SHA256
3
0
forked from pool/openssl
openssl/0001-libcrypto-Hide-library-private-symbols.patch
Stephan Kulow 7f772876ff Accepting request 315685 from Base:System
- update to 1.0.2d
  * fixes CVE-2015-1793 (bsc#936746)
  Alternate chains certificate forgery
     During certificate verfification, OpenSSL will attempt to find an
     alternative certificate chain if the first attempt to build such a chain
     fails. An error in the implementation of this logic can mean that an
     attacker could cause certain checks on untrusted certificates to be
     bypassed, such as the CA flag, enabling them to use a valid leaf
     certificate to act as a CA and "issue" an invalid certificate.
- drop openssl-fix_invalid_manpage_name.patch (upstream) (forwarded request 315682 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/315685
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=128
2015-07-12 20:51:54 +00:00

835 lines
34 KiB
Diff

From c4251c714a2fa6263e77103561b3dc4f6f5fed40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Mon, 21 Oct 2013 01:48:05 -0300
Subject: [PATCH] libcrypto: Hide library-private symbols
---
apps/Makefile | 2 +-
crypto/asn1/asn1_locl.h | 4 ++++
crypto/bn/bn_lcl.h | 4 ++++
crypto/camellia/cmll_locl.h | 3 +++
crypto/cast/cast_lcl.h | 2 ++
crypto/cms/cms_lcl.h | 5 ++++-
crypto/des/des_locl.h | 2 ++
crypto/dsa/dsa_locl.h | 2 +-
crypto/ec/ec_lcl.h | 4 ++++
crypto/ecdh/ech_locl.h | 4 +++-
crypto/ecdsa/ecs_locl.h | 4 ++++
crypto/engine/eng_int.h | 4 +++-
crypto/engine/eng_rsax.c | 2 +-
crypto/evp/e_aes.c | 10 ++++++++++
crypto/evp/e_aes_cbc_hmac_sha1.c | 4 ++++
crypto/evp/evp_locl.h | 4 ++++
crypto/md4/md4_locl.h | 2 +-
crypto/md5/md5_locl.h | 2 +-
crypto/modes/modes_lcl.h | 4 +++-
crypto/o_str.h | 4 ++++
crypto/o_time.h | 4 ++++
crypto/ripemd/rmd_locl.h | 2 +-
crypto/rsa/rsa_locl.h | 2 +-
crypto/sha/sha256.c | 2 +-
crypto/sha/sha512.c | 2 +-
crypto/sha/sha_locl.h | 2 +-
crypto/store/str_locl.h | 4 +++-
crypto/ui/ui_locl.h | 4 +++-
crypto/whrlpool/wp_locl.h | 2 +-
crypto/x509v3/ext_dat.h | 3 +++
crypto/x509v3/pcy_int.h | 3 +++
31 files changed, 85 insertions(+), 17 deletions(-)
Index: openssl-1.0.2b/apps/Makefile
===================================================================
--- openssl-1.0.2b.orig/apps/Makefile 2015-06-11 15:55:38.000000000 +0200
+++ openssl-1.0.2b/apps/Makefile 2015-06-11 17:50:03.669860202 +0200
@@ -20,7 +20,7 @@ EXE_EXT=
SHLIB_TARGET=
-CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+CFLAGS= -fvisibility=hidden -DMONOLITH $(INCLUDES) $(CFLAG)
GENERAL=Makefile makeapps.com install.com
Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/asn1/asn1_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/asn1/asn1_locl.h 2015-06-11 17:50:03.670860215 +0200
@@ -62,6 +62,8 @@
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
+#pragma GCC visibility push(hidden)
+
/* ASN1 print context structure */
struct asn1_pctx_st {
@@ -133,3 +135,5 @@ struct x509_crl_method_st {
ASN1_INTEGER *ser, X509_NAME *issuer);
int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
};
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/bn/bn_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/bn/bn_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/bn/bn_lcl.h 2015-06-11 17:50:03.670860215 +0200
@@ -505,6 +505,8 @@ unsigned __int64 _umul128(unsigned __int
# undef bn_div_words
# endif
+#pragma GCC visibility push(hidden)
+
void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
@@ -530,6 +532,8 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r,
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
+#pragma GCC visibility pop
+
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.2b/crypto/cast/cast_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/cast/cast_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/cast/cast_lcl.h 2015-06-11 17:50:03.670860215 +0200
@@ -217,6 +217,7 @@
}
#endif
+#pragma GCC visibility push(hidden)
extern const CAST_LONG CAST_S_table0[256];
extern const CAST_LONG CAST_S_table1[256];
extern const CAST_LONG CAST_S_table2[256];
@@ -225,3 +226,4 @@ extern const CAST_LONG CAST_S_table4[256
extern const CAST_LONG CAST_S_table5[256];
extern const CAST_LONG CAST_S_table6[256];
extern const CAST_LONG CAST_S_table7[256];
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/cms/cms_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/cms/cms_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/cms/cms_lcl.h 2015-06-11 17:50:03.670860215 +0200
@@ -410,6 +410,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
