commit 9fd9794d109ffbd7f9ebed92f4a90dc429e1a1df
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Oct 10 19:27:53 2019 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Oct 10 19:27:53 2019 +0200
tree 2b1a459f2282fcdb61e2f6c444bfed8c1286ab1b
parent 0370b1bd7d1bc4714aede69e03eb5db3c77a8424

mbedtls_asn1_get_int: explain the logic

No behavior change.

library/asn1parse.c

diff --git a/library/asn1parse.c b/library/asn1parse.c
index 4764ca4..4f9d6ae 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -149,14 +149,22 @@
     if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
         return( ret );
 
-    if( len == 0 || ( **p & 0x80 ) != 0 )
+    /* len==0 is malformed (0 must be represented as 020100). */
+    if( len == 0 )
+        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    /* This is a cryptography library. Reject negative integers. */
+    if( ( **p & 0x80 ) != 0 )
         return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
 
+    /* Skip leading zeros. */
     while( len > 0 && **p == 0 )
     {
         ++( *p );
         --len;
     }
+
+    /* Reject integers that don't fit in an int. This code assumes that
+     * the int type has no padding bit. */
     if( len > sizeof( int ) )
         return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );