Create a rudimentary symbol scanning script

We would like to be able to log and audit the symbols we use in openssl
so that we might catch when a new platform symbols is referecned

Add such a script (just on unix platforms for now) that gathers the used
symbols not belonging to libcrypto or libssl, and compare it to a prior
known set of used symbols.  Error out if a new symbol is found

Add this script to the ci workflow in CI to capture newly
introduced platform symbols

Fixes #22330

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22478)

2 files changed, 387 insertions, 0 deletions

diff --git a/util/platform_symbols/unix-symbols.txt b/util/platform_symbols/unix-symbols.txt
new file mode 100644
index 0000000000..2b2fe53672
--- /dev/null
+++ b/util/platform_symbols/unix-symbols.txt
@@ -0,0 +1,156 @@
+abort
+accept
+bcmp
+bind
+calloc
+chmod
+clearerr
+clock_gettime
+close
+closedir
+closelog
+connect
+__ctype_b_loc
+__ctype_tolower_loc
+__cxa_atexit
+__cxa_finalize
+dladdr
+dlclose
+dlerror
+dlopen
+dlsym
+__errno_location
+fclose
+fdopen
+feof
+ferror
+fflush
+fgets
+fileno
+fopen
+fopen64
+fprintf
+fputc
+fputs
+fread
+free
+freeaddrinfo
+fseek
+fstat
+ftell
+fwrite
+gai_strerror
+getaddrinfo
+getauxval
+getcontext
+getentropy
+getenv
+gethostbyname
+getnameinfo
+getpeername
+getpid
+getsockname
+getsockopt
+gettimeofday
+__gmon_start__
+gmtime_r
+gmtime
+ioctl
+__isoc99_sscanf
+_ITM_deregisterTMCloneTable
+_ITM_registerTMCloneTable
+listen
+_longjmp
+lseek
+madvise
+makecontext
+malloc
+memchr
+memcmp
+memcpy
+memmove
+memset
+mktime
+mlock
+mmap
+mprotect
+munmap
+opendir
+openlog
+poll
+pthread_attr_destroy
+pthread_attr_init
+pthread_attr_setdetachstate
+pthread_cond_broadcast
+pthread_cond_destroy
+pthread_cond_init
+pthread_cond_signal
+pthread_cond_timedwait
+pthread_cond_wait
+pthread_create
+pthread_exit
+pthread_getspecific
+pthread_join
+pthread_key_create
+pthread_key_delete
+pthread_mutex_destroy
+pthread_mutex_init
+pthread_mutex_lock
+pthread_mutex_trylock
+pthread_mutex_unlock
+pthread_once
+pthread_rwlock_destroy
+pthread_rwlock_init
+pthread_rwlock_rdlock
+pthread_rwlock_unlock
+pthread_rwlock_wrlock
+pthread_self
+pthread_setspecific
+qsort
+readdir
+realloc
+recvfrom
+recvmmsg
+secure_getenv
+select
+sendmmsg
+sendto
+setbuf
+setcontext
+_setjmp
+setsockopt
+shmat
+shmdt
+shmget
+shutdown
+sigaction
+sleep
+socket
+sprintf
+stderr
+stdin
+stdout
+strcat
+strchr
+strcmp
+strcpy
+strcspn
+strdup
+strlen
+strncmp
+strncpy
+strrchr
+strspn
+strstr
+strtol
+strtoul
+syscall
+sysconf
+syslog
+tcgetattr
+tcsetattr
+__timezone
+uname
+usleep
+vfprintf
+__xpg_strerror_r
diff --git a/util/platform_symbols/windows-symbols.txt b/util/platform_symbols/windows-symbols.txt
new file mode 100644
index 0000000000..097741b336
--- /dev/null
+++ b/util/platform_symbols/windows-symbols.txt
@@ -0,0 +1,231 @@
+CryptGenRandom
+RegisterEventSourceW
+ReportEventW
+CryptAcquireContextW
+CryptReleaseContext
+DeregisterEventSource
+CertFindCertificateInStore
+CertFreeCertificateContext
+CertOpenSystemStoreW
+CertCloseStore
+GetUserObjectInformationW
+GetProcessWindowStation
+MessageBoxW
+GetCurrentProcess
+ReadConsoleW
+ReadConsoleA
+SetConsoleMode
+GetConsoleMode
+CreateSemaphoreA
+GetExitCodeThread
+WaitForSingleObject
