(XMLSEC_DEFINES)
-AC_SUBST(XMLSEC_APP_DEFINES)
+AC_SUBST(XMLSEC_EXTRA_APP_CFLAGS)
+AC_SUBST(XMLSEC_EXTRA_APP_LDFLAGS)
 AC_SUBST(XMLSEC_EXTRA_LDFLAGS)
 AC_SUBST(XMLSEC_CRYPTO_EXTRA_LDFLAGS)
 
diff --git a/examples/Makefile.am b/examples/Makefile.am
index c37d4c836..30f37330d 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -37,7 +37,7 @@ AM_CFLAGS = \
 	-I../include \
 	-I$(top_srcdir)/include \
 	$(XMLSEC_DEFINES) \
-	$(XMLSEC_APP_DEFINES) \
+	@XMLSEC_EXTRA_APP_CFLAGS@ \
 	$(XMLSEC_CRYPTO_CFLAGS) \
 	$(LIBXSLT_CFLAGS) \
 	$(LIBXML_CFLAGS) \
@@ -47,6 +47,7 @@ AM_CFLAGS = \
  LDFLAGS = \
 	@XMLSEC_STATIC_BINARIES@ \
 	@XMLSEC_EXTRA_LDFLAGS@ \
+	@XMLSEC_EXTRA_APP_LDFLAGS@ \
 	$(NULL)
 
 LDADD = \
diff --git a/examples/verify3.c b/examples/verify3.c
index 65483fc14..bc09e1a9a 100644
--- a/examples/verify3.c
+++ b/examples/verify3.c
@@ -235,6 +235,9 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
         goto done;
     }
 
+    /* skip strict certs checks since we have old certs */
+    dsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS;
+
     /* Verify signature */
     if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
         fprintf(stderr,"Error: signature verify\n");
diff --git a/examples/verify4.c b/examples/verify4.c
index 0a9a29ee8..4dfb2defe 100644
--- a/examples/verify4.c
+++ b/examples/verify4.c
@@ -270,6 +270,9 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
         goto done;
     }
 
+    /* skip strict certs checks since we have old certs */
+    dsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS;
+
     /* Verify signature */
     if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
         fprintf(stderr,"Error: signature verify\n");
diff --git a/examples/xmldsigverify.c b/examples/xmldsigverify.c
index c60c73f4f..593f2a484 100644
--- a/examples/xmldsigverify.c
+++ b/examples/xmldsigverify.c
@@ -36,13 +36,15 @@ int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_load
 int verify_request(xmlSecKeysMngrPtr mngr);
 unsigned int url_decode(char *buf, unsigned int size);
 
-int
-main() {
+int main(int argc, char **argv) {
     xmlSecKeysMngrPtr mngr;
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
 
+    assert(argc > 0);
+    assert(argv);
+
     /* start response */
     fprintf(stdout, "Content-type: text/plain\n");
     fprintf(stdout, "\n");

From 99880fc0f2935b355deb6724023941e8bc4103d9 Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@aleksey.com>
Date: Wed, 1 Nov 2023 15:33:46 -0400
Subject: [PATCH 6/7] Fix windows main issue

---
 apps/cmdline.c           |   6 +-
 apps/cmdline.h           |   2 +-
 apps/xmlsec.c            | 151 +++++++++++++++++++++------------------
 config.h.in              |   0
 examples/decrypt1.c      |  11 +--
 examples/decrypt2.c      |  15 ++--
 examples/decrypt3.c      |  19 ++---
 examples/encrypt1.c      |  14 ++--
 examples/encrypt2.c      |  10 ++-
 examples/encrypt3.c      |  15 ++--
 examples/sign1.c         |  11 +--
 examples/sign2.c         |  11 +--
 examples/sign3.c         |  11 +--
 examples/verify1.c       |  11 +--
 examples/verify2.c       |  15 ++--
 examples/verify3.c       |  15 ++--
 examples/verify4.c       |  15 ++--
 examples/win_main.c      |  69 ++++++++++++++++++
 examples/xmldsigverify.c |  28 +++++---
 scripts/check-return.pl  |   0
 20 files changed, 281 insertions(+), 148 deletions(-)
 mode change 100644 => 100755 config.h.in
 create mode 100644 examples/win_main.c
 mode change 100644 => 100755 scripts/check-return.pl

