TS_VERIFY_CTX_init is required by yara >= 4.3.0

[orbea]

OS: Gentoo
libressl: 3.8.2
yara: >= 4.3.0

When building yara it fails with implicit function declarations for TS_VERIFY_CTX_init.

libyara/modules/pe/authenticode-parser/countersignature.c: In function 'ms_countersig_new':
libyara/modules/pe/authenticode-parser/countersignature.c:302:3: error: implicit declaration of function 'TS_VERIFY_CTX_init'; did you mean 'TS_VERIFY_CTX_new'? [-Werror=implicit-function-declaration]
  302 |   TS_VERIFY_CTX_init(ctx);
      |   ^~~~~~~~~~~~~~~~~~
      |   TS_VERIFY_CTX_new
cc1: some warnings being treated as errors

yara-4.4.0-build.log

This was added to yara 4.3.0 in commit VirusTotal/yara@b9cd46d and is visible in their code base here.

I do not see any OpenSSL documentation for this function, but it looks relatively simple looking at their code which is visible here.

 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
{
    OPENSSL_assert(ctx != NULL);
    memset(ctx, 0, sizeof(*ctx));
}

Are there reasons why this function was not added to LibreSSL when other TS_VERIFY_CTX_ functions were added? Or was it just because it was not needed at the time?

I also made this issue for the Gentoo LibreSSL overlay. gentoo/libressl#550

[orbea]

It does compile if TS_VERIFY_CTX_init is commented in yara, but I am not sure if that is correct?

[botovq]

It was removed since it serves no purpose with opaque TS_VERIFY_CTX, either it zeroes out an already zero ctx, or it causes leaks. The correct fix is to remove this call in yara. TS_VERIFY_CTX_new() has always zeroed the allocated ctx since the very beginning.

[orbea]

Thanks for the explanation, I made a PR for yara here. VirusTotal/yara#2044

[orbea]

There are some test failures in yara, the second of which I am unsure if its related to LibreSSL?

VirusTotal/yara#2045
VirusTotal/yara#2046

[orbea]

The fix was merged into yara, thanks for your time!

I will close this issue now, but there might be further issues documented in issue VirusTotal/yara#2046.