From fdc95f9ba6cfa1be9edcbc1ffe521c512b5663d0 Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealem47@github.com>
Date: Thu, 22 Jun 2023 11:04:03 -0600
Subject: [PATCH] Handle registeredID correctly

---
 configure.ac            |  3 ++
 src/x509.c              |  2 +-
 wolfcrypt/src/asn.c     | 70 +++++++++++++++++++++++++++++++++++++++++
 wolfssl/wolfcrypt/asn.h |  6 +++-
 4 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 596117ce5..155bef162 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7815,6 +7815,9 @@ then
 
     # Uses alt name
     ENABLED_ALTNAMES="yes"
+
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_OID_ENCODING -DWOLFSSL_NO_ASN_STRICT"
+
 fi
 
 if test "$ENABLED_STRONGSWAN" = "yes"; then
diff --git a/src/x509.c b/src/x509.c
index 5755dc492..b37de20ea 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -5797,7 +5797,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
                 }
                 else if (entry->type == ASN_RID_TYPE) {
                     len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
-                        entry->name);
+                        entry->ridString);
                     if (len >= MAX_WIDTH) {
                         ret = WOLFSSL_FAILURE;
                         break;
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index af980a3ea..f9a650f62 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -11159,6 +11159,9 @@ void FreeAltNames(DNS_entry* altNames, void* heap)
         XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
         XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
+    #endif
+    #if defined(OPENSSL_ALL)
+        XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME);
     #endif
         XFREE(altNames,       heap, DYNAMIC_TYPE_ALTNAME);
         altNames = tmp;
@@ -12337,6 +12340,66 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 }
 #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
 
+#if defined(OPENSSL_ALL)
+/* used to set the human readable string for the registeredID with an
+ * ASN_RID_TYPE DNS entry
+ * return 0 on success
+ */
+static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
+{
+    int i, j, ret = 0;
+    int nameSz;
+    int tmpSize = MAX_OID_SZ;
+    word16 tmpName[MAX_OID_SZ];
+    char* rid;
+    char dottedName[MAX_OID_SZ] = {0};
+
+    if (entry == NULL || entry->type != ASN_RID_TYPE) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (entry->len <= 0) {
+        return BAD_FUNC_ARG;
+    }
+    rid = entry->name;
+
+    /* Decode OBJECT_ID into dotted form array. */
+    ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName,
+            (word32*)&tmpSize);
+    if (ret == 0) {
+        j = 0;
+        /* Append each number of dotted form. */
+        for (i = 0; i < tmpSize; i++) {
+            ret = XSNPRINTF(dottedName + j, MAX_OID_SZ, "%d", tmpName[i]);
+            if (ret >= 0) {
+                j += ret;
+                if (i < tmpSize - 1) {
+                    dottedName[j] = '.';
+                    j++;
+                }
+            }
+            else {
+                return BUFFER_E;
+            }
+        }
+        ret = 0;
+    }
+
+    if (ret == 0) {
+        nameSz = (int)XSTRLEN((const char*)dottedName);
+        entry->ridString = (char*)XMALLOC(nameSz + 1, heap, DYNAMIC_TYPE_ALTNAME);
+        if (entry->ridString == NULL) {
+            ret = MEMORY_E;
+        }
+
+        XMEMCPY(entry->ridString, dottedName, nameSz);
+        entry->ridString[nameSz] = '\0';
+    }
+
+    return ret;
+}
+#endif /* OPENSSL_ALL */
+
 #ifdef WOLFSSL_ASN_TEMPLATE
 
 #if defined(WOLFSSL_CERT_GEN) || !defined(NO_CERTS)
@@ -12423,6 +12486,13 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
                 XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
             }
         }
+        /* store registeredID as a string */
+        else if (type == ASN_RID_TYPE) {
+            if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) {
+                XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
+                XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
+            }
+        }
     }
     if (ret == 0) {
 #endif
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index f4f0c1d6d..2d0d66bfc 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1360,6 +1360,10 @@ struct DNS_entry {
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
     char*      ipString; /* human readable form of IP address */
 #endif
+#if defined(OPENSSL_ALL)
+    char*      ridString; /* human readable form of registeredID */
+#endif
+
 #ifdef WOLFSSL_FPKI
     int        oidSum; /* provide oid sum for verification */
 #endif
@@ -2162,7 +2166,7 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
                          word32 maxIdx);
 
 #ifdef HAVE_OID_ENCODING
-    WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
+    WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz,
         byte* out, word32* outSz);
 #endif
 #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT)