1 files changed, 11 insertions, 15 deletions
diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c
index ba38303c18..1b513c9a0e 100644
--- a/src/lib/libssl/bs_cbs.c
+++ b/src/lib/libssl/bs_cbs.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bs_cbs.c,v 1.9 2015/06/15 07:35:49 doug Exp $ */
+/*      $OpenBSD: bs_cbs.c,v 1.10 2015/06/16 06:11:39 doug Exp $        */
 /*
 * Copyright (c) 2014, Google Inc.
 *
@@ -262,21 +262,17 @@ cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned *out_tag,
                /* Handle indefinite form length */
                if (num_bytes == 0) {
                        /* DER encoding doesn't allow for indefinite form. */
-                        if (strict) {
+                        if (strict)
                                return 0;
-                        } else {
+                        /* Primitive cannot use indefinite in BER or DER. */
-                                if ((tag & CBS_ASN1_CONSTRUCTED) != 0 &&
+                        if ((tag & CBS_ASN1_CONSTRUCTED) == 0)
-                                    num_bytes == 0) {
+                                return 0;
-                                        /* indefinite length */
-                                        if (out_header_len != NULL)
+                        /* Constructed, indefinite length allowed in BER. */
-                                                *out_header_len = 2;
+                        if (out_header_len != NULL)
-                                        return CBS_get_bytes(cbs, out, 2);
+                                *out_header_len = 2;
-                                } else {
+                        return CBS_get_bytes(cbs, out, 2);
-                                        /* Primitive cannot use indefinite. */
-                                        return 0;
-                                }
-                        }
                }
                /* CBS limitation. */
@@ -286,7 +282,7 @@ cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned *out_tag,
                if (!cbs_get_u(&header, &len32, num_bytes))
                        return 0;
-                /* DER has a minimum length octet requirements. */
+                /* DER has a minimum length octet requirement. */
                if (len32 < 128)
                        /* Should have used short form instead */
                        return 0;

diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c index ba38303c18..1b513c9a0e 100644 --- a/src/lib/libssl/bs_cbs.c +++ b/src/lib/libssl/bs_cbs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bs_cbs.c,v 1.9 2015/06/15 07:35:49 doug Exp $ */	1	/* $OpenBSD: bs_cbs.c,v 1.10 2015/06/16 06:11:39 doug Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014, Google Inc.	3	* Copyright (c) 2014, Google Inc.
4	*	4	*
@@ -262,21 +262,17 @@ cbs_get_any_asn1_element_internal(CBS cbs, CBS out, unsigned *out_tag,
262	/* Handle indefinite form length */	262	/* Handle indefinite form length */
263	if (num_bytes == 0) {	263	if (num_bytes == 0) {
264	/* DER encoding doesn't allow for indefinite form. */	264	/* DER encoding doesn't allow for indefinite form. */
265	if (strict) {	265	if (strict)
266	return 0;	266	return 0;
267		267
268	} else {	268	/* Primitive cannot use indefinite in BER or DER. */
269	if ((tag & CBS_ASN1_CONSTRUCTED) != 0 &&	269	if ((tag & CBS_ASN1_CONSTRUCTED) == 0)
270	num_bytes == 0) {	270	return 0;
271	/* indefinite length */	271
272	if (out_header_len != NULL)	272	/* Constructed, indefinite length allowed in BER. */
273	*out_header_len = 2;	273	if (out_header_len != NULL)
274	return CBS_get_bytes(cbs, out, 2);	274	*out_header_len = 2;
275	} else {	275	return CBS_get_bytes(cbs, out, 2);
276	/* Primitive cannot use indefinite. */
277	return 0;
278	}
279	}
280	}	276	}
281		277
282	/* CBS limitation. */	278	/* CBS limitation. */
@@ -286,7 +282,7 @@ cbs_get_any_asn1_element_internal(CBS cbs, CBS out, unsigned *out_tag,
286	if (!cbs_get_u(&header, &len32, num_bytes))	282	if (!cbs_get_u(&header, &len32, num_bytes))
287	return 0;	283	return 0;
288		284
289	/* DER has a minimum length octet requirements. */	285	/* DER has a minimum length octet requirement. */
290	if (len32 < 128)	286	if (len32 < 128)
291	/* Should have used short form instead */	287	/* Should have used short form instead */
292	return 0;	288	return 0;