openssl/0005-libssl-Hide-library-private-symbols.patch

From f33b5a4cb7da3947d06b74e6f6cd2f264faca170 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Sun, 20 Apr 2014 19:39:37 -0300
Subject: [PATCH] libssl: Hide library private symbols

It hides all the library symbols that are not part of the public
API/ABI when GCC 4 or later is used.
---
 ssl/d1_lib.c   | 5 ++---
 ssl/kssl_lcl.h | 9 +++++++++
 ssl/s23_srvr.c | 4 ++--
 ssl/s2_lib.c   | 1 -
 ssl/s3_lib.c   | 1 -
 ssl/ssl_lib.c  | 1 -
 ssl/ssl_locl.h | 8 ++++++++
 ssl/t1_lib.c   | 6 ++----
 8 files changed, 23 insertions(+), 12 deletions(-)

Index: openssl-1.0.2a/ssl/d1_lib.c
===================================================================
--- openssl-1.0.2a.orig/ssl/d1_lib.c	2015-05-29 13:41:52.858088475 +0200
+++ openssl-1.0.2a/ssl/d1_lib.c	2015-05-29 13:47:58.764278577 +0200
@@ -69,8 +69,7 @@
 static void get_current_time(struct timeval *t);
 static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
 static int dtls1_handshake_write(SSL *s);
-const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
-int dtls1_listen(SSL *s, struct sockaddr *client);
+static int dtls1_listen(SSL *s, struct sockaddr *client);
 
 SSL3_ENC_METHOD DTLSv1_enc_data = {
     tls1_enc,
@@ -539,7 +538,7 @@ static void get_current_time(struct time
 #endif
 }
 
-int dtls1_listen(SSL *s, struct sockaddr *client)
+static int dtls1_listen(SSL *s, struct sockaddr *client)
 {
     int ret;
 
Index: openssl-1.0.2a/ssl/kssl_lcl.h
===================================================================
--- openssl-1.0.2a.orig/ssl/kssl_lcl.h	2015-05-29 13:41:52.858088475 +0200
+++ openssl-1.0.2a/ssl/kssl_lcl.h	2015-05-29 13:46:44.708430822 +0200
@@ -62,6 +62,10 @@
 
 # include <openssl/kssl.h>
 
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility push(hidden)
+#endif
+
 # ifndef OPENSSL_NO_KRB5
 
 #ifdef  __cplusplus
@@ -85,4 +89,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl
 }
 #endif
 # endif                         /* OPENSSL_NO_KRB5 */
+
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility pop
+#endif
+
 #endif                          /* KSSL_LCL_H */
Index: openssl-1.0.2a/ssl/s23_srvr.c
===================================================================
--- openssl-1.0.2a.orig/ssl/s23_srvr.c	2015-05-29 13:41:51.427072084 +0200
+++ openssl-1.0.2a/ssl/s23_srvr.c	2015-05-29 13:47:16.275792355 +0200
@@ -120,7 +120,7 @@
 #endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
+static int ssl23_get_client_hello(SSL *s);
 static const SSL_METHOD *ssl23_get_server_method(int ver)
 {
 #ifndef OPENSSL_NO_SSL2
@@ -233,7 +233,7 @@ int ssl23_accept(SSL *s)
     return (ret);
 }
 
-int ssl23_get_client_hello(SSL *s)
+static int ssl23_get_client_hello(SSL *s)
 {
     /*-
      * Request this many bytes in initial read.
Index: openssl-1.0.2a/ssl/s2_lib.c
===================================================================
--- openssl-1.0.2a.orig/ssl/s2_lib.c	2015-05-29 13:41:52.859088486 +0200
+++ openssl-1.0.2a/ssl/s2_lib.c	2015-05-29 13:47:37.964040715 +0200
@@ -116,7 +116,6 @@
 # include <openssl/evp.h>
 # include <openssl/md5.h>
 
-const char ssl2_version_str[] = "SSLv2" OPENSSL_VERSION_PTEXT;
 
 # define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
Index: openssl-1.0.2a/ssl/s3_lib.c
===================================================================
--- openssl-1.0.2a.orig/ssl/s3_lib.c	2015-05-29 13:41:52.859088486 +0200
+++ openssl-1.0.2a/ssl/s3_lib.c	2015-05-29 13:49:33.525363159 +0200
@@ -157,7 +157,6 @@
 # include <openssl/dh.h>
 #endif
 
-const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
 
 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
Index: openssl-1.0.2a/ssl/ssl_lib.c
===================================================================
--- openssl-1.0.2a.orig/ssl/ssl_lib.c	2015-05-29 13:41:52.860088498 +0200
+++ openssl-1.0.2a/ssl/ssl_lib.c	2015-05-29 13:49:51.821573194 +0200
@@ -160,7 +160,6 @@
 # include <openssl/engine.h>
 #endif
 
-const char *SSL_version_str = OPENSSL_VERSION_TEXT;
 
 SSL3_ENC_METHOD ssl3_undef_enc_method = {
     /*
Index: openssl-1.0.2a/ssl/ssl_locl.h
===================================================================
--- openssl-1.0.2a.orig/ssl/ssl_locl.h	2015-05-29 13:41:52.860088498 +0200
+++ openssl-1.0.2a/ssl/ssl_locl.h	2015-05-29 13:51:29.789694782 +0200
@@ -165,6 +165,10 @@
 # include <openssl/ssl.h>
 # include <openssl/symhacks.h>
 
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility push(hidden)
+#endif
+
 # ifdef OPENSSL_BUILD_SHLIBSSL
 #  undef OPENSSL_EXTERN
 #  define OPENSSL_EXTERN OPENSSL_EXPORT
@@ -1475,5 +1479,14 @@ void custom_exts_free(custom_ext_methods
 #  define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
 #  define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
 
+int private_tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, int seed2_len,
+                    const void *seed3, int seed3_len, const void *seed4, int seed4_len, const void *seed5, int seed5_len,
+                    const unsigned char *sec, int slen, unsigned char *out1, unsigned char *out2, int olen);
+
 # endif
+
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility pop
+#endif
+
 #endif
Index: openssl-1.0.2a/ssl/t1_lib.c
===================================================================
--- openssl-1.0.2a.orig/ssl/t1_lib.c	2015-05-29 13:41:52.861088510 +0200
+++ openssl-1.0.2a/ssl/t1_lib.c	2015-05-29 13:51:50.181929005 +0200
@@ -120,7 +120,6 @@
 #include <openssl/rand.h>
 #include "ssl_locl.h"
 
-const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
 
 #ifndef OPENSSL_NO_TLSEXT
 static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,