# define CMS_OIK_KEYIDENTIFIER 1
# define CMS_OIK_PUBKEY 2
+#pragma GCC visibility push(hidden)
+
BIO *cms_content_bio(CMS_ContentInfo *cms);
CMS_ContentInfo *cms_Data_create(void);
@@ -465,6 +467,8 @@ int cms_RecipientInfo_kari_encrypt(CMS_C
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
int en_de);
+#pragma GCC visibility pop
+
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.2b/crypto/des/des_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/des/des_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/des/des_locl.h 2015-06-11 17:50:03.670860215 +0200
@@ -432,10 +432,12 @@
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
+#pragma GCC visibility push(hidden)
extern const DES_LONG DES_SPtrans[8][64];
void fcrypt_body(DES_LONG *out, DES_key_schedule *ks,
DES_LONG Eswap0, DES_LONG Eswap1);
+#pragma GCC visibility pop
# ifdef OPENSSL_SMALL_FOOTPRINT
# undef DES_UNROLL
Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/dsa/dsa_locl.h 2015-06-11 17:41:59.488534507 +0200
+++ openssl-1.0.2b/crypto/dsa/dsa_locl.h 2015-06-11 17:50:03.670860215 +0200
@@ -58,7 +58,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
const EVP_MD *evpmd, const unsigned char *seed_in,
size_t seed_len,
int *counter_ret, unsigned long *h_ret,
- BN_GENCB *cb);
+ BN_GENCB *cb) __attribute__ ((visibility ("hidden")));
int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
const EVP_MD *evpmd, const unsigned char *seed_in,
Index: openssl-1.0.2b/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ec/ec_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ec/ec_lcl.h 2015-06-11 17:50:03.671860227 +0200
@@ -89,6 +89,8 @@
* change in future versions.
*/
+#pragma GCC visibility push(hidden)
+
struct ec_method_st {
/* Various method flags */
int flags;
@@ -566,3 +568,5 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(c
const BIGNUM *b, BN_CTX *ctx);
EC_GROUP *FIPS_ec_group_new_by_curve_name(int nid);
#endif
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ecdh/ech_locl.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/ecdh/ech_locl.h 2015-06-11 17:50:03.671860227 +0200
@@ -58,6 +58,8 @@
# include <openssl/ecdh.h>
+#pragma GCC visibility push(hidden)
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -101,4 +103,5 @@ ECDH_DATA *ecdh_check(EC_KEY *);
}
#endif
+#pragma GCC visibility pop
#endif /* HEADER_ECH_LOCL_H */
Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ecdsa/ecs_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ecdsa/ecs_locl.h 2015-06-11 17:50:03.671860227 +0200
@@ -61,6 +61,8 @@
# include <openssl/ecdsa.h>
+#pragma GCC visibility push(hidden)
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -117,4 +119,5 @@ ECDSA_DATA *ecdsa_check(EC_KEY *eckey);
}
#endif
+#pragma GCC visibility pop
#endif /* HEADER_ECS_LOCL_H */
Index: openssl-1.0.2b/crypto/engine/eng_int.h
===================================================================
--- openssl-1.0.2b.orig/crypto/engine/eng_int.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/engine/eng_int.h 2015-06-11 17:50:03.671860227 +0200
@@ -69,6 +69,8 @@
/* Take public definitions from engine.h */
# include <openssl/engine.h>
+#pragma GCC visibility push(hidden)
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -221,4 +223,5 @@ struct engine_st {
}
#endif
+#pragma GCC visibility pop
#endif /* HEADER_ENGINE_INT_H */
Index: openssl-1.0.2b/crypto/evp/e_aes.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/e_aes.c 2015-06-11 17:41:59.490534533 +0200
+++ openssl-1.0.2b/crypto/evp/e_aes.c 2015-06-11 17:50:03.671860227 +0200
@@ -116,6 +116,8 @@ typedef struct {
# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
+#pragma GCC visibility push(hidden)
+
# ifdef VPAES_ASM
int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
@@ -146,6 +148,7 @@ void bsaes_xts_decrypt(const unsigned ch
size_t len, const AES_KEY *key1,
const AES_KEY *key2, const unsigned char iv[16]);
# endif
+#pragma GCC visibility pop
# ifdef AES_CTR_ASM
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
@@ -194,6 +197,8 @@ extern unsigned int OPENSSL_ia32cap_P[];
*/
# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+#pragma GCC visibility push(hidden)
+
int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
@@ -263,6 +268,8 @@ void gcm_ghash_avx(u64 Xi[2], const u128
# undef AES_GCM_ASM2 /* minor size optimization */
# endif
+#pragma GCC visibility pop
+
static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 17:50:03.672860241 +0200
@@ -97,6 +97,8 @@ typedef struct {
