openssl/0005-libssl-Hide-library-private-symbols.patch

From f33b5a4cb7da3947d06b74e6f6cd2f264faca170 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Sun, 20 Apr 2014 19:39:37 -0300
Subject: [PATCH] libssl: Hide library private symbols

It hides all the library symbols that are not part of the public
API/ABI when GCC 4 or later is used.
---
 ssl/d1_lib.c   | 5 ++---
 ssl/kssl_lcl.h | 9 +++++++++
 ssl/s23_srvr.c | 4 ++--
 ssl/s2_lib.c   | 1 -
 ssl/s3_lib.c   | 1 -
 ssl/ssl_lib.c  | 1 -
 ssl/ssl_locl.h | 8 ++++++++
 ssl/t1_lib.c   | 6 ++----
 8 files changed, 23 insertions(+), 12 deletions(-)

--- openssl-1.0.1g.orig/ssl/d1_lib.c
+++ openssl-1.0.1g/ssl/d1_lib.c
@@ -67,8 +67,7 @@
 #endif
 
 static void get_current_time(struct timeval *t);
-const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
-int dtls1_listen(SSL *s, struct sockaddr *client);
+static int dtls1_listen(SSL *s, struct sockaddr *client);
 
 SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
@@ -468,7 +467,7 @@ static void get_current_time(struct time
 #endif
 }
 
-int dtls1_listen(SSL *s, struct sockaddr *client)
+static int dtls1_listen(SSL *s, struct sockaddr *client)
 	{
 	int ret;
 
--- openssl-1.0.1g.orig/ssl/kssl_lcl.h
+++ openssl-1.0.1g/ssl/kssl_lcl.h
@@ -61,6 +61,10 @@
 
 #include <openssl/kssl.h>
 
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility push(hidden)
+#endif
+
 #ifndef OPENSSL_NO_KRB5
 
 #ifdef  __cplusplus
@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl
 }
 #endif
 #endif	/* OPENSSL_NO_KRB5	*/
+
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility pop
+#endif
+
 #endif	/* KSSL_LCL_H 	*/
--- openssl-1.0.1g.orig/ssl/s23_srvr.c
+++ openssl-1.0.1g/ssl/s23_srvr.c
@@ -120,7 +120,7 @@
 #endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
+static int ssl23_get_client_hello(SSL *s);
 static const SSL_METHOD *ssl23_get_server_method(int ver)
 	{
 #ifndef OPENSSL_NO_SSL2
@@ -235,7 +235,7 @@ end:
 	}
 
 
-int ssl23_get_client_hello(SSL *s)
+static int ssl23_get_client_hello(SSL *s)
 	{
 	char buf_space[11]; /* Request this many bytes in initial read.
 	                     * We can detect SSL 3.0/TLS 1.0 Client Hellos
--- openssl-1.0.1g.orig/ssl/s2_lib.c
+++ openssl-1.0.1g/ssl/s2_lib.c
@@ -116,7 +116,6 @@
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 
-const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
 
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
--- openssl-1.0.1g.orig/ssl/s3_lib.c
+++ openssl-1.0.1g/ssl/s3_lib.c
@@ -162,7 +162,6 @@
 #include <openssl/dh.h>
 #endif
 
-const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
 
 #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
--- openssl-1.0.1g.orig/ssl/ssl_lib.c
+++ openssl-1.0.1g/ssl/ssl_lib.c
@@ -160,7 +160,6 @@
 #include <openssl/engine.h>
 #endif
 
-const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
 SSL3_ENC_METHOD ssl3_undef_enc_method={
 	/* evil casts, but these functions are only called if there's a library bug */
--- openssl-1.0.1g.orig/ssl/ssl_locl.h
+++ openssl-1.0.1g/ssl/ssl_locl.h
@@ -165,6 +165,10 @@
 #include <openssl/ssl.h>
 #include <openssl/symhacks.h>
 
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility push(hidden)
+#endif
+
 #ifdef OPENSSL_BUILD_SHLIBSSL
 # undef OPENSSL_EXTERN
 # define OPENSSL_EXTERN OPENSSL_EXPORT
@@ -1174,4 +1178,12 @@ void tls_fips_digest_extra(
 	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
 	const unsigned char *data, size_t data_len, size_t orig_len);
 
+int private_tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, int seed2_len,
+                    const void *seed3, int seed3_len, const void *seed4, int seed4_len, const void *seed5, int seed5_len,
+                    const unsigned char *sec, int slen, unsigned char *out1, unsigned char *out2, int olen);
+
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility pop
+#endif
+
 #endif
--- openssl-1.0.1g.orig/ssl/t1_lib.c
+++ openssl-1.0.1g/ssl/t1_lib.c
@@ -117,7 +117,6 @@
 #include <openssl/rand.h>
 #include "ssl_locl.h"
 
-const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
 
 #ifndef OPENSSL_NO_TLSEXT
 static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,