[rpms/yara] rawhide: OpenSSL 4 build fixes

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/yara] rawhide: OpenSSL 4 build fixes
@ 2026-06-12 20:02 Simo Sorce
  0 siblings, 0 replies; only message in thread
From: Simo Sorce @ 2026-06-12 20:02 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/yara
            Branch : rawhide
            Commit : 4c6bddf3a655f4ae6aca2b1fa839d52b966189e1
            Author : Simo Sorce <simo@redhat.com>
            Date   : 2026-06-12T20:01:39+00:00
            Stats  : +237/-1 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/yara/c/4c6bddf3a655f4ae6aca2b1fa839d52b966189e1?branch=rawhide

            Log:
            OpenSSL 4 build fixes

Signed-off-by: Simo Sorce <simo@redhat.com>

---
diff --git a/0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch b/0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch
new file mode 100644
index 0000000..4cffbf9
--- /dev/null
+++ b/0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch
@@ -0,0 +1,235 @@
+From 05a1e87e77226c8dd7e2228d26e3aa462e968dc7 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 23 Apr 2026 17:55:01 -0400
+Subject: [PATCH] Use OpenSSL accessor functions for ASN1_STRING
+
+Directly accessing the `data` and `length` fields of `ASN1_STRING` structures
+is incompatible with newer versions of OpenSSL, where these structures are
+opaque. This change replaces direct field access with the standard
+`ASN1_STRING_get0_data` and `ASN1_STRING_length` accessor functions to ensure
+compatibility. Additionally, an `X509_NAME_ENTRY` pointer is made `const` to
+align with modern OpenSSL API signatures.
+
+Co-authored-by: Gemini <gemini@google.com>
+Signed-off-by: rpm-build <rpm-build>
+---
+ .../pe/authenticode-parser/authenticode.c     | 32 +++++++++----------
+ .../pe/authenticode-parser/certificate.c      |  4 +--
+ .../pe/authenticode-parser/countersignature.c | 28 ++++++++--------
+ 3 files changed, 32 insertions(+), 32 deletions(-)
+
+diff --git a/libyara/modules/pe/authenticode-parser/authenticode.c b/libyara/modules/pe/authenticode-parser/authenticode.c
+index f385860..a2f7f74 100644
+--- a/libyara/modules/pe/authenticode-parser/authenticode.c
++++ b/libyara/modules/pe/authenticode-parser/authenticode.c
+@@ -78,8 +78,8 @@ static SpcIndirectDataContent* get_content(PKCS7* content)
+     if (!spcContent)
+         return NULL;
+ 
+-    int len = content->d.other->value.sequence->length;
+-    const uint8_t* data = content->d.other->value.sequence->data;
++    int len = ASN1_STRING_length(content->d.other->value.sequence);
++    const uint8_t* data = ASN1_STRING_get0_data(content->d.other->value.sequence);
+ 
+     d2i_SpcIndirectDataContent(&spcContent, &data, len);
+ 
+@@ -88,8 +88,8 @@ static SpcIndirectDataContent* get_content(PKCS7* content)
+ 
+ static char* parse_program_name(ASN1_TYPE* spcAttr)
+ {
+-    const uint8_t* spcData = spcAttr->value.sequence->data;
+-    int spcLen = spcAttr->value.sequence->length;
++    const uint8_t* spcData = ASN1_STRING_get0_data(spcAttr->value.sequence);
++    int spcLen = ASN1_STRING_length(spcAttr->value.sequence);
+     SpcSpOpusInfo* spcInfo = d2i_SpcSpOpusInfo(NULL, &spcData, spcLen);
+     if (!spcInfo)
+         return NULL;
+@@ -131,8 +131,8 @@ static void parse_nested_authenticode(PKCS7_SIGNER_INFO* si, AuthenticodeArray*
+         ASN1_TYPE* nested = X509_ATTRIBUTE_get0_type(attr, i);
+         if (nested == NULL)
+             break;
+-        int len = nested->value.sequence->length;
+-        const uint8_t* data = nested->value.sequence->data;
++        int len = ASN1_STRING_length(nested->value.sequence);
++        const uint8_t* data = ASN1_STRING_get0_data(nested->value.sequence);
+         AuthenticodeArray* auth = authenticode_new(data, len);
+         if (!auth)
+             continue;
+@@ -162,8 +162,8 @@ static void parse_pkcs9_countersig(PKCS7* p7, Authenticode* auth)
+         ASN1_TYPE* nested = X509_ATTRIBUTE_get0_type(attr, i);
+         if (nested == NULL)
+             break;
+-        int len = nested->value.sequence->length;
+-        const uint8_t* data = nested->value.sequence->data;
++        int len = ASN1_STRING_length(nested->value.sequence);
++        const uint8_t* data = ASN1_STRING_get0_data(nested->value.sequence);
+ 
+         Countersignature* sig = pkcs9_countersig_new(data, len, p7->d.sign->cert, si->enc_digest);
+         if (!sig)
+@@ -193,8 +193,8 @@ static void parse_ms_countersig(PKCS7* p7, Authenticode* auth)
+         ASN1_TYPE* nested = X509_ATTRIBUTE_get0_type(attr, i);
+         if (nested == NULL)
+             break;
+-        int len = nested->value.sequence->length;
+-        const uint8_t* data = nested->value.sequence->data;
++        int len = ASN1_STRING_length(nested->value.sequence);
++        const uint8_t* data = ASN1_STRING_get0_data(nested->value.sequence);
+ 
+         Countersignature* csig = ms_countersig_new(data, len, si->enc_digest);
+         if (!csig)
+@@ -209,8 +209,8 @@ static void parse_ms_countersig(PKCS7* p7, Authenticode* auth)
+ 
+ static bool authenticode_verify(PKCS7* p7, PKCS7_SIGNER_INFO* si, X509* signCert)
+ {
+-    const uint8_t* contentData = p7->d.sign->contents->d.other->value.sequence->data;
+-    long contentLen = p7->d.sign->contents->d.other->value.sequence->length;
++    const uint8_t* contentData = ASN1_STRING_get0_data(p7->d.sign->contents->d.other->value.sequence);
++    long contentLen = ASN1_STRING_length(p7->d.sign->contents->d.other->value.sequence);
+ 
+     uint64_t version = 0;
+     ASN1_INTEGER_get_uint64(&version, p7->d.sign->version);
+@@ -315,8 +315,8 @@ AuthenticodeArray* authenticode_new(const uint8_t* data, int32_t len)
+     int digestnid = OBJ_obj2nid(messageDigest->digestAlgorithm->algorithm);
+     auth->digest_alg = strdup(OBJ_nid2ln(digestnid));
+ 
+-    int digestLen = messageDigest->digest->length;
+-    const uint8_t* digestData = messageDigest->digest->data;
++    int digestLen = ASN1_STRING_length(messageDigest->digest);
++    const uint8_t* digestData = ASN1_STRING_get0_data(messageDigest->digest);
+     byte_array_init(&auth->digest, digestData, digestLen);
+ 
+     SpcIndirectDataContent_free(dataContent);
+@@ -372,8 +372,8 @@ AuthenticodeArray* authenticode_new(const uint8_t* data, int32_t len)
+     digestnid = OBJ_obj2nid(si->digest_alg->algorithm);
+     signer->digest_alg = strdup(OBJ_nid2ln(digestnid));
+ 
+-    digestLen = digest->value.asn1_string->length;
+-    digestData = digest->value.asn1_string->data;
++    digestLen = ASN1_STRING_length(digest->value.asn1_string);
++    digestData = ASN1_STRING_get0_data(digest->value.asn1_string);
+     byte_array_init(&signer->digest, digestData, digestLen);
+ 
+     /* Authenticode stores optional programName in non-optional SpcSpOpusInfo attribute */
+diff --git a/libyara/modules/pe/authenticode-parser/certificate.c b/libyara/modules/pe/authenticode-parser/certificate.c
+index fc754e4..97c7e3e 100644
+--- a/libyara/modules/pe/authenticode-parser/certificate.c
++++ b/libyara/modules/pe/authenticode-parser/certificate.c
+@@ -59,13 +59,13 @@ static void parse_name_attributes(X509_NAME* raw, Attributes* attr)
+ 
+     int entryCount = X509_NAME_entry_count(raw);
+     for (int i = entryCount - 1; i >= 0; --i) {
+-        X509_NAME_ENTRY* entryName = X509_NAME_get_entry(raw, i);
++        const X509_NAME_ENTRY* entryName = X509_NAME_get_entry(raw, i);
+         ASN1_STRING* asn1String = X509_NAME_ENTRY_get_data(entryName);
+ 
+         const char* key = OBJ_nid2sn(OBJ_obj2nid(X509_NAME_ENTRY_get_object(entryName)));
+ 
+         ByteArray array = {0};
+-        if (byte_array_init(&array, asn1String->data, asn1String->length) == -1)
++        if (byte_array_init(&array, ASN1_STRING_get0_data(asn1String), ASN1_STRING_length(asn1String)) == -1)
+             break;
+ 
+         if (strcmp(key, "C") == 0 && !attr->country.data)
+diff --git a/libyara/modules/pe/authenticode-parser/countersignature.c b/libyara/modules/pe/authenticode-parser/countersignature.c
+index 0fb4576..6cb5eed 100644
+--- a/libyara/modules/pe/authenticode-parser/countersignature.c
++++ b/libyara/modules/pe/authenticode-parser/countersignature.c
+@@ -141,13 +141,13 @@ Countersignature* pkcs9_countersig_new(
+     result->chain = parse_signer_chain(signCert, certs);
+ 
+     /* Get digest that corresponds to decrypted encrypted digest in signature */
+-    ASN1_TYPE* messageDigest = PKCS7_get_signed_attribute(si, NID_pkcs9_messageDigest);
++    const ASN1_TYPE* messageDigest = PKCS7_get_signed_attribute(si, NID_pkcs9_messageDigest);
+     if (!messageDigest) {
+         result->verify_flags = COUNTERSIGNATURE_VFY_DIGEST_MISSING;
+         goto end;
+     }
+ 
+-    size_t digestLen = messageDigest->value.octet_string->length;
++    size_t digestLen = ASN1_STRING_length(messageDigest->value.octet_string);
+ 
+     if (!digestLen) {
+         result->verify_flags = COUNTERSIGNATURE_VFY_DIGEST_MISSING;
+@@ -160,7 +160,7 @@ Countersignature* pkcs9_countersig_new(
+         goto end;
+     }
+ 
+-    const uint8_t* digestData = messageDigest->value.octet_string->data;
++    const uint8_t* digestData = ASN1_STRING_get0_data(messageDigest->value.octet_string);
+     byte_array_init(&result->digest, digestData, digestLen);
+ 
+     /* By this point we all necessary things for verification
+@@ -187,8 +187,8 @@ Countersignature* pkcs9_countersig_new(
+         goto end;
+     }
+ 
+-    uint8_t* encData = si->enc_digest->data;
+-    size_t encLen = si->enc_digest->length;
++    const uint8_t* encData = ASN1_STRING_get0_data(si->enc_digest);
++    size_t encLen = ASN1_STRING_length(si->enc_digest);
+ 
+     /* Decrypt the encrypted digest */
+     EVP_PKEY_verify_recover_init(ctx);
+@@ -220,7 +220,7 @@ Countersignature* pkcs9_countersig_new(
+         const uint8_t* data_ptr = decData;
+         DigestInfo* digest_info = d2i_DigestInfo(NULL, &data_ptr, decLen);
+         if (digest_info) {
+-            isValid = !memcmp(digest_info->digest->data, calc_digest, mdLen);
++            isValid = !memcmp(ASN1_STRING_get0_data(digest_info->digest), calc_digest, mdLen);
+             DigestInfo_free(digest_info);
+         } else {
+             isValid = false;
+@@ -235,7 +235,7 @@ Countersignature* pkcs9_countersig_new(
+ 
+     /* Now check the countersignature message-digest that should correspond
+      * to Signatures encrypted digest it countersigns */
+-    calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
++    calculate_digest(md, ASN1_STRING_get0_data(enc_digest), ASN1_STRING_length(enc_digest), calc_digest);
+ 
+     /* Check if calculated one matches the stored one */
+     if (digestLen != mdLen || memcmp(calc_digest, digestData, mdLen) != 0) {
+@@ -269,8 +269,8 @@ TS_TST_INFO* IMPL_FUNC_NAME(get_ts_tst_info, cms)(CountersignatureImpl* impl)
+         return NULL;
+     }
+ 
+-    const uint8_t* data = (*content)->data;
+-    TS_TST_INFO* ts_tst_info = d2i_TS_TST_INFO(NULL, &data, (*content)->length);
++    const uint8_t* data = ASN1_STRING_get0_data(*content);
++    TS_TST_INFO* ts_tst_info = d2i_TS_TST_INFO(NULL, &data, ASN1_STRING_length(*content));
+     if (!ts_tst_info) {
+         return NULL;
+     }
+@@ -400,8 +400,8 @@ int IMPL_FUNC_NAME(verify_digest, cms)(
+         return 0;
+     }
+ 
+-    if (ts_imprint_digest->length != (int)digest_size ||
+-        memcmp(ts_imprint_digest->data, digest, digest_size) != 0) {
++    if (ASN1_STRING_length(ts_imprint_digest) != (int)digest_size ||
++        memcmp(ASN1_STRING_get0_data(ts_imprint_digest), digest, digest_size) != 0) {
+         TS_TST_INFO_free(ts_tst_info);
+         return 0;
+     }
+@@ -554,8 +554,8 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
+ 
+     ASN1_STRING* rawDigest = TS_MSG_IMPRINT_get_msg(imprint);
+ 
+-    int digestLen = rawDigest->length;
+-    uint8_t* digestData = rawDigest->data;
++    int digestLen = ASN1_STRING_length(rawDigest);
++    const uint8_t* digestData = ASN1_STRING_get0_data(rawDigest);
+ 
+     byte_array_init(&result->digest, digestData, digestLen);
+ 
+@@ -571,7 +571,7 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
+     }
+ 
+     uint8_t calc_digest[EVP_MAX_MD_SIZE];
+-    calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
++    calculate_digest(md, ASN1_STRING_get0_data(enc_digest), ASN1_STRING_length(enc_digest), calc_digest);
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+     int mdLen = EVP_MD_get_size(md);
+-- 
+2.53.0
+

diff --git a/yara.spec b/yara.spec
index 3cbcf42..9469cec 100644
--- a/yara.spec
+++ b/yara.spec
@@ -42,7 +42,8 @@ Source0:       https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name
 # Use default sphix theme to generate documentation rather than sphinx_rtd_theme
 # to avoid static installation of font files on fedora >= 24
 Patch1:         yara-docs-theme.patch
-
+# OpenSSL 4 build fixes
+Patch2:         0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch
 
 BuildRequires:  git
 BuildRequires:  gcc

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-12 20:02 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-12 20:02 [rpms/yara] rawhide: OpenSSL 4 build fixes Simo Sorce

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox