動的ライブラリ(.so)および静的ライブラリ(.a)のシンボルテーブルをクエリし、動的ライブラリで定義された関数が参照されているかどうかを判断します。
#!/bin/bash
NGTOS="/home/ngos/workspace/V3.2294.23024_NGFW_GM_1.1_R"
TARGET="$NGTOS/target"
TMP_DIR="/tmp/Gmssl"
SO_LIB_LIST=$TMP_DIR/dynamic.log
STATIC_LIB_LIST=$TMP_DIR/static.log
FUNC_LIST=$TMP_DIR/funcInSo.log
FUNCS_USED=$TMP_DIR/funcUsedIn_GM_1_0.log
FUNCS_ABSENT=$TMP_DIR/GMssl_1_1_NotHave.log
FUNCS_PRESENT=$TMP_DIR/GMssl_1_1_Have.log
OPENSSL_1_1_FUNCS=$TMP_DIR/openssl_1.1.log
PLUTO_LOG=$TMP_DIR/pluto.log
WHACK_LOG=$TMP_DIR/whack.log
RESULT=$TMP_DIR/result.log
FUNCS_IN_SO=""
OPENSSL_LIBs=""
if [ ! -d $TMP_DIR ];then
mkdir -p $TMP_DIR && echo "mkdir -p $TMP_DIR"
else
#rm -rf $TMP_DIR/*
date
fi
num=0
num_funcs=0
showFuncList(){
SO_NAME=$1
for func in $2
do
let num_funcs++
echo "@@$num_funcs@@$SO_NAME@@$func" >> $FUNC_LIST
done
}
<<AAA
for example
nm libtest.so | awk '{ FS=" " } { if ( $2 == "T" || $2 == "t" || $2 == "D" || $2 == "d") { print $3 }}'
nm libtest.so | awk '{ FS=" " } { if ( $2 == "T" || $2 == "D") { print $3 }}' | sed '/^_/d' 删除以_开始的函数
AAA
getFuncList(){
SO_NAME=$1
#echo " SO_NAME is $SO_NAME"
funcs=`nm $SO_NAME| awk '{ FS=" " } { if ( $2 == "T" || $2 == "D") { print $3 }}' | sed '/^_/d'`
FUNCS_IN_SO+=$funcs
#echo $SO_NAME $funcs
showFuncList "$SO_NAME" "$funcs"
}
<<FUNC
findOpensslLib
获取openssl相关的动态库:libssl.so libcrypto.so libssl_vpn.so libcrypto_vpn.so
并获取到他们导出的符号表信息
FUNC
findOpensslLib(){
if [ -e $FUNC_LIST ];
then
rm -rf $FUNC_LIST
fi
OPENSSL_LIBs+=`find $TARGET -name "*.so" | grep "ssl"`
OPENSSL_LIBs+=" "
OPENSSL_LIBs+=`find $TARGET -name "*.so" | grep "crypt"`
echo "OPENSSL library contains: "
for lib in $OPENSSL_LIBs
do
echo "Getting functions in $lib"
getFuncList "$lib"
done
echo "findOpensslLib() : openssl functions is in $FUNC_LIST"
echo "Getting functions over!!!"
}
#############################################get openssl lib func over###################################################
<<COMMON
获取系统中所有的动态库和静态库,处理包含ssl 和 crypt的
COMMON
getLibOfNGFW(){
find $TARGET -name *.so | sed '/ssl/d' | sed '/crypt/d' > $SO_LIB_LIST
find $TARGET -name *.a | sed '/ssl/d' | sed '/crypt/d' > $STATIC_LIB_LIST
echo "getLibOfNGFW() : Dynamic libraries is in $SO_LIB_LIST"
echo "getLibOfNGFW() : Static libraries is in $STATIC_LIB_LIST"
}
getLDDInfo_So(){
SO_NAME=$1
echo "$SO_NAME"
ssl_so=`ldd $SO_NAME | grep ssl`
crypt_so=`ldd $SO_NAME | grep crypt`
if [ -n "$ssl_so" ] || [ -n "$crypt_so" ];
then
let num++
echo "${num} ${SO_NAME}" >> $RESULT
if [ -n "$ssl_so" ];
then
echo "$ssl_so" >> $RESULT
fi
if [ -n "$crypt_so" ];
then
echo "$crypt_so" >> $RESULT
#getFuncList "$crypt_so"
fi
<<DEL
func_name=`awk '{print $3}' $FUNC_LIST`
for func in $func_name
do
info=`nm -Da $SO_NAME | grep $func`
[ -n "$info"] && echo $info
