From 668c454f168baa8a7256addf07428fdd234660f6 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Tue, 26 Apr 2022 20:00:18 +0000
Subject: [PATCH] Decode via c2i_ASN1_BIT_STRING_cbs() from asn1_ex_c2i().

ok inoguchi@ tb@
---
 lib/libcrypto/asn1/a_bitstr.c  | 11 ++++++++---
 lib/libcrypto/asn1/asn1_locl.h |  6 ++++--
 lib/libcrypto/asn1/tasn_dec.c  |  6 ++----
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/lib/libcrypto/asn1/a_bitstr.c b/lib/libcrypto/asn1/a_bitstr.c
index 52fe0eb9cdb..aa854f1d7a5 100644
--- a/lib/libcrypto/asn1/a_bitstr.c
+++ b/lib/libcrypto/asn1/a_bitstr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_bitstr.c,v 1.34 2022/04/23 18:56:54 jsing Exp $ */
+/* $OpenBSD: a_bitstr.c,v 1.35 2022/04/26 20:00:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -291,7 +291,7 @@ i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	return (ret);
 }
 
-static int
+int
 c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs)
 {
 	ASN1_BIT_STRING *abs = NULL;
@@ -300,9 +300,14 @@ c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs)
 	uint8_t unused_bits;
 	int ret = 0;
 
-	if (out_abs == NULL || *out_abs != NULL)
+	if (out_abs == NULL)
 		goto err;
 
+	if (*out_abs != NULL) {
+		ASN1_BIT_STRING_free(*out_abs);
+		*out_abs = NULL;
+	}
+
 	if (!CBS_get_u8(cbs, &unused_bits)) {
 		ASN1error(ASN1_R_STRING_TOO_SHORT);
 		goto err;
diff --git a/lib/libcrypto/asn1/asn1_locl.h b/lib/libcrypto/asn1/asn1_locl.h
index d4ea3a9db80..ae9445c3823 100644
--- a/lib/libcrypto/asn1/asn1_locl.h
+++ b/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.25 2022/04/23 18:47:08 jsing Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.26 2022/04/26 20:00:18 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -201,9 +201,11 @@ int asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number,
 
 int asn1_tag2charwidth(int tag);
 
+int c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs);
+
+int c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content);
 int i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len,
     int no_name);
-int c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content);
 ASN1_OBJECT *t2i_ASN1_OBJECT_internal(const char *oid);
 
 __END_HIDDEN_DECLS
diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c
index 76dceaabef8..5c688344610 100644
--- a/lib/libcrypto/asn1/tasn_dec.c
+++ b/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.50 2022/04/23 18:47:08 jsing Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.51 2022/04/26 20:00:18 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -856,9 +856,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
 		break;
 
 	case V_ASN1_BIT_STRING:
-		p = CBS_data(content);
-		if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &p,
-		    CBS_len(content)))
+		if (!c2i_ASN1_BIT_STRING_cbs((ASN1_BIT_STRING **)pval, content))
 			goto err;
 		break;
 
-- 
2.20.1