diff --git a/apps/cmdline.c b/apps/cmdline.c
index 200cbaa1e..827377ac4 100644
--- a/apps/cmdline.c
+++ b/apps/cmdline.c
@@ -27,7 +27,7 @@ static xmlSecAppCmdLineParamPtr xmlSecAppCmdLineParamsListFind  (xmlSecAppCmdLin
                                                                  xmlSecAppCmdLineParamTopic topics,
                                                                  const char* name);
 static int                      xmlSecAppCmdLineParamRead       (xmlSecAppCmdLineParamPtr param,
-                                                                 const char** argv,
+                                                                 char** argv,
                                                                  int argc,
                                                                  int pos);
 static int                      xmlSecAppCmdLineTimeParamRead   (const char* str,
@@ -88,7 +88,7 @@ xmlSecAppCmdLineParamGetTime(xmlSecAppCmdLineParamPtr param, time_t def) {
 int
 xmlSecAppCmdLineParamsListParse(xmlSecAppCmdLineParamPtr* params,
                                 xmlSecAppCmdLineParamTopic topics,
-                                const char** argv, int argc, int pos) {
+                                char** argv, int argc, int pos) {
     xmlSecAppCmdLineParamPtr param;
     int ii;
     int ret;
@@ -234,7 +234,7 @@ xmlSecAppCmdLineParamsListFind(xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLin
 }
 
 static int
-xmlSecAppCmdLineParamRead(xmlSecAppCmdLineParamPtr param, const char** argv, int argc, int pos) {
+xmlSecAppCmdLineParamRead(xmlSecAppCmdLineParamPtr param, char** argv, int argc, int pos) {
     xmlSecAppCmdLineValuePtr value;
     xmlSecAppCmdLineValuePtr prev = NULL;
     char* buf;
diff --git a/apps/cmdline.h b/apps/cmdline.h
index 617b3d6fa..d063be068 100644
--- a/apps/cmdline.h
+++ b/apps/cmdline.h
@@ -57,7 +57,7 @@ time_t          xmlSecAppCmdLineParamGetTime            (xmlSecAppCmdLineParamPt
 
 int             xmlSecAppCmdLineParamsListParse         (xmlSecAppCmdLineParamPtr* params,
                                                          xmlSecAppCmdLineParamTopic topics,
-                                                         const char** argv,
+                                                         char** argv,
                                                          int argc,
                                                          int pos);
 void            xmlSecAppCmdLineParamsListClean         (xmlSecAppCmdLineParamPtr* params);
diff --git a/apps/xmlsec.c b/apps/xmlsec.c
index 7655c1dbd..541b28855 100644
--- a/apps/xmlsec.c
+++ b/apps/xmlsec.c
@@ -1176,69 +1176,96 @@ static int                      xmlSecAppInputReadCallback      (void * context,
 static int                      xmlSecAppInputCloseCallback     (void * context);
 
 static int                      xmlSecAppExecute                (xmlSecAppCommand command,
-                                                                const char** utf8_argv,
+                                                                char** argv,
                                                                 int argc);
 
 
-#if defined(XMLSEC_WINDOWS) && defined(UNICODE) && defined(__MINGW32__)
-int wmain(int argc, wchar_t* argv[]);
-#endif /* defined(XMLSEC_WINDOWS) && defined(UNICODE) && defined(__MINGW32__) */
-
-xmlSecKeysMngrPtr g_keysManager = NULL;
-int g_repeats = 1;
-int g_printDebug = 0;
-int g_printVerboseDebug = 0;
-int g_blockNetworkIO = 0;
-clock_t g_totalTime = 0;
-const char* g_xmlSecCryptoLibrary = NULL;
-const char* gOutputFilename = NULL;
+/* Special handling for command line parameters on Windows is needed */
+static int real_main(int argc, char** argv);
 
-#if defined(XMLSEC_WINDOWS) && defined(UNICODE)
-int wmain(int argc, wchar_t *argv[]) {
-#else /* defined(XMLSEC_WINDOWS) && defined(UNICODE) */
-int main(int argc, const char **argv) {
-#endif /* defined(XMLSEC_WINDOWS) && defined(UNICODE) */
 #if defined(XMLSEC_WINDOWS)
+
+#if defined(UNICODE) && defined(__MINGW32__)
+int wmain(int argc, wchar_t* argv[]);
+#endif /*defined(UNICODE) && defined(__MINGW32__) */
+
+#if defined(UNICODE)
+int wmain(int argc, wchar_t* argv[]) {
+#else /* defined(UNICODE) */
+int main(int argc, char** argv) {
+#endif /* defined(UNICODE) */
+    char** utf8_argv = NULL;
     size_t utf8_argv_size;
     int ii;
-#endif /* defined(XMLSEC_WINDOWS) */
-    const char** utf8_argv = NULL; /* TODO: this should be xmlChar** but it will break things downstream */
-    xmlSecAppCmdLineParamTopic cmdLineTopics;
-    xmlSecAppCommand command, subCommand;
-    int pos;
     int res = 1;
-    int ret;
 
-#if defined(XMLSEC_WINDOWS)
     /* convert command line to UTF8 from locale or UNICODE */
     utf8_argv_size = sizeof(char*) * (size_t)argc;
-    utf8_argv = (const char**)xmlMalloc(utf8_argv_size);
-    if(utf8_argv == NULL) {
+    utf8_argv = (char**)xmlMalloc(utf8_argv_size);
+    if (utf8_argv == NULL) {
         fprintf(stderr, "Error: can not allocate memory (" XMLSEC_SIZE_T_FMT " bytes)\n",
             utf8_argv_size);
-        goto done;
+            return(1);
     }
-    memset((char**)utf8_argv, 0, utf8_argv_size);
-    for(ii = 0; ii < argc; ++ii) {
-        utf8_argv[ii] = (const char*)xmlSecWin32ConvertTstrToUtf8(argv[ii]);
-        if(utf8_argv[ii] == NULL) {
+    memset(utf8_argv, 0, utf8_argv_size);
+    for (ii = 0; ii < argc; ++ii) {
+        utf8_argv[ii] = (char*)xmlSecWin32ConvertTstrToUtf8(argv[ii]);
+        if (utf8_argv[ii] == NULL) {
             fprintf(stderr, "Error: can not convert command line parameter at position %d to UTF8\n", ii);
-            goto done;
+            return(1);
         }
     }
+
+    /* call real main function */
+    res = real_main(argc, utf8_argv);
+
+    /* cleanup */
+    if (utf8_argv != NULL) {
+        for (ii = 0; ii < argc; ++ii) {
+            if (utf8_argv[ii] != NULL) {
+                xmlFree(BAD_CAST utf8_argv[ii]);
+                utf8_argv[ii] = NULL;
+            }
+        }
+        xmlFree(BAD_CAST utf8_argv);
+        utf8_argv = NULL;
+    }
+
+    return(res);
+}
+
 #else /* defined(XMLSEC_WINDOWS) */
-    utf8_argv = argv;
+int main(int argc, char** argv) {
+    return(real_main(argc, argv));
+}
 #endif /* defined(XMLSEC_WINDOWS) */
 
+xmlSecKeysMngrPtr g_keysManager = NULL;
+int g_repeats = 1;
+int g_printDebug = 0;
+int g_printVerboseDebug = 0;
+int g_blockNetworkIO = 0;
+clock_t g_totalTime = 0;
+const char* g_xmlSecCryptoLibrary = NULL;
+const char* gOutputFilename = NULL;
+
+static int
+real_main(int argc, char** argv) {
+    xmlSecAppCmdLineParamTopic cmdLineTopics;
+    xmlSecAppCommand command, subCommand;
+    int pos;
+    int res = 1;
+    int ret;
+
     /* read the command (first argument) */
-    if(argc < 2) {
+    if((argv == NULL) || (argc < 2)) {
         fprintf(stderr, "Error: not enough arguments\n");
         xmlSecAppPrintUsage();
         goto done;
     }
-    command = xmlSecAppParseCommand(utf8_argv[1], &cmdLineTopics, &subCommand);
+    command = xmlSecAppParseCommand(argv[1], &cmdLineTopics, &subCommand);
     if(command == xmlSecAppCommandUnknown) {
-        fprintf(stderr, "Error: unknown command \"%s\"\n", utf8_argv[1]);
+        fprintf(stderr, "Error: unknown command \"%s\"\n", argv[1]);
         xmlSecAppPrintUsage();
         res = 0;
         goto done;
@@ -1256,7 +1283,7 @@ int main(int argc, const char **argv) {
     }
 
     /* parse command line */
-    pos = xmlSecAppCmdLineParamsListParse(parameters, cmdLineTopics, utf8_argv, argc, 2);
+    pos = xmlSecAppCmdLineParamsListParse(parameters, cmdLineTopics, argv, argc, 2);
     if(pos < 0) {
         fprintf(stderr, "Error: invalid parameters\n");
         xmlSecAppPrintUsage();
@@ -1287,7 +1314,7 @@ int main(int argc, const char **argv) {
     }
 
