update main-with-bazel from master branch
diff --git a/err_data.c b/err_data.c
index a037f9f..98bc22a 100644
--- a/err_data.c
+++ b/err_data.c
@@ -55,185 +55,185 @@
 OPENSSL_STATIC_ASSERT(ERR_NUM_LIBS == 34, "number of libraries changed");
 
 const uint32_t kOpenSSLReasonValues[] = {
-    0xc320847,
-    0xc328861,
-    0xc330870,
-    0xc338880,
-    0xc34088f,
-    0xc3488a8,
-    0xc3508b4,
-    0xc3588d1,
-    0xc3608f1,
-    0xc3688ff,
-    0xc37090f,
-    0xc37891c,
-    0xc38092c,
-    0xc388937,
-    0xc39094d,
-    0xc39895c,
-    0xc3a0970,
-    0xc3a8854,
+    0xc320862,
+    0xc32887c,
+    0xc33088b,
+    0xc33889b,
+    0xc3408aa,
+    0xc3488c3,
+    0xc3508cf,
+    0xc3588ec,
+    0xc36090c,
+    0xc36891a,
+    0xc37092a,
+    0xc378937,
+    0xc380947,
+    0xc388952,
+    0xc390968,
+    0xc398977,
+    0xc3a098b,
+    0xc3a886f,
     0xc3b00f7,
-    0xc3b88e3,
-    0x10320854,
-    0x103295ca,
-    0x103315d6,
-    0x103395ef,
-    0x10341602,
-    0x10348f34,
-    0x10350c6d,
-    0x10359615,
-    0x1036163f,
-    0x10369652,
-    0x10371671,
-    0x1037968a,
-    0x1038169f,
-    0x103896bd,
-    0x103916cc,
-    0x103996e8,
-    0x103a1703,
-    0x103a9712,
-    0x103b172e,
-    0x103b9749,
-    0x103c176f,
+    0xc3b88fe,
+    0x1032086f,
+    0x103295e5,
+    0x103315f1,
+    0x1033960a,
+    0x1034161d,
+    0x10348f4f,
+    0x10350c88,
+    0x10359630,
+    0x1036165a,
+    0x1036966d,
+    0x1037168c,
+    0x103796a5,
+    0x103816ba,
+    0x103896d8,
+    0x103916e7,
+    0x10399703,
+    0x103a171e,
+    0x103a972d,
+    0x103b1749,
+    0x103b9764,
+    0x103c178a,
     0x103c80f7,
-    0x103d1780,
-    0x103d9794,
-    0x103e17b3,
-    0x103e97c2,
-    0x103f17d9,
-    0x103f97ec,
-    0x10400c31,
-    0x104097ff,
-    0x1041181d,
-    0x10419830,
-    0x1042184a,
-    0x1042985a,
-    0x1043186e,
-    0x10439884,
-    0x1044189c,
-    0x104498b1,
-    0x104518c5,
-    0x104598d7,
-    0x1046060a,
-    0x1046895c,
-    0x104718ec,
-    0x10479903,
-    0x10481918,
-    0x10489926,
-    0x10490e80,
-    0x10499760,
-    0x104a162a,
-    0x14320c14,
-    0x14328c22,
-    0x14330c31,
-    0x14338c43,
+    0x103d179b,
+    0x103d97af,
+    0x103e17ce,
+    0x103e97dd,
+    0x103f17f4,
+    0x103f9807,
+    0x10400c4c,
+    0x1040981a,
+    0x10411838,
+    0x1041984b,
+    0x10421865,
+    0x10429875,
+    0x10431889,
+    0x1043989f,
+    0x104418b7,
+    0x104498cc,
+    0x104518e0,
+    0x104598f2,
+    0x10460625,
+    0x10468977,
+    0x10471907,
+    0x1047991e,
+    0x10481933,
+    0x10489941,
+    0x10490e9b,
+    0x1049977b,
+    0x104a1645,
+    0x14320c2f,
+    0x14328c3d,
+    0x14330c4c,
+    0x14338c5e,
     0x143400b9,
     0x143480f7,
     0x18320090,
-    0x18328f8a,
+    0x18328fa5,
     0x183300b9,
-    0x18338fa0,
-    0x18340fb4,
+    0x18338fbb,
+    0x18340fcf,
     0x183480f7,
-    0x18350fd3,
-    0x18358feb,
-    0x18361000,
-    0x18369014,
-    0x1837104c,
-    0x18379062,
-    0x18381076,
-    0x18389086,
-    0x18390a82,
-    0x18399096,
-    0x183a10bc,
-    0x183a90e2,
-    0x183b0c8c,
-    0x183b9131,
-    0x183c1143,
-    0x183c914e,
-    0x183d115e,
-    0x183d916f,
-    0x183e1180,
-    0x183e9192,
-    0x183f11bb,
-    0x183f91d4,
-    0x184011ec,
-    0x184086e2,
-    0x18411105,
-    0x184190d0,
-    0x184210ef,
-    0x18428c79,
-    0x184310ab,
-    0x18439117,
-    0x18440fc9,
-    0x18449038,
-    0x20321226,
-    0x20329213,
-    0x24321232,
-    0x243289a2,
-    0x24331244,
-    0x24339251,
-    0x2434125e,
-    0x24349270,
-    0x2435127f,
-    0x2435929c,
-    0x243612a9,
-    0x243692b7,
-    0x243712c5,
-    0x243792d3,
-    0x243812dc,
-    0x243892e9,
-    0x243912fc,
-    0x28320c61,
-    0x28328c8c,
-    0x28330c31,
-    0x28338c9f,
-    0x28340c6d,
+    0x18350fee,
+    0x18359006,
+    0x1836101b,
+    0x1836902f,
+    0x18371067,
+    0x1837907d,
+    0x18381091,
+    0x183890a1,
+    0x18390a9d,
+    0x183990b1,
+    0x183a10d7,
+    0x183a90fd,
+    0x183b0ca7,
+    0x183b914c,
+    0x183c115e,
+    0x183c9169,
+    0x183d1179,
+    0x183d918a,
+    0x183e119b,
+    0x183e91ad,
+    0x183f11d6,
+    0x183f91ef,
+    0x18401207,
+    0x184086fd,
+    0x18411120,
+    0x184190eb,
+    0x1842110a,
+    0x18428c94,
+    0x184310c6,
+    0x18439132,
+    0x18440fe4,
+    0x18449053,
+    0x20321241,
+    0x2032922e,
+    0x2432124d,
+    0x243289bd,
+    0x2433125f,
+    0x2433926c,
+    0x24341279,
+    0x2434928b,
+    0x2435129a,
+    0x243592b7,
+    0x243612c4,
+    0x243692d2,
+    0x243712e0,
+    0x243792ee,
+    0x243812f7,
+    0x24389304,
+    0x24391317,
+    0x28320c7c,
+    0x28328ca7,
+    0x28330c4c,
+    0x28338cba,
+    0x28340c88,
     0x283480b9,
     0x283500f7,
-    0x28358c79,
-    0x2c32326b,
-    0x2c329313,
-    0x2c333279,
-    0x2c33b28b,
-    0x2c34329f,
-    0x2c34b2b1,
-    0x2c3532cc,
-    0x2c35b2de,
-    0x2c36330e,
+    0x28358c94,
+    0x2c323286,
+    0x2c32932e,
+    0x2c333294,
+    0x2c33b2a6,
+    0x2c3432ba,
+    0x2c34b2cc,
+    0x2c3532e7,
+    0x2c35b2f9,
+    0x2c363329,
     0x2c36833a,
-    0x2c37331b,
-    0x2c37b347,
-    0x2c38336c,
-    0x2c38b383,
-    0x2c3933a1,
-    0x2c39b3b1,
-    0x2c3a33c3,
-    0x2c3ab3d7,
-    0x2c3b33e8,
-    0x2c3bb407,
-    0x2c3c1325,
-    0x2c3c933b,
-    0x2c3d341b,
-    0x2c3d9354,
-    0x2c3e3438,
-    0x2c3eb446,
-    0x2c3f345e,
-    0x2c3fb476,
-    0x2c4034a0,
-    0x2c409226,
-    0x2c4134b1,
-    0x2c41b4c4,
-    0x2c4211ec,
-    0x2c42b4d5,
-    0x2c43072f,
-    0x2c43b3f9,
-    0x2c44335a,
-    0x2c44b483,
-    0x2c4532f1,
-    0x2c45b32d,
-    0x2c463391,
+    0x2c373336,
+    0x2c37b362,
+    0x2c383387,
+    0x2c38b39e,
+    0x2c3933bc,
+    0x2c39b3cc,
+    0x2c3a33de,
+    0x2c3ab3f2,
+    0x2c3b3403,
+    0x2c3bb422,
+    0x2c3c1340,
+    0x2c3c9356,
+    0x2c3d3436,
+    0x2c3d936f,
+    0x2c3e3453,
+    0x2c3eb461,
+    0x2c3f3479,
+    0x2c3fb491,
+    0x2c4034bb,
