From f33b5a4cb7da3947d06b74e6f6cd2f264faca170 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Sun, 20 Apr 2014 19:39:37 -0300 Subject: [PATCH] libssl: Hide library private symbols It hides all the library symbols that are not part of the public API/ABI when GCC 4 or later is used. --- ssl/d1_lib.c | 5 ++--- ssl/kssl_lcl.h | 9 +++++++++ ssl/s23_srvr.c | 4 ++-- ssl/s2_lib.c | 1 - ssl/s3_lib.c | 1 - ssl/ssl_lib.c | 1 - ssl/ssl_locl.h | 8 ++++++++ ssl/t1_lib.c | 6 ++---- 8 files changed, 23 insertions(+), 12 deletions(-) Index: openssl-1.0.1i/ssl/d1_lib.c =================================================================== --- openssl-1.0.1i.orig/ssl/d1_lib.c +++ openssl-1.0.1i/ssl/d1_lib.c @@ -67,8 +67,7 @@ #endif static void get_current_time(struct timeval *t); -const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; -int dtls1_listen(SSL *s, struct sockaddr *client); +static int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data={ dtls1_enc, @@ -471,7 +470,7 @@ static void get_current_time(struct time #endif } -int dtls1_listen(SSL *s, struct sockaddr *client) +static int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; Index: openssl-1.0.1i/ssl/kssl_lcl.h =================================================================== --- openssl-1.0.1i.orig/ssl/kssl_lcl.h +++ openssl-1.0.1i/ssl/kssl_lcl.h @@ -61,6 +61,10 @@ #include +#if defined(__GNUC__) && __GNUC__ >= 4 +#pragma GCC visibility push(hidden) +#endif + #ifndef OPENSSL_NO_KRB5 #ifdef __cplusplus @@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl } #endif #endif /* OPENSSL_NO_KRB5 */ + +#if defined(__GNUC__) && __GNUC__ >= 4 +#pragma GCC visibility pop +#endif + #endif /* KSSL_LCL_H */ Index: openssl-1.0.1i/ssl/s23_srvr.c =================================================================== --- openssl-1.0.1i.orig/ssl/s23_srvr.c +++ openssl-1.0.1i/ssl/s23_srvr.c @@ -120,7 +120,7 @@ #endif static const SSL_METHOD *ssl23_get_server_method(int ver); -int ssl23_get_client_hello(SSL *s); +static int ssl23_get_client_hello(SSL *s); static const SSL_METHOD *ssl23_get_server_method(int ver) { #ifndef OPENSSL_NO_SSL2 @@ -235,7 +235,7 @@ end: } -int ssl23_get_client_hello(SSL *s) +static int ssl23_get_client_hello(SSL *s) { char buf_space[11]; /* Request this many bytes in initial read. * We can detect SSL 3.0/TLS 1.0 Client Hellos Index: openssl-1.0.1i/ssl/s2_lib.c =================================================================== --- openssl-1.0.1i.orig/ssl/s2_lib.c +++ openssl-1.0.1i/ssl/s2_lib.c @@ -116,7 +116,6 @@ #include #include -const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) Index: openssl-1.0.1i/ssl/s3_lib.c =================================================================== --- openssl-1.0.1i.orig/ssl/s3_lib.c +++ openssl-1.0.1i/ssl/s3_lib.c @@ -162,7 +162,6 @@ #include #endif -const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) Index: openssl-1.0.1i/ssl/ssl_lib.c =================================================================== --- openssl-1.0.1i.orig/ssl/ssl_lib.c +++ openssl-1.0.1i/ssl/ssl_lib.c @@ -160,7 +160,6 @@ #include #endif -const char *SSL_version_str=OPENSSL_VERSION_TEXT; SSL3_ENC_METHOD ssl3_undef_enc_method={ /* evil casts, but these functions are only called if there's a library bug */ Index: openssl-1.0.1i/ssl/ssl_locl.h =================================================================== --- openssl-1.0.1i.orig/ssl/ssl_locl.h +++ openssl-1.0.1i/ssl/ssl_locl.h @@ -165,6 +165,10 @@ #include #include +#if defined(__GNUC__) && __GNUC__ >= 4 +#pragma GCC visibility push(hidden) +#endif + #ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT @@ -1194,5 +1198,14 @@ int srp_verify_server_param(SSL *s, int #define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat #define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat +int private_tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, int seed2_len, + const void *seed3, int seed3_len, const void *seed4, int seed4_len, const void *seed5, int seed5_len, + const unsigned char *sec, int slen, unsigned char *out1, unsigned char *out2, int olen); + #endif + +#if defined(__GNUC__) && __GNUC__ >= 4 +#pragma GCC visibility pop +#endif + #endif Index: openssl-1.0.1i/ssl/t1_lib.c =================================================================== --- openssl-1.0.1i.orig/ssl/t1_lib.c +++ openssl-1.0.1i/ssl/t1_lib.c @@ -117,7 +117,6 @@ #include #include "ssl_locl.h" -const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; #ifndef OPENSSL_NO_TLSEXT static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,