TS_VERIFY_CTX_init is required by yara >= 4.3.0
Closed this issue · 5 comments
OS: Gentoo
libressl: 3.8.2
yara: >= 4.3.0
When building yara it fails with implicit function declarations for TS_VERIFY_CTX_init.
libyara/modules/pe/authenticode-parser/countersignature.c: In function 'ms_countersig_new':
libyara/modules/pe/authenticode-parser/countersignature.c:302:3: error: implicit declaration of function 'TS_VERIFY_CTX_init'; did you mean 'TS_VERIFY_CTX_new'? [-Werror=implicit-function-declaration]
302 | TS_VERIFY_CTX_init(ctx);
| ^~~~~~~~~~~~~~~~~~
| TS_VERIFY_CTX_new
cc1: some warnings being treated as errors
This was added to yara 4.3.0 in commit VirusTotal/yara@b9cd46d and is visible in their code base here.
I do not see any OpenSSL documentation for this function, but it looks relatively simple looking at their code which is visible here.
void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
{
OPENSSL_assert(ctx != NULL);
memset(ctx, 0, sizeof(*ctx));
}
Are there reasons why this function was not added to LibreSSL when other TS_VERIFY_CTX_ functions were added? Or was it just because it was not needed at the time?
I also made this issue for the Gentoo LibreSSL overlay. gentoo/libressl#550
It does compile if TS_VERIFY_CTX_init is commented in yara, but I am not sure if that is correct?
It was removed since it serves no purpose with opaque TS_VERIFY_CTX, either it zeroes out an already zero ctx, or it causes leaks. The correct fix is to remove this call in yara. TS_VERIFY_CTX_new() has always zeroed the allocated ctx since the very beginning.
Thanks for the explanation, I made a PR for yara here. VirusTotal/yara#2044
There are some test failures in yara, the second of which I am unsure if its related to LibreSSL?
The fix was merged into yara, thanks for your time!
I will close this issue now, but there might be further issues documented in issue VirusTotal/yara#2046.