+    0x2c409241,
+    0x2c4134cc,
+    0x2c41b4df,
+    0x2c421207,
+    0x2c42b4f0,
+    0x2c43074a,
+    0x2c43b414,
+    0x2c443375,
+    0x2c44b49e,
+    0x2c45330c,
+    0x2c45b348,
+    0x2c4633ac,
     0x30320000,
     0x30328015,
     0x3033001f,
@@ -276,529 +276,530 @@
     0x30458306,
     0x3046031f,
     0x3046833a,
-    0x30470357,
-    0x30478369,
-    0x30480377,
-    0x30488388,
-    0x30490397,
-    0x304983af,
-    0x304a03c1,
-    0x304a83d5,
-    0x304b03ed,
-    0x304b8400,
-    0x304c040b,
-    0x304c841c,
-    0x304d0428,
-    0x304d843e,
-    0x304e044c,
-    0x304e8462,
-    0x304f0474,
-    0x304f8486,
-    0x305004a9,
-    0x305084bc,
-    0x305104cd,
-    0x305184dd,
-    0x305204f5,
-    0x3052850a,
-    0x30530522,
-    0x30538536,
-    0x3054054e,
-    0x30548567,
-    0x30550580,
-    0x3055859d,
-    0x305605a8,
-    0x305685c0,
-    0x305705d0,
-    0x305785e1,
-    0x305805f4,
-    0x3058860a,
-    0x30590613,
-    0x30598628,
-    0x305a063b,
-    0x305a864a,
-    0x305b066a,
-    0x305b8679,
-    0x305c069a,
-    0x305c86b6,
-    0x305d06c2,
-    0x305d86e2,
-    0x305e06fe,
-    0x305e870f,
-    0x305f0725,
-    0x305f872f,
-    0x30600499,
+    0x30470372,
+    0x30478384,
+    0x30480392,
+    0x304883a3,
+    0x304903b2,
+    0x304983ca,
+    0x304a03dc,
+    0x304a83f0,
+    0x304b0408,
+    0x304b841b,
+    0x304c0426,
+    0x304c8437,
+    0x304d0443,
+    0x304d8459,
+    0x304e0467,
+    0x304e847d,
+    0x304f048f,
+    0x304f84a1,
+    0x305004c4,
+    0x305084d7,
+    0x305104e8,
+    0x305184f8,
+    0x30520510,
+    0x30528525,
+    0x3053053d,
+    0x30538551,
+    0x30540569,
+    0x30548582,
+    0x3055059b,
+    0x305585b8,
+    0x305605c3,
+    0x305685db,
+    0x305705eb,
+    0x305785fc,
+    0x3058060f,
+    0x30588625,
+    0x3059062e,
+    0x30598643,
+    0x305a0656,
+    0x305a8665,
+    0x305b0685,
+    0x305b8694,
+    0x305c06b5,
+    0x305c86d1,
+    0x305d06dd,
+    0x305d86fd,
+    0x305e0719,
+    0x305e872a,
+    0x305f0740,
+    0x305f874a,
+    0x306004b4,
     0x3060804a,
-    0x34320b72,
-    0x34328b86,
-    0x34330ba3,
-    0x34338bb6,
-    0x34340bc5,
-    0x34348bfe,
-    0x34350be2,
+    0x30610357,
+    0x34320b8d,
+    0x34328ba1,
+    0x34330bbe,
+    0x34338bd1,
+    0x34340be0,
+    0x34348c19,
+    0x34350bfd,
     0x3c320090,
-    0x3c328cc9,
-    0x3c330ce2,
-    0x3c338cfd,
-    0x3c340d1a,
-    0x3c348d44,
-    0x3c350d5f,
-    0x3c358d85,
-    0x3c360d9e,
-    0x3c368db6,
-    0x3c370dc7,
-    0x3c378dd5,
-    0x3c380de2,
-    0x3c388df6,
-    0x3c390c8c,
-    0x3c398e19,
-    0x3c3a0e2d,
-    0x3c3a891c,
-    0x3c3b0e3d,
-    0x3c3b8e58,
-    0x3c3c0e6a,
-    0x3c3c8e9d,
-    0x3c3d0ea7,
-    0x3c3d8ebb,
-    0x3c3e0ec9,
-    0x3c3e8eee,
-    0x3c3f0cb5,
-    0x3c3f8ed7,
+    0x3c328ce4,
+    0x3c330cfd,
+    0x3c338d18,
+    0x3c340d35,
+    0x3c348d5f,
+    0x3c350d7a,
+    0x3c358da0,
+    0x3c360db9,
+    0x3c368dd1,
+    0x3c370de2,
+    0x3c378df0,
+    0x3c380dfd,
+    0x3c388e11,
+    0x3c390ca7,
+    0x3c398e34,
+    0x3c3a0e48,
+    0x3c3a8937,
+    0x3c3b0e58,
+    0x3c3b8e73,
+    0x3c3c0e85,
+    0x3c3c8eb8,
+    0x3c3d0ec2,
+    0x3c3d8ed6,
+    0x3c3e0ee4,
+    0x3c3e8f09,
+    0x3c3f0cd0,
+    0x3c3f8ef2,
     0x3c4000b9,
     0x3c4080f7,
-    0x3c410d35,
-    0x3c418d74,
-    0x3c420e80,
-    0x3c428e0a,
-    0x403219b8,
-    0x403299ce,
-    0x403319fc,
-    0x40339a06,
-    0x40341a1d,
-    0x40349a3b,
-    0x40351a4b,
-    0x40359a5d,
-    0x40361a6a,
-    0x40369a76,
-    0x40371a8b,
-    0x40379a9d,
-    0x40381aa8,
-    0x40389aba,
-    0x40390f34,
-    0x40399aca,
-    0x403a1add,
-    0x403a9afe,
-    0x403b1b0f,
-    0x403b9b1f,
+    0x3c410d50,
+    0x3c418d8f,
+    0x3c420e9b,
+    0x3c428e25,
+    0x403219d3,
+    0x403299e9,
+    0x40331a17,
+    0x40339a21,
+    0x40341a38,
+    0x40349a56,
+    0x40351a66,
+    0x40359a78,
+    0x40361a85,
+    0x40369a91,
+    0x40371aa6,
+    0x40379ab8,
+    0x40381ac3,
+    0x40389ad5,
+    0x40390f4f,
+    0x40399ae5,
+    0x403a1af8,
+    0x403a9b19,
+    0x403b1b2a,
+    0x403b9b3a,
     0x403c0071,
     0x403c8090,
-    0x403d1b80,
-    0x403d9b96,
-    0x403e1ba5,
-    0x403e9bdd,
-    0x403f1bf7,
-    0x403f9c1f,
-    0x40401c34,
-    0x40409c48,
-    0x40411c83,
-    0x40419c9e,
-    0x40421cb7,
-    0x40429cca,
-    0x40431cde,
-    0x40439d0c,
-    0x40441d23,
+    0x403d1b9b,
+    0x403d9bb1,
+    0x403e1bc0,
+    0x403e9bf8,
+    0x403f1c12,
+    0x403f9c3a,
+    0x40401c4f,
+    0x40409c63,
+    0x40411c9e,
+    0x40419cb9,
+    0x40421cd2,
+    0x40429ce5,
+    0x40431cf9,
+    0x40439d27,
+    0x40441d3e,
     0x404480b9,
-    0x40451d38,
-    0x40459d4a,
-    0x40461d6e,
-    0x40469d8e,
-    0x40471d9c,
-    0x40479dc3,
-    0x40481e34,
-    0x40489eee,
-    0x40491f05,
-    0x40499f1f,
-    0x404a1f36,
-    0x404a9f54,
-    0x404b1f6c,
-    0x404b9f99,
-    0x404c1faf,
-    0x404c9fc1,
-    0x404d1fe2,
-    0x404da01b,
-    0x404e202f,
-    0x404ea03c,
-    0x404f20d6,
-    0x404fa14c,
-    0x405021a3,
-    0x4050a1b7,
-    0x405121ea,
-    0x405221fa,
-    0x4052a21e,
-    0x40532236,
-    0x4053a249,
-    0x4054225e,
-    0x4054a281,
-    0x405522ac,
-    0x4055a2e9,
-    0x4056230e,
-    0x4056a327,
-    0x4057233f,
-    0x4057a352,
-    0x40582367,
-    0x4058a38e,
-    0x405923bd,
-    0x4059a3ea,
-    0x405a23fe,
-    0x405aa40e,
-    0x405b2426,
-    0x405ba437,
-    0x405c244a,
-    0x405ca489,
-    0x405d2496,
-    0x405da4bb,
-    0x405e24f9,
-    0x405e8ac0,
-    0x405f2534,
-    0x405fa541,
-    0x4060254f,
-    0x4060a571,
-    0x406125d2,
-    0x4061a60a,
-    0x40622621,
-    0x4062a632,
-    0x4063267f,
-    0x4063a694,
-    0x406426ab,
-    0x4064a6d7,
-    0x406526f2,
-    0x4065a709,
-    0x40662721,
-    0x4066a74b,
-    0x40672776,
-    0x4067a7bb,
-    0x40682803,
-    0x4068a824,
-    0x40692856,
-    0x4069a884,
-    0x406a28a5,
-    0x406aa8c5,
-    0x406b2a4d,
