forked from openssl/openssl
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create a rudimentary symbol scanning script
We would like to be able to log and audit the symbols we use in openssl so that we might catch when a new platform symbols is referecned Add such a script (just on unix platforms for now) that gathers the used symbols not belonging to libcrypto or libssl, and compare it to a prior known set of used symbols. Error out if a new symbol is found Add this script to the ci workflow in CI to capture newly introduced platform symbols Fixes openssl#22330 Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#22478)
- Loading branch information
Showing
6 changed files
with
479 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| #! /usr/bin/env perl | ||
| # Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
| # | ||
| # Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| # this file except in compliance with the License. You can obtain a copy | ||
| # in the file LICENSE in the source distribution or at | ||
| # https://www.openssl.org/source/license.html | ||
|
|
||
| use warnings; | ||
| use strict; | ||
| use Config; | ||
|
|
||
| my $expectedsyms=$ARGV[0]; | ||
|
|
||
| shift(@ARGV); | ||
|
|
||
| my $objlist; | ||
| my $objfilelist = join(" ", @ARGV); | ||
| my $expsyms; | ||
| my $exps; | ||
| my $OBJFH; | ||
| my $cmd; | ||
|
|
||
| if ($Config{osname} eq "MSWin32") { | ||
| my $currentdll = ""; | ||
| $cmd = "dumpbin /imports " . $objfilelist; | ||
| my @symlist; | ||
| open $expsyms, '<', $expectedsyms or die; | ||
| { | ||
| local $/; | ||
| $exps=<$expsyms>; | ||
| } | ||
| close($expsyms); | ||
| open($OBJFH, "$cmd|") or die "Cannot open process: $!"; | ||
| while (<$OBJFH>) | ||
| { | ||
| chomp; | ||
| my $dllfile = $_; | ||
| $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE \2/; | ||
| if (index($dllfile, "DLLFILE") >= 0) { | ||
| $currentdll = substr($dllfile, 8); | ||
| $currentdll =~ s/^\s+|s+$//g; | ||
| } | ||
| # filter imports from our own library | ||
| if ("$currentdll" ne "libcrypto-3-x64") { | ||
| my $line = $_; | ||
| $line =~ s/ [0-9a-fA-F]{1,2} /SYMBOL /; | ||
| if (index($line, "SYMBOL") != -1) { | ||
| $line =~ s/.*SYMBOL //; | ||
| push(@symlist, $line); | ||
| } | ||
| } | ||
| } | ||
| foreach (@symlist) { | ||
| if (index($exps, $_) < 0) { | ||
| print "Symbol $_ not in the allowed platform symbols list\n"; | ||
| exit 1; | ||
| } | ||
| } | ||
| exit 0; | ||
| } | ||
| else { | ||
| $cmd = "objdump -t " . $objfilelist . " | grep UND | grep -v \@OPENSSL"; | ||
| $cmd = $cmd . " | awk '{print \$NF}' |"; | ||
| $cmd = $cmd . " sed -e\"s/@.*\$//\" | sort | uniq"; | ||
|
|
||
| open $expsyms, '<', $expectedsyms or die; | ||
| { | ||
| local $/; | ||
| $exps=<$expsyms>; | ||
| } | ||
| close($expsyms); | ||
|
|
||
| open($OBJFH, "$cmd|") or die "Cannot open process: $!"; | ||
| while (<$OBJFH>) | ||
| { | ||
| if (index($exps, $_) < 0) { | ||
| print "Symbol $_ not in the allowed platform symbols list\n"; | ||
| exit 1; | ||
| } | ||
| } | ||
| close($OBJFH); | ||
| exit 0; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,156 @@ | ||
| abort | ||
| accept | ||
| bcmp | ||
| bind | ||
| calloc | ||
| chmod | ||
| clearerr | ||
| clock_gettime | ||
| close | ||
| closedir | ||
| closelog | ||
| connect | ||
| __ctype_b_loc | ||
| __ctype_tolower_loc | ||
| __cxa_atexit | ||
| __cxa_finalize | ||
| dladdr | ||
| dlclose | ||
| dlerror | ||
| dlopen | ||
| dlsym | ||
| __errno_location | ||
| fclose | ||
| fdopen | ||
| feof | ||
| ferror | ||
| fflush | ||
| fgets | ||
| fileno | ||
| fopen | ||
| fopen64 | ||
| fprintf | ||
| fputc | ||
| fputs | ||
| fread | ||
| free | ||
| freeaddrinfo | ||
| fseek | ||
| fstat | ||
| ftell | ||
| fwrite | ||
| gai_strerror | ||
| getaddrinfo | ||
| getauxval | ||
| getcontext | ||
| getentropy | ||
| getenv | ||
| gethostbyname | ||
| getnameinfo | ||
| getpeername | ||
| getpid | ||
| getsockname | ||
| getsockopt | ||
| gettimeofday | ||
| __gmon_start__ | ||
| gmtime_r | ||
| gmtime | ||
| ioctl | ||
| __isoc99_sscanf | ||
| _ITM_deregisterTMCloneTable | ||
| _ITM_registerTMCloneTable | ||
| listen | ||
| _longjmp | ||
| lseek | ||
| madvise | ||
| makecontext | ||
| malloc | ||
| memchr | ||
| memcmp | ||
| memcpy | ||
| memmove | ||
| memset | ||
| mktime | ||
| mlock | ||
| mmap | ||
| mprotect | ||
| munmap | ||
| opendir | ||
| openlog | ||
| poll | ||
| pthread_attr_destroy | ||
| pthread_attr_init | ||
| pthread_attr_setdetachstate | ||
| pthread_cond_broadcast | ||
| pthread_cond_destroy | ||
| pthread_cond_init | ||
| pthread_cond_signal | ||
| pthread_cond_timedwait | ||
| pthread_cond_wait | ||
| pthread_create | ||
| pthread_exit | ||
| pthread_getspecific | ||
| pthread_join | ||
| pthread_key_create | ||
| pthread_key_delete | ||
| pthread_mutex_destroy | ||
| pthread_mutex_init | ||
| pthread_mutex_lock | ||
| pthread_mutex_trylock | ||
| pthread_mutex_unlock | ||
| pthread_once | ||
| pthread_rwlock_destroy | ||
| pthread_rwlock_init | ||
| pthread_rwlock_rdlock | ||
| pthread_rwlock_unlock | ||
| pthread_rwlock_wrlock | ||
| pthread_self | ||
| pthread_setspecific | ||
| qsort | ||
| readdir | ||
| realloc | ||
| recvfrom | ||
| recvmmsg | ||
| secure_getenv | ||
| select | ||
| sendmmsg | ||
| sendto | ||
| setbuf | ||
| setcontext | ||
| _setjmp | ||
| setsockopt | ||
| shmat | ||
| shmdt | ||
| shmget | ||
| shutdown | ||
| sigaction | ||
| sleep | ||
| socket | ||
| sprintf | ||
| stderr | ||
| stdin | ||
| stdout | ||
| strcat | ||
| strchr | ||
| strcmp | ||
| strcpy | ||
| strcspn | ||
| strdup | ||
| strlen | ||
| strncmp | ||
| strncpy | ||
| strrchr | ||
| strspn | ||
| strstr | ||
| strtol | ||
| strtoul | ||
| syscall | ||
| sysconf | ||
| syslog | ||
| tcgetattr | ||
| tcsetattr | ||
| __timezone | ||
| uname | ||
| usleep | ||
| vfprintf | ||
| __xpg_strerror_r |
Oops, something went wrong.