     /* actual processing: skip all the parameters we already parsed */
-    ret = xmlSecAppExecute(command, utf8_argv + pos, argc - pos);
+    ret = xmlSecAppExecute(command, argv + pos, argc - pos);
     if(ret < 0) {
         goto done;
     }
@@ -1298,18 +1325,6 @@ int main(int argc, const char **argv) {
 done:
 
     xmlSecAppCmdLineParamsListClean(parameters);
-#if defined(XMLSEC_WINDOWS)
-    if(utf8_argv != NULL) {
-        for(ii = 0; ii < argc; ++ii) {
-           if(utf8_argv[ii] != NULL) {
-               xmlFree(BAD_CAST utf8_argv[ii]);
-               utf8_argv[ii] = NULL;
-           }
-        }
-        xmlFree(BAD_CAST utf8_argv);
-        utf8_argv = NULL;
-    }
-#endif /* defined(XMLSEC_WINDOWS) */
 
 #if defined(_MSC_VER) && defined(_CRTDBG_MAP_ALLOC)
     _CrtSetReportMode(_CRT_WARN,    _CRTDBG_MODE_FILE);
@@ -1327,7 +1342,7 @@ int main(int argc, const char **argv) {
 
 
 static int
-xmlSecAppExecute(xmlSecAppCommand command, const char** utf8_argv, int argc) {
+xmlSecAppExecute(xmlSecAppCommand command, char** argv, int argc) {
     const char* tmp = NULL;
     int res = - 1;
     int ii;
@@ -1413,11 +1428,11 @@ xmlSecAppExecute(xmlSecAppCommand command, const char** utf8_argv, int argc) {
             break;
         case xmlSecAppCommandCheckKeyData:
             for(ii = 0; ii < argc; ++ii) {
-                if(xmlSecAppCheckKeyData(utf8_argv[ii]) < 0) {
-                    fprintf(stderr, "Error: key data \"%s\" not found\n", utf8_argv[ii]);
+                if(xmlSecAppCheckKeyData(argv[ii]) < 0) {
+                    fprintf(stderr, "Error: key data \"%s\" not found\n", argv[ii]);
                     goto done;
                 } else {
-                    fprintf(stdout, "Key data \"%s\" found\n", utf8_argv[ii]);
+                    fprintf(stdout, "Key data \"%s\" found\n", argv[ii]);
                 }
             }
             break;
@@ -1426,18 +1441,18 @@ xmlSecAppExecute(xmlSecAppCommand command, const char** utf8_argv, int argc) {
             break;
         case xmlSecAppCommandCheckTransforms:
             for(ii = 0; ii < argc; ++ii) {
-                if(xmlSecAppCheckTransform(utf8_argv[ii]) < 0) {
-                    fprintf(stderr, "Error: transform \"%s\" not found\n", utf8_argv[ii]);
+                if(xmlSecAppCheckTransform(argv[ii]) < 0) {
+                    fprintf(stderr, "Error: transform \"%s\" not found\n", argv[ii]);
                     goto done;
                 } else {
-                    fprintf(stdout, "Transforms \"%s\" found\n", utf8_argv[ii]);
+                    fprintf(stdout, "Transforms \"%s\" found\n", argv[ii]);
                 }
             }
             break;
         case xmlSecAppCommandKeys:
             for(ii = 0; ii < argc; ++ii) {
-                if(xmlSecAppCryptoSimpleKeysMngrSave(g_keysManager, utf8_argv[ii], xmlSecKeyDataTypeAny) < 0) {
-                    fprintf(stderr, "Error: failed to save keys to file \"%s\"\n", utf8_argv[ii]);
+                if(xmlSecAppCryptoSimpleKeysMngrSave(g_keysManager, argv[ii], xmlSecKeyDataTypeAny) < 0) {
+                    fprintf(stderr, "Error: failed to save keys to file \"%s\"\n", argv[ii]);
                     goto done;
                 }
             }
@@ -1445,16 +1460,16 @@ xmlSecAppExecute(xmlSecAppCommand command, const char** utf8_argv, int argc) {
 #ifndef XMLSEC_NO_XMLDSIG
         case xmlSecAppCommandSign:
             for(ii = 0; ii < argc; ++ii) {
-                if(xmlSecAppSignFile(utf8_argv[ii], gOutputFilename) < 0) {
-                    fprintf(stderr, "Error: failed to sign file \"%s\"\n", utf8_argv[ii]);
+                if(xmlSecAppSignFile(argv[ii], gOutputFilename) < 0) {
+                    fprintf(stderr, "Error: failed to sign file \"%s\"\n", argv[ii]);
                     goto done;
                 }
             }
             break;
         case xmlSecAppCommandVerify:
             for(ii = 0; ii < argc; ++ii) {
-                if(xmlSecAppVerifyFile(utf8_argv[ii]) < 0) {
-                    fprintf(stderr, "Error: failed to verify file \"%s\"\n", utf8_argv[ii]);
+                if(xmlSecAppVerifyFile(argv[ii]) < 0) {
+                    fprintf(stderr, "Error: failed to verify file \"%s\"\n", argv[ii]);
                     goto done;
                 }
             }
@@ -1472,16 +1487,16 @@ xmlSecAppExecute(xmlSecAppCommand command, const char** utf8_argv, int argc) {
 #ifndef XMLSEC_NO_XMLENC
         case xmlSecAppCommandEncrypt:
             for(ii = 0; ii < argc; ++ii) {
-                if(xmlSecAppEncryptFile(utf8_argv[ii], gOutputFilename) < 0) {
-                    fprintf(stderr, "Error: failed to encrypt file with template \"%s\"\n", utf8_argv[ii]);
+                if(xmlSecAppEncryptFile(argv[ii], gOutputFilename) < 0) {
+                    fprintf(stderr, "Error: failed to encrypt file with template \"%s\"\n", argv[ii]);
                     goto done;
                 }
             }
             break;
         case xmlSecAppCommandDecrypt:
             for(ii = 0; ii < argc; ++ii) {
-                if(xmlSecAppDecryptFile(utf8_argv[ii], gOutputFilename) < 0) {
-                    fprintf(stderr, "Error: failed to decrypt file \"%s\"\n", utf8_argv[ii]);
+                if(xmlSecAppDecryptFile(argv[ii], gOutputFilename) < 0) {
+                    fprintf(stderr, "Error: failed to decrypt file \"%s\"\n", argv[ii]);
                     goto done;
                 }
             }
diff --git a/config.h.in b/config.h.in
old mode 100644
new mode 100755
diff --git a/examples/decrypt1.c b/examples/decrypt1.c
index 317992cbe..a25dd8b0b 100644
--- a/examples/decrypt1.c
+++ b/examples/decrypt1.c
@@ -34,10 +34,13 @@
 #include <xmlsec/xmlenc.h>
 #include <xmlsec/crypto.h>
 