-    0x406baa70,
-    0x406c2a86,
-    0x406cad90,
-    0x406d2dbf,
-    0x406dade7,
-    0x406e2e15,
-    0x406eae62,
-    0x406f2ebb,
-    0x406faef3,
-    0x40702f06,
-    0x4070af23,
-    0x4071080f,
-    0x4071af35,
-    0x40722f48,
-    0x4072af7e,
-    0x40732f96,
-    0x40739525,
-    0x40742faa,
-    0x4074afc4,
-    0x40752fd5,
-    0x4075afe9,
-    0x40762ff7,
-    0x407692e9,
-    0x4077301c,
-    0x4077b05c,
-    0x40783077,
-    0x4078b0b0,
-    0x407930c7,
-    0x4079b0dd,
-    0x407a3109,
-    0x407ab11c,
-    0x407b3131,
-    0x407bb143,
-    0x407c3174,
-    0x407cb17d,
-    0x407d283f,
-    0x407da15c,
-    0x407e308c,
-    0x407ea39e,
-    0x407f1db0,
-    0x407f9f83,
-    0x408020e6,
-    0x40809dd8,
-    0x4081220c,
-    0x4081a08a,
-    0x40822e00,
-    0x40829b2b,
-    0x40832379,
-    0x4083a6bc,
-    0x40841dec,
-    0x4084a3d6,
-    0x4085245b,
-    0x4085a599,
-    0x408624db,
-    0x4086a176,
-    0x40872e46,
-    0x4087a5e7,
-    0x40881b69,
-    0x4088a7ce,
-    0x40891bb8,
-    0x40899b45,
-    0x408a2abe,
-    0x408a993d,
-    0x408b3158,
-    0x408baed0,
-    0x408c246b,
-    0x408c9975,
-    0x408d1ed4,
-    0x408d9e1e,
-    0x408e2004,
-    0x408ea2c9,
-    0x408f27e2,
-    0x408fa5b5,
-    0x40902797,
-    0x4090a4ad,
-    0x40912aa6,
-    0x4091999b,
-    0x40921c05,
-    0x4092ae81,
-    0x40932f61,
-    0x4093a187,
-    0x40941e00,
-    0x4094aad7,
-    0x40952643,
-    0x4095b0e9,
-    0x40962e2d,
-    0x4096a0ff,
-    0x409721d2,
-    0x4097a053,
-    0x40981c65,
-    0x4098a657,
-    0x40992e9d,
-    0x4099a2f6,
-    0x409a228f,
-    0x409a9959,
-    0x409b1e5a,
-    0x409b9e85,
-    0x409c303e,
-    0x409c9ead,
-    0x409d20bb,
-    0x409da0a0,
-    0x409e1cf6,
-    0x409ea134,
-    0x409f211c,
-    0x409f9e4d,
-    0x40a0251a,
-    0x40a0a06d,
-    0x41f42978,
-    0x41f92a0a,
-    0x41fe28fd,
-    0x41feabb3,
-    0x41ff2ce1,
-    0x42032991,
-    0x420829b3,
-    0x4208a9ef,
-    0x420928e1,
-    0x4209aa29,
-    0x420a2938,
-    0x420aa918,
-    0x420b2958,
-    0x420ba9d1,
-    0x420c2cfd,
-    0x420caae7,
-    0x420d2b9a,
-    0x420dabd1,
-    0x42122c04,
-    0x42172cc4,
-    0x4217ac46,
-    0x421c2c68,
-    0x421f2c23,
-    0x42212d75,
-    0x42262ca7,
-    0x422b2d53,
-    0x422bab75,
-    0x422c2d35,
-    0x422cab28,
-    0x422d2b01,
-    0x422dad14,
-    0x422e2b54,
-    0x42302c83,
-    0x4230abeb,
-    0x4432073a,
-    0x44328749,
-    0x44330755,
-    0x44338763,
-    0x44340776,
-    0x44348787,
-    0x4435078e,
-    0x44358798,
-    0x443607ab,
-    0x443687c1,
-    0x443707d3,
-    0x443787e0,
-    0x443807ef,
-    0x443887f7,
-    0x4439080f,
-    0x4439881d,
-    0x443a0830,
-    0x48321313,
-    0x48329325,
-    0x4833133b,
-    0x48339354,
-    0x4c321379,
-    0x4c329389,
-    0x4c33139c,
-    0x4c3393bc,
+    0x40451d53,
+    0x40459d65,
+    0x40461d89,
+    0x40469da9,
+    0x40471db7,
+    0x40479dde,
+    0x40481e4f,
+    0x40489f09,
+    0x40491f20,
+    0x40499f3a,
+    0x404a1f51,
+    0x404a9f6f,
+    0x404b1f87,
+    0x404b9fb4,
+    0x404c1fca,
+    0x404c9fdc,
+    0x404d1ffd,
+    0x404da036,
+    0x404e204a,
+    0x404ea057,
+    0x404f20f1,
+    0x404fa167,
+    0x405021be,
+    0x4050a1d2,
+    0x40512205,
+    0x40522215,
+    0x4052a239,
+    0x40532251,
+    0x4053a264,
+    0x40542279,
+    0x4054a29c,
+    0x405522c7,
+    0x4055a304,
+    0x40562329,
+    0x4056a342,
+    0x4057235a,
+    0x4057a36d,
+    0x40582382,
+    0x4058a3a9,
+    0x405923d8,
+    0x4059a405,
+    0x405a2419,
+    0x405aa429,
+    0x405b2441,
+    0x405ba452,
+    0x405c2465,
+    0x405ca4a4,
+    0x405d24b1,
+    0x405da4d6,
+    0x405e2514,
+    0x405e8adb,
+    0x405f254f,
+    0x405fa55c,
+    0x4060256a,
+    0x4060a58c,
+    0x406125ed,
+    0x4061a625,
+    0x4062263c,
+    0x4062a64d,
+    0x4063269a,
+    0x4063a6af,
+    0x406426c6,
+    0x4064a6f2,
+    0x4065270d,
+    0x4065a724,
+    0x4066273c,
+    0x4066a766,
+    0x40672791,
+    0x4067a7d6,
+    0x4068281e,
+    0x4068a83f,
+    0x40692871,
+    0x4069a89f,
+    0x406a28c0,
+    0x406aa8e0,
+    0x406b2a68,
+    0x406baa8b,
+    0x406c2aa1,
+    0x406cadab,
+    0x406d2dda,
+    0x406dae02,
+    0x406e2e30,
+    0x406eae7d,
+    0x406f2ed6,
+    0x406faf0e,
+    0x40702f21,
+    0x4070af3e,
+    0x4071082a,
+    0x4071af50,
+    0x40722f63,
+    0x4072af99,
+    0x40732fb1,
+    0x40739540,
+    0x40742fc5,
+    0x4074afdf,
+    0x40752ff0,
+    0x4075b004,
+    0x40763012,
+    0x40769304,
+    0x40773037,
+    0x4077b077,
+    0x40783092,
+    0x4078b0cb,
+    0x407930e2,
+    0x4079b0f8,
+    0x407a3124,
+    0x407ab137,
+    0x407b314c,
+    0x407bb15e,
+    0x407c318f,
+    0x407cb198,
+    0x407d285a,
+    0x407da177,
+    0x407e30a7,
+    0x407ea3b9,
+    0x407f1dcb,
+    0x407f9f9e,
+    0x40802101,
+    0x40809df3,
+    0x40812227,
+    0x4081a0a5,
+    0x40822e1b,
+    0x40829b46,
+    0x40832394,
+    0x4083a6d7,
+    0x40841e07,
+    0x4084a3f1,
+    0x40852476,
+    0x4085a5b4,
+    0x408624f6,
+    0x4086a191,
+    0x40872e61,
+    0x4087a602,
+    0x40881b84,
+    0x4088a7e9,
+    0x40891bd3,
+    0x40899b60,
+    0x408a2ad9,
+    0x408a9958,
+    0x408b3173,
+    0x408baeeb,
+    0x408c2486,
+    0x408c9990,
+    0x408d1eef,
+    0x408d9e39,
+    0x408e201f,
+    0x408ea2e4,
+    0x408f27fd,
+    0x408fa5d0,
+    0x409027b2,
+    0x4090a4c8,
+    0x40912ac1,
+    0x409199b6,
+    0x40921c20,
+    0x4092ae9c,
+    0x40932f7c,
+    0x4093a1a2,
+    0x40941e1b,
+    0x4094aaf2,
+    0x4095265e,
+    0x4095b104,
+    0x40962e48,
+    0x4096a11a,
+    0x409721ed,
+    0x4097a06e,
+    0x40981c80,
+    0x4098a672,
+    0x40992eb8,
+    0x4099a311,
+    0x409a22aa,
+    0x409a9974,
+    0x409b1e75,
+    0x409b9ea0,
+    0x409c3059,
+    0x409c9ec8,
+    0x409d20d6,
+    0x409da0bb,
+    0x409e1d11,
+    0x409ea14f,
+    0x409f2137,
+    0x409f9e68,
+    0x40a02535,
+    0x40a0a088,
+    0x41f42993,
+    0x41f92a25,
