From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Fri, 13 Nov 2020 20:32:31 +0000 (+0100)
Subject: CMP: prevent misleading PKIStatusInfo output if not response available
X-Git-Tag: openssl-3.0.0-alpha9~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c5c2fa544e8ca05bb756e99dbc9cb5ed82db37c;p=thirdparty%2Fopenssl.git

CMP: prevent misleading PKIStatusInfo output if not response available

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
---

diff --git a/apps/cmp.c b/apps/cmp.c
index b1813df9bce..ccb61ab4977 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2870,6 +2870,8 @@ int cmp_main(int argc, char **argv)
         default:
             break;
         }
+        if (OSSL_CMP_CTX_get_status(cmp_ctx) < 0)
+            goto err; /* we got no response, maybe even did not send request */
 
         {
             /* print PKIStatusInfo */
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index c19eea818fc..75176cd1956 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -886,6 +886,7 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx)
         ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
         return 0;
     }
+    ctx->status = -1;
 
     if ((genm = ossl_cmp_genm_new(ctx)) == NULL)
         goto err;