From ab9d67efa4c2a4ee6787430a447de675cb78c8e2 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Sat, 12 Jun 2021 17:43:15 +0200
Subject: HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also
 in cmp.c

For this reason, export this function, which allows removing http_local.h

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15764)
---
 apps/cmp.c                       | 10 ++++------
 crypto/http/http_client.c        |  4 +---
 crypto/http/http_lib.c           |  9 +++------
 crypto/http/http_local.h         | 18 ------------------
 crypto/ocsp/ocsp_http.c          |  1 -
 doc/man3/OSSL_HTTP_parse_url.pod | 22 ++++++++++++++++++++++
 include/openssl/http.h           |  2 ++
 util/libcrypto.num               |  1 +
 8 files changed, 33 insertions(+), 34 deletions(-)
 delete mode 100644 crypto/http/http_local.h

diff --git a/apps/cmp.c b/apps/cmp.c
index dfd2981425..7c9256ccb5 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1765,8 +1765,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
     int portnum, ssl;
     char server_buf[200] = { '\0' };
     char proxy_buf[200] = { '\0' };
-    char *proxy_host = NULL;
-    char *proxy_port_str = NULL;
+    const char *proxy_host = NULL;
 
     if (opt_server == NULL) {
         CMP_err("missing -server option");
@@ -1795,8 +1794,9 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
                        opt_tls_used ? "s" : "", host, port,
                        *used_path == '/' ? used_path + 1 : used_path);
 
-    if (opt_proxy != NULL)
-        (void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", opt_proxy);
+    proxy_host = OSSL_HTTP_adapt_proxy(opt_proxy, opt_no_proxy, host, ssl);
+    if (proxy_host != NULL)
+        (void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", proxy_host);
 
     if (!transform_opts())
         goto err;
@@ -1902,8 +1902,6 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
     OPENSSL_free(host);
     OPENSSL_free(port);
     OPENSSL_free(path);
-    OPENSSL_free(proxy_host);
-    OPENSSL_free(proxy_port_str);
     return ret;
  oom:
     CMP_err("out of memory");
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 03c42ab38e..648b02255f 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -23,8 +23,6 @@
 #include "internal/sockets.h"
 #include "internal/cryptlib.h" /* for ossl_assert() */
 
-#include "http_local.h"
-
 #define HTTP_PREFIX "HTTP/"
 #define HTTP_VERSION_PATT "1." /* allow 1.x */
 #define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
@@ -897,7 +895,7 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
             port = NULL;
         if (port == NULL && strchr(server, ':') == NULL)
             port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
-        proxy = ossl_http_adapt_proxy(proxy, no_proxy, server, use_ssl);
+        proxy = OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl);
         if (proxy != NULL
             && !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */,
                                     &proxy_host, &proxy_port, NULL /* num */,
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 2aa0736ac5..bd9c096b98 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -15,8 +15,6 @@
 #include <openssl/err.h>
 #include "internal/cryptlib.h" /* for ossl_assert() */
 
-#include "http_local.h"
-
 static void init_pstring(char **pstr)
 {
     if (pstr != NULL) {
@@ -241,7 +239,7 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
 }
 
 /* Respect no_proxy, taking default value from environment variable(s) */
-int ossl_http_use_proxy(const char *no_proxy, const char *server)
+static int use_proxy(const char *no_proxy, const char *server)
 {
     size_t sl;
     const char *found = NULL;
@@ -269,7 +267,7 @@ int ossl_http_use_proxy(const char *no_proxy, const char *server)
 }
 
 /* Take default value from environment variable(s), respect no_proxy */
-const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
+const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl)
 {
     /*
@@ -282,8 +280,7 @@ const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
         proxy = getenv(use_ssl ? OPENSSL_HTTP_PROXY :
                        OPENSSL_HTTPS_PROXY);
 
-    if (proxy == NULL || *proxy == '\0'
-            || !ossl_http_use_proxy(no_proxy, server))
+    if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
         return NULL;
     return proxy;
 }
diff --git a/crypto/http/http_local.h b/crypto/http/http_local.h
deleted file mode 100644
index 16f7f7c8a5..0000000000
--- a/crypto/http/http_local.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright Siemens AG 2018-2020
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_CRYPTO_HTTP_LOCAL_H
-# define OSSL_CRYPTO_HTTP_LOCAL_H
-
-int ossl_http_use_proxy(const char *no_proxy, const char *server);
-const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
-                                  const char *server, int use_ssl);
-
-#endif /* !defined(OSSL_CRYPTO_HTTP_LOCAL_H) */
diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c
index f19047aa08..28166d3a17 100644
--- a/crypto/ocsp/ocsp_http.c
+++ b/crypto/ocsp/ocsp_http.c
@@ -9,7 +9,6 @@
 
