Fix misleading error msg for PBM check w/o secret in OSSL_CMP_validate_msg()

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11448)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-03-31 16:04:55 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-04-07 12:14:16 +0200
commit: d803930448476c3a6c50904b1cfb5ef20433652f (patch)
tree: a0bb214128fc6ce3db8f42a5c3568db1188659d4 /crypto/cmp/cmp_vfy.c
parent: 99d680e6bcb7c5caaf8e94cc2c4dd7367e16d8f4 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 8980d72fd4..11688059da 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -577,6 +577,11 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
     switch (nid) {
         /* 5.1.3.1.  Shared Secret Information */
     case NID_id_PasswordBasedMAC:
+        if (ctx->secretValue == 0) {
+            CMPerr(0, CMP_R_CHECKING_PBM_NO_SECRET_AVAILABLE);
+            break;
+        }
+
         if (verify_PBMAC(msg, ctx->secretValue)) {
             /*
              * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-03-31 16:04:55 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-04-07 12:14:16 +0200
commit	d803930448476c3a6c50904b1cfb5ef20433652f (patch)
tree	a0bb214128fc6ce3db8f42a5c3568db1188659d4 /crypto/cmp/cmp_vfy.c
parent	99d680e6bcb7c5caaf8e94cc2c4dd7367e16d8f4 (diff)