Chunk 10 of CMP contribution to OpenSSL: CMP http client and related tests

    Also improve the generic HTTP client w.r.t. proxy and no_proxy options.

    Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
    Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
    Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
    Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11404)

4 files changed, 13 insertions, 10 deletions

diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h
index 21d16cc94d..536f26b3c8 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h
@@ -277,8 +277,8 @@ int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
 int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name);
 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
 #  define OSSL_CMP_DEFAULT_PORT 80
-int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name);
-int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port);
+int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
+int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
@@ -360,6 +360,10 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
 int OSSL_CMP_validate_cert_path(OSSL_CMP_CTX *ctx,
                                 X509_STORE *trusted_store, X509 *cert);
 
+/* from cmp_http.c */
+OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
+                                        const OSSL_CMP_MSG *req);
+
 /* from cmp_server.c */
 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
 OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
diff --git a/include/openssl/cmp_util.h b/include/openssl/cmp_util.h
index 831b65ec1c..2bfe2ec2a0 100644
--- a/include/openssl/cmp_util.h
+++ b/include/openssl/cmp_util.h
@@ -17,7 +17,6 @@
 
 #  include <openssl/macros.h>
 #  include <openssl/trace.h>
-#  include <openssl/x509.h>
 
 #  ifdef __cplusplus
 extern "C" {
diff --git a/include/openssl/http.h b/include/openssl/http.h
index 950acf1408..d618e5905b 100644
--- a/include/openssl/http.h
+++ b/include/openssl/http.h
@@ -25,14 +25,14 @@ extern "C" {
 
 typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail);
 
-BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port,
+BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                    BIO *bio, BIO *rbio,
                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
                    const STACK_OF(CONF_VALUE) *headers,
                    int maxline, unsigned long max_resp_len, int timeout,
                    const char *expected_content_type, int expect_asn1);
 ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
-                               const char *proxy, const char *proxy_port,
+                               const char *proxy, const char *no_proxy,
                                BIO *bio, BIO *rbio,
                                OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
                                const STACK_OF(CONF_VALUE) *headers,
@@ -41,7 +41,7 @@ ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
                                const ASN1_ITEM *it);
 ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
                                 const char *path, int use_ssl,
-                                const char *proxy, const char *proxy_port,
+                                const char *proxy, const char *no_proxy,
                                 BIO *bio, BIO *rbio,
                                 OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
                                 const STACK_OF(CONF_VALUE) *headers,
@@ -51,7 +51,7 @@ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
                                 int timeout, const char *expected_ct,
                                 const ASN1_ITEM *rsp_it);
 BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
-                        int use_ssl, const char *proxy, const char *proxy_port,
+                        int use_ssl, const char *proxy, const char *no_proxy,
                         BIO *bio, BIO *rbio,
                         OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
                         const STACK_OF(CONF_VALUE) *headers,
diff --git a/include/openssl/httperr.h b/include/openssl/httperr.h
index 36dd7cb067..cda4a34332 100644
--- a/include/openssl/httperr.h
+++ b/include/openssl/httperr.h
@@ -41,12 +41,12 @@ int ERR_load_HTTP_strings(void);
 # define HTTP_R_MISSING_ASN1_ENCODING                     110
 # define HTTP_R_MISSING_CONTENT_TYPE                      121
 # define HTTP_R_MISSING_REDIRECT_LOCATION                 111
+# define HTTP_R_RECEIVED_ERROR                            105
+# define HTTP_R_RECEIVED_WRONG_HTTP_VERSION               106
 # define HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP            112
 # define HTTP_R_REDIRECTION_NOT_ENABLED                   116
 # define HTTP_R_RESPONSE_LINE_TOO_LONG                    113
-# define HTTP_R_SERVER_RESPONSE_PARSE_ERROR               104
-# define HTTP_R_SERVER_SENT_ERROR                         105
-# define HTTP_R_SERVER_SENT_WRONG_HTTP_VERSION            106
+# define HTTP_R_RESPONSE_PARSE_ERROR                      104
 # define HTTP_R_STATUS_CODE_UNSUPPORTED                   114
 # define HTTP_R_TLS_NOT_ENABLED                           107
 # define HTTP_R_TOO_MANY_REDIRECTIONS                     115