diff options
| author | Neil Horman <nhorman@openssl.org> | 2023-10-23 18:47:13 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-11-01 16:32:26 +0100 |
| commit | 796e5f96488643755a18570a4907da78ee46131a (patch) | |
| tree | 4d5abf7335a727b9165e6baebbd5cfeeb2f93f14 /util/checkplatformsyms.pl | |
| parent | CI: add Clang 17 (diff) | |
| download | openssl-796e5f96488643755a18570a4907da78ee46131a.tar.xz openssl-796e5f96488643755a18570a4907da78ee46131a.zip | |
Create a rudimentary symbol scanning script
We would like to be able to log and audit the symbols we use in openssl
so that we might catch when a new platform symbols is referecned
Add such a script (just on unix platforms for now) that gathers the used
symbols not belonging to libcrypto or libssl, and compare it to a prior
known set of used symbols. Error out if a new symbol is found
Add this script to the ci workflow in CI to capture newly
introduced platform symbols
Fixes #22330
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22478)
Diffstat (limited to 'util/checkplatformsyms.pl')
| -rwxr-xr-x | util/checkplatformsyms.pl | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/util/checkplatformsyms.pl b/util/checkplatformsyms.pl new file mode 100755 index 0000000000..742dd8ea84 --- /dev/null +++ b/util/checkplatformsyms.pl @@ -0,0 +1,84 @@ +#! /usr/bin/env perl +# Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use warnings; +use strict; +use Config; + +my $expectedsyms=$ARGV[0]; + +shift(@ARGV); + +my $objlist; +my $objfilelist = join(" ", @ARGV); +my $expsyms; +my $exps; +my $OBJFH; +my $cmd; + +if ($Config{osname} eq "MSWin32") { + my $currentdll = ""; + $cmd = "dumpbin /imports " . $objfilelist; + my @symlist; + open $expsyms, '<', $expectedsyms or die; + { + local $/; + $exps=<$expsyms>; + } + close($expsyms); + open($OBJFH, "$cmd|") or die "Cannot open process: $!"; + while (<$OBJFH>) + { + chomp; + my $dllfile = $_; + $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE \2/; + if (index($dllfile, "DLLFILE") >= 0) { + $currentdll = substr($dllfile, 8); + $currentdll =~ s/^\s+|s+$//g; + } + # filter imports from our own library + if ("$currentdll" ne "libcrypto-3-x64") { + my $line = $_; + $line =~ s/ [0-9a-fA-F]{1,2} /SYMBOL /; + if (index($line, "SYMBOL") != -1) { + $line =~ s/.*SYMBOL //; + push(@symlist, $line); + } + } + } + foreach (@symlist) { + if (index($exps, $_) < 0) { + print "Symbol $_ not in the allowed platform symbols list\n"; + exit 1; + } + } + exit 0; + } +else { + $cmd = "objdump -t " . $objfilelist . " | grep UND | grep -v \@OPENSSL"; + $cmd = $cmd . " | awk '{print \$NF}' |"; + $cmd = $cmd . " sed -e\"s/@.*\$//\" | sort | uniq"; + + open $expsyms, '<', $expectedsyms or die; + { + local $/; + $exps=<$expsyms>; + } + close($expsyms); + + open($OBJFH, "$cmd|") or die "Cannot open process: $!"; + while (<$OBJFH>) + { + if (index($exps, $_) < 0) { + print "Symbol $_ not in the allowed platform symbols list\n"; + exit 1; + } + } + close($OBJFH); + exit 0; + } |