From 9eb6922c5982baf116fe31661f921f1557640294 Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat, 11 Oct 2025 20:42:59 +0800
Subject: [PATCH] asn1: raise NOT_ENOUGH_DATA on header EOF
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

If BIO_read returns 0 with no buffered data, raise ASN1_R_NOT_ENOUGH_DATA
so callers see a specific error instead of a generic -1.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28883)
---
 crypto/asn1/a_d2i_fp.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 98ce0231348..df86d8b3fe1 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -139,10 +139,12 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                 goto err;
             }
             i = BIO_read(in, &(b->data[len]), (int)want);
-            if (i < 0 && diff == 0) {
+
+            if (i <= 0 && diff == 0) {
                 ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
                 goto err;
             }
+
             if (i > 0) {
                 if (len + i < len) {
                     ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
-- 
2.47.3