-int decrypt_file(const char* enc_file, char* key_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static int decrypt_file(const char* enc_file, char* key_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -142,7 +145,7 @@ main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 decrypt_file(const char* enc_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
diff --git a/examples/decrypt2.c b/examples/decrypt2.c
index 5eab1aa35..910f11379 100644
--- a/examples/decrypt2.c
+++ b/examples/decrypt2.c
@@ -35,11 +35,14 @@
 #include <xmlsec/xmlenc.h>
 #include <xmlsec/crypto.h>
 
-xmlSecKeysMngrPtr load_des_keys(char** files, int files_size);
-int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static xmlSecKeysMngrPtr load_des_keys(char** files, int files_size);
+static int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+
+static int
+real_main(int argc, char** argv) {
     xmlSecKeysMngrPtr mngr;
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
@@ -158,7 +161,7 @@ main(int argc, char **argv) {
  * Returns the pointer to newly created keys manager or NULL if an error
  * occurs.
  */
-xmlSecKeysMngrPtr
+static xmlSecKeysMngrPtr
 load_des_keys(char** files, int files_size) {
     xmlSecKeysMngrPtr mngr;
     xmlSecKeyPtr key;
@@ -225,7 +228,7 @@ load_des_keys(char** files, int files_size) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
diff --git a/examples/decrypt3.c b/examples/decrypt3.c
index ba1e1a0c1..f7a3bcb8d 100644
--- a/examples/decrypt3.c
+++ b/examples/decrypt3.c
@@ -37,12 +37,15 @@
 #include <xmlsec/xmlenc.h>
 #include <xmlsec/crypto.h>
 
