From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Fri, 4 Sep 2020 08:58:26 +0000 (+0200)
Subject: bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM
X-Git-Tag: openssl-3.0.0-alpha7~334
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=61994781011ba4dde5b546971623ce6590d5d60f;p=thirdparty%2Fopenssl.git

bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12822)
---

diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 6313cc94ceb..2001e359c54 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -140,7 +140,8 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
         return 0;
 
     /* Add first ctx->cert and its chain if using signature-based protection */
-    if (!ctx->unprotectedSend && ctx->secretValue == NULL) {
+    if (!ctx->unprotectedSend && ctx->secretValue == NULL
+            && ctx->cert != NULL && ctx->pkey != NULL) {
         int flags_prepend = X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
             | X509_ADD_FLAG_PREPEND | X509_ADD_FLAG_NO_SS;