# if [ -n "$info"];
# then
# echo "$SO_NAME : $func"
# #echo "$SO_NAME : $func" >> $RESULT
# fi
done
DEL
funcs=`nm -Da $SO_NAME | awk '{if ( $1 == "U" ) {print $2}}'`
for func in $funcs
do
#echo $func
result=`cat $FUNC_LIST | grep -w $func | tr '@' '\t'`
if [ -n "$result" ];
then
echo "$result" >> $RESULT
echo $func >> $FUNCS_USED
fi
done
echo "" >> $RESULT
fi
}
getStaticInfo_a(){
first=1
STATIC_NAME=$1
echo $STATIC_NAME
funcs=`nm -a $STATIC_NAME | awk '{if ( $1 == "U" ) {print $2}}'`
for func in $funcs
do
result=`cat $FUNC_LIST | grep -w $func | tr '@' '\t'`
if [ -n "$result" ];
then
if [ $first -eq 1 ];
then
let num++
echo "${num} ${STATIC_NAME}" >> $RESULT
first=0
fi
echo "$result" >> $RESULT
echo $func >> $FUNCS_USED
fi
done
[ $first -eq 0 ] && echo "" >> $RESULT
}
findFuncInDynamicLib(){
echo "=============findFuncInDynamicLib() : Find functions in .so============="
while read LINE
do
getLDDInfo_So "$LINE"
done < $SO_LIB_LIST
}
findFuncInStaticLib(){
echo "=============findFuncInStaticLib() :Find functions in .a============="
while read LINE
do
getStaticInfo_a "$LINE"
done < $STATIC_LIB_LIST
}
delFiles(){
[ -e $STATIC_LIB_LIST ] && rm -rf $STATIC_LIB_LIST && echo "delete file $STATIC_LIB_LIST"
[ -e $SO_LIB_LIST ] && rm -rf $SO_LIB_LIST && echo "delete file $SO_LIB_LIST"
[ -e $CUR_FUNCS ] && rm -rf $CUR_FUNCS && echo "delete file $CUR_FUNCS"
[ -e $FUNC_LIST ] && rm -rf $FUNC_LIST && echo "delete file $FUNC_LIST"
[ -e $RESULT ] && rm -rf $RESULT && echo "delete file $RESULT"
[ -e $FUNCS_USED ] && rm -rf $FUNCS_USED && echo "delete file $FUNCS_USED"
[ -e $FUNCS_ABSENT ] && rm -rf $FUNCS_ABSENT && echo "delete file $FUNCS_ABSENT"
[ -e $FUNCS_PRESENT ] && rm -rf $FUNCS_PRESENT && echo "delete file $FUNCS_PRESENT"
[ -e $OPENSSL_1_1_FUNCS ] && rm -rf $OPENSSL_1_1_FUNCS && echo "delete file $OPENSSL_1_1_FUNCS"
return 0
}
findFuncInOpenssl_1_1(){
[ -e $FUNCS_ABSENT ] && rm -rf $FUNCS_ABSENT
[ -e $FUNCS_PRESENT ] && rm -rf $FUNCS_PRESENT
[ -e $OPENSSL_1_1_FUNCS ] && rm -rf $OPENSSL_1_1_FUNCS
<<BBB
解析GMssl 1.1版本动添库的符号表
BBB
for SO_NAME in "/usr/src/GmSSL-master/libcrypto.so" "/usr/src/GmSSL-master/libssl.so"
do
echo " GmSSL-1.1 so contains: $SO_NAME"
funcs=`nm $SO_NAME| awk '{ FS=" " } { if ( $2 == "T" || $2 == "D") { print $3 }}' | sed '/^_/d'`
for func in $funcs
do
echo "$func" >> ${OPENSSL_1_1_FUNCS}
done
done
echo "GMssl 1.1 libraries and functions extract over!!!"
<<CCC
将NGTOS中调用的函数接口在GM1.1库中查找
CCC
while read LINE
do
#echo "cat ${OPENSSL_1_1_FUNCS} | grep ${LINE} | uniq "
result=` cat ${OPENSSL_1_1_FUNCS} | grep ${LINE} | uniq `
if [ -z "$result" ]; then
echo $LINE >> ${FUNCS_ABSENT}
else
echo $LINE >> ${FUNCS_PRESENT}
fi
done < $FUNCS_USED
echo "openssl-1.0 functions those NGTOS used are found in GmSSL-1.1 over!!!"
