Fix for adding signature where OID is not found. Currently our AddSignature function will add without OID, which is invalid. For example RSA is disabled and CSR tries to use CTC_SHA256wRSA. The wc_SignCert_ex will succeed and report success, but the CSR/Cert will be invalid (missing sigType OID).

2025-07-30 18:57:27 +02:00 · 2023-10-20 16:29:59 -07:00
parent 6887281361
commit cf1dcdf402
1 changed files with 6 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -29007,6 +29007,12 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
        /* Set signature OID and signature data. */
        SetASN_OID(&dataASN[SIGASN_IDX_SIGALGO_OID], (word32)sigAlgoType,
                   oidSigType);
+        if (dataASN[SIGASN_IDX_SIGALGO_OID].data.buffer.data == NULL) {
+            /* The OID was not found or compiled in! */
+            ret = ASN_UNKNOWN_OID_E;
+        }
+    }
+    if (ret == 0) {
        if (IsSigAlgoECC((word32)sigAlgoType)) {
            /* ECDSA and EdDSA doesn't have NULL tagged item. */
            dataASN[SIGASN_IDX_SIGALGO_NULL].noOut = 1;