-xmlSecKeyStoreId  files_keys_store_get_klass(void);
-xmlSecKeysMngrPtr create_files_keys_mngr(char* keys_folder);
-int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static xmlSecKeyStoreId  files_keys_store_get_klass(void);
+static xmlSecKeysMngrPtr create_files_keys_mngr(char* keys_folder);
+static int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+
+static int
+real_main(int argc, char** argv) {
     xmlSecKeysMngrPtr mngr;
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
@@ -158,7 +161,7 @@ main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
@@ -234,7 +237,7 @@ decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
  *
  * Returns pointer to newly created keys manager or NULL if an error occurs.
  */
-xmlSecKeysMngrPtr
+static xmlSecKeysMngrPtr
 create_files_keys_mngr(char* keys_folder) {
     xmlSecKeyStorePtr keysStore;
     xmlSecKeysMngrPtr mngr;
@@ -309,7 +312,7 @@ static xmlSecKeyStoreKlass files_keys_store_klass = {
  *
  * Returns files based keys store klass.
  */
-xmlSecKeyStoreId
+static xmlSecKeyStoreId
 files_keys_store_get_klass(void) {
     return(&files_keys_store_klass);
 }
diff --git a/examples/encrypt1.c b/examples/encrypt1.c
index 9eaa5d011..8520a436a 100644
--- a/examples/encrypt1.c
+++ b/examples/encrypt1.c
@@ -36,10 +36,14 @@
 #include <xmlsec/xmlenc.h>
 #include <xmlsec/crypto.h>
 
-int encrypt_file(const char* tmpl_file, char* key_file,
-                 const unsigned char* data, size_t dataSize);
-int
-main(int argc, char **argv) {
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
+
+static int encrypt_file(const char* tmpl_file, char* key_file,
+    const unsigned char* data, size_t dataSize);
+
+static int
+real_main(int argc, char** argv) {
     static const char secret_data[] = "Big secret";
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
@@ -147,7 +151,7 @@ main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 encrypt_file(const char* tmpl_file, char* key_file,
              const unsigned char* data, size_t dataSize) {
     xmlDocPtr doc = NULL;
diff --git a/examples/encrypt2.c b/examples/encrypt2.c
index 8cfab38ce..45151b712 100644
--- a/examples/encrypt2.c
+++ b/examples/encrypt2.c
@@ -38,10 +38,14 @@
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
-int encrypt_file(const char* xml_file, char* key_file);
 
-int
-main(int argc, char **argv) {
+/* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
+
+static int encrypt_file(const char* xml_file, char* key_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
diff --git a/examples/encrypt3.c b/examples/encrypt3.c
index 63c4c704d..ad6987ec5 100644
--- a/examples/encrypt3.c
+++ b/examples/encrypt3.c
@@ -38,11 +38,14 @@
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
-xmlSecKeysMngrPtr load_rsa_keys(char* key_file);
-int encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static xmlSecKeysMngrPtr load_rsa_keys(char* key_file);
+static int encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name);
+
+static int
+real_main(int argc, char** argv) {
     xmlSecKeysMngrPtr mngr;
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
@@ -160,7 +163,7 @@ main(int argc, char **argv) {
  * Returns the pointer to newly created keys manager or NULL if an error
  * occurs.
  */
-xmlSecKeysMngrPtr
+static xmlSecKeysMngrPtr
 load_rsa_keys(char* key_file) {
     xmlSecKeysMngrPtr mngr;
     xmlSecKeyPtr key;
@@ -222,7 +225,7 @@ load_rsa_keys(char* key_file) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name) {
     xmlDocPtr doc = NULL;
     xmlNodePtr encDataNode = NULL;
diff --git a/examples/sign1.c b/examples/sign1.c
index cbe43fabd..278d00f22 100644
--- a/examples/sign1.c
+++ b/examples/sign1.c
@@ -36,10 +36,13 @@
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/crypto.h>
 
-int sign_file(const char* tmpl_file, char* key_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static int sign_file(const char* tmpl_file, char* key_file);
+
+static int
+real_main(int argc, char **argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -143,7 +146,7 @@ main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 sign_file(const char* tmpl_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
diff --git a/examples/sign2.c b/examples/sign2.c
index 06e5c105f..fb8fb090e 100644
--- a/examples/sign2.c
+++ b/examples/sign2.c
@@ -39,10 +39,13 @@
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
-int sign_file(const char* xml_file, char* key_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static int sign_file(const char* xml_file, char* key_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -147,7 +150,7 @@ main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 sign_file(const char* xml_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr signNode = NULL;
diff --git a/examples/sign3.c b/examples/sign3.c
index 6ea568226..7963651b4 100644
--- a/examples/sign3.c
+++ b/examples/sign3.c
@@ -43,10 +43,13 @@
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
-int sign_file(const char* xml_file, char* key_file, const char* cert_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static int sign_file(const char* xml_file, char* key_file, const char* cert_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -153,7 +156,7 @@ main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 sign_file(const char* xml_file, char* key_file, const char* cert_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr signNode = NULL;
diff --git a/examples/verify1.c b/examples/verify1.c
index a4eae4353..c0ecd5b32 100644
--- a/examples/verify1.c
+++ b/examples/verify1.c
@@ -34,10 +34,13 @@
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/crypto.h>
 
