From cf1dcdf40215cba75702516f6124046f8d6899de Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 20 Oct 2023 16:29:59 -0700
Subject: [PATCH] Fix for adding signature where OID is not found. Currently
 our AddSignature function will add without OID, which is invalid. For example
 RSA is disabled and CSR tries to use `CTC_SHA256wRSA`. The `wc_SignCert_ex`
 will succeed and report success, but the CSR/Cert will be invalid (missing
 sigType OID).

---
 wolfcrypt/src/asn.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e379f7e7c..4ef136912 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -29007,6 +29007,12 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
         /* Set signature OID and signature data. */
         SetASN_OID(&dataASN[SIGASN_IDX_SIGALGO_OID], (word32)sigAlgoType,
                    oidSigType);
+        if (dataASN[SIGASN_IDX_SIGALGO_OID].data.buffer.data == NULL) {
+            /* The OID was not found or compiled in! */
+            ret = ASN_UNKNOWN_OID_E;
+        }
+    }
+    if (ret == 0) {
         if (IsSigAlgoECC((word32)sigAlgoType)) {
             /* ECDSA and EdDSA doesn't have NULL tagged item. */
             dataASN[SIGASN_IDX_SIGALGO_NULL].noOut = 1;