summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Horman <nhorman@openssl.org>2023-10-23 18:47:13 +0200
committerTomas Mraz <tomas@openssl.org>2023-11-01 16:32:26 +0100
commit796e5f96488643755a18570a4907da78ee46131a (patch)
tree4d5abf7335a727b9165e6baebbd5cfeeb2f93f14
parentCI: add Clang 17 (diff)
downloadopenssl-796e5f96488643755a18570a4907da78ee46131a.tar.xz
openssl-796e5f96488643755a18570a4907da78ee46131a.zip
Create a rudimentary symbol scanning script
We would like to be able to log and audit the symbols we use in openssl so that we might catch when a new platform symbols is referecned Add such a script (just on unix platforms for now) that gathers the used symbols not belonging to libcrypto or libssl, and compare it to a prior known set of used symbols. Error out if a new symbol is found Add this script to the ci workflow in CI to capture newly introduced platform symbols Fixes #22330 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22478)
-rw-r--r--.github/workflows/run-checker-ci.yml2
-rw-r--r--.github/workflows/windows.yml3
-rw-r--r--.github/workflows/windows_comp.yml3
-rwxr-xr-xutil/checkplatformsyms.pl84
-rw-r--r--util/platform_symbols/unix-symbols.txt156
-rw-r--r--util/platform_symbols/windows-symbols.txt231
6 files changed, 479 insertions, 0 deletions
diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml
index 2b7ca84d86..0c961f8ef1 100644
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -54,5 +54,7 @@ jobs:
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
+ - name: Check platform symbol usage
+ run: ./util/checkplatformsyms.pl ./util/platform_symbols/unix-symbols.txt ./libcrypto.so ./libssl.so
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 8f68450a5f..0d0f24c299 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -58,6 +58,9 @@ jobs:
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
+ - name: Check platform symbol usage
+ working-directory: _build
+ run: perl ../util/checkplatformsyms.pl ../util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
- name: test
working-directory: _build
run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
diff --git a/.github/workflows/windows_comp.yml b/.github/workflows/windows_comp.yml
index abcc0ad019..a75451669a 100644
--- a/.github/workflows/windows_comp.yml
+++ b/.github/workflows/windows_comp.yml
@@ -53,6 +53,9 @@ jobs:
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
+ - name: Check platform symbol usage
+ run: |
+ perl ./util/checkplatformsyms.pl ./util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
- name: test
working-directory: _build
run: |
diff --git a/util/checkplatformsyms.pl b/util/checkplatformsyms.pl
new file mode 100755
index 0000000000..742dd8ea84
--- /dev/null
+++ b/util/checkplatformsyms.pl
@@ -0,0 +1,84 @@
+#! /usr/bin/env perl
+# Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use warnings;
+use strict;
+use Config;
+
+my $expectedsyms=$ARGV[0];
+
+shift(@ARGV);
+
+my $objlist;
+my $objfilelist = join(" ", @ARGV);
+my $expsyms;
+my $exps;
+my $OBJFH;
+my $cmd;
+
+if ($Config{osname} eq "MSWin32") {
+ my $currentdll = "";
+ $cmd = "dumpbin /imports " . $objfilelist;
+ my @symlist;
+ open $expsyms, '<', $expectedsyms or die;
+ {
+ local $/;
+ $exps=<$expsyms>;
+ }
+ close($expsyms);
+ open($OBJFH, "$cmd|") or die "Cannot open process: $!";
+ while (<$OBJFH>)
+ {
+ chomp;
+ my $dllfile = $_;
+ $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE \2/;
+ if (index($dllfile, "DLLFILE") >= 0) {