extern unsigned int OPENSSL_ia32cap_P[];
# define AESNI_CAPABLE (1<<(57-32))
+#pragma GCC visibility push(hidden)
+
int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
@@ -115,6 +117,8 @@ void aesni256_cbc_sha1_dec(const void *i
const AES_KEY *key, unsigned char iv[16],
SHA_CTX *ctx, const void *in0);
+#pragma GCC visibility pop
+
# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
Index: openssl-1.0.2b/crypto/evp/evp_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/evp_locl.h 2015-06-11 17:41:59.492534560 +0200
+++ openssl-1.0.2b/crypto/evp/evp_locl.h 2015-06-11 17:50:03.672860241 +0200
@@ -261,6 +261,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
EVP_CIPH_FLAG_DEFAULT_ASN1, \
cipher##_init_key, NULL, NULL, NULL, NULL)
+#pragma GCC visibility push(hidden)
+
struct evp_pkey_ctx_st {
/* Method associated with this operation */
const EVP_PKEY_METHOD *pmeth;
@@ -334,6 +336,8 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
const EVP_MD *evp_get_fips_md(const EVP_MD *md);
const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher);
+#pragma GCC visibility pop
+
#ifdef OPENSSL_FIPS
# ifdef OPENSSL_DOING_MAKEDEPEND
Index: openssl-1.0.2b/crypto/md4/md4_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/md4/md4_locl.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/md4/md4_locl.h 2015-06-11 17:50:03.672860241 +0200
@@ -65,7 +65,7 @@
# define MD4_LONG_LOG2 2 /* default to 32 bits */
#endif
-void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
+void md4_block_data_order(MD4_CTX *c, const void *p, size_t num) __attribute__ ((visibility ("hidden")));
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.2b/crypto/md5/md5_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/md5/md5_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/md5/md5_locl.h 2015-06-11 17:50:03.672860241 +0200
@@ -76,7 +76,7 @@
# endif
#endif
-void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
+void md5_block_data_order(MD5_CTX *c, const void *p, size_t num) __attribute__ ((visibility ("hidden")));
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.2b/crypto/modes/modes_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/modes/modes_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/modes/modes_lcl.h 2015-06-11 17:50:03.672860241 +0200
@@ -89,6 +89,9 @@ _asm mov eax, val _asm bswap eax}
# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
#endif
+
+#pragma GCC visibility push(hidden)
+
/*- GCM definitions */ typedef struct {
u64 hi, lo;
} u128;
@@ -141,3 +144,5 @@ struct ccm128_context {
block128_f block;
void *key;
};
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/o_str.h
===================================================================
--- openssl-1.0.2b.orig/crypto/o_str.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/o_str.h 2015-06-11 17:50:03.672860241 +0200
@@ -61,9 +61,11 @@
# define HEADER_O_STR_H
# include <stddef.h> /* to get size_t */
+#pragma GCC visibility push(hidden)
int OPENSSL_strcasecmp(const char *str1, const char *str2);
int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/o_time.h
===================================================================
--- openssl-1.0.2b.orig/crypto/o_time.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/o_time.h 2015-06-11 17:50:03.672860241 +0200
@@ -61,10 +61,12 @@
# define HEADER_O_TIME_H
# include <time.h>
+#pragma GCC visibility push(hidden)
struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
int OPENSSL_gmtime_diff(int *pday, int *psec,
const struct tm *from, const struct tm *to);
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ripemd/rmd_locl.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/ripemd/rmd_locl.h 2015-06-11 17:50:03.673860254 +0200
@@ -76,7 +76,7 @@
# endif
#endif
-void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
+void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num) __attribute__ ((visibility ("hidden")));
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.2b/crypto/rsa/rsa_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/rsa/rsa_locl.h 2015-06-11 15:00:12.000000000 +0200
+++ openssl-1.0.2b/crypto/rsa/rsa_locl.h 2015-06-11 17:50:03.673860254 +0200
@@ -1,4 +1,4 @@
extern int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm,
size_t *prm_len, const unsigned char *sigbuf,
- size_t siglen, RSA *rsa);
+ size_t siglen, RSA *rsa) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.2b/crypto/sha/sha256.c
===================================================================
