Fixing this, and some other problems:

- decode.c incorrectly treats length octet 0x80 (indefinite-length) as long length = 0. Fixing to returning an error. - Overly complex and inefficient code, in particular encode.c. Rewriting. Removing struct seqorset and related allocations. - Missing overflow/max-size checks. - ber_scanf() *must* clean up properly on error, as the code notes. Currently it can crash when reading malformed elements.

Both encode.c and decode.c mostly access the Ber data "properly" via ber_write()/ber_read() but sometimes accesses the buffer directly. Can clean up and speed up at the same time by collecting that in fewer places.

Side effects:

- Dropping ber_write(,,,nonzero) support. Any callers likey need to use BerElement.ber_sos_ptr/ber_sos_inner, the struct seqorset replacement. - Dropping ber_log_sos_dump() and ber_sos_dump(), leaving behind stubs. They'd need a new ber parameter to work.

Other matters - questions:

- decode.c is quite lax about what it accepts. Should we tighten that when feasible, or remain "liberal in what we accept"?

E.g. it accepts BER INTEGER length 0 and BOOLEAN length != 1, and wrong CONSTRUCTED/PRIMITIVE encoding bit.

- encode.c willingly stores broken identifier octets if passed an invalid tag, e.g. a single octet with low bits 0x1F implying long tag format. I'm inclined to leave that alone, caller's responsibility.