Fix free errors in ocsp utility.
[openssl.git] / apps / ocsp.c
index 16aa23b..64c3182 100644 (file)
@@ -105,17 +105,17 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
                              long maxage);
 
 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
-                       X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+                       X509 *ca, X509 *rcert, EVP_PKEY *rkey, const EVP_MD *md,
                        STACK_OF(X509) *rother, unsigned long flags,
                        int nmin, int ndays, int badsig);
 
 static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static BIO *init_responder(const char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, const char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-                               STACK_OF(CONF_VALUE) *headers,
-                               OCSP_REQUEST *req, int req_timeout);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path,
+                                     const STACK_OF(CONF_VALUE) *headers,
+                                     OCSP_REQUEST *req, int req_timeout);
 
 #undef PROG
 #define PROG ocsp_main
@@ -127,6 +127,7 @@ int MAIN(int argc, char **argv)
        ENGINE *e = NULL;
        char **args;
        char *host = NULL, *port = NULL, *path = "/";
+       char *thost = NULL, *tport = NULL, *tpath = NULL;
        char *reqin = NULL, *respin = NULL;
        char *reqout = NULL, *respout = NULL;
        char *signfile = NULL, *keyfile = NULL;
@@ -148,6 +149,7 @@ int MAIN(int argc, char **argv)
        long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
        char *CAfile = NULL, *CApath = NULL;
        X509_STORE *store = NULL;
+       X509_VERIFY_PARAM *vpm = NULL;
        STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
        char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
        unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
@@ -165,7 +167,7 @@ int MAIN(int argc, char **argv)
        char *rca_filename = NULL;
        CA_DB *rdb = NULL;
        int nmin = 0, ndays = -1;
-       const EVP_MD *cert_id_md = NULL;
+       const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
 
        if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
@@ -205,6 +207,12 @@ int MAIN(int argc, char **argv)
                        }
                else if (!strcmp(*args, "-url"))
                        {
+                       if (thost)
+                               OPENSSL_free(thost);
+                       if (tport)
+                               OPENSSL_free(tport);
+                       if (tpath)
+                               OPENSSL_free(tpath);
                        if (args[1])
                                {
                                args++;
@@ -213,6 +221,9 @@ int MAIN(int argc, char **argv)
                                        BIO_printf(bio_err, "Error parsing URL\n");
                                        badarg = 1;
                                        }
+                               thost = host;
+                               tport = port;
+                               tpath = path;
                                }
                        else badarg = 1;
                        }
@@ -356,6 +367,12 @@ int MAIN(int argc, char **argv)
                                }
                        else badarg = 1;
                        }
+               else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+                       {
+                       if (badarg)
+                               goto end;
+                       continue;
+                       }
                else if (!strcmp (*args, "-validity_period"))
                        {
                        if (args[1])
@@ -561,6 +578,17 @@ int MAIN(int argc, char **argv)
                                }
                        else badarg = 1;
                        }
+               else if (!strcmp(*args, "-rmd"))
+                       {
+                       if (args[1])
+                               {
+                               args++;
+                               rsign_md = EVP_get_digestbyname(*args);
+                               if (!rsign_md)
+                                       badarg = 1;
+                               }
+                       else badarg = 1;
+                       }
                else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
                        {
                        badarg = 1;
@@ -620,7 +648,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-ndays n           number of days before next update\n");
                BIO_printf (bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
                BIO_printf (bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
-               BIO_printf (bio_err, "-<dgst alg>     use specified digest in the request");
+               BIO_printf (bio_err, "-<dgst alg>     use specified digest in the request\n");
                goto end;
                }
 
@@ -637,7 +665,10 @@ int MAIN(int argc, char **argv)
 
        if (!req && reqin)
                {
-               derbio = BIO_new_file(reqin, "rb");
+               if (!strcmp(reqin, "-"))
+                       derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+               else
+                       derbio = BIO_new_file(reqin, "rb");
                if (!derbio)
                        {
                        BIO_printf(bio_err, "Error Opening OCSP request file\n");
@@ -739,7 +770,10 @@ int MAIN(int argc, char **argv)
 
        if (reqout)
                {
-               derbio = BIO_new_file(reqout, "wb");
+               if (!strcmp(reqout, "-"))
+                       derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
+               else
+                       derbio = BIO_new_file(reqout, "wb");
                if(!derbio)
                        {
                        BIO_printf(bio_err, "Error opening file %s\n", reqout);
@@ -764,7 +798,7 @@ int MAIN(int argc, char **argv)
 