-int verify_file(const char* xml_file, char* key_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static int verify_file(const char* xml_file, char* key_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -141,7 +144,7 @@ main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 verify_file(const char* xml_file, char* key_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
diff --git a/examples/verify2.c b/examples/verify2.c
index aadca61a2..f2c636422 100644
--- a/examples/verify2.c
+++ b/examples/verify2.c
@@ -35,11 +35,14 @@
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/crypto.h>
 
-xmlSecKeysMngrPtr load_keys(char** files, int files_size);
-int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static xmlSecKeysMngrPtr load_keys(char** files, int files_size);
+static int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -159,7 +162,7 @@ main(int argc, char **argv) {
  * Returns the pointer to newly created keys manager or NULL if an error
  * occurs.
  */
-xmlSecKeysMngrPtr
+static xmlSecKeysMngrPtr
 load_keys(char** files, int files_size) {
     xmlSecKeysMngrPtr mngr;
     xmlSecKeyPtr key;
@@ -225,7 +228,7 @@ load_keys(char** files, int files_size) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
diff --git a/examples/verify3.c b/examples/verify3.c
index bc09e1a9a..97a996e04 100644
--- a/examples/verify3.c
+++ b/examples/verify3.c
@@ -35,11 +35,14 @@
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/crypto.h>
 
-xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
-int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
+static int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -158,7 +161,7 @@ main(int argc, char **argv) {
  * Returns the pointer to newly created keys manager or NULL if an error
  * occurs.
  */
-xmlSecKeysMngrPtr
+static xmlSecKeysMngrPtr
 load_trusted_certs(char** files, int files_size) {
     xmlSecKeysMngrPtr mngr;
     int i;
@@ -204,7 +207,7 @@ load_trusted_certs(char** files, int files_size) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
diff --git a/examples/verify4.c b/examples/verify4.c
index 4dfb2defe..21aa0f701 100644
--- a/examples/verify4.c
+++ b/examples/verify4.c
@@ -43,11 +43,14 @@
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/crypto.h>
 
-xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
-int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+ /* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
 
