From 02127ab02245936cb4869d8e2ed3b3fc378ef32b Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 2 Jun 2023 14:50:35 +0100
Subject: [PATCH] Allow subidentifiers of size UINT_MAX

Make overflow check more accurate and add testcases

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/oid.c                    | 2 +-
 tests/suites/test_suite_oid.data | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/library/oid.c b/library/oid.c
index 02e41363e2..b13c76b1e7 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -1012,7 +1012,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid,
         }
     }
 
-    if ((UINT_MAX - component2) <= (component1 * 40)) {
+    if (component2 > (UINT_MAX - (component1 * 40))) {
         ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
         goto error;
     }
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
index c5f13175b8..1435507f64 100644
--- a/tests/suites/test_suite_oid.data
+++ b/tests/suites/test_suite_oid.data
@@ -161,3 +161,9 @@ oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
 
 OID from numeric string - OID greater than max length (129 components)
 oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - OID with maximum subidentifier
+oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F"
+
+OID from numeric string - OID with overflowing subidentifier
+oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""