+    0x41fe2918,
+    0x41feabce,
+    0x41ff2cfc,
+    0x420329ac,
+    0x420829ce,
+    0x4208aa0a,
+    0x420928fc,
+    0x4209aa44,
+    0x420a2953,
+    0x420aa933,
+    0x420b2973,
+    0x420ba9ec,
+    0x420c2d18,
+    0x420cab02,
+    0x420d2bb5,
+    0x420dabec,
+    0x42122c1f,
+    0x42172cdf,
+    0x4217ac61,
+    0x421c2c83,
+    0x421f2c3e,
+    0x42212d90,
+    0x42262cc2,
+    0x422b2d6e,
+    0x422bab90,
+    0x422c2d50,
+    0x422cab43,
+    0x422d2b1c,
+    0x422dad2f,
+    0x422e2b6f,
+    0x42302c9e,
+    0x4230ac06,
+    0x44320755,
+    0x44328764,
+    0x44330770,
+    0x4433877e,
+    0x44340791,
+    0x443487a2,
+    0x443507a9,
+    0x443587b3,
+    0x443607c6,
+    0x443687dc,
+    0x443707ee,
+    0x443787fb,
+    0x4438080a,
+    0x44388812,
+    0x4439082a,
+    0x44398838,
+    0x443a084b,
+    0x4832132e,
+    0x48329340,
+    0x48331356,
+    0x4833936f,
+    0x4c321394,
+    0x4c3293a4,
+    0x4c3313b7,
+    0x4c3393d7,
     0x4c3400b9,
     0x4c3480f7,
-    0x4c3513c8,
-    0x4c3593d6,
-    0x4c3613f2,
-    0x4c369418,
-    0x4c371427,
-    0x4c379435,
-    0x4c38144a,
-    0x4c389456,
-    0x4c391476,
-    0x4c3994a0,
-    0x4c3a14b9,
-    0x4c3a94d2,
-    0x4c3b060a,
-    0x4c3b94eb,
-    0x4c3c14fd,
-    0x4c3c950c,
-    0x4c3d1525,
-    0x4c3d8c54,
-    0x4c3e1592,
-    0x4c3e9534,
-    0x4c3f15b4,
-    0x4c3f92e9,
-    0x4c40154a,
-    0x4c409365,
-    0x4c411582,
-    0x4c419405,
-    0x4c42156e,
-    0x503234e7,
-    0x5032b4f6,
-    0x50333501,
-    0x5033b511,
-    0x5034352a,
-    0x5034b544,
-    0x50353552,
-    0x5035b568,
-    0x5036357a,
-    0x5036b590,
-    0x503735a9,
-    0x5037b5bc,
-    0x503835d4,
-    0x5038b5e5,
-    0x503935fa,
-    0x5039b60e,
-    0x503a362e,
-    0x503ab644,
-    0x503b365c,
-    0x503bb66e,
-    0x503c368a,
-    0x503cb6a1,
-    0x503d36ba,
-    0x503db6d0,
-    0x503e36dd,
-    0x503eb6f3,
-    0x503f3705,
-    0x503f8388,
-    0x50403718,
-    0x5040b728,
-    0x50413742,
-    0x5041b751,
-    0x5042376b,
-    0x5042b788,
-    0x50433798,
-    0x5043b7a8,
-    0x504437c5,
-    0x5044843e,
-    0x504537d9,
-    0x5045b7f7,
-    0x5046380a,
-    0x5046b820,
-    0x50473832,
-    0x5047b847,
-    0x5048386d,
-    0x5048b87b,
-    0x5049388e,
-    0x5049b8a3,
-    0x504a38b9,
-    0x504ab8c9,
-    0x504b38e9,
-    0x504bb8fc,
-    0x504c391f,
-    0x504cb94d,
-    0x504d397a,
-    0x504db997,
-    0x504e39b2,
-    0x504eb9ce,
-    0x504f39e0,
-    0x504fb9f7,
-    0x50503a06,
-    0x505086fe,
-    0x50513a19,
-    0x5051b7b7,
-    0x5052395f,
-    0x58320f72,
-    0x68320f34,
-    0x68328c8c,
-    0x68330c9f,
-    0x68338f42,
-    0x68340f52,
+    0x4c3513e3,
+    0x4c3593f1,
+    0x4c36140d,
+    0x4c369433,
+    0x4c371442,
+    0x4c379450,
+    0x4c381465,
+    0x4c389471,
+    0x4c391491,
+    0x4c3994bb,
+    0x4c3a14d4,
+    0x4c3a94ed,
+    0x4c3b0625,
+    0x4c3b9506,
+    0x4c3c1518,
+    0x4c3c9527,
+    0x4c3d1540,
+    0x4c3d8c6f,
+    0x4c3e15ad,
+    0x4c3e954f,
+    0x4c3f15cf,
+    0x4c3f9304,
+    0x4c401565,
+    0x4c409380,
+    0x4c41159d,
+    0x4c419420,
+    0x4c421589,
+    0x50323502,
+    0x5032b511,
+    0x5033351c,
+    0x5033b52c,
+    0x50343545,
+    0x5034b55f,
+    0x5035356d,
+    0x5035b583,
+    0x50363595,
+    0x5036b5ab,
+    0x503735c4,
+    0x5037b5d7,
+    0x503835ef,
+    0x5038b600,
+    0x50393615,
+    0x5039b629,
+    0x503a3649,
+    0x503ab65f,
+    0x503b3677,
+    0x503bb689,
+    0x503c36a5,
+    0x503cb6bc,
+    0x503d36d5,
+    0x503db6eb,
+    0x503e36f8,
+    0x503eb70e,
+    0x503f3720,
+    0x503f83a3,
+    0x50403733,
+    0x5040b743,
+    0x5041375d,
+    0x5041b76c,
+    0x50423786,
+    0x5042b7a3,
+    0x504337b3,
+    0x5043b7c3,
+    0x504437e0,
+    0x50448459,
+    0x504537f4,
+    0x5045b812,
+    0x50463825,
+    0x5046b83b,
+    0x5047384d,
+    0x5047b862,
+    0x50483888,
+    0x5048b896,
+    0x504938a9,
+    0x5049b8be,
+    0x504a38d4,
+    0x504ab8e4,
+    0x504b3904,
+    0x504bb917,
+    0x504c393a,
+    0x504cb968,
+    0x504d3995,
+    0x504db9b2,
+    0x504e39cd,
+    0x504eb9e9,
+    0x504f39fb,
+    0x504fba12,
+    0x50503a21,
+    0x50508719,
+    0x50513a34,
+    0x5051b7d2,
+    0x5052397a,
+    0x58320f8d,
+    0x68320f4f,
+    0x68328ca7,
+    0x68330cba,
+    0x68338f5d,
+    0x68340f6d,
     0x683480f7,
-    0x6c320efa,
-    0x6c328c43,
-    0x6c330f05,
-    0x6c338f1e,
-    0x74320a28,
+    0x6c320f15,
+    0x6c328c5e,
+    0x6c330f20,
+    0x6c338f39,
+    0x74320a43,
     0x743280b9,
-    0x74330c54,
-    0x7832098d,
-    0x783289a2,
-    0x783309ae,
+    0x74330c6f,
+    0x783209a8,
+    0x783289bd,
+    0x783309c9,
     0x78338090,
-    0x783409bd,
-    0x783489d2,
-    0x783509f1,
-    0x78358a13,
-    0x78360a28,
-    0x78368a3e,
-    0x78370a4e,
-    0x78378a6f,
-    0x78380a82,
-    0x78388a94,
-    0x78390aa1,
-    0x78398ac0,
-    0x783a0ad5,
-    0x783a8ae3,
-    0x783b0aed,
-    0x783b8b01,
-    0x783c0b18,
-    0x783c8b2d,
-    0x783d0b44,
-    0x783d8b59,
-    0x783e0aaf,
-    0x783e8a61,
-    0x7c321202,
-    0x80321418,
+    0x783409d8,
+    0x783489ed,
+    0x78350a0c,
+    0x78358a2e,
+    0x78360a43,
+    0x78368a59,
+    0x78370a69,
+    0x78378a8a,
+    0x78380a9d,
+    0x78388aaf,
+    0x78390abc,
+    0x78398adb,
+    0x783a0af0,
+    0x783a8afe,
+    0x783b0b08,
+    0x783b8b1c,
+    0x783c0b33,
+    0x783c8b48,
+    0x783d0b5f,
+    0x783d8b74,
+    0x783e0aca,
+    0x783e8a7c,
+    0x7c32121d,
+    0x80321433,
     0x80328090,
-    0x8033323a,
+    0x80333255,
     0x803380b9,
-    0x80343249,
-    0x8034b1b1,
-    0x803531cf,
-    0x8035b25d,
-    0x80363211,
-    0x8036b1c0,
-    0x80373203,
-    0x8037b19e,
-    0x80383224,
-    0x8038b1e0,
-    0x803931f5,
+    0x80343264,
+    0x8034b1cc,
+    0x803531ea,
+    0x8035b278,
+    0x8036322c,
+    0x8036b1db,
+    0x8037321e,
+    0x8037b1b9,
+    0x8038323f,
+    0x8038b1fb,
+    0x80393210,
 };
 