 #include <openssl/ocsp.h>
 #include <openssl/http.h>
-#include "../http/http_local.h"
 
 #ifndef OPENSSL_NO_OCSP
 
diff --git a/doc/man3/OSSL_HTTP_parse_url.pod b/doc/man3/OSSL_HTTP_parse_url.pod
index 559ff1dd08..5c253414ac 100644
--- a/doc/man3/OSSL_HTTP_parse_url.pod
+++ b/doc/man3/OSSL_HTTP_parse_url.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+OSSL_HTTP_adapt_proxy,
 OSSL_parse_url,
 OSSL_HTTP_parse_url,
 OCSP_parse_url
@@ -11,6 +12,9 @@ OCSP_parse_url
 
  #include <openssl/http.h>
 
+ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
+                                   const char *server, int use_ssl);
+
  int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
                     char **pport, int *pport_num,
                     char **ppath, char **pquery, char **pfrag);
@@ -28,6 +32,19 @@ L<openssl_user_macros(7)>:
 
 =head1 DESCRIPTION
 
+OSSL_HTTP_adapt_proxy() takes an optional proxy hostname I<proxy>
+and returns it transformed according to the optional I<no_proxy> parameter,
+I<server>, I<use_ssl>, and the applicable environment variable, as follows.
+If I<proxy> is NULL, take any default value from the C<http_proxy>
+environment variable, or from C<https_proxy> if I<use_ssl> is nonzero.
+If this still does not yield a proxy hostname,
+take any further default value from the C<HTTP_PROXY>
+environment variable, or from C<HTTPS_PROXY> if I<use_ssl> is nonzero.
+If I<no_proxy> is NULL, take any default exclusion value from the C<no_proxy>
+environment variable, or else from C<NO_PROXY>.
+Return the determined proxy hostname unless the exclusion contains I<server>.
+Otherwise return NULL.
+
 OSSL_parse_url() parses its input string I<url> as a URL of the form
 C<[scheme://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up
 into scheme, userinfo, host, port, path, query, and fragment components.
@@ -61,6 +78,10 @@ OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL).
 
 =head1 RETURN VALUES
 
+OSSL_HTTP_adapt_proxy() returns NULL if no proxy is to be used,
+otherwise a constant proxy hostname string,
+which is either the proxy name handed in or an environment variable value.
+
 OSSL_parse_url(), OSSL_HTTP_parse_url(), and OCSP_parse_url()
 return 1 on success, 0 on error.
 
@@ -70,6 +91,7 @@ L<OSSL_HTTP_transfer(3)>
 
 =head1 HISTORY
 
+OSSL_HTTP_adapt_proxy(),
 OSSL_parse_url() and OSSL_HTTP_parse_url() were added in OpenSSL 3.0.
 OCSP_parse_url() was deprecated in OpenSSL 3.0.
 
diff --git a/include/openssl/http.h b/include/openssl/http.h
index fb05280f87..f7ab214265 100644
--- a/include/openssl/http.h
+++ b/include/openssl/http.h
@@ -100,6 +100,8 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
 int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
                         char **pport, int *pport_num,
                         char **ppath, char **pquery, char **pfrag);
+const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
+                                  const char *server, int use_ssl);
 
 # ifdef  __cplusplus
 }
diff --git a/util/libcrypto.num b/util/libcrypto.num
index aecbbbb2a8..73e84ff08e 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4873,6 +4873,7 @@ BIO_socket_wait                         ?	3_0_0	EXIST::FUNCTION:SOCK
 BIO_wait                                ?	3_0_0	EXIST::FUNCTION:
 BIO_do_connect_retry                    ?	3_0_0	EXIST::FUNCTION:
 OSSL_parse_url                          ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_adapt_proxy                   ?	3_0_0	EXIST::FUNCTION:
 OSSL_HTTP_REQ_CTX_get_resp_len          ?	3_0_0	EXIST::FUNCTION:
 OSSL_HTTP_REQ_CTX_set_expected          ?	3_0_0	EXIST::FUNCTION:
 OSSL_HTTP_is_alive                      ?	3_0_0	EXIST::FUNCTION:
-- 
cgit v1.2.3