From: miod <miod@openbsd.org>
Date: Fri, 18 Apr 2014 17:32:31 +0000 (+0000)
Subject: Put back i2d_ASN1_SET() and d2i_ASN1_SET() from the NO_ASN1_OLD prune, as there
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=01f177b5714f48f00a61bd29d12356943dab1858;p=openbsd

Put back i2d_ASN1_SET() and d2i_ASN1_SET() from the NO_ASN1_OLD prune, as there
are still some 3rd-party code using it, and fixing them is not trivial.

As an excuse gift, the memory leaks on failure in resurrected a_set.c have
been fixed.
---

diff --git a/lib/libcrypto/asn1/a_set.c b/lib/libcrypto/asn1/a_set.c
new file mode 100644
index 00000000000..8a979848935
--- /dev/null
+++ b/lib/libcrypto/asn1/a_set.c
@@ -0,0 +1,236 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_ASN1_OLD
+
+typedef struct {
+	unsigned char *pbData;
+	int cbData;
+} MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
+ */
+static int
+SetBlobCmp(const void *elem1, const void *elem2)
+{
+	const MYBLOB *b1 = (const MYBLOB *)elem1;
+	const MYBLOB *b2 = (const MYBLOB *)elem2;
+	int r;
+
+	r = memcmp(b1->pbData, b2->pbData,
+	    b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+	if (r != 0)
+		return r;
+	return b1->cbData - b2->cbData;
+}
+
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
+int
+i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d,
+    int ex_tag, int ex_class, int is_set)
+{
+	int ret = 0, r;
+	int i;
+	unsigned char *p;
+	unsigned char *pStart, *pTempMem;
+	MYBLOB *rgSetBlob;
+	int totSize;
+
+	if (a == NULL)
+		return 0;
+	for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
+		ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
+	r = ASN1_object_size(1, ret, ex_tag);
+	if (pp == NULL)
+		return r;
+
+	p= *pp;
+	ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
+
+	/* Modified by gp@nsj.co.jp */
+	/* And then again by Ben */
+	/* And again by Steve */
+
+	if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
+		for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
+			i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
+
+		*pp = p;
+		return r;
+	}
+
+	pStart  = p;	/* Catch the beg of Setblobs*/
+	/* In this array we will store the SET blobs */
+	rgSetBlob = malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
+	if (rgSetBlob == NULL) {
+		ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+
+	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
+		rgSetBlob[i].pbData = p;	/* catch each set encode blob */
+		i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
+		/* Length of this SetBlob */
+		rgSetBlob[i].cbData = p - rgSetBlob[i].pbData;
+	}
+	*pp = p;
+	totSize = p - pStart;	/* This is the total size of all set blobs */
+
+	/* Now we have to sort the blobs. I am using a simple algo.
+	 * Sort ptrs
+	 * Copy to temp-mem
+	 * Copy from temp-mem to user-mem
+	 */
+	qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
+	if ((pTempMem = malloc(totSize)) == NULL) {
+		free(rgSetBlob);
+		ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+
+	/* Copy to temp mem */
+	p = pTempMem;
+	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
+		memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+		p += rgSetBlob[i].cbData;
+	}
+
+	/* Copy back to user mem*/
+	memcpy(pStart, pTempMem, totSize);
+	free(pTempMem);
+	free(rgSetBlob);
+
+	return r;
+}
+
+STACK_OF(OPENSSL_BLOCK) *
+d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, const unsigned char **pp, long length,
+    d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+    int ex_class)
+{
+	ASN1_const_CTX c;
+	STACK_OF(OPENSSL_BLOCK) *ret = NULL;
+
+	if (a == NULL || (*a) == NULL) {
+		if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
+			ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	} else
+		ret = *a;
+
+	c.p= *pp;
+	c.max = (length == 0) ? 0 : (c.p + length);
+
+	c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
+	if (c.inf & 0x80)
+		goto err;
+	if (ex_class != c.xclass) {
+		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
+		goto err;
+	}
+	if (ex_tag != c.tag) {
+		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
+		goto err;
+	}
+	if (c.slen + c.p > c.max) {
+		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
+		goto err;
+	}
+	/* check for infinite constructed - it can be as long
+	 * as the amount of data passed to us */
+	if (c.inf == (V_ASN1_CONSTRUCTED + 1))
+		c.slen = length + *pp - c.p;
+	c.max = c.p + c.slen;
+
+	while (c.p < c.max) {
+		char *s;
+
+		if (M_ASN1_D2I_end_sequence())
+			break;
+		/* XXX: This was called with 4 arguments, incorrectly, it seems
+		if ((s = func(NULL, &c.p, c.slen, c.max - c.p)) == NULL) */
+		if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
+			ASN1err(ASN1_F_D2I_ASN1_SET,
+			    ASN1_R_ERROR_PARSING_SET_ELEMENT);
+			asn1_add_error(*pp, (int)(c.p - *pp));
+			goto err;
+		}
+		if (!sk_OPENSSL_BLOCK_push(ret,s))
+			goto err;
+	}
+	if (a != NULL)
+		*a = ret;
+	*pp = c.p;
+	return ret;
+err:
+	if (ret != NULL && (a == NULL || *a != ret)) {
+		if (free_func != NULL)
+			sk_OPENSSL_BLOCK_pop_free(ret, free_func);
+		else
+			sk_OPENSSL_BLOCK_free(ret);
+	}
+	return NULL;
+}
+
+#endif
diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h
index c4fa8c649bb..3daebc078fc 100644
--- a/lib/libcrypto/asn1/asn1.h
+++ b/lib/libcrypto/asn1/asn1.h
@@ -884,6 +884,15 @@ int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
+		 i2d_of_void *i2d, int ex_tag, int ex_class,
+		 int is_set);
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+			      const unsigned char **pp,
+			      long length, d2i_of_void *d2i,
+			      void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+			      int ex_class);
+
 #ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
diff --git a/lib/libcrypto/crypto/Makefile b/lib/libcrypto/crypto/Makefile
index 62f0861d472..31cab709d97 100644
--- a/lib/libcrypto/crypto/Makefile
+++ b/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.24 2014/04/18 13:19:03 tedu Exp $
+# $OpenBSD: Makefile,v 1.25 2014/04/18 17:32:31 miod Exp $
 