 const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]);
@@ -847,6 +848,7 @@
     "INTEGER_NOT_ASCII_FORMAT\0"
     "INTEGER_TOO_LARGE_FOR_LONG\0"
     "INVALID_BIT_STRING_BITS_LEFT\0"
+    "INVALID_BIT_STRING_PADDING\0"
     "INVALID_BMPSTRING\0"
     "INVALID_DIGIT\0"
     "INVALID_MODIFIER\0"
diff --git a/src/crypto/asn1/a_bitstr.c b/src/crypto/asn1/a_bitstr.c
index 7ce8cca..1bb58e2 100644
--- a/src/crypto/asn1/a_bitstr.c
+++ b/src/crypto/asn1/a_bitstr.c
@@ -159,11 +159,20 @@
 
     p = *pp;
     padding = *(p++);
+    len--;
     if (padding > 7) {
         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
         goto err;
     }
 
+    /* Unused bits in a BIT STRING must be zero. */
+    uint8_t padding_mask = (1 << padding) - 1;
+    if (padding != 0 &&
+        (len < 1 || (p[len - 1] & padding_mask) != 0)) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_PADDING);
+        goto err;
+    }
+
     /*
      * We do this to preserve the settings.  If we modify the settings, via
      * the _set_bit function, we will recalculate on output
@@ -171,21 +180,19 @@
     ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
     ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); /* set */
 
-    if (len-- > 1) {            /* using one because of the bits left byte */
-        s = (unsigned char *)OPENSSL_malloc((int)len);
+    if (len > 0) {
+        s = OPENSSL_memdup(p, len);
         if (s == NULL) {
             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        OPENSSL_memcpy(s, p, (int)len);
-        s[len - 1] &= (0xff << padding);
         p += len;
-    } else
+    } else {
         s = NULL;
+    }
 
     ret->length = (int)len;
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
+    OPENSSL_free(ret->data);
     ret->data = s;
     ret->type = V_ASN1_BIT_STRING;
     if (a != NULL)
diff --git a/src/crypto/asn1/a_object.c b/src/crypto/asn1/a_object.c
index 0de3141..30a656d 100644
--- a/src/crypto/asn1/a_object.c
+++ b/src/crypto/asn1/a_object.c
@@ -146,29 +146,29 @@
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
                              long length)
 {
-    const unsigned char *p;
     long len;
     int tag, xclass;
-    int inf, i;
-    ASN1_OBJECT *ret = NULL;
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    const unsigned char *p = *pp;
+    int inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
     if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER);
+        return NULL;
     }
 
-    if (tag != V_ASN1_OBJECT) {
-        i = ASN1_R_EXPECTING_AN_OBJECT;
-        goto err;
+    if (inf & V_ASN1_CONSTRUCTED) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE);
+        return NULL;
     }
-    ret = c2i_ASN1_OBJECT(a, &p, len);
-    if (ret)
+
+    if (tag != V_ASN1_OBJECT || xclass != V_ASN1_UNIVERSAL) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPECTING_AN_OBJECT);
+        return NULL;
+    }
+    ASN1_OBJECT *ret = c2i_ASN1_OBJECT(a, &p, len);
+    if (ret) {
         *pp = p;
+    }
     return ret;
- err:
-    OPENSSL_PUT_ERROR(ASN1, i);
-    return (NULL);
 }
 
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
diff --git a/src/crypto/asn1/asn1_lib.c b/src/crypto/asn1/asn1_lib.c
index 1954bea..fbf4d68 100644
--- a/src/crypto/asn1/asn1_lib.c
+++ b/src/crypto/asn1/asn1_lib.c
@@ -104,8 +104,7 @@
 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_TAG)
 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_TYPE)
 
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           long max);
+static int asn1_get_length(const unsigned char **pp, long *rl, long max);
 static void asn1_put_length(unsigned char **pp, int length);
 
 int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
@@ -114,7 +113,7 @@
     int i, ret;
     long l;
     const unsigned char *p = *pp;
-    int tag, xclass, inf;
+    int tag, xclass;
     long max = omax;
 
     if (!max)
@@ -153,54 +152,43 @@
 
     *ptag = tag;
     *pclass = xclass;
-    if (!asn1_get_length(&p, &inf, plength, max))
+    if (!asn1_get_length(&p, plength, max))
         goto err;
 
-    if (inf && !(ret & V_ASN1_CONSTRUCTED))
-        goto err;
-
-#if 0
-    fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",
-            (int)p, *plength, omax, (int)*pp, (int)(p + *plength),
-            (int)(omax + *pp));
-
-#endif
     if (*plength > (omax - (p - *pp))) {
         OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
         return 0x80;
     }
     *pp = p;
-    return (ret | inf);
+    return ret;
  err:
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
     return 0x80;
 }
 
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           long max)
+static int asn1_get_length(const unsigned char **pp, long *rl, long max)
 {
     const unsigned char *p = *pp;
     unsigned long ret = 0;
     unsigned long i;
 
