Add new -notext option to 'ca', -pubkey option to spkac.

Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.

7 files changed, 40 insertions, 34 deletions

diff --git a/apps/ca.c b/apps/ca.c
index ff11c2a05a..55a7ff7816 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -200,7 +200,7 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 char *enddate, int days, char *ext_sect,LHASH *conf,
 				int verbose);
 static int fix_data(int nid, int *type);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
 	char *startdate, char *enddate, int days, int batch, int verbose,
@@ -247,6 +247,7 @@ int MAIN(int argc, char **argv)
 	char *enddate=NULL;
 	int days=0;
 	int batch=0;
+	int notext=0;
 	X509 *x509=NULL;
 	X509 *x=NULL;
 	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
@@ -357,6 +358,8 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			outdir= *(++argv);
 			}
+		else if (strcmp(*argv,"-notext") == 0)
+			notext=1;
 		else if (strcmp(*argv,"-batch") == 0)
 			batch=1;
 		else if (strcmp(*argv,"-preserveDN") == 0)
@@ -984,8 +987,8 @@ bad:
 				perror(buf[2]);
 				goto err;
 				}
-			write_new_certificate(Cout,x, 0);
-			write_new_certificate(Sout,x, output_der);
+			write_new_certificate(Cout,x, 0, notext);
+			write_new_certificate(Sout,x, output_der, notext);
 			}
 
 		if (sk_num(cert_sk))
@@ -1893,17 +1896,16 @@ err:
 	return(ok);
 	}
 
-static void write_new_certificate(BIO *bp, X509 *x, int output_der)
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 	{
-	char *f;
-	char buf[256];
 
 	if (output_der)
 		{
 		(void)i2d_X509_bio(bp,x);
 		return;
 		}
-
+#if 0
+	/* ??? Not needed since X509_print prints all this stuff anyway */
 	f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
 	BIO_printf(bp,"issuer :%s\n",f);
 
@@ -1913,10 +1915,9 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
 	BIO_puts(bp,"serial :");
 	i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
 	BIO_puts(bp,"\n\n");
-	X509_print(bp,x);
-	BIO_puts(bp,"\n");
+#endif
+	if(!notext)X509_print(bp,x);
 	PEM_write_bio_X509(bp,x);
-	BIO_puts(bp,"\n");
 	}
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 7d4a12f562..47d92cc10d 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -84,7 +84,7 @@
  * -genkey
  */
 
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
 int MAIN(int argc, char **argv)
 	{
 	DSA *dsa=NULL;
@@ -225,8 +225,7 @@ bad:
 		assert(need_rand);
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
-			dsa_cb,(char *)bio_err);
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
@@ -350,7 +349,7 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -358,8 +357,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write((BIO *)arg,&c,1);
-	(void)BIO_flush((BIO *)arg);
+	BIO_write(arg,&c,1);
+	(void)BIO_flush(arg);
 #ifdef LINT
 	p=n;
 #endif
diff --git a/apps/rsa.c b/apps/rsa.c
index e5726938a9..2df3fe374c 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -271,7 +271,7 @@ bad:
 				}
 			}
 		p=(unsigned char *)buf->data;
-		rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
+		rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
 		BUF_MEM_free(buf);
 		}
 #endif
diff --git a/apps/s_client.c b/apps/s_client.c
index c9b52e6a99..0e158121c8 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -376,7 +376,7 @@ bad:
 		}
 
 
-	con=(SSL *)SSL_new(ctx);
+	con=SSL_new(ctx);
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:
diff --git a/apps/s_server.c b/apps/s_server.c
index ac86a8ab4d..87abdfad89 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -782,7 +782,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #endif
 
 	if (con == NULL) {
-		con=(SSL *)SSL_new(ctx);
+		con=SSL_new(ctx);
 		if(context)
 		      SSL_set_session_id_context(con, context,
 						 strlen((char *)context));
@@ -1150,7 +1150,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 	/* lets make the output buffer a reasonable size */
 	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
-	if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+	if ((con=SSL_new(ctx)) == NULL) goto err;
 	if(context) SSL_set_session_id_context(con, context,
 					       strlen((char *)context));
 
diff --git a/apps/s_time.c b/apps/s_time.c
index 1653195b3f..c17ede4f41 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -632,7 +632,7 @@ static SSL *doConnection(SSL *scon)
 	BIO_set_conn_hostname(conn,host);
 
 	if (scon == NULL)
-		serverCon=(SSL *)SSL_new(tm_ctx);
+		serverCon=SSL_new(tm_ctx);
 	else
 		{
 		serverCon=scon;
diff --git a/apps/spkac.c b/apps/spkac.c
index f25f4ce9a2..34b0026e01 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -79,11 +79,11 @@ int MAIN(int argc, char **argv)
 	{
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
-	int verify=0,noout=0;
+	int verify=0,noout=0,pubkey=0;
 	char *infile = NULL,*outfile = NULL,*prog;
 	char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
 	char *challenge = NULL, *keyfile = NULL;
-	LHASH *conf;
+	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
 
@@ -128,6 +128,8 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
+		else if (strcmp(*argv,"-pubkey") == 0)
+			pubkey=1;
 		else if (strcmp(*argv,"-verify") == 0)
 			verify=1;
 		else badops = 1;
@@ -138,13 +140,16 @@ int MAIN(int argc, char **argv)
 	if (badops)
 		{
 bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+		BIO_printf(bio_err,"%s [options]\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -spkac arg    alternative SPKAC name\n");
-		BIO_printf(bio_err," -noout        don't print SPKAC\n");
-		BIO_printf(bio_err," -verify       verify SPKAC signature\n");
+		BIO_printf(bio_err," -in arg        input file\n");
+		BIO_printf(bio_err," -out arg       output file\n");
+		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");
+		BIO_printf(bio_err," -challenge arg challenge string\n");
+		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");
+		BIO_printf(bio_err," -noout         don't print SPKAC\n");
+		BIO_printf(bio_err," -pubkey        output public key\n");
+		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
 		goto end;
 		}
 
@@ -180,6 +185,7 @@ bad:
 			goto end;
 		}
 		BIO_printf(out, "SPKAC=%s\n", spkstr);
+		Free(spkstr);
 		ret = 0;
 		goto end;
 	}
@@ -212,6 +218,7 @@ bad:
 	}
 
 	spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+	
 	if(!spki) {
 		BIO_printf(bio_err, "Error loading SPKAC\n");
 		ERR_print_errors(bio_err);
@@ -228,11 +235,9 @@ bad:
 	}
 
 	if(!noout) NETSCAPE_SPKI_print(out, spki);
+	pkey = NETSCAPE_SPKI_get_pubkey(spki);
 	if(verify) {
-		EVP_PKEY *pktmp;
-		pktmp = NETSCAPE_SPKI_get_pubkey(spki);
-		i = NETSCAPE_SPKI_verify(spki, pktmp);
-		EVP_PKEY_free(pktmp);
+		i = NETSCAPE_SPKI_verify(spki, pkey);
 		if(i) BIO_printf(bio_err, "Signature OK\n");
 		else {
 			BIO_printf(bio_err, "Signature Failure\n");
@@ -240,15 +245,16 @@ bad:
 			goto end;
 		}
 	}
+	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
 
 	ret = 0;
 
 end:
+	CONF_free(conf);
 	NETSCAPE_SPKI_free(spki);
 	BIO_free(in);
 	BIO_free(out);
 	BIO_free(key);
 	EVP_PKEY_free(pkey);
-	if(spkstr) Free(spkstr);
 	EXIT(ret);
 	}