From 8118762dc4ab1f2bff4ba27f792c0ae32d10ad47 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 27 Apr 2017 11:07:59 -0600
Subject: [PATCH] skip removal of leading zero in GetASNInt() when INTEGER is
 only a single zero byte

---
 wolfcrypt/src/asn.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index b68be3e65..9e0473548 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -729,7 +729,8 @@ static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
         return ret;
 
     if (*len > 0) {
-        if (input[*inOutIdx] == 0x00) {
+        /* remove leading zero, unless there is only one 0x00 byte */
+        if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
             (*inOutIdx)++;
             (*len)--;