-int
-main(int argc, char **argv) {
+static xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
+static int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+static int
+real_main(int argc, char** argv) {
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
 #endif /* XMLSEC_NO_XSLT */
@@ -166,7 +169,7 @@ main(int argc, char **argv) {
  * Returns the pointer to newly created keys manager or NULL if an error
  * occurs.
  */
-xmlSecKeysMngrPtr
+static xmlSecKeysMngrPtr
 load_trusted_certs(char** files, int files_size) {
     xmlSecKeysMngrPtr mngr;
     int i;
@@ -212,7 +215,7 @@ load_trusted_certs(char** files, int files_size) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
     xmlDocPtr doc = NULL;
     xmlNodePtr node = NULL;
diff --git a/examples/win_main.c b/examples/win_main.c
new file mode 100644
index 000000000..57d4683a3
--- /dev/null
+++ b/examples/win_main.c
@@ -0,0 +1,69 @@
+
+/**
+ * XML Security Library example: Special handling for main() and wmain() on Windows.
+ * 
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2022 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
+ */
+
+/* The real main function */
+static int real_main(int argc, char** argv);
+
+#if defined(XMLSEC_WINDOWS)
+
+#if defined(UNICODE) && defined(__MINGW32__)
+int wmain(int argc, wchar_t* argv[]);
+#endif /*defined(UNICODE) && defined(__MINGW32__) */
+
+#if defined(UNICODE)
+int wmain(int argc, wchar_t* argv[]) {
+#else /* defined(UNICODE) */
+int main(int argc, char** argv) {
+#endif /* defined(UNICODE) */
+    char** utf8_argv = NULL;
+    size_t utf8_argv_size;
+    int ii;
+    int res = 1;
+
+    /* convert command line to UTF8 from locale or UNICODE */
+    utf8_argv_size = sizeof(char*) * (size_t)argc;
+    utf8_argv = (char**)xmlMalloc(utf8_argv_size);
+    if (utf8_argv == NULL) {
+        fprintf(stderr, "Error: can not allocate memory (" XMLSEC_SIZE_T_FMT " bytes)\n",
+            utf8_argv_size);
+        return(1);
+    }
+    memset(utf8_argv, 0, utf8_argv_size);
+    for (ii = 0; ii < argc; ++ii) {
+        utf8_argv[ii] = (char*)xmlSecWin32ConvertTstrToUtf8(argv[ii]);
+        if (utf8_argv[ii] == NULL) {
+            fprintf(stderr, "Error: can not convert command line parameter at position %d to UTF8\n", ii);
+            return(1);
+        }
+    }
+
+    /* call real main function */
+    res = real_main(argc, utf8_argv);
+
+    /* cleanup */
+    if (utf8_argv != NULL) {
+        for (ii = 0; ii < argc; ++ii) {
+            if (utf8_argv[ii] != NULL) {
+                xmlFree(BAD_CAST utf8_argv[ii]);
+                utf8_argv[ii] = NULL;
+            }
+        }
+        xmlFree(BAD_CAST utf8_argv);
+        utf8_argv = NULL;
+    }
+
+    return(res);
+}
+
+#else /* defined(XMLSEC_WINDOWS) */
+int main(int argc, char** argv) {
+    return(real_main(argc, argv));
+}
+#endif /* defined(XMLSEC_WINDOWS) */
diff --git a/examples/xmldsigverify.c b/examples/xmldsigverify.c
index 593f2a484..e7a6001fd 100644
--- a/examples/xmldsigverify.c
+++ b/examples/xmldsigverify.c
@@ -26,17 +26,22 @@
 #include <xmlsec/crypto.h>
 
 #include <xmlsec/parser.h>
-/* #define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER   "/etc/httpd/conf/ssl.crt" */
+
+/* Special handling for command line parameters on Windows is needed */
+#include "win_main.c"
+
+ /* #define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER   "/etc/httpd/conf/ssl.crt" */
 #define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER      "/var/www/cgi-bin/keys-certs.def"
 #define XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER              "/var/www/cgi-bin/keys-certs"
 
 
-int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys);
-int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_certs);
-int verify_request(xmlSecKeysMngrPtr mngr);
-unsigned int url_decode(char *buf, unsigned int size);
+static int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys);
+static int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_certs);
+static int verify_request(xmlSecKeysMngrPtr mngr);
+static unsigned int url_decode(char *buf, unsigned int size);
 
-int main(int argc, char **argv) {
+static int
+real_main(int argc, char** argv) {
     xmlSecKeysMngrPtr mngr;
 #ifndef XMLSEC_NO_XSLT
     xsltSecurityPrefsPtr xsltSecPrefs = NULL;
@@ -169,7 +174,8 @@ int main(int argc, char **argv) {
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_certs) {
+static int
+load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_certs) {
     DIR* dir;
     struct dirent* entry;
     char filename[2048];
@@ -212,7 +218,8 @@ int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_load
     return(0);
 }
 
-int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys) {
+static int
+load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys) {
     char filename[256];
 
     assert(mngr);
@@ -238,7 +245,7 @@ int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys)
  *
  * Returns 0 on success or a negative value if an error occurs.
  */
-int
+static int
 verify_request(xmlSecKeysMngrPtr mngr) {
     xmlBufferPtr buffer = NULL;
     xmlSecByte buf[256];
@@ -360,7 +367,8 @@ verify_request(xmlSecKeysMngrPtr mngr) {
  * Returns length of the decoded result on success or
  * a negative value if an error occurs.
  */
-unsigned int url_decode(char *buf, unsigned int size) {
+static unsigned int
+url_decode(char *buf, unsigned int size) {
     unsigned int ii, jj;
     char ch;
 
diff --git a/scripts/check-return.pl b/scripts/check-return.pl
old mode 100644
new mode 100755

From 77dfe92e9ddd1eb0613770c7d13e1b676ef932b8 Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@aleksey.com>
Date: Wed, 1 Nov 2023 15:34:32 -0400
Subject: [PATCH 7/7] Fix windows main issue

---
 config.h.in | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 config.h.in

diff --git a/config.h.in b/config.h.in
old mode 100755
new mode 100644