        if (rdb)
                {
-               i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays, badsig);
+               i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,rsign_md, rother, rflags, nmin, ndays, badsig);
                if (cbio)
                        send_ocsp_response(cbio, resp);
                }
@@ -782,7 +816,10 @@ int MAIN(int argc, char **argv)
                }
        else if (respin)
                {
-               derbio = BIO_new_file(respin, "rb");
+               if (!strcmp(respin, "-"))
+                       derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+               else
+                       derbio = BIO_new_file(respin, "rb");
                if (!derbio)
                        {
                        BIO_printf(bio_err, "Error Opening OCSP response file\n");
@@ -807,7 +844,10 @@ int MAIN(int argc, char **argv)
 
        if (respout)
                {
-               derbio = BIO_new_file(respout, "wb");
+               if (!strcmp(respout, "-"))
+                       derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
+               else
+                       derbio = BIO_new_file(respout, "wb");
                if(!derbio)
                        {
                        BIO_printf(bio_err, "Error opening file %s\n", respout);
@@ -847,6 +887,12 @@ int MAIN(int argc, char **argv)
                        resp = NULL;
                        goto redo_accept;
                        }
+               ret = 0;
+               goto end;
+               }
+       else if (ridx_filename)
+               {
+               ret = 0;
                goto end;
                }
 
@@ -854,6 +900,8 @@ int MAIN(int argc, char **argv)
                store = setup_verify(bio_err, CAfile, CApath);
        if (!store)
                goto end;
+       if (vpm)
+               X509_STORE_set1_param(store, vpm);
        if (verify_certfile)
                {
                verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
@@ -904,6 +952,8 @@ end:
        ERR_print_errors(bio_err);
        X509_free(signer);
        X509_STORE_free(store);
+       if (vpm)
+               X509_VERIFY_PARAM_free(vpm);
        EVP_PKEY_free(key);
        EVP_PKEY_free(rkey);
        X509_free(issuer);
@@ -923,12 +973,12 @@ end:
        sk_X509_pop_free(verify_other, X509_free);
        sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
 
-       if (use_ssl != -1)
-               {
-               OPENSSL_free(host);
-               OPENSSL_free(port);
-               OPENSSL_free(path);
-               }
+       if (thost)
+               OPENSSL_free(thost);
+       if (tport)
+               OPENSSL_free(tport);
+       if (tpath)
+               OPENSSL_free(tpath);
 
        OPENSSL_EXIT(ret);
 }
@@ -1054,7 +1104,8 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 
 
 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
-                       X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+                       X509 *ca, X509 *rcert,
+                       EVP_PKEY *rkey, const EVP_MD *rmd,
                        STACK_OF(X509) *rother, unsigned long flags,
                        int nmin, int ndays, int badsig)
        {
@@ -1145,7 +1196,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
 
        OCSP_copy_nonce(bs, req);
        
-       OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
+       OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags);
 
        if (badsig)
                bs->signature->data[bs->signature->length -1] ^= 0x1;
@@ -1182,7 +1233,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 
 /* Quick and dirty OCSP server: read in and parse input request */
 
-static BIO *init_responder(char *port)
+static BIO *init_responder(const char *port)
        {
        BIO *acbio = NULL, *bufbio = NULL;
        bufbio = BIO_new(BIO_f_buffer());
@@ -1213,7 +1264,8 @@ static BIO *init_responder(char *port)
        return NULL;
        }
 
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+                       const char *port)
        {
        int have_post = 0, len;
        OCSP_REQUEST *req = NULL;
@@ -1279,9 +1331,9 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
        return 1;
        }
 
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-                               STACK_OF(CONF_VALUE) *headers,
-                               OCSP_REQUEST *req, int req_timeout)
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path,
+                                     const STACK_OF(CONF_VALUE) *headers,
+                                     OCSP_REQUEST *req, int req_timeout)
        {
        int fd;
        int rv;
@@ -1377,9 +1429,10 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
        }
 
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-                       char *host, char *path, char *port, int use_ssl,
-                       STACK_OF(CONF_VALUE) *headers,
-                       int req_timeout)
+                                const char *host, const char *path,
+                                const char *port, int use_ssl,
+                                const STACK_OF(CONF_VALUE) *headers,
+                                int req_timeout)
        {
        BIO *cbio = NULL;
        SSL_CTX *ctx = NULL;