diff --git a/crypto/bytestring/bytestring_test.c b/crypto/bytestring/bytestring_test.c
index e02eeaa5..20ce5718 100644
--- a/crypto/bytestring/bytestring_test.c
+++ b/crypto/bytestring/bytestring_test.c
@@ -151,6 +151,7 @@ static int test_get_indef() {
   static const uint8_t kDataWithBadInternalLength[] = {0x30, 0x80, 0x01, 0x01};
   static const uint8_t kDataNested[] = {0x30, 0x80, 0x30, 0x80, 0x30, 0x80,
                                         0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+  static const uint8_t kDataPrimitive[] = {0x02, 0x80, 0x00, 0x00};
 
   CBS data, contents;
   CBS_init(&data, kData1, sizeof(kData1));
@@ -188,6 +189,14 @@ static int test_get_indef() {
     return 0;
   }
 
+  CBS_init(&data, kDataPrimitive, sizeof(kDataPrimitive));
+  if (CBS_get_asn1_ber(&data, &contents, 0x02)) {
+    /* Indefinite lengths should not be supported for non-constructed
+     * elements. */
+    fprintf(stderr, "Parsed non-constructed element with indefinite length\n");
+    return 0;
+  }
+
   return 1;
 }
 
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c
index 34786136..547b5a4d 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.c
@@ -227,7 +227,8 @@ static int cbs_get_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
     const size_t num_bytes = length_byte & 0x7f;
     uint32_t len32;
 
-    if (depth < MAX_DEPTH && num_bytes == 0) {
+    if ((tag & CBS_ASN1_CONSTRUCTED) != 0 && depth < MAX_DEPTH &&
+        num_bytes == 0) {
       /* indefinite length */
       *out_header_len = 2;
       if (was_indefinite_len) {