+ $currentdll = substr($dllfile, 8);
+ $currentdll =~ s/^\s+|s+$//g;
+ }
+ # filter imports from our own library
+ if ("$currentdll" ne "libcrypto-3-x64") {
+ my $line = $_;
+ $line =~ s/ [0-9a-fA-F]{1,2} /SYMBOL /;
+ if (index($line, "SYMBOL") != -1) {
+ $line =~ s/.*SYMBOL //;
+ push(@symlist, $line);
+ }
+ }
+ }
+ foreach (@symlist) {
+ if (index($exps, $_) < 0) {
+ print "Symbol $_ not in the allowed platform symbols list\n";
+ exit 1;
+ }
+ }
+ exit 0;
+ }
+else {
+ $cmd = "objdump -t " . $objfilelist . " | grep UND | grep -v \@OPENSSL";
+ $cmd = $cmd . " | awk '{print \$NF}' |";
+ $cmd = $cmd . " sed -e\"s/@.*\$//\" | sort | uniq";
+
+ open $expsyms, '<', $expectedsyms or die;
+ {
+ local $/;
+ $exps=<$expsyms>;
+ }
+ close($expsyms);
+
+ open($OBJFH, "$cmd|") or die "Cannot open process: $!";
+ while (<$OBJFH>)
+ {
+ if (index($exps, $_) < 0) {
+ print "Symbol $_ not in the allowed platform symbols list\n";
+ exit 1;
+ }
+ }
+ close($OBJFH);
+ exit 0;
+ }
diff --git a/util/platform_symbols/unix-symbols.txt b/util/platform_symbols/unix-symbols.txt
new file mode 100644
index 0000000000..2b2fe53672
--- /dev/null
+++ b/util/platform_symbols/unix-symbols.txt
@@ -0,0 +1,156 @@
+abort
+accept
+bcmp
+bind
+calloc
+chmod
+clearerr
+clock_gettime
+close
+closedir
+closelog
+connect
+__ctype_b_loc
+__ctype_tolower_loc
+__cxa_atexit
+__cxa_finalize
+dladdr
+dlclose
+dlerror
+dlopen
+dlsym
+__errno_location
+fclose
+fdopen
+feof
+ferror
+fflush
+fgets
+fileno
+fopen
+fopen64
+fprintf
+fputc
+fputs
+fread
+free
+freeaddrinfo
+fseek
+fstat
+ftell
+fwrite
+gai_strerror
+getaddrinfo
+getauxval
+getcontext
+getentropy
+getenv
+gethostbyname
+getnameinfo
+getpeername
+getpid
+getsockname
+getsockopt
+gettimeofday
+__gmon_start__
+gmtime_r
+gmtime
+ioctl
+__isoc99_sscanf
+_ITM_deregisterTMCloneTable
+_ITM_registerTMCloneTable
+listen
+_longjmp
+lseek
+madvise
+makecontext
+malloc
+memchr
+memcmp
+memcpy
+memmove
+memset
+mktime
+mlock
+mmap
+mprotect
+munmap
+opendir
+openlog
+poll
+pthread_attr_destroy
+pthread_attr_init
+pthread_attr_setdetachstate
+pthread_cond_broadcast
+pthread_cond_destroy
+pthread_cond_init
+pthread_cond_signal
+pthread_cond_timedwait
+pthread_cond_wait
+pthread_create
+pthread_exit
+pthread_getspecific
+pthread_join
+pthread_key_create
+pthread_key_delete
+pthread_mutex_destroy
+pthread_mutex_init
+pthread_mutex_lock
+pthread_mutex_trylock
+pthread_mutex_unlock
+pthread_once
+pthread_rwlock_destroy
+pthread_rwlock_init
+pthread_rwlock_rdlock
+pthread_rwlock_unlock
+pthread_rwlock_wrlock
+pthread_self
+pthread_setspecific
+qsort
+readdir
+realloc
+recvfrom
+recvmmsg
+secure_getenv
+select
+sendmmsg
+sendto
+setbuf
+setcontext
+_setjmp
+setsockopt
+shmat
+shmdt
+shmget
+shutdown
+sigaction
+sleep
+socket
+sprintf
+stderr
+stdin
+stdout
+strcat
+strchr
+strcmp
+strcpy
+strcspn
+strdup
+strlen
+strncmp
+strncpy
+strrchr
+strspn
+strstr
+strtol
+strtoul
+syscall
+sysconf
+syslog
+tcgetattr
+tcsetattr
+__timezone
+uname
+usleep
+vfprintf
+__xpg_strerror_r
diff --git a/util/platform_symbols/windows-symbols.txt b/util/platform_symbols/windows-symbols.txt
new file mode 100644
index 0000000000..097741b336
--- /dev/null
+++ b/util/platform_symbols/windows-symbols.txt
@@ -0,0 +1,231 @@
+CryptGenRandom
+RegisterEventSourceW
+ReportEventW
+CryptAcquireContextW
+CryptReleaseContext
+DeregisterEventSource
+CertFindCertificateInStore
+CertFreeCertificateContext
+CertOpenSystemStoreW
+CertCloseStore
+GetUserObjectInformationW
