Submitted By: Pierre Labastie Date: 2026-06-13 Initial Package Version: 4.2.8p18 Upstream Status: Not applied yet Origin: https://bugs.ntp.org/show_bug.cgi?id=4023 Description: Use opaque functions to access ASN1_XXX types diff -Nru a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c --- a/ntpd/ntp_crypto.c 2026-05-19 05:47:27 +0000 +++ b/ntpd/ntp_crypto.c 2026-05-19 05:47:27 +0000 @@ -2020,6 +2020,9 @@ struct calendar *pjd /* pointer to result */ ) { + /* OpenSSL 4 makes ASN1_TIME opaque */ +#if OPENSSL_VERSION_NUMBER < 0x40000000L + size_t len; /* length of ASN1_TIME string */ char v[24]; /* writable copy of ASN1_TIME string */ unsigned long temp; /* result from strtoul */ @@ -2065,7 +2068,24 @@ pjd->year = temp; pjd->yearday = pjd->weekday = 0; - return; + +#else /* OpenSSL 4+ follows */ + + struct tm t; + int rc; + + rc = ASN1_TIME_to_tm(asn1time, &t); + INSIST(0 == rc); + + pjd->second = t.tm_sec; + pjd->minute = t.tm_min; + pjd->hour = t.tm_hour; + pjd->monthday = t.tm_mday; + pjd->month = t.tm_mon; + pjd->year = t.tm_year; + pjd->yearday = t.tm_yday; + pjd->weekday = t.tm_wday; +#endif } @@ -3518,6 +3538,7 @@ X509_EXTENSION *ext; ASN1_OBJECT *obj; int nid; + int datalen; ASN1_OCTET_STRING *data; ext = X509_get_ext(cert, i); @@ -3551,8 +3572,21 @@ */ case NID_subject_key_identifier: data = X509_EXTENSION_get_data(ext); - ret->grpkey = BN_bin2bn(&data->data[2], - data->length - 2, NULL); +#if OPENSSL_VERSION_NUMBER >= 0x40000000 + datalen = ASN1_STRING_length(data); + if (datalen > 2) { + ret->grpkey = + BN_bin2bn(ASN1_STRING_get0_data(data) + 2, + datalen - 2, NULL); + } +#else /* OpenSSL 3.x or earlier follows */ + datalen = data->length; + if (datalen > 2) { + ret->grpkey = + BN_bin2bn(&data->data[2], + datalen - 2, NULL); + } +#endif /* fall through */ default: DPRINTF(1, ("cert_parse: %s\n",