}
pluto_ldd_funcs(){
<<ppp
统计pluto中引用的openssl库信息
ppp
[ -e $PLUTO_LOG ] && rm -rf $PLUTO_LOG && echo "Delete file $PLUTO_LOG"
PLUTO="$NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/pluto"
[ ! -e $PLUTO ] && echo "Target File not eixst : $NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/pluto" && exit 0
defined_funcs=`nm -a $PLUTO | awk '{ if ( $2 == "T" || $2 == "D" ) { print $3 }}' | sed '/^_/d'`
undefined_funcs=`nm -a $PLUTO | awk '{ if ( $1 == "U" ) { print $2 }}' | sed '/^_/d'`
#echo $defined_funcs
#echo $undefined_funcs
echo "=========find funcions in Undefined symbols begin==========" >> $PLUTO_LOG
count=0
for func in $undefined_funcs
do
echo "pluto : $func"
result=`cat $FUNC_LIST | tr '@' ' ' | grep -w $func `
if [ -n "$result" ]; then
let count++
echo "$count $func" >> $PLUTO_LOG
echo "$result" >> $PLUTO_LOG
fi
done
echo "=========find funcions in Undefined symbols end==========" >> $PLUTO_LOG
echo "=========find funcions in defined symbols begin==========" >> $PLUTO_LOG
for func in $defined_funcs
do
echo "pluto : $func"
result=`cat $FUNC_LIST | tr '@' '\t' | grep -w $func `
if [ -n "$result" ]; then
let count++
echo "$count $func" >> $PLUTO_LOG
echo "$result" >> $PLUTO_LOG
fi
done
echo "=========find funcions in defined symbols end==========" >> $PLUTO_LOG
}
whack_ldd_funcs(){
<<ppp
统计whack中引用的openssl库信息
ppp
[ -e $WHACK_LOG ] && rm -rf $WHACK_LOG && echo "Delete file $WHACK_LOG"
WHACK="$NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/whack"
[ ! -e $WHACK ] && echo "Target File not eixst : $NGTOS/SE/ipsec/ver6/openswan/openswan-2.3.1/programs/pluto/whack" && exit 0
defined_funcs=`nm -a $WHACK | awk '{ if ( $2 == "T" || $2 == "D" ) { print $3 }}' | sed '/^_/d'`
undefined_funcs=`nm -a $WHACK | awk '{ if ( $1 == "U" ) { print $2 }}' | sed '/^_/d'`
#echo $defined_funcs
#echo $undefined_funcs
echo "=========find funcions in Undefined symbols begin==========" >> $WHACK_LOG
count=0
for func in $undefined_funcs
do
echo "whack : $func"
result=`cat $FUNC_LIST | tr '@' ' ' | grep -w $func `
if [ -n "$result" ]; then
let count++
echo "$count $func" >> $WHACK_LOG
echo "$result" >> $WHACK_LOG
fi
done
echo "=========find funcions in Undefined symbols end==========" >> $WHACK_LOG
echo "=========find funcions in defined symbols begin==========" >> $WHACK_LOG
for func in $defined_funcs
do
echo "whack : $func"
result=`cat $FUNC_LIST | tr '@' '\t' | grep -w $func `
if [ -n "$result" ]; then
let count++
echo "$count $func" >> $WHACK_LOG
echo "$result" >> $WHACK_LOG
fi
done
echo "=========find funcions in defined symbols end==========" >> $WHACK_LOG
}
Usage(){
echo "Usage:"
echo " $0 [.so] [.a] : find openssl funcs in .so or .a"
echo " $0 [pluto] : check openssl funcs in pluto"
echo " $0 [whack] : check openssl funcs in whack"
exit 1
}
main(){
start_time=`date`
echo "Begin !!!!!"
#删除以前的临时文件
delFiles
[ $? -ne 0 ] && echo "delFiles return $?, exit!" && exit -1
echo "Delete unused files over!!!"
#获取openssl相关的动态库:libssl.so libcrypto.so libssl_vpn.so libcrypto_vpn.so
#并获取到他们的符号表
findOpensslLib
echo "Get Openssl-1.0 lib and functions over!!!"
#获取NGTOS中的动态库和静态库
getLibOfNGFW
echo "Get XXX.so and YYY.a in NGFW over!!!"
#[ $# -eq 1 ] && (([ $1 == ".so" ] && findFuncInDynamicLib ) || ( [ $1 == ".a" ] && findFuncInStaticLib )) && findFuncInOpenssl_1_1 && exit 0
if [ $# -eq 1 ];then
([ $1 == ".so" ] && findFuncInDynamicLib) || ([ $1 == ".a" ] && findFuncInStaticLib)
elif [ $# -eq 2 ];then
findFuncInDynamicLib
findFuncInStaticLib
fi
findFuncInOpenssl_1_1
echo "Over !!!!!!"
echo "====================sucess======================"
end_time=`date`
echo "Start Time: $start_time"
echo " End Time: $end_time"
exit 1
}
[ $# -gt 2 ] && Usage && exit 0
[ $# -eq 0 ] && Usage && exit 0
[ $# -eq 1 ] && [ $1 == "pluto" ] && pluto_ldd_funcs && exit 0
[ $# -eq 1 ] && [ $1 == "whack" ] && whack_ldd_funcs && exit 0
[ $# -eq 1 ] && main "${1}" && exit 0
[ $# -eq 2 ] && main "${1}" "${2}" && exit 0
Usage