From b27ff9b87cdaeb25579d70c5b2bd6b27f8a788ec Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Tue, 19 May 2020 12:30:11 +0200
Subject: [PATCH] Streamline the approach to set CMP message recipient and
 expected sender

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
---
 crypto/cmp/cmp_hdr.c | 21 ++++++++++-----------
 crypto/cmp/cmp_msg.c |  2 +-
 crypto/cmp/cmp_vfy.c |  6 +++++-
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index b07bf031bf..7f2506ba9e 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -309,23 +309,22 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
         return 0;
 
     /* determine recipient entry in PKIHeader */
-    if (ctx->srvCert != NULL) {
-        rcp = X509_get_subject_name(ctx->srvCert);
-        /* set also as expected_sender of responses unless set explicitly */
-        if (ctx->expected_sender == NULL && rcp != NULL
-                && !OSSL_CMP_CTX_set1_expected_sender(ctx, rcp))
-            return 0;
-    } else if (ctx->recipient != NULL) {
+    if (ctx->recipient != NULL)
         rcp = ctx->recipient;
-    } else if (ctx->issuer != NULL) {
+    else if (ctx->srvCert != NULL)
+        rcp = X509_get_subject_name(ctx->srvCert);
+    else if (ctx->issuer != NULL)
         rcp = ctx->issuer;
-    } else if (ctx->oldCert != NULL) {
+    else if (ctx->oldCert != NULL)
         rcp = X509_get_issuer_name(ctx->oldCert);
-    } else if (ctx->cert != NULL) {
+    else if (ctx->cert != NULL)
         rcp = X509_get_issuer_name(ctx->cert);
-    }
     if (!ossl_cmp_hdr_set1_recipient(hdr, rcp))
         return 0;
+    /* set also as expected_sender of responses unless set explicitly */
+    if (ctx->expected_sender == NULL && rcp != NULL
+        && !OSSL_CMP_CTX_set1_expected_sender(ctx, rcp))
+        return 0;
 
     /* set current time as message time */
     if (!ossl_cmp_hdr_update_messageTime(hdr))
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 7b338b2b01..bbce90c326 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -228,7 +228,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
     X509_EXTENSIONS *exts = NULL;
 
     if (rkey == NULL)
-        rkey = ctx->pkey; /* default is independent of ctx->oldClCert */
+        rkey = ctx->pkey; /* default is independent of ctx->oldCert */
     if (rkey == NULL) {
 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
         CMPerr(0, CMP_R_NULL_ARGUMENT);
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index c124b0636f..289402d829 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -559,6 +559,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
     int nid = NID_undef, pk_nid = NID_undef;
     const ASN1_OBJECT *algorOID = NULL;
     X509 *scrt;
+    const X509_NAME *expected_sender;
 
     if (ctx == NULL || msg == NULL
             || msg->header == NULL || msg->body == NULL) {
@@ -642,9 +643,12 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
          * Mitigates risk to accept misused certificate of an unauthorized
          * entity of a trusted hierarchy.
          */
+        expected_sender = ctx->expected_sender;
+        if (expected_sender == NULL && ctx->srvCert != NULL)
+            expected_sender = X509_get_subject_name(ctx->srvCert);
         if (!check_name(ctx, "sender DN field",
                         msg->header->sender->d.directoryName,
-                        "expected sender", ctx->expected_sender))
+                        "expected sender", expected_sender))
             break;
         /* Note: if recipient was NULL-DN it could be learned here if needed */