Bug#828614: yara: FTBFS with openssl 1.1.0

Kurt Roeckx kurt at roeckx.be
Mon Jun 27 15:37:20 UTC 2016 

On Mon, Jun 27, 2016 at 04:26:42PM +0200, Hilko Bengen wrote:
> * Kurt Roeckx:
> 
> > On Mon, Jun 27, 2016 at 12:46:26AM +0200, Hilko Bengen wrote:
> >> control: tag -1 moreinfo
> >> 
> >> Hi Kurt,
> >> 
> >> I was able to get the yara build fixed by applying this simple patch:
> >> 
> >> -      const char* sig_alg = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
> >> +      const char* sig_alg = OBJ_nid2ln(X509_get_signature_nid(cert));
> >> 
> >> However, since I don't really know a lot about OpenSSL's internals, I'm
> >> not sure if the fix is actually correct.
> >
> > Yes, that looks correct.
> 
> I have some more questions:
> 
> YARA upstream has added some things, leading to further breakage with
> OpenSSL 1.1:
> 
> 1. CRYPTO_LOCK is no longer defined, apparently because some locking
>    functions have been removed:
> 
>    - CRYPTO_num_locks()
>    - CRYPTO_set_id_callback()
>    - CRYPTO_set_locking_callback()
>    - CRYPTO_num_locks()
> 
>    What API am I supposed to use instead ... and is it also available
>    with previous versions of OpenSSL?

CHANGES says:
  *) OpenSSL now uses a new threading API. It is no longer necessary to
     set locking callbacks to use OpenSSL in a multi-threaded environment. There
     are two supported threading models: pthreads and windows threads. It is
     also possible to configure OpenSSL at compile time for "no-threads". The
     old threading API should no longer be used. The functions have been
     replaced with "no-op" compatibility macros.

crypto.h seems to have:
# if OPENSSL_API_COMPAT < 0x10100000L
[...]
#  define CRYPTO_num_locks()            (0)
#  define CRYPTO_set_locking_callback(func)
#  define CRYPTO_get_locking_callback()         (NULL)
#  define CRYPTO_set_add_lock_callback(func)
#  define CRYPTO_get_add_lock_callback()        (NULL)

I'll look into why they're inside this #if, I think that #if
should just get removed.

> 2. i2c_ASN1_INTEGER() is no longer available outside the OpenSSL code
>    base. What am I supposed to use instead? (What is this "context
>    encoding", anyway?)

I think you mean "content".  I didn't really look all that close
at the asn1 stuff, but from what I understand it's contains the
content bytes in asn1 format, and it's probably not something you
want to do and you want to do.  Can you point me to the code.


Kurt

More information about the forensics-devel mailing list