--- openssl-1.0.2b.orig/crypto/sha/sha256.c 2015-06-11 17:41:59.509534778 +0200
+++ openssl-1.0.2b/crypto/sha/sha256.c 2015-06-11 17:50:03.673860254 +0200
@@ -135,7 +135,7 @@ int SHA224_Final(unsigned char *md, SHA2
# ifndef SHA256_ASM
static
# endif
-void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num) __attribute__ ((visibility ("hidden")));
# include "md32_common.h"
Index: openssl-1.0.2b/crypto/sha/sha512.c
===================================================================
--- openssl-1.0.2b.orig/crypto/sha/sha512.c 2015-06-11 17:41:59.509534778 +0200
+++ openssl-1.0.2b/crypto/sha/sha512.c 2015-06-11 17:50:03.673860254 +0200
@@ -109,7 +109,7 @@ fips_md_init(SHA512)
# ifndef SHA512_ASM
static
# endif
-void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
+void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num) __attribute__ ((visibility ("hidden")));
int SHA512_Final(unsigned char *md, SHA512_CTX *c)
{
Index: openssl-1.0.2b/crypto/sha/sha_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/sha/sha_locl.h 2015-06-11 17:41:59.509534778 +0200
+++ openssl-1.0.2b/crypto/sha/sha_locl.h 2015-06-11 17:50:03.673860254 +0200
@@ -108,7 +108,7 @@ static void sha_block_data_order(SHA_CTX
# ifndef SHA1_ASM
static
# endif
-void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num) __attribute__ ((visibility ("hidden")));
#else
# error "Either SHA_0 or SHA_1 must be defined."
Index: openssl-1.0.2b/crypto/store/str_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/store/str_locl.h 2015-03-19 15:02:02.000000000 +0100
+++ openssl-1.0.2b/crypto/store/str_locl.h 2015-06-11 17:50:03.673860254 +0200
@@ -63,6 +63,8 @@
# include <openssl/crypto.h>
# include <openssl/store.h>
+#pragma GCC visibility push(hidden)
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -121,5 +123,5 @@ struct store_st {
#ifdef __cplusplus
}
#endif
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/ui/ui_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ui/ui_locl.h 2015-03-19 15:02:02.000000000 +0100
+++ openssl-1.0.2b/crypto/ui/ui_locl.h 2015-06-11 17:50:03.673860254 +0200
@@ -67,6 +67,8 @@
# undef _
# endif
+#pragma GCC visibility push(hidden)
+
struct ui_method_st {
char *name;
/*
@@ -142,4 +144,5 @@ struct ui_st {
int flags;
};
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/whrlpool/wp_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/whrlpool/wp_locl.h 2015-06-11 15:00:12.000000000 +0200
+++ openssl-1.0.2b/crypto/whrlpool/wp_locl.h 2015-06-11 17:50:03.673860254 +0200
@@ -1,3 +1,3 @@
#include <openssl/whrlpool.h>
-void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
+void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h
===================================================================
--- openssl-1.0.2b.orig/crypto/x509v3/ext_dat.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/x509v3/ext_dat.h 2015-06-11 17:50:03.674860267 +0200
@@ -58,6 +58,8 @@
*/
/* This file contains a table of "standard" extensions */
+#pragma GCC visibility push(hidden)
+
extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
@@ -131,6 +133,7 @@ static const X509V3_EXT_METHOD *standard
&v3_ct_scts[1],
};
+#pragma GCC visibility pop
/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h
===================================================================
--- openssl-1.0.2b.orig/crypto/x509v3/pcy_int.h 2015-06-11 15:00:12.000000000 +0200
+++ openssl-1.0.2b/crypto/x509v3/pcy_int.h 2015-06-11 17:50:03.674860267 +0200
@@ -57,6 +57,8 @@
*
*/
+#pragma GCC visibility push(hidden)
+
typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
DECLARE_STACK_OF(X509_POLICY_DATA)
@@ -215,3 +217,5 @@ int policy_node_match(const X509_POLICY_
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
const X509_POLICY_CACHE *policy_cache_set(X509 *x);
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/modes/gcm128.c
===================================================================
--- openssl-1.0.2b.orig/crypto/modes/gcm128.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/modes/gcm128.c 2015-06-11 17:50:03.674860267 +0200
@@ -602,9 +602,9 @@ static void gcm_ghash_4bit(u64 Xi[2], co
}
# endif
# else
-void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);
+void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) __attribute__ ((visibility ("hidden")));
void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
- size_t len);
+ size_t len) __attribute__ ((visibility ("hidden")));
# endif
# define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
@@ -696,10 +696,10 @@ static void gcm_gmult_1bit(u64 Xi[2], co