-    if (max-- < 1)
+    if (max-- < 1) {
         return 0;
+    }
     if (*p == 0x80) {
-        *inf = 1;
-        ret = 0;
-        p++;
+        /* We do not support BER indefinite-length encoding. */
+        return 0;
+    }
+    i = *p & 0x7f;
+    if (*(p++) & 0x80) {
+        if (i > sizeof(ret) || max < (long)i)
+            return 0;
+        while (i-- > 0) {
+            ret <<= 8L;
+            ret |= *(p++);
+        }
     } else {
-        *inf = 0;
-        i = *p & 0x7f;
-        if (*(p++) & 0x80) {
-            if (i > sizeof(ret) || max < (long)i)
-                return 0;
-            while (i-- > 0) {
-                ret <<= 8L;
-                ret |= *(p++);
-            }
-        } else
-            ret = i;
+        ret = i;
     }
     /*
      * Bound the length to comfortably fit in an int. Lengths in this module
diff --git a/src/crypto/asn1/asn1_test.cc b/src/crypto/asn1/asn1_test.cc
index 96f9f9c..ab9cb01 100644
--- a/src/crypto/asn1/asn1_test.cc
+++ b/src/crypto/asn1/asn1_test.cc
@@ -266,7 +266,7 @@
   EXPECT_FALSE(val->value.ptr);
 }
 
-TEST(ASN1Test, ASN1ObjectReuse) {
+TEST(ASN1Test, ParseASN1Object) {
   // 1.2.840.113554.4.1.72585.2, an arbitrary unknown OID.
   static const uint8_t kOID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
                                  0x04, 0x01, 0x84, 0xb7, 0x09, 0x02};
@@ -277,16 +277,48 @@
   // OBJECT_IDENTIFIER { 1.3.101.112 }
   static const uint8_t kDER[] = {0x06, 0x03, 0x2b, 0x65, 0x70};
   const uint8_t *ptr = kDER;
+  // Parse an |ASN1_OBJECT| with object reuse.
   EXPECT_TRUE(d2i_ASN1_OBJECT(&obj, &ptr, sizeof(kDER)));
   EXPECT_EQ(NID_ED25519, OBJ_obj2nid(obj));
   ASN1_OBJECT_free(obj);
 
-  // Repeat the test, this time overriding a static |ASN1_OBJECT|.
+  // Repeat the test, this time overriding a static |ASN1_OBJECT|. It should
+  // detect this and construct a new one.
   obj = OBJ_nid2obj(NID_rsaEncryption);
   ptr = kDER;
   EXPECT_TRUE(d2i_ASN1_OBJECT(&obj, &ptr, sizeof(kDER)));
   EXPECT_EQ(NID_ED25519, OBJ_obj2nid(obj));
   ASN1_OBJECT_free(obj);
+
+  const std::vector<uint8_t> kInvalidObjects[] = {
+      // No tag header.
+      {},
+      // No length.
+      {0x06},
+      // Truncated contents.
+      {0x06, 0x01},
+      // An OID may not be empty.
+      {0x06, 0x00},
+      // The last byte may not be a continuation byte (high bit set).
+      {0x06, 0x03, 0x2b, 0x65, 0xf0},
+      // Each component must be minimally-encoded.
+      {0x06, 0x03, 0x2b, 0x65, 0x80, 0x70},
+      {0x06, 0x03, 0x80, 0x2b, 0x65, 0x70},
+      // Wrong tag number.
+      {0x01, 0x03, 0x2b, 0x65, 0x70},
+      // Wrong tag class.
+      {0x86, 0x03, 0x2b, 0x65, 0x70},
+      // Element is constructed.
+      {0x26, 0x03, 0x2b, 0x65, 0x70},
+  };
+  for (const auto &invalid : kInvalidObjects) {
+    SCOPED_TRACE(Bytes(invalid));
+    ptr = invalid.data();
+    obj = d2i_ASN1_OBJECT(nullptr, &ptr, invalid.size());
+    EXPECT_FALSE(obj);
+    ASN1_OBJECT_free(obj);
+    ERR_clear_error();
+  }
 }
 
 TEST(ASN1Test, BitString) {
@@ -337,11 +369,10 @@
       // Leading byte too high
       {0x03, 0x02, 0x08, 0x00},
       {0x03, 0x02, 0xff, 0x00},
-      // TODO(https://crbug.com/boringssl/354): Reject these inputs.
       // Empty bit strings must have a zero leading byte.
-      // {0x03, 0x01, 0x01},
+      {0x03, 0x01, 0x01},
       // Unused bits must all be zero.
-      // {0x03, 0x02, 0x06, 0xc1 /* 0b11000001 */},
+      {0x03, 0x02, 0x06, 0xc1 /* 0b11000001 */},
   };
   for (const auto &test : kInvalidInputs) {
     SCOPED_TRACE(Bytes(test));
@@ -1678,6 +1709,11 @@
   int tag_class;
   EXPECT_EQ(0x80, ASN1_get_object(&ptr, &length, &tag, &tag_class,
                                   sizeof(kTruncated)));
+
+  static const uint8_t kIndefinite[] = {0x30, 0x80, 0x00, 0x00};
+  ptr = kIndefinite;
+  EXPECT_EQ(0x80, ASN1_get_object(&ptr, &length, &tag, &tag_class,
+                                  sizeof(kIndefinite)));
 }
 
 // The ASN.1 macros do not work on Windows shared library builds, where usage of
diff --git a/src/crypto/asn1/tasn_dec.c b/src/crypto/asn1/tasn_dec.c
index c45be7a..beb9a0b 100644
--- a/src/crypto/asn1/tasn_dec.c
+++ b/src/crypto/asn1/tasn_dec.c
@@ -75,11 +75,9 @@
 #define ASN1_MAX_CONSTRUCTED_NEST 30
 
 static int asn1_check_eoc(const unsigned char **in, long len);
-static int asn1_find_end(const unsigned char **in, long len, char inf);
 
 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-                           char *inf, char *cst,
-                           const unsigned char **in, long len,
+                           char *cst, const unsigned char **in, long len,
                            int exptag, int expclass, char opt, ASN1_TLC *ctx);
 
 static int asn1_template_ex_d2i(ASN1_VALUE **pval,
@@ -166,7 +164,7 @@
     const ASN1_EXTERN_FUNCS *ef;
     const unsigned char *p = NULL, *q;
     unsigned char oclass;
-    char seq_eoc, seq_nolen, cst, isopt;
+    char cst, isopt;
     int i;
     int otag;
     int ret = 0;
@@ -222,7 +220,7 @@
 
         p = *in;
         /* Just read in tag and class */
-        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL,
                               &p, len, -1, 0, 1, ctx);
         if (!ret) {
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
@@ -328,15 +326,13 @@
             aclass = V_ASN1_UNIVERSAL;
         }
         /* Get SEQUENCE length and update len, p */
-        ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+        ret = asn1_check_tlen(&len, NULL, NULL, &cst,
                               &p, len, tag, aclass, opt, ctx);
         if (!ret) {
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
             goto err;
         } else if (ret == -1)
             return -1;
-        /* If indefinite we don't do a length check */
-        seq_nolen = seq_eoc;
         if (!cst) {
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
             goto err;
@@ -377,15 +373,12 @@
             if (!len)
                 break;
             q = p;
+            /* TODO(https://crbug.com/boringssl/455): Although we've removed
+             * indefinite-length support, this check is not quite a no-op.
+             * Reject [UNIVERSAL 0] in the tag parsers themselves. */
             if (asn1_check_eoc(&p, len)) {
-                if (!seq_eoc) {
-                    OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
-                    goto err;
-                }
-                len -= p - q;
-                seq_eoc = 0;
-                q = p;
-                break;
+                OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
+                goto err;
             }
             /*
              * This determines the OPTIONAL flag value. The field cannot be
@@ -417,13 +410,8 @@
             len -= p - q;
         }
 
