ASN1InputStream updates from bc-java

- improve tag validation
- improve handling of long form definite-length

2 files changed, 13 insertions, 12 deletions

diff --git a/crypto/test/src/asn1/test/InputStreamTest.cs b/crypto/test/src/asn1/test/InputStreamTest.cs

index 4cfb304d1..32eafe27c 100644
--- a/crypto/test/src/asn1/test/InputStreamTest.cs
+++ b/crypto/test/src/asn1/test/InputStreamTest.cs
@@ -38,23 +38,24 @@ namespace Org.BouncyCastle.Asn1.Tests
 			}
 			catch (IOException e)
 			{
-				if (!e.Message.StartsWith("DER length more than 4 bytes"))
-				{
+                if (!e.Message.Equals("invalid long form definite-length 0xFF"))
+                {
 					Fail("wrong exception: " + e.Message);
 				}
 			}
 
-			aIn = new Asn1InputStream(negativeLength);
+            // NOTE: Not really a "negative" length, but 32 bits
+            aIn = new Asn1InputStream(negativeLength);
 
-			try
-			{
+            try
+            {
 				aIn.ReadObject();
 				Fail("negative length not detected.");
 			}
 			catch (IOException e)
 			{
-				if (!e.Message.Equals("corrupted stream - negative length found"))
-				{
+                if (!e.Message.Equals("long form definite-length more than 31 bits"))
+                {
 					Fail("wrong exception: " + e.Message);
 				}
 			}
diff --git a/crypto/test/src/openssl/test/ReaderTest.cs b/crypto/test/src/openssl/test/ReaderTest.cs

index d0bb3661b..b8dff29d2 100644
--- a/crypto/test/src/openssl/test/ReaderTest.cs
+++ b/crypto/test/src/openssl/test/ReaderTest.cs
@@ -189,13 +189,13 @@ namespace Org.BouncyCastle.OpenSsl.Tests
             doDudPasswordTest("ef677", 1, "corrupted stream - out of bounds length found: 2087569732 >= 447");
             doDudPasswordTest("800ce", 2, "unknown tag 26 encountered");
             doDudPasswordTest("b6cd8", 3, "DEF length 81 object truncated by 56");
-            doDudPasswordTest("28ce09", 4, "DEF length 110 object truncated by 28");
-            doDudPasswordTest("2ac3b9", 5, "DER length more than 4 bytes: 11");
+            doDudPasswordTest("28ce09", 4, "corrupted stream - high tag number < 31 found");
+            doDudPasswordTest("2ac3b9", 5, "long form definite-length more than 31 bits");
             doDudPasswordTest("2cba96", 6, "DEF length 100 object truncated by 35");
             doDudPasswordTest("2e3354", 7, "DEF length 42 object truncated by 9");
-            doDudPasswordTest("2f4142", 8, "DER length more than 4 bytes: 14");
-            doDudPasswordTest("2fe9bb", 9, "DER length more than 4 bytes: 65");
-            doDudPasswordTest("3ee7a8", 10, "DER length more than 4 bytes: 57");
+            doDudPasswordTest("2f4142", 8, "long form definite-length more than 31 bits");
+            doDudPasswordTest("2fe9bb", 9, "long form definite-length more than 31 bits");
+            doDudPasswordTest("3ee7a8", 10, "long form definite-length more than 31 bits");
             doDudPasswordTest("41af75", 11, "unknown tag 16 encountered");
             doDudPasswordTest("1704a5", 12, "corrupted stream detected");
             doDudPasswordTest("1c5822", 13, "extra data found after object");