+GetProcessWindowStation
+MessageBoxW
+GetCurrentProcess
+ReadConsoleW
+ReadConsoleA
+SetConsoleMode
+GetConsoleMode
+CreateSemaphoreA
+GetExitCodeThread
+WaitForSingleObject
+ReleaseSemaphore
+GetCurrentProcessId
+TryEnterCriticalSection
+LeaveCriticalSection
+EnterCriticalSection
+InitializeCriticalSection
+SystemTimeToFileTime
+GetSystemTime
+TlsFree
+TlsSetValue
+TlsGetValue
+GetSystemTimeAsFileTime
+RtlCaptureContext
+RtlLookupFunctionEntry
+UnhandledExceptionFilter
+SetUnhandledExceptionFilter
+IsProcessorFeaturePresent
+IsDebuggerPresent
+GetStartupInfoW
+QueryPerformanceCounter
+InitializeSListHead
+DeleteCriticalSection
+TerminateProcess
+TlsAlloc
+GetCurrentThreadId
+AcquireSRWLockShared
+AcquireSRWLockExclusive
+RtlVirtualUnwind
+ConvertFiberToThread
+ConvertThreadToFiberEx
+SwitchToFiber
+DeleteFiber
+CreateFiberEx
+GetSystemDirectoryA
+FreeLibrary
+GetProcAddress
+LoadLibraryA
+FormatMessageA
+GetLastError
+SetLastError
+CloseHandle
+LoadLibraryW
+GetEnvironmentVariableW
+GetStdHandle
+GetFileType
+WriteFile
+GetModuleHandleW
+MultiByteToWideChar
+WideCharToMultiByte
+GetACP
+GetModuleHandleExW
+GetSystemInfo
+VirtualAlloc
+VirtualProtect
+VirtualFree
+VirtualLock
+FindClose
+FindFirstFileW
+FindNextFileW
+Sleep
+InitializeSRWLock
+ReleaseSRWLockExclusive
+ReleaseSRWLockShared
+__current_exception
+__C_specific_handler
+wcsstr
+__current_exception_context
+strstr
+strchr
+memmove
+strrchr
+memcmp
+memset
+memcpy
+memchr
+__std_type_info_destroy_list
+__stdio_common_vsprintf
+__stdio_common_vfprintf
+__stdio_common_vsscanf
+ftell
+fseek
+fread
+_fileno
+__stdio_common_vswprintf
+_wfopen
+fopen
+setvbuf
+fflush
+ferror
+feof
+clearerr
+setbuf
+fclose
+fputs
+__acrt_iob_func
+__stdio_common_vsprintf_s
+fwrite
+fgets
+_setmode
+strtoul
+atoi
+strtol
+tolower
+strspn
+strcspn
+strncpy
+strncmp
+strcmp
+strcat_s
+isspace
+_strdup
+isdigit
+strncpy_s
+strcpy_s
+_gmtime64_s
+__timezone
+_mktime64
+_time64
+qsort
+malloc
+realloc
+calloc
+free
+terminate
+signal
+_initialize_narrow_environment
+_beginthreadex
+_endthreadex
+_register_onexit_function
+strerror_s
+_execute_onexit_table
+raise
+_crt_atexit
+_exit
+_crt_at_quick_exit
+_errno
+_cexit
+_initterm_e
+_configure_narrow_argv
+_initialize_onexit_table
+_initterm
+_seh_filter_dll
+_chmod
+_stat64i32
+_fstat64i32
+getenv
+GetStartupInfoW
+RtlLookupFunctionEntry
+RtlVirtualUnwind
+UnhandledExceptionFilter
+GetSystemTime
+SystemTimeToFileTime
+CloseHandle
+InitializeCriticalSection
+EnterCriticalSection
+LeaveCriticalSection
+TryEnterCriticalSection
+DeleteCriticalSection
+ReleaseSemaphore
+WaitForSingleObject
+GetCurrentThreadId
+SetUnhandledExceptionFilter
+GetExitCodeThread
+CreateSemaphoreA
+SetLastError
+GetLastError
+GetCurrentProcess
+TerminateProcess
+IsProcessorFeaturePresent
+QueryPerformanceCounter
+RtlCaptureContext
+GetCurrentProcessId
+GetSystemTimeAsFileTime
+DisableThreadLibraryCalls
+InitializeSListHead
+IsDebuggerPresent
+GetModuleHandleW
+memcpy
+memset
+__current_exception_context
+strchr
+memcmp
+memchr
+strstr
+memmove
+__std_type_info_destroy_list
+__current_exception
+__C_specific_handler
+_errno
+_endthreadex
+terminate
+_initterm
+_initterm_e
+_seh_filter_dll
+_configure_narrow_argv
+_initialize_narrow_environment
+_initialize_onexit_table
+_register_onexit_function
+_execute_onexit_table
+_crt_atexit
+_crt_at_quick_exit
+_cexit
+_beginthreadex
+_time64
+strncmp
+strcmp
+qsort
+_stat64i32
+atoi
+__stdio_common_vsprintf