 LIB=	crypto
 
@@ -57,6 +57,7 @@ SRCS+= f_int.c f_string.c n_pkey.c
 SRCS+= f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c
 SRCS+= asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c
 SRCS+= evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+SRCS+= a_set.c
 
 # bf/
 SRCS+= bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c
diff --git a/lib/libcrypto/stack/safestack.h b/lib/libcrypto/stack/safestack.h
index 56978a2b012..f2a36fd64b8 100644
--- a/lib/libcrypto/stack/safestack.h
+++ b/lib/libcrypto/stack/safestack.h
@@ -178,6 +178,19 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define SKM_sk_is_sorted(type, st) \
 	sk_is_sorted(CHECKED_STACK_OF(type, st))
 
+#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+  (STACK_OF(type) *)d2i_ASN1_SET( \
+				(STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
+				pp, length, \
+				CHECKED_D2I_OF(type, d2i_func), \
+				CHECKED_SK_FREE_FUNC(type, free_func), \
+				ex_tag, ex_class)
+
+#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
+				CHECKED_I2D_OF(type, i2d_func), \
+				ex_tag, ex_class, is_set)
+
 #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
 	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
 				CHECKED_D2I_OF(type, d2i_func), \
diff --git a/lib/libssl/src/crypto/asn1/a_set.c b/lib/libssl/src/crypto/asn1/a_set.c
new file mode 100644
index 00000000000..8a979848935
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/a_set.c
@@ -0,0 +1,236 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_ASN1_OLD
+
+typedef struct {
+	unsigned char *pbData;
+	int cbData;
+} MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
+ */
+static int
+SetBlobCmp(const void *elem1, const void *elem2)
+{
+	const MYBLOB *b1 = (const MYBLOB *)elem1;
+	const MYBLOB *b2 = (const MYBLOB *)elem2;
+	int r;
+
+	r = memcmp(b1->pbData, b2->pbData,
+	    b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+	if (r != 0)
+		return r;
+	return b1->cbData - b2->cbData;
+}
+
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
+int
+i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d,
+    int ex_tag, int ex_class, int is_set)
+{
+	int ret = 0, r;
+	int i;
+	unsigned char *p;
+	unsigned char *pStart, *pTempMem;
+	MYBLOB *rgSetBlob;
+	int totSize;
+
+	if (a == NULL)
+		return 0;
+	for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
+		ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
+	r = ASN1_object_size(1, ret, ex_tag);
+	if (pp == NULL)
+		return r;
+
+	p= *pp;
+	ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
+
+	/* Modified by gp@nsj.co.jp */
+	/* And then again by Ben */
+	/* And again by Steve */
+
+	if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
+		for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
+			i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
+
+		*pp = p;
+		return r;
+	}
+
+	pStart  = p;	/* Catch the beg of Setblobs*/
+	/* In this array we will store the SET blobs */
+	rgSetBlob = malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
+	if (rgSetBlob == NULL) {
+		ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+
+	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
+		rgSetBlob[i].pbData = p;	/* catch each set encode blob */
+		i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
+		/* Length of this SetBlob */
+		rgSetBlob[i].cbData = p - rgSetBlob[i].pbData;
+	}
+	*pp = p;
+	totSize = p - pStart;	/* This is the total size of all set blobs */
+
+	/* Now we have to sort the blobs. I am using a simple algo.
+	 * Sort ptrs
+	 * Copy to temp-mem
+	 * Copy from temp-mem to user-mem
+	 */
+	qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
+	if ((pTempMem = malloc(totSize)) == NULL) {
+		free(rgSetBlob);
