OSSL_CMP_MSG_http_perform(): support using BIO from OSSL_CMP_CTX_set_transfer_cb_arg()

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26628)

doc/man3/OSSL_CMP_CTX_new.pod

@@ -381,10 +381,14 @@ The default is C</>.
 
 OSSL_CMP_CTX_set1_server() sets the given server I<address>
 (which may be a hostname or IP address or NULL) in the given I<ctx>.
+If OSSL_CMP_CTX_get_transfer_cb_arg() sets a non-NULL argument,
+this server address information is used for diagnostic output only.
 
 OSSL_CMP_CTX_set_serverPort() sets the port of the CMP server to connect to.
 If not used or the I<port> argument is 0
 the default port applies, which is 80 for HTTP and 443 for HTTPS.
+If OSSL_CMP_CTX_get_transfer_cb_arg() sets a non-NULL argument,
+this server port information is used for diagnostic output only.
 
 OSSL_CMP_CTX_set1_proxy() sets the HTTP proxy to be used for connecting to
 the given CMP server unless overruled by any "no_proxy" settings (see below).
@@ -419,6 +423,8 @@ a structure containing arguments such as an B<SSL_CTX> structure,
 optionally to be used by the http connect/disconnect callback function.
 I<arg> is not consumed, and it must therefore explicitly be freed when not
 needed any more. I<arg> may be NULL to clear the entry.
+If a non-NULL argument is set, it is an error to use OSSL_CMP_CTX_set1_proxy()
+or OSSL_CMP_CTX_set1_no_proxy() for setting non-NULL strings.
 
 OSSL_CMP_CTX_get_http_cb_arg() gets the argument, respectively the pointer to a
 structure containing arguments, previously set by

doc/man3/OSSL_CMP_MSG_http_perform.pod

@@ -14,11 +14,21 @@ OSSL_CMP_MSG_http_perform
 
 =head1 DESCRIPTION
 
-OSSL_CMP_MSG_http_perform() sends the given PKIMessage I<req>
-to the CMP server specified in I<ctx> via L<OSSL_CMP_CTX_set1_server(3)>
-and optionally L<OSSL_CMP_CTX_set_serverPort(3)>, using
-any "CMP alias" optionally specified via L<OSSL_CMP_CTX_set1_serverPath(3)>.
-The default port is 80 for HTTP and 443 for HTTPS; the default path is "/".
+OSSL_CMP_MSG_http_perform() sends the given PKIMessage I<req> to the
+CMP server specified in I<ctx> and returns the result obtained from it.
+
+If L<OSSL_CMP_CTX_set_transfer_cb_arg(3)> has been used to set the transfer
+callback argument then the provided pointer I<bios> is taken as
+a two-element B<BIO> array to use for the exchange with the server
+as described for the I<bio> and I<rbio> parameters of L<OSSL_HTTP_open(3)>.
+For instance, the two BIO pointers may be equal and refer to a TLS connection,
+such as in BRSKI-AE where a pre-established TLS channel is reused for CMP.
+
+Otherwise the server specified via L<OSSL_CMP_CTX_set1_server(3)>
+and optionally L<OSSL_CMP_CTX_set_serverPort(3)> is contacted,
+where the default port is 80 for HTTP and 443 for HTTPS.
+The HTTP path (aka "CMP alias" in this context) to use is by default C</>,
+otherwise the string specified via L<OSSL_CMP_CTX_set1_serverPath(3)>.
 On success the function returns the server's response PKIMessage.
 
 The function makes use of any HTTP callback function
@@ -38,16 +48,19 @@ HTTP transfer for CMP is defined in RFC 6712.
 
 =head1 RETURN VALUES
 
-OSSL_CMP_MSG_http_perform() returns a CMP message on success, else NULL.
+OSSL_CMP_MSG_http_perform()
+returns the received CMP response message on success, else NULL.
 
 =head1 SEE ALSO
 
-L<OSSL_CMP_CTX_new(3)>, L<OSSL_HTTP_proxy_connect(3)>.
+L<OSSL_CMP_CTX_new(3)>, L<OSSL_HTTP_open(3)>, and L<OSSL_HTTP_proxy_connect(3)>.
 
 =head1 HISTORY
 
 The OpenSSL CMP support was added in OpenSSL 3.0.
 
+The OSSL_CMP_MSG_http_perform() use of transfer_cb_arg was added in OpenSSL 3.5.
+
 =head1 COPYRIGHT
 
 Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.