# define GCM_FUNCREF_4BIT
extern unsigned int OPENSSL_ia32cap_P[];
-void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]);
-void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]);
+void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]) __attribute__ ((visibility ("hidden")));
+void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]) __attribute__ ((visibility ("hidden")));
void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp,
- size_t len);
+ size_t len) __attribute__ ((visibility ("hidden")));
# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
# define gcm_init_avx gcm_init_clmul
Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 17:50:03.674860267 +0200
@@ -78,7 +78,7 @@ typedef struct {
# define NO_PAYLOAD_LENGTH ((size_t)-1)
void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
- MD5_CTX *ctx, const void *inp, size_t blocks);
+ MD5_CTX *ctx, const void *inp, size_t blocks) __attribute__ ((visibility ("hidden")));
# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/cmac/cm_ameth.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/cmac/cm_ameth.c 2015-06-11 17:50:03.674860267 +0200
@@ -73,7 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey
if (cmctx)
CMAC_CTX_free(cmctx);
}
-
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/pmeth_lib.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/evp/pmeth_lib.c 2015-06-11 17:50:03.675860280 +0200
@@ -71,7 +71,7 @@
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
DECLARE_STACK_OF(EVP_PKEY_METHOD)
-STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
+static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/cmac/cm_pmeth.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/cmac/cm_pmeth.c 2015-06-11 17:50:03.675860280 +0200
@@ -182,6 +182,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
return -2;
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_METHOD cmac_pkey_meth = {
EVP_PKEY_CMAC,
EVP_PKEY_FLAG_SIGCTX_CUSTOM,
Index: openssl-1.0.2b/crypto/rand/md_rand.c
===================================================================
--- openssl-1.0.2b.orig/crypto/rand/md_rand.c 2015-06-11 17:41:59.506534739 +0200
+++ openssl-1.0.2b/crypto/rand/md_rand.c 2015-06-11 17:50:03.675860280 +0200
@@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
static int ssleay_rand_status(void);
-RAND_METHOD rand_ssleay_meth = {
+static RAND_METHOD rand_ssleay_meth = {
ssleay_rand_seed,
ssleay_rand_nopseudo_bytes,
ssleay_rand_cleanup,
Index: openssl-1.0.2b/crypto/dh/dh_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dh/dh_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/dh/dh_ameth.c 2015-06-11 17:50:03.675860280 +0200
@@ -584,6 +584,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey,
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
EVP_PKEY_DH,
EVP_PKEY_DH,
Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dh/dh_pmeth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/dh/dh_pmeth.c 2015-06-11 17:50:03.675860280 +0200
@@ -482,6 +482,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
return 1;
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_METHOD dh_pkey_meth = {
EVP_PKEY_DH,
0,
Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dsa/dsa_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/dsa/dsa_ameth.c 2015-06-11 17:50:03.676860293 +0200
@@ -620,6 +620,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
/* NB these are sorted in pkey_id order, lowest first */
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
{
Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dsa/dsa_pmeth.c 2015-06-11 17:41:59.488534507 +0200
+++ openssl-1.0.2b/crypto/dsa/dsa_pmeth.c 2015-06-11 17:50:03.676860293 +0200
@@ -278,6 +278,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
return DSA_generate_key(pkey->pkey.dsa);
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_METHOD dsa_pkey_meth = {
EVP_PKEY_DSA,
EVP_PKEY_FLAG_AUTOARGLEN,
Index: openssl-1.0.2b/crypto/ec/ec_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/ec/ec_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ec/ec_ameth.c 2015-06-11 17:50:03.676860293 +0200
@@ -608,6 +608,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey,
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
EVP_PKEY_EC,
EVP_PKEY_EC,
Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/ec/ec_pmeth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ec/ec_pmeth.c 2015-06-11 17:50:03.676860293 +0200
@@ -491,6 +491,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
