psa_util: improve leading zeros check in convert_der_to_raw_single_int()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/psa_util.c b/library/psa_util.c
index 970274e..fd119bf 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -488,18 +488,21 @@
         return ret;
     }
 
-    /* It's invalid to have MSb set without a leading 0x00 (leading 0x00 is
-     * checked below). */
-    if ((*p & 0x80) != 0) {
+    /* It's invalid to have:
+     * - unpadded_len == 0.
+     * - MSb set without a leading 0x00 (leading 0x00 is checked below). */
+    if (((unpadded_len == 0) || (*p & 0x80) != 0)) {
         return MBEDTLS_ERR_ASN1_INVALID_DATA;
     }
 
     /* Skip possible leading zero */
-    if ((unpadded_len > 0) && (*p == 0x00)) {
+    if (*p == 0x00) {
         p++;
         unpadded_len--;
-        /* Only 1 leading zero is allowed, otherwise that's an error. */
-        if (*p == 0x00) {
+        /* It is not allowed to have more than 1 leading zero.
+         * Ignore the case in which unpadded_len = 0 because that's a 0 encoded
+         * in ASN.1 format (i.e. 020100). */
+        if ((unpadded_len > 0) && (*p == 0x00)) {
             return MBEDTLS_ERR_ASN1_INVALID_DATA;
         }
     }
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index 86f63ab..807007b 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -110,13 +110,21 @@
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
 
-ECDSA DER -> Raw, 256bit, Valid 0-length r
+ECDSA DER -> Raw, 256bit, Invalid 0-length r
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
-ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
+ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
 
-ECDSA DER -> Raw, 256bit, Valid 0-length s
+ECDSA DER -> Raw, 256bit, Invalid 0-length s
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
-ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
+ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid r 2 leading zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3027020300000102202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid s 2 leading zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3027022011111111111111111111111111111111111111111111111111111111111111110203000001":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
 
 ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256