-        /* Check for EOC if expecting one */
-        if (seq_eoc && !asn1_check_eoc(&p, len)) {
-            OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
-            goto err;
-        }
         /* Check all data read */
-        if (!seq_nolen && len) {
+        if (len) {
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
             goto err;
         }
@@ -494,7 +482,6 @@
     int ret;
     long len;
     const unsigned char *p, *q;
-    char exp_eoc;
     if (!val)
         return 0;
     flags = tt->flags;
@@ -509,7 +496,7 @@
          * Need to work out amount of data available to the inner content and
          * where it starts: so read in EXPLICIT header to get the info.
          */
-        ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+        ret = asn1_check_tlen(&len, NULL, NULL, &cst,
                               &p, inlen, tt->tag, aclass, opt, ctx);
         q = p;
         if (!ret) {
@@ -529,20 +516,10 @@
         }
         /* We read the field in OK so update length */
         len -= p - q;
-        if (exp_eoc) {
-            /* If NDEF we must have an EOC here */
-            if (!asn1_check_eoc(&p, len)) {
-                OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
-                goto err;
-            }
-        } else {
-            /*
-             * Otherwise we must hit the EXPLICIT tag end or its an error
-             */
-            if (len) {
-                OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
-                goto err;
-            }
+        /* Check for trailing data. */
+        if (len) {
+            OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+            goto err;
         }
     } else
         return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
@@ -573,7 +550,6 @@
     if (flags & ASN1_TFLG_SK_MASK) {
         /* SET OF, SEQUENCE OF */
         int sktag, skaclass;
-        char sk_eoc;
         /* First work out expected inner tag value */
         if (flags & ASN1_TFLG_IMPTAG) {
             sktag = tt->tag;
@@ -586,7 +562,7 @@
                 sktag = V_ASN1_SEQUENCE;
         }
         /* Get the tag */
-        ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+        ret = asn1_check_tlen(&len, NULL, NULL, NULL,
                               &p, len, sktag, skaclass, opt, ctx);
         if (!ret) {
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
@@ -616,15 +592,12 @@
         while (len > 0) {
             ASN1_VALUE *skfield;
             const unsigned char *q = p;
-            /* See if EOC found */
+            /* TODO(https://crbug.com/boringssl/455): Although we've removed
+             * indefinite-length support, this check is not quite a no-op.
+             * Reject [UNIVERSAL 0] in the tag parsers themselves. */
             if (asn1_check_eoc(&p, len)) {
-                if (!sk_eoc) {
-                    OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
-                    goto err;
-                }
-                len -= p - q;
-                sk_eoc = 0;
-                break;
+                OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
+                goto err;
             }
             skfield = NULL;
              if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
@@ -639,10 +612,6 @@
                 goto err;
             }
         }
-        if (sk_eoc) {
-            OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
-            goto err;
-        }
     } else if (flags & ASN1_TFLG_IMPTAG) {
         /* IMPLICIT tagging */
         ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
@@ -679,7 +648,7 @@
 {
     int ret = 0, utype;
     long plen;
-    char cst, inf;
+    char cst;
     const unsigned char *p;
     const unsigned char *cont = NULL;
     long len;
@@ -706,7 +675,7 @@
             return 0;
         }
         p = *in;
-        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL,
                               &p, inlen, -1, 0, 0, ctx);
         if (!ret) {
             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
@@ -721,7 +690,7 @@
     }
     p = *in;
     /* Check header */
-    ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+    ret = asn1_check_tlen(&plen, NULL, NULL, &cst,
                           &p, inlen, tag, aclass, opt, ctx);
     if (!ret) {
         OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
@@ -746,15 +715,8 @@
         }
 
         cont = *in;
-        /* If indefinite length constructed find the real end */
-        if (inf) {
-            if (!asn1_find_end(&p, plen, inf))
-                goto err;
-            len = p - cont;
-        } else {
-            len = p - cont + plen;
-            p += plen;
-        }
+        len = p - cont + plen;
+        p += plen;
     } else if (cst) {
         /* This parser historically supported BER constructed strings. We no
          * longer do and will gradually tighten this parser into a DER
@@ -906,59 +868,6 @@
     return ret;
 }
 
-/*
- * This function finds the end of an ASN1 structure when passed its maximum
- * length, whether it is indefinite length and a pointer to the content. This
- * is more efficient than calling asn1_collect because it does not recurse on
- * each indefinite length header.
- */
-
-static int asn1_find_end(const unsigned char **in, long len, char inf)
-{
-    int expected_eoc;
-    long plen;
-    const unsigned char *p = *in, *q;
-    /* If not indefinite length constructed just add length */
-    if (inf == 0) {
-        *in += len;
-        return 1;
-    }
-    expected_eoc = 1;
-    /*
-     * Indefinite length constructed form. Find the end when enough EOCs are
-     * found. If more indefinite length constructed headers are encountered
-     * increment the expected eoc count otherwise just skip to the end of the
-     * data.
-     */
-    while (len > 0) {
-        if (asn1_check_eoc(&p, len)) {
-            expected_eoc--;
-            if (expected_eoc == 0)
-                break;
-            len -= 2;
-            continue;
-        }
-        q = p;
-        /* Just read in a header: only care about the length */
-        if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
-                             -1, 0, 0, NULL)) {
-            OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
-            return 0;
-        }
-        if (inf)
-            expected_eoc++;
-        else
-            p += plen;
-        len -= p - q;
-    }
-    if (expected_eoc) {
-        OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
-        return 0;
-    }
-    *in = p;
-    return 1;
-}
-
 /* Check for ASN1 EOC and swallow it if found */
 
 static int asn1_check_eoc(const unsigned char **in, long len)
@@ -975,15 +884,12 @@
 }
 
 /*
- * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
- * length for indefinite length constructed form, we don't know the exact
- * length but we can set an upper bound to the amount of data available minus
- * the header length just read.
+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it handles
+ * the ASN1_TLC cache and checks the expected tag.
  */
 
 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-                           char *inf, char *cst,
-                           const unsigned char **in, long len,
+                           char *cst, const unsigned char **in, long len,
                            int exptag, int expclass, char opt, ASN1_TLC *ctx)
 {
     int i;
@@ -1009,10 +915,13 @@
             ctx->hdrlen = p - q;
             ctx->valid = 1;
             /*
-             * If definite length, and no error, length + header can't exceed
-             * total amount of data available.
+             * If no error, length + header can't exceed total amount of data
+             * available.
+             *
+             * TODO(davidben): Is this check necessary? |ASN1_get_object|
+             * should already guarantee this.
              */
-            if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+            if (!(i & 0x80) && ((plen + ctx->hdrlen) > len)) {
                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
                 asn1_tlc_clear(ctx);
                 return 0;
@@ -1043,12 +952,6 @@
         asn1_tlc_clear(ctx);
     }
 
-    if (i & 1)
-        plen = len - (p - q);
-
-    if (inf)
-        *inf = i & 1;
-
     if (cst)
         *cst = i & V_ASN1_CONSTRUCTED;
 
diff --git a/src/crypto/bytestring/ber.c b/src/crypto/bytestring/ber.c
index fd35e97..e7f67dd 100644
--- a/src/crypto/bytestring/ber.c
+++ b/src/crypto/bytestring/ber.c
@@ -29,11 +29,10 @@
 // is_string_type returns one if |tag| is a string type and zero otherwise. It
 // ignores the constructed bit.
 static int is_string_type(unsigned tag) {
+  // While BER supports constructed BIT STRINGS, OpenSSL misparses them. To
+  // avoid acting on an ambiguous input, we do not support constructed BIT
+  // STRINGS. See https://github.com/openssl/openssl/issues/12810.
   switch (tag & ~CBS_ASN1_CONSTRUCTED) {
-    // TODO(davidben): Reject constructed BIT STRINGs. The current handling
-    // matches OpenSSL but is incorrect. See
-    // https://github.com/openssl/openssl/issues/12810.
-    case CBS_ASN1_BITSTRING:
     case CBS_ASN1_OCTETSTRING:
     case CBS_ASN1_UTF8STRING:
     case CBS_ASN1_NUMERICSTRING:
diff --git a/src/crypto/bytestring/bytestring_test.cc b/src/crypto/bytestring/bytestring_test.cc
index 0877a2e..985e38c 100644
--- a/src/crypto/bytestring/bytestring_test.cc
+++ b/src/crypto/bytestring/bytestring_test.cc
@@ -22,6 +22,7 @@
 
 #include <openssl/bytestring.h>
 #include <openssl/crypto.h>
+#include <openssl/span.h>
 
 #include "internal.h"
 #include "../internal.h"
@@ -594,22 +595,22 @@
   EXPECT_EQ(Bytes(test_data.data(), test_data.size()), Bytes(buf + 10, 100000));
 }
 
-static void ExpectBerConvert(const char *name, const uint8_t *der_expected,
-                             size_t der_len, const uint8_t *ber,
-                             size_t ber_len) {
+static void ExpectBerConvert(const char *name,
+                             bssl::Span<const uint8_t> der_expected,
+                             bssl::Span<const uint8_t> ber) {
   SCOPED_TRACE(name);
   CBS in, out;
   uint8_t *storage;
 
-  CBS_init(&in, ber, ber_len);
+  CBS_init(&in, ber.data(), ber.size());
   ASSERT_TRUE(CBS_asn1_ber_to_der(&in, &out, &storage));
   bssl::UniquePtr<uint8_t> scoper(storage);
 