return EC_KEY_generate_key(pkey->pkey.ec);
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_METHOD ec_pkey_meth = {
EVP_PKEY_EC,
0,
Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/hmac/hm_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/hmac/hm_ameth.c 2015-06-11 17:50:03.676860293 +0200
@@ -135,6 +135,7 @@ static int old_hmac_encode(const EVP_PKE
#endif
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
EVP_PKEY_HMAC,
EVP_PKEY_HMAC,
Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/hmac/hm_pmeth.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/hmac/hm_pmeth.c 2015-06-11 17:50:03.676860293 +0200
@@ -228,6 +228,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
return -2;
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_METHOD hmac_pkey_meth = {
EVP_PKEY_HMAC,
0,
Index: openssl-1.0.2b/crypto/rsa/rsa_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/rsa/rsa_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/rsa/rsa_ameth.c 2015-06-11 17:50:03.677860306 +0200
@@ -921,6 +921,7 @@ static int rsa_cms_encrypt(CMS_Recipient
return rv;
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
{
EVP_PKEY_RSA,
Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/rsa/rsa_pmeth.c 2015-06-11 17:41:59.508534765 +0200
+++ openssl-1.0.2b/crypto/rsa/rsa_pmeth.c 2015-06-11 17:50:03.677860306 +0200
@@ -723,6 +723,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
return ret;
}
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_METHOD rsa_pkey_meth = {
EVP_PKEY_RSA,
EVP_PKEY_FLAG_AUTOARGLEN,
Index: openssl-1.0.2b/crypto/objects/obj_xref.c
===================================================================
--- openssl-1.0.2b.orig/crypto/objects/obj_xref.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/objects/obj_xref.c 2015-06-11 17:50:03.677860306 +0200
@@ -61,7 +61,7 @@
#include "obj_xref.h"
DECLARE_STACK_OF(nid_triple)
-STACK_OF(nid_triple) *sig_app, *sigx_app;
+static STACK_OF(nid_triple) *sig_app, *sigx_app;
static int sig_cmp(const nid_triple *a, const nid_triple *b)
{
Index: openssl-1.0.2b/crypto/pem/pem_lib.c
===================================================================
--- openssl-1.0.2b.orig/crypto/pem/pem_lib.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/pem/pem_lib.c 2015-06-11 17:50:03.677860306 +0200
@@ -80,7 +80,7 @@ const char PEM_version[] = "PEM" OPENSSL
static int load_iv(char **fromp, unsigned char *to, int num);
static int check_pem(const char *nm, const char *name);
-int pem_check_suffix(const char *pem_str, const char *suffix);
+int pem_check_suffix(const char *pem_str, const char *suffix) __attribute__ ((visibility ("hidden")));
int PEM_def_callback(char *buf, int num, int w, void *key)
{
Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c
===================================================================
--- openssl-1.0.2b.orig/crypto/asn1/tasn_prn.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/asn1/tasn_prn.c 2015-06-11 17:50:03.677860306 +0200
@@ -73,7 +73,7 @@
/* ASN1_PCTX routines */
-ASN1_PCTX default_pctx = {
+static ASN1_PCTX default_pctx = {
ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
0, /* nm_flags */
0, /* cert_flags */
Index: openssl-1.0.2b/crypto/bn/bn_exp.c
===================================================================
--- openssl-1.0.2b.orig/crypto/bn/bn_exp.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/bn/bn_exp.c 2015-06-11 17:50:03.678860319 +0200
@@ -947,10 +947,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
*/
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
- const BN_ULONG *n0, int num, int power);
+ const BN_ULONG *n0, int num, int power) __attribute__ ((visibility ("hidden")));
void bn_scatter5(const BN_ULONG *inp, size_t num,
- void *table, size_t power);
- void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+ void *table, size_t power) __attribute__ ((visibility ("hidden")));
+ void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power) __attribute__ ((visibility ("hidden")));
void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
Index: openssl-1.0.2b/crypto/bn/bn_gf2m.c
===================================================================
--- openssl-1.0.2b.orig/crypto/bn/bn_gf2m.c 2015-06-11 15:52:57.000000000 +0200
+++ openssl-1.0.2b/crypto/bn/bn_gf2m.c 2015-06-11 17:50:03.678860319 +0200
@@ -321,7 +321,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r,
}
# else
void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
- BN_ULONG b0);
+ BN_ULONG b0) __attribute__ ((visibility ("hidden")));
# endif
/*