modules/pe/authenticode: Add Wincrypt API support for authenticode on Windows #2053
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Added GOTO_EXIT_ON_NULL maccro to handle cleanup after NULL on allocations - Added GOTO_EXIT_ON_FAIL maccro to perform post-failure cleanup Sponsored by Stormshield
- Replace all occurences of malloc/calloc/realloc/free/strdup by their Yara defined counterparts Sponsored by Stormshield
- Added windows crypto support for Yara, to go without OpenSSL - Added USE_WINCRYPT_AUTHENTICODE to be defined for Yara to use windows crypto API for authenticode - Now using USE_WINCRYPT_AUTHENTICODE to exclude code using OpenSSL, where HAVE_WINCRYPT_H have to be defined along it - Updated visual studio project files to add new files, and use wincrypt API by default Sponsored by Stormshield
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Sponsored by Stormshield
|
Notice that the Authenticode parser is an external project (https://github.com/avast/authenticode-parser), and YARA simply has a copy of it. I prefer not deviating too much from their implementation, so that I can merge new updates with ease in the future. So, you should propose this change to the owners of the https://github.com/avast/authenticode-parser repository instead. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
In the context of a Stormshield internal project, we could not use OpenSSL in libyara. Due to this fact, we developped an alternate version of authenticode parser using only Windows APIs.
We decided to go opensource on it as it could help others in the same situation to go without OpenSSL.
We're opened to do edits on anything if needed,
Best regards.