+		ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+
+	/* Copy to temp mem */
+	p = pTempMem;
+	for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
+		memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+		p += rgSetBlob[i].cbData;
+	}
+
+	/* Copy back to user mem*/
+	memcpy(pStart, pTempMem, totSize);
+	free(pTempMem);
+	free(rgSetBlob);
+
+	return r;
+}
+
+STACK_OF(OPENSSL_BLOCK) *
+d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, const unsigned char **pp, long length,
+    d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+    int ex_class)
+{
+	ASN1_const_CTX c;
+	STACK_OF(OPENSSL_BLOCK) *ret = NULL;
+
+	if (a == NULL || (*a) == NULL) {
+		if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
+			ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	} else
+		ret = *a;
+
+	c.p= *pp;
+	c.max = (length == 0) ? 0 : (c.p + length);
+
+	c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
+	if (c.inf & 0x80)
+		goto err;
+	if (ex_class != c.xclass) {
+		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
+		goto err;
+	}
+	if (ex_tag != c.tag) {
+		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
+		goto err;
+	}
+	if (c.slen + c.p > c.max) {
+		ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
+		goto err;
+	}
+	/* check for infinite constructed - it can be as long
+	 * as the amount of data passed to us */
+	if (c.inf == (V_ASN1_CONSTRUCTED + 1))
+		c.slen = length + *pp - c.p;
+	c.max = c.p + c.slen;
+
+	while (c.p < c.max) {
+		char *s;
+
+		if (M_ASN1_D2I_end_sequence())
+			break;
+		/* XXX: This was called with 4 arguments, incorrectly, it seems
+		if ((s = func(NULL, &c.p, c.slen, c.max - c.p)) == NULL) */
+		if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
+			ASN1err(ASN1_F_D2I_ASN1_SET,
+			    ASN1_R_ERROR_PARSING_SET_ELEMENT);
+			asn1_add_error(*pp, (int)(c.p - *pp));
+			goto err;
+		}
+		if (!sk_OPENSSL_BLOCK_push(ret,s))
+			goto err;
+	}
+	if (a != NULL)
+		*a = ret;
+	*pp = c.p;
+	return ret;
+err:
+	if (ret != NULL && (a == NULL || *a != ret)) {
+		if (free_func != NULL)
+			sk_OPENSSL_BLOCK_pop_free(ret, free_func);
+		else
+			sk_OPENSSL_BLOCK_free(ret);
+	}
+	return NULL;
+}
+
+#endif
diff --git a/lib/libssl/src/crypto/asn1/asn1.h b/lib/libssl/src/crypto/asn1/asn1.h
index c4fa8c649bb..3daebc078fc 100644
--- a/lib/libssl/src/crypto/asn1/asn1.h
+++ b/lib/libssl/src/crypto/asn1/asn1.h
@@ -884,6 +884,15 @@ int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
+		 i2d_of_void *i2d, int ex_tag, int ex_class,
+		 int is_set);
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+			      const unsigned char **pp,
+			      long length, d2i_of_void *d2i,
+			      void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+			      int ex_class);
+
 #ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
diff --git a/lib/libssl/src/crypto/stack/safestack.h b/lib/libssl/src/crypto/stack/safestack.h
index 56978a2b012..f2a36fd64b8 100644
--- a/lib/libssl/src/crypto/stack/safestack.h
+++ b/lib/libssl/src/crypto/stack/safestack.h
@@ -178,6 +178,19 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define SKM_sk_is_sorted(type, st) \
 	sk_is_sorted(CHECKED_STACK_OF(type, st))
 
+#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+  (STACK_OF(type) *)d2i_ASN1_SET( \
+				(STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
+				pp, length, \
+				CHECKED_D2I_OF(type, d2i_func), \
+				CHECKED_SK_FREE_FUNC(type, free_func), \
+				ex_tag, ex_class)
+
+#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
+				CHECKED_I2D_OF(type, i2d_func), \
+				ex_tag, ex_class, is_set)
+
 #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
 	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
 				CHECKED_D2I_OF(type, d2i_func), \