Test failure on OpenBSD - tests/test-pe.c:390: rule does not match contents

[lcheylus]

Bug

• Build of YARA v4.5.1 on OpenBSD current/amd64 (future version 7.6) OK
• Error when running test with make check

  tests/test-pe.c:390: rule does not match contents of'tests/data/079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885' (but should)

Expected behavior All tests should pass.

Please complete the following information:

• OS: OpenBSD current/amd64 (OpenBSD 7.5-current (GENERIC.MP) #93)
• YARA version: 4.5.1 built from sources
• LibreSSL 3.9.0

[plusvic]

This looks like a difference between openssl and libressl. I don't have an installation with libressl around, could you try to comment out lines in the test below until you get a more minimalistic test that reproduces the issue?

https://github.com/VirusTotal/yara/blob/8616165472424d9949c434a5da26858e7880affb/tests/test-pe.c#L294-L388

[lcheylus]

After a lot of iterations (modify test-pe in tests/test-pe.c, rebuild and test with make check), I have 2 cases of minimalist test that reproduces the issue:

• pe.signatures[0].signer_info.length_of_chain == 2
• pe.signatures[0].countersignatures[0].length_of_chain == 2

After some searchs in issues, mine seems to be a duplicate of #2046.

[lcheylus]

I would like to try to build Yara on OpenBSD using OpenSSL lib instead of LibreSSL.

• OpenSSL version 3.1.6 installed via openssl OpenBSD packages
• includes in /usr/local/include/eopenssl31/openssl/
• libs in /usr/local/lib/eopenssl31/

I don't find in configure script how to use OpenSSL instead of LibreSSL. Is there an options/flag in configure script to do this ? I checked configure.ac file for AC_CHECK_HEADERS / AC_CHECK_LIB for openssl/crypto but I don't find how to modify theses checks.

[lcheylus]

FYI, I succeeded to compile and test Yara with OpenSSL instead of LibreSSL on OpenBSD (amd64).

• Install of OpenSSL version 3.1.6 via pkg_add openssl-3.1.6v0

  $ /usr/local/bin/eopenssl31 version
  OpenSSL 3.1.6 4 Jun 2024 (Library: OpenSSL 3.1.6 4 Jun 2024)

• Build of Yara with OpenSSL

  $ ./configure --enable-cuckoo --enable-magic --enable-dex --enable-macho --with-crypto CPPFLAGS=-I/usr/local/include/eopenssl31 LDFLAGS=-L/usr/local/lib/eopenssl31
  $ make
  (...)
  $ LD_LIBRARY_PATH=/usr/local/lib/eopenssl31/ ./yara -v
  4.5.1

• Tests of Yara => no error for test-pe

  $ LD_LIBRARY_PATH=/usr/local/lib/eopenssl31/ make check
  (...)
  make  check-TESTS
  PASS: test-arena
  PASS: test-alignment
  PASS: test-atoms
  PASS: test-api
  PASS: test-rules
  PASS: test-pe
  PASS: test-elf
  PASS: test-version
  PASS: test-bitmask
  PASS: test-math
  PASS: test-stack
  PASS: test-re-split
  PASS: test-async
  PASS: test-string
  PASS: test-exception
  PASS: test-macho
  PASS: test-dex
  PASS: test-dotnet
  PASS: test-magic
  make  all-am
  ============================================================================
  Testsuite summary for yara 4.5.1
  ============================================================================
  # TOTAL: 19
  # PASS:  19
  # SKIP:  0
  # XFAIL: 0
  # FAIL:  0
  # XPASS: 0
  # ERROR: 0
  ============================================================================