From: Vsevolod Stakhov Date: Thu, 11 Jun 2026 17:20:02 +0000 (+0100) Subject: [Fix] mime: fix build with OpenSSL 4.0 opaque ASN1_STRING X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d2c42975fae971cffa32038dbb6b2cdcca704b1d;p=thirdparty%2Frspamd.git [Fix] mime: fix build with OpenSSL 4.0 opaque ASN1_STRING OpenSSL 4.0 made ASN1_STRING (and thus ASN1_OCTET_STRING) opaque, so direct access to its length/data fields no longer compiles. Use ASN1_STRING_length()/ASN1_STRING_get0_data() which are available since OpenSSL 1.1.0 and LibreSSL 2.7. Also move the legacy OpenSSL init calls (ERR_load_crypto_strings, SSL_load_error_strings, OpenSSL_add_all_*) under the pre-1.1.0 guard: they are redundant on modern OpenSSL and break no-deprecated builds. Fixes: #6087 --- diff --git a/src/libmime/mime_parser.c b/src/libmime/mime_parser.c index 567acc7b10..7b2ec9d3ce 100644 --- a/src/libmime/mime_parser.c +++ b/src/libmime/mime_parser.c @@ -889,22 +889,24 @@ rspamd_mime_parse_normal_part(struct rspamd_task *task, ct_nid = OBJ_obj2nid(p7_signed_content->type); + /* ASN1_STRING is opaque since OpenSSL 4.0, use accessors */ if (ct_nid == NID_pkcs7_data && p7_signed_content->d.data && - p7_signed_content->d.data->length > 0 && - p7_signed_content->d.data->data) { + ASN1_STRING_length(p7_signed_content->d.data) > 0 && + ASN1_STRING_get0_data(p7_signed_content->d.data)) { int ret; + int p7_data_len = ASN1_STRING_length(p7_signed_content->d.data); + const unsigned char *p7_data = ASN1_STRING_get0_data(p7_signed_content->d.data); msg_debug_mime("found an additional part inside of " "smime structure of type %T/%T; length=%d", - &ct->type, &ct->subtype, p7_signed_content->d.data->length); + &ct->type, &ct->subtype, p7_data_len); /* * Since ASN.1 structures are freed, we need to copy * the content */ char *cpy = rspamd_mempool_alloc(task->task_pool, - p7_signed_content->d.data->length); - memcpy(cpy, p7_signed_content->d.data->data, - p7_signed_content->d.data->length); + p7_data_len); + memcpy(cpy, p7_data, p7_data_len); /* * S/MIME re-enters the parser here without going through @@ -924,7 +926,7 @@ rspamd_mime_parse_normal_part(struct rspamd_task *task, st->nesting++; ret = rspamd_mime_process_multipart_node(task, st, NULL, - cpy, cpy + p7_signed_content->d.data->length, + cpy, cpy + p7_data_len, TRUE, err); st->nesting--; diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c index af2b360ac4..905a6cc9ce 100644 --- a/src/libserver/ssl_util.c +++ b/src/libserver/ssl_util.c @@ -1224,12 +1224,14 @@ void rspamd_openssl_maybe_init(struct rspamd_external_libs_ctx *ctx) static gboolean openssl_initialized = FALSE; if (!openssl_initialized) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ERR_load_crypto_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); +#endif #if OPENSSL_VERSION_NUMBER >= 0x1000104fL && OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) ENGINE_load_builtin_engines();