From 036a444fdc77b36e0bfcc8b765acf96036f5a0b3 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Wed, 1 Feb 2023 15:43:35 +0100
Subject: [PATCH] OSSL_CMP_SRV_process_request(): fix recipNonce on error in
 subsequent request of a transaction

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
---
 crypto/cmp/cmp_server.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index a48631d267..05e8cb1955 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -447,7 +447,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
     ASN1_OCTET_STRING *backup_secret;
     OSSL_CMP_PKIHEADER *hdr;
     int req_type, rsp_type;
-    int res;
+    int req_verified = 0;
     OSSL_CMP_MSG *rsp = NULL;
 
     if (srv_ctx == NULL || srv_ctx->ctx == NULL
@@ -505,12 +505,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
         }
     }
 
-    res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
-                                    srv_ctx->acceptUnprotected);
+    req_verified = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
+                                             srv_ctx->acceptUnprotected);
     if (ctx->secretValue != NULL && ctx->pkey != NULL
             && ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC)
         ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */
-    if (!res)
+    if (!req_verified)
         goto err;
 
     switch (req_type) {
@@ -569,9 +569,15 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
         /* fail_info is not very specific */
         OSSL_CMP_PKISI *si = NULL;
 
-        if (ctx->transactionID == NULL) {
-            /* ignore any (extra) error in next two function calls: */
-            (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
+        if (!req_verified) {
+            /*
+             * Above ossl_cmp_msg_check_update() was not successfully executed,
+             * which normally would set ctx->transactionID and ctx->recipNonce.
+             * So anyway try to provide the right transactionID and recipNonce,
+             * while ignoring any (extra) error in next two function calls.
+             */
+            if (ctx->transactionID == NULL)
+                (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
             (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
         }