CMP: prevent misleading PKIStatusInfo output if not response available

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)

diff --git a/apps/cmp.c b/apps/cmp.c
index b1813df9bce699ef19dcd29cbe0377332f7b8578..ccb61ab4977c2da883d571ccbb498a11c0039a94 100644 (file)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2870,6 +2870,8 @@ int cmp_main(int argc, char **argv)
         default:
             break;
         }
+        if (OSSL_CMP_CTX_get_status(cmp_ctx) < 0)
+            goto err; /* we got no response, maybe even did not send request */
 
         {
             /* print PKIStatusInfo */

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index c19eea818fcc98fb3bff2e4f871e799c4f565f50..75176cd1956ec5f7ce4b0eb0340138e462441e36 100644 (file)
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -886,6 +886,7 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx)
         ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
         return 0;
     }
+    ctx->status = -1;
 
     if ((genm = ossl_cmp_genm_new(ctx)) == NULL)
         goto err;