From 4c2a90c8efbbf5ca8e766ba064c405f36a956698 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 31 Mar 2026 12:43:06 +0200
Subject: [PATCH] Fix GetLength return value check in ASN1_INTEGER functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change GetLength() return check from > 0 to >= 0 in wolfSSL_ASN1_INTEGER_get_length
and wolfSSL_ASN1_INTEGER_get0_data. GetLength returns the decoded length (≥ 0) on
success and negative error codes on failure, so checking > 0 incorrectly excluded
zero-length values, making the DER-stripping logic dead code.
---
 src/ssl_asn1.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
index 6a46c25d530..58aed807d0e 100644
--- a/src/ssl_asn1.c
+++ b/src/ssl_asn1.c
@@ -1016,7 +1016,7 @@ int wolfSSL_ASN1_INTEGER_get_length(const WOLFSSL_ASN1_INTEGER* ai)
     if (ai->data[0] == ASN_INTEGER) {
         word32 idx = 1;
         int len = 0;
-        if (GetLength(ai->data, &idx, &len, (word32)ai->length) > 0 &&
+        if (GetLength(ai->data, &idx, &len, (word32)ai->length) >= 0 &&
                 idx + (word32)len == (word32)ai->length) {
             return len;
         }
@@ -1043,7 +1043,7 @@ const unsigned char* wolfSSL_ASN1_INTEGER_get0_data(const WOLFSSL_ASN1_INTEGER*
     if (ai->data[0] == ASN_INTEGER) {
         word32 idx = 1;
         int len = 0;
-        if (GetLength(ai->data, &idx, &len, (word32)ai->length) > 0 &&
+        if (GetLength(ai->data, &idx, &len, (word32)ai->length) >= 0 &&
                 idx + (word32)len == (word32)ai->length) {
             return ai->data + idx;
         }