yara icon indicating copy to clipboard operation
yara copied to clipboard
verified publisher icon VirusTotal

Test failure on OpenBSD - tests/test-pe.c:390: rule does not match contents

Open lcheylus opened this issue 1 year ago • 4 comments

Bug

  • Build of YARA v4.5.1 on OpenBSD current/amd64 (future version 7.6) OK
  • Error when running test with make check 
tests/test-pe.c:390: rule does not match contents of'tests/data/079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885' (but should)

Expected behavior All tests should pass.

Please complete the following information:

  • OS: OpenBSD current/amd64 (OpenBSD 7.5-current (GENERIC.MP) #93)
  • YARA version: 4.5.1 built from sources
  • LibreSSL 3.9.0

lcheylus avatar Jun 04 '24 15:06 lcheylus

This looks like a difference between openssl and libressl. I don't have an installation with libressl around, could you try to comment out lines in the test below until you get a more minimalistic test that reproduces the issue?

https://github.com/VirusTotal/yara/blob/8616165472424d9949c434a5da26858e7880affb/tests/test-pe.c#L294-L388

plusvic avatar Jun 19 '24 12:06 plusvic

After a lot of iterations (modify test-pe in tests/test-pe.c, rebuild and test with make check), I have 2 cases of minimalist test that reproduces the issue:

  • pe.signatures[0].signer_info.length_of_chain == 2
  • pe.signatures[0].countersignatures[0].length_of_chain == 2

After some searchs in issues, mine seems to be a duplicate of #2046.

lcheylus avatar Jun 20 '24 07:06 lcheylus

I would like to try to build Yara on OpenBSD using OpenSSL lib instead of LibreSSL.

  • OpenSSL version 3.1.6 installed via openssl OpenBSD packages
  • includes in /usr/local/include/eopenssl31/openssl/
  • libs in /usr/local/lib/eopenssl31/

I don't find in configure script how to use OpenSSL instead of LibreSSL. Is there an options/flag in configure script to do this ? I checked configure.ac file for AC_CHECK_HEADERS / AC_CHECK_LIB for openssl/crypto but I don't find how to modify theses checks.

lcheylus avatar Jun 20 '24 07:06 lcheylus

FYI, I succeeded to compile and test Yara with OpenSSL instead of LibreSSL on OpenBSD (amd64).

  • Install of OpenSSL version 3.1.6 via pkg_add openssl-3.1.6v0 
$ /usr/local/bin/eopenssl31 version
OpenSSL 3.1.6 4 Jun 2024 (Library: OpenSSL 3.1.6 4 Jun 2024)
  • Build of Yara with OpenSSL
$ ./configure --enable-cuckoo --enable-magic --enable-dex --enable-macho --with-crypto CPPFLAGS=-I/usr/local/include/eopenssl31 LDFLAGS=-L/usr/local/lib/eopenssl31
$ make
(...)
$ LD_LIBRARY_PATH=/usr/local/lib/eopenssl31/ ./yara -v
4.5.1
  • Tests of Yara => no error for test-pe 
$ LD_LIBRARY_PATH=/usr/local/lib/eopenssl31/ make check
(...)
make  check-TESTS
PASS: test-arena
PASS: test-alignment
PASS: test-atoms
PASS: test-api
PASS: test-rules
PASS: test-pe
PASS: test-elf
PASS: test-version
PASS: test-bitmask
PASS: test-math
PASS: test-stack
PASS: test-re-split
PASS: test-async
PASS: test-string
PASS: test-exception
PASS: test-macho
PASS: test-dex
PASS: test-dotnet
PASS: test-magic
make  all-am
============================================================================
Testsuite summary for yara 4.5.1
============================================================================
# TOTAL: 19
# PASS:  19
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

lcheylus avatar Jul 05 '24 09:07 lcheylus