From 52af0d08b4c1a3bc254bbcf2380f1b6e04b28317 Mon Sep 17 00:00:00 2001
From: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
Date: Wed, 30 Aug 2023 16:22:54 +0100
Subject: [PATCH] Fix unsafe behaviour in MBEDTLS_ASN1_IS_STRING_TAG

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
---
 include/mbedtls/asn1.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 4eabea043..3242699e7 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -96,14 +96,14 @@
 
 /* Slightly smaller way to check if tag is a string tag
  * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG(tag)                                     \
-    ((tag) < 32 && (                                                      \
-         ((1 << (tag)) & ((1 << MBEDTLS_ASN1_BMP_STRING)       |     \
-                          (1 << MBEDTLS_ASN1_UTF8_STRING)      |     \
-                          (1 << MBEDTLS_ASN1_T61_STRING)       |     \
-                          (1 << MBEDTLS_ASN1_IA5_STRING)       |     \
-                          (1 << MBEDTLS_ASN1_UNIVERSAL_STRING) |     \
-                          (1 << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0))
+#define MBEDTLS_ASN1_IS_STRING_TAG(tag)                                \
+    ((unsigned int) (tag) < 32u && (                                   \
+         ((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING)       |     \
+                           (1u << MBEDTLS_ASN1_UTF8_STRING)      |     \
+                           (1u << MBEDTLS_ASN1_T61_STRING)       |     \
+                           (1u << MBEDTLS_ASN1_IA5_STRING)       |     \
+                           (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) |     \
+                           (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0))
 
 /*
  * Bit masks for each of the components of an ASN.1 tag as specified in