-  EXPECT_EQ(Bytes(der_expected, der_len), Bytes(CBS_data(&out), CBS_len(&out)));
+  EXPECT_EQ(Bytes(der_expected), Bytes(CBS_data(&out), CBS_len(&out)));
   if (storage != nullptr) {
-    EXPECT_NE(Bytes(der_expected, der_len), Bytes(ber, ber_len));
+    EXPECT_NE(Bytes(der_expected), Bytes(ber));
   } else {
-    EXPECT_EQ(Bytes(der_expected, der_len), Bytes(ber, ber_len));
+    EXPECT_EQ(Bytes(der_expected), Bytes(ber));
   }
 }
 
@@ -670,22 +671,22 @@
       0xa0, 0x08, 0x04, 0x02, 0x00, 0x01, 0x04, 0x02, 0x02, 0x03,
   };
 
-  ExpectBerConvert("kSimpleBER", kSimpleBER, sizeof(kSimpleBER), kSimpleBER,
-                   sizeof(kSimpleBER));
+  // kConstructedBitString contains a BER constructed BIT STRING. These are not
+  // supported and thus are left unchanged.
+  static const uint8_t kConstructedBitStringBER[] = {
+      0x23, 0x0a, 0x03, 0x03, 0x00, 0x12, 0x34, 0x03, 0x03, 0x00, 0x56, 0x78};
+
+  ExpectBerConvert("kSimpleBER", kSimpleBER, kSimpleBER);
   ExpectBerConvert("kNonMinimalLengthBER", kNonMinimalLengthDER,
-                   sizeof(kNonMinimalLengthDER), kNonMinimalLengthBER,
-                   sizeof(kNonMinimalLengthBER));
-  ExpectBerConvert("kIndefBER", kIndefDER, sizeof(kIndefDER), kIndefBER,
-                   sizeof(kIndefBER));
-  ExpectBerConvert("kIndefBER2", kIndefDER2, sizeof(kIndefDER2), kIndefBER2,
-                   sizeof(kIndefBER2));
-  ExpectBerConvert("kOctetStringBER", kOctetStringDER, sizeof(kOctetStringDER),
-                   kOctetStringBER, sizeof(kOctetStringBER));
-  ExpectBerConvert("kNSSBER", kNSSDER, sizeof(kNSSDER), kNSSBER,
-                   sizeof(kNSSBER));
+                   kNonMinimalLengthBER);
+  ExpectBerConvert("kIndefBER", kIndefDER, kIndefBER);
+  ExpectBerConvert("kIndefBER2", kIndefDER2, kIndefBER2);
+  ExpectBerConvert("kOctetStringBER", kOctetStringDER, kOctetStringBER);
+  ExpectBerConvert("kNSSBER", kNSSDER, kNSSBER);
   ExpectBerConvert("kConstructedStringBER", kConstructedStringDER,
-                   sizeof(kConstructedStringDER), kConstructedStringBER,
-                   sizeof(kConstructedStringBER));
+                   kConstructedStringBER);
+  ExpectBerConvert("kConstructedBitStringBER", kConstructedBitStringBER,
+                   kConstructedBitStringBER);
 }
 
 struct BERTest {
diff --git a/src/crypto/err/asn1.errordata b/src/crypto/err/asn1.errordata
index 5674bda..9344621 100644
--- a/src/crypto/err/asn1.errordata
+++ b/src/crypto/err/asn1.errordata
@@ -41,6 +41,7 @@
 ASN1,139,INTEGER_NOT_ASCII_FORMAT
 ASN1,140,INTEGER_TOO_LARGE_FOR_LONG
 ASN1,141,INVALID_BIT_STRING_BITS_LEFT
+ASN1,194,INVALID_BIT_STRING_PADDING
 ASN1,142,INVALID_BMPSTRING
 ASN1,143,INVALID_DIGIT
 ASN1,144,INVALID_MODIFIER
diff --git a/src/crypto/x509/asn1_gen.c b/src/crypto/x509/asn1_gen.c
index f1a20e0..cd8185b 100644
--- a/src/crypto/x509/asn1_gen.c
+++ b/src/crypto/x509/asn1_gen.c
@@ -215,13 +215,7 @@
          * For IMPLICIT tagging the length should match the original length
          * and constructed flag should be consistent.
          */
-        if (r & 0x1) {
-            /* Indefinite length constructed */
-            hdr_constructed = 2;
-            hdr_len = 0;
-        } else
-            /* Just retain constructed flag */
-            hdr_constructed = r & V_ASN1_CONSTRUCTED;
+        hdr_constructed = r & V_ASN1_CONSTRUCTED;
         /*
          * Work out new length with IMPLICIT tag: ignore constructed because
          * it will mess up if indefinite length
diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc
index 477e5a1..77c383a 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -3493,8 +3493,43 @@
 -----END CERTIFICATE-----
 )";
 
+// kIndefiniteLength is an X.509 certificate where the outermost SEQUENCE uses
+// BER indefinite-length encoding.
+static const char kIndefiniteLength[] = R"(
+-----BEGIN CERTIFICATE-----
+MIAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAgFw0w
+MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVzdDBZ
+MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7epHg1G
++92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAOMAwG
+A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAqcml3
+ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnksoBs
+xWIAAA==
+-----END CERTIFICATE-----
+)";
+
+// kNonZeroPadding is an X.09 certificate where the BIT STRING signature field
+// has non-zero padding values.
+static const char kNonZeroPadding[] = R"(
+-----BEGIN CERTIFICATE-----
+MIIB0DCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
+v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
+HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
+HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
+BgcqhkjOPQQBA0kBMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
+BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQB
+-----END CERTIFICATE-----
+)";
+
 TEST(X509Test, BER) {
   // Constructed strings are forbidden in DER.
   EXPECT_FALSE(CertFromPEM(kConstructedBitString));
   EXPECT_FALSE(CertFromPEM(kConstructedOctetString));
+  // Indefinite lengths are forbidden in DER.
+  EXPECT_FALSE(CertFromPEM(kIndefiniteLength));
+  // Padding bits in BIT STRINGs must be zero in BER.
+  EXPECT_FALSE(CertFromPEM(kNonZeroPadding));
 }
diff --git a/src/include/openssl/asn1.h b/src/include/openssl/asn1.h
index 0cf0604..d8a371c 100644
--- a/src/include/openssl/asn1.h
+++ b/src/include/openssl/asn1.h
@@ -1720,25 +1720,20 @@
 
 // Low-level encoding functions.
 
-// ASN1_get_object parses a BER element from up to |max_len| bytes at |*inp|.
+// ASN1_get_object parses a BER element from up to |max_len| bytes at |*inp|. It
+// returns |V_ASN1_CONSTRUCTED| if it successfully parsed a constructed element,
+// zero if it successfully parsed a primitive element, and 0x80 on error. On
+// success, it additionally advances |*inp| to the element body, sets
+// |*out_length|, |*out_tag|, and |*out_class| to the element's length, tag
+// number, and tag class, respectively,
 //
-// If the return value is 0x80, the function failed to parse an element.
-// The contents of |*inp|, |*out_length|, |*out_tag|, and |*out_class| are
-// undefined.
+// Unlike OpenSSL, this function does not support indefinite-length elements.
 //
-// Otherwise, the function successfully parsed a element. The return value has
-// bit 0x01 set if the length is indefinite, and |V_ASN1_CONSTRUCTED| set if the
-// element was constructed. The function additionally advances |*inp| to the
-// element body and sets |*out_length|, |*out_tag|, and |*out_class| to the
-// element's length, tag number, and tag class, respectively. If the length is
-// indefinite, |*out_length| will be zero and the caller is responsible for
-// finding the end-of-contents.
+// This function is difficult to use correctly. Use |CBS_get_asn1| and related
+// functions from bytestring.h.
 //
-// This function is very difficult to use correctly. Use |CBS_get_asn1| and
-// related functions from bytestring.h.
-//
-// TODO(https://crbug.com/boringssl/354): Remove support for indefinite lengths
-// and non-minimal lengths.
+// TODO(https://crbug.com/boringssl/354): Remove support for non-minimal
+// lengths.
 OPENSSL_EXPORT int ASN1_get_object(const unsigned char **inp, long *out_length,
                                    int *out_tag, int *out_class, long max_len);
 
@@ -2039,5 +2034,6 @@
 #define ASN1_R_WRONG_TYPE 191
 #define ASN1_R_NESTED_TOO_DEEP 192
 #define ASN1_R_BAD_TEMPLATE 193
+#define ASN1_R_INVALID_BIT_STRING_PADDING 194
 
 #endif