+ReleaseSemaphore
+GetCurrentProcessId
+TryEnterCriticalSection
+LeaveCriticalSection
+EnterCriticalSection
+InitializeCriticalSection
+SystemTimeToFileTime
+GetSystemTime
+TlsFree
+TlsSetValue
+TlsGetValue
+GetSystemTimeAsFileTime
+RtlCaptureContext
+RtlLookupFunctionEntry
+UnhandledExceptionFilter
+SetUnhandledExceptionFilter
+IsProcessorFeaturePresent
+IsDebuggerPresent
+GetStartupInfoW
+QueryPerformanceCounter
+InitializeSListHead
+DeleteCriticalSection
+TerminateProcess
+TlsAlloc
+GetCurrentThreadId
+AcquireSRWLockShared
+AcquireSRWLockExclusive
+RtlVirtualUnwind
+ConvertFiberToThread
+ConvertThreadToFiberEx
+SwitchToFiber
+DeleteFiber
+CreateFiberEx
+GetSystemDirectoryA
+FreeLibrary
+GetProcAddress
+LoadLibraryA
+FormatMessageA
+GetLastError
+SetLastError
+CloseHandle
+LoadLibraryW
+GetEnvironmentVariableW
+GetStdHandle
+GetFileType
+WriteFile
+GetModuleHandleW
+MultiByteToWideChar
+WideCharToMultiByte
+GetACP
+GetModuleHandleExW
+GetSystemInfo
+VirtualAlloc
+VirtualProtect
+VirtualFree
+VirtualLock
+FindClose
+FindFirstFileW
+FindNextFileW
+Sleep
+InitializeSRWLock
+ReleaseSRWLockExclusive
+ReleaseSRWLockShared
+__current_exception
+__C_specific_handler
+wcsstr
+__current_exception_context
+strstr
+strchr
+memmove
+strrchr
+memcmp
+memset
+memcpy
+memchr
+__std_type_info_destroy_list
+__stdio_common_vsprintf
+__stdio_common_vfprintf
+__stdio_common_vsscanf
+ftell
+fseek
+fread
+_fileno
+__stdio_common_vswprintf
+_wfopen
+fopen
+setvbuf
+fflush
+ferror
+feof
+clearerr
+setbuf
+fclose
+fputs
+__acrt_iob_func
+__stdio_common_vsprintf_s
+fwrite
+fgets
+_setmode
+strtoul
+atoi
+strtol
+tolower
+strspn
+strcspn
+strncpy
+strncmp
+strcmp
+strcat_s
+isspace
+_strdup
+isdigit
+strncpy_s
+strcpy_s
+_gmtime64_s
+__timezone
+_mktime64
+_time64
+qsort
+malloc
+realloc
+calloc
+free
+terminate
+signal
+_initialize_narrow_environment
+_beginthreadex
+_endthreadex
+_register_onexit_function
+strerror_s
+_execute_onexit_table
+raise
+_crt_atexit
+_exit
+_crt_at_quick_exit
+_errno
+_cexit
+_initterm_e
+_configure_narrow_argv
+_initialize_onexit_table
+_initterm
+_seh_filter_dll
+_chmod
+_stat64i32
+_fstat64i32
+getenv
+GetStartupInfoW
+RtlLookupFunctionEntry
+RtlVirtualUnwind
+UnhandledExceptionFilter
+GetSystemTime
+SystemTimeToFileTime
+CloseHandle
+InitializeCriticalSection
+EnterCriticalSection
+LeaveCriticalSection
+TryEnterCriticalSection
+DeleteCriticalSection
+ReleaseSemaphore
+WaitForSingleObject
+GetCurrentThreadId
+SetUnhandledExceptionFilter
+GetExitCodeThread
+CreateSemaphoreA
+SetLastError
+GetLastError
+GetCurrentProcess
+TerminateProcess
+IsProcessorFeaturePresent
+QueryPerformanceCounter
+RtlCaptureContext
+GetCurrentProcessId
+GetSystemTimeAsFileTime
+DisableThreadLibraryCalls
+InitializeSListHead
+IsDebuggerPresent
+GetModuleHandleW
+memcpy
+memset
+__current_exception_context
+strchr
+memcmp
+memchr
+strstr
+memmove
+__std_type_info_destroy_list
+__current_exception
+__C_specific_handler
+_errno
+_endthreadex
+terminate
+_initterm
+_initterm_e
+_seh_filter_dll
+_configure_narrow_argv
+_initialize_narrow_environment
+_initialize_onexit_table
+_register_onexit_function
+_execute_onexit_table
+_crt_atexit
+_crt_at_quick_exit
+_cexit
+_beginthreadex
+_time64
+strncmp
+strcmp
+qsort
+_stat64i32
+atoi
+__stdio_common_vsprintf