mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
796e5f9648
We would like to be able to log and audit the symbols we use in openssl so that we might catch when a new platform symbols is referecned Add such a script (just on unix platforms for now) that gathers the used symbols not belonging to libcrypto or libssl, and compare it to a prior known set of used symbols. Error out if a new symbol is found Add this script to the ci workflow in CI to capture newly introduced platform symbols Fixes #22330 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22478)
85 lines
2.4 KiB
Perl
Executable File
85 lines
2.4 KiB
Perl
Executable File
#! /usr/bin/env perl
|
|
# Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
use warnings;
|
|
use strict;
|
|
use Config;
|
|
|
|
my $expectedsyms=$ARGV[0];
|
|
|
|
shift(@ARGV);
|
|
|
|
my $objlist;
|
|
my $objfilelist = join(" ", @ARGV);
|
|
my $expsyms;
|
|
my $exps;
|
|
my $OBJFH;
|
|
my $cmd;
|
|
|
|
if ($Config{osname} eq "MSWin32") {
|
|
my $currentdll = "";
|
|
$cmd = "dumpbin /imports " . $objfilelist;
|
|
my @symlist;
|
|
open $expsyms, '<', $expectedsyms or die;
|
|
{
|
|
local $/;
|
|
$exps=<$expsyms>;
|
|
}
|
|
close($expsyms);
|
|
open($OBJFH, "$cmd|") or die "Cannot open process: $!";
|
|
while (<$OBJFH>)
|
|
{
|
|
chomp;
|
|
my $dllfile = $_;
|
|
$dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE \2/;
|
|
if (index($dllfile, "DLLFILE") >= 0) {
|
|
$currentdll = substr($dllfile, 8);
|
|
$currentdll =~ s/^\s+|s+$//g;
|
|
}
|
|
# filter imports from our own library
|
|
if ("$currentdll" ne "libcrypto-3-x64") {
|
|
my $line = $_;
|
|
$line =~ s/ [0-9a-fA-F]{1,2} /SYMBOL /;
|
|
if (index($line, "SYMBOL") != -1) {
|
|
$line =~ s/.*SYMBOL //;
|
|
push(@symlist, $line);
|
|
}
|
|
}
|
|
}
|
|
foreach (@symlist) {
|
|
if (index($exps, $_) < 0) {
|
|
print "Symbol $_ not in the allowed platform symbols list\n";
|
|
exit 1;
|
|
}
|
|
}
|
|
exit 0;
|
|
}
|
|
else {
|
|
$cmd = "objdump -t " . $objfilelist . " | grep UND | grep -v \@OPENSSL";
|
|
$cmd = $cmd . " | awk '{print \$NF}' |";
|
|
$cmd = $cmd . " sed -e\"s/@.*\$//\" | sort | uniq";
|
|
|
|
open $expsyms, '<', $expectedsyms or die;
|
|
{
|
|
local $/;
|
|
$exps=<$expsyms>;
|
|
}
|
|
close($expsyms);
|
|
|
|
open($OBJFH, "$cmd|") or die "Cannot open process: $!";
|
|
while (<$OBJFH>)
|
|
{
|
|
if (index($exps, $_) < 0) {
|
|
print "Symbol $_ not in the allowed platform symbols list\n";
|
|
exit 1;
|
|
}
|
|
}
|
|
close($OBJFH);
|
|
exit 0;
|
|
}
|