From 8c5c2fa544e8ca05bb756e99dbc9cb5ed82db37c Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Fri, 13 Nov 2020 21:32:31 +0100
Subject: [PATCH] CMP: prevent misleading PKIStatusInfo output if not response
 available

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
---
 apps/cmp.c              | 2 ++
 crypto/cmp/cmp_client.c | 1 +
 2 files changed, 3 insertions(+)

diff --git a/apps/cmp.c b/apps/cmp.c
index b1813df9bce..ccb61ab4977 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2870,6 +2870,8 @@ int cmp_main(int argc, char **argv)
         default:
             break;
         }
+        if (OSSL_CMP_CTX_get_status(cmp_ctx) < 0)
+            goto err; /* we got no response, maybe even did not send request */
 
         {
             /* print PKIStatusInfo */
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index c19eea818fc..75176cd1956 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -886,6 +886,7 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx)
         ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
         return 0;
     }
+    ctx->status = -1;
 
     if ((genm = ossl_cmp_genm_new(ctx)) == NULL)
         goto err;
-- 
2.47.2