From 1dbab67ce8e79457cceeeee8510b2f781fb950bf Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 1 Mar 2019 18:15:18 +0100
Subject: [PATCH] Improve mbedtls_asn1_write_int to support values >255

mbedtls_asn1_write_int had an undocumented restriction to values that
fit in a single octet. Fix this.

Negative integers are still not supported.
---
 library/asn1write.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/library/asn1write.c b/library/asn1write.c
index b54e26bd8..98c676672 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -236,17 +236,20 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
     int ret;
     size_t len = 0;
 
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len += 1;
-    *--(*p) = val;
-
-    if( val > 0 && **p & 0x80 )
+    do
     {
         if( *p - start < 1 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        len += 1;
+        *--(*p) = val & 0xff;
+        val >>= 8;
+    }
+    while( val > 0 );
 
+    if( **p & 0x80 )
+    {
+        if( *p - start < 1 )
+            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
         *--(*p) = 0x00;
         len += 1;
     }