File 0005-libssl-Hide-library-private-symbols.patch of Package openssl.4105
From f33b5a4cb7da3947d06b74e6f6cd2f264faca170 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Sun, 20 Apr 2014 19:39:37 -0300
Subject: [PATCH] libssl: Hide library private symbols
It hides all the library symbols that are not part of the public
API/ABI when GCC 4 or later is used.
---
ssl/d1_lib.c | 5 ++---
ssl/kssl_lcl.h | 9 +++++++++
ssl/s23_srvr.c | 4 ++--
ssl/s2_lib.c | 1 -
ssl/s3_lib.c | 1 -
ssl/ssl_lib.c | 1 -
ssl/ssl_locl.h | 8 ++++++++
ssl/t1_lib.c | 6 ++----
8 files changed, 23 insertions(+), 12 deletions(-)
Index: openssl-1.0.1i/ssl/d1_lib.c
===================================================================
--- openssl-1.0.1i.orig/ssl/d1_lib.c
+++ openssl-1.0.1i/ssl/d1_lib.c
@@ -67,8 +67,7 @@
#endif
static void get_current_time(struct timeval *t);
-const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
-int dtls1_listen(SSL *s, struct sockaddr *client);
+static int dtls1_listen(SSL *s, struct sockaddr *client);
SSL3_ENC_METHOD DTLSv1_enc_data={
dtls1_enc,
@@ -471,7 +470,7 @@ static void get_current_time(struct time
#endif
}
-int dtls1_listen(SSL *s, struct sockaddr *client)
+static int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;
Index: openssl-1.0.1i/ssl/kssl_lcl.h
===================================================================
--- openssl-1.0.1i.orig/ssl/kssl_lcl.h
+++ openssl-1.0.1i/ssl/kssl_lcl.h
@@ -61,6 +61,10 @@
#include <openssl/kssl.h>
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility push(hidden)
+#endif
+
#ifndef OPENSSL_NO_KRB5
#ifdef __cplusplus
@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl
}
#endif
#endif /* OPENSSL_NO_KRB5 */
+
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility pop
+#endif
+
#endif /* KSSL_LCL_H */
Index: openssl-1.0.1i/ssl/s23_srvr.c
===================================================================
--- openssl-1.0.1i.orig/ssl/s23_srvr.c
+++ openssl-1.0.1i/ssl/s23_srvr.c
@@ -120,7 +120,7 @@
#endif
static const SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
+static int ssl23_get_client_hello(SSL *s);
static const SSL_METHOD *ssl23_get_server_method(int ver)
{
#ifndef OPENSSL_NO_SSL2
@@ -235,7 +235,7 @@ end:
}
-int ssl23_get_client_hello(SSL *s)
+static int ssl23_get_client_hello(SSL *s)
{
char buf_space[11]; /* Request this many bytes in initial read.
* We can detect SSL 3.0/TLS 1.0 Client Hellos
Index: openssl-1.0.1i/ssl/s2_lib.c
===================================================================
--- openssl-1.0.1i.orig/ssl/s2_lib.c
+++ openssl-1.0.1i/ssl/s2_lib.c
@@ -116,7 +116,6 @@
#include <openssl/evp.h>
#include <openssl/md5.h>
-const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
Index: openssl-1.0.1i/ssl/s3_lib.c
===================================================================
--- openssl-1.0.1i.orig/ssl/s3_lib.c
+++ openssl-1.0.1i/ssl/s3_lib.c
@@ -162,7 +162,6 @@
#include <openssl/dh.h>
#endif
-const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
Index: openssl-1.0.1i/ssl/ssl_lib.c
===================================================================
--- openssl-1.0.1i.orig/ssl/ssl_lib.c
+++ openssl-1.0.1i/ssl/ssl_lib.c
@@ -160,7 +160,6 @@
#include <openssl/engine.h>
#endif
-const char *SSL_version_str=OPENSSL_VERSION_TEXT;
SSL3_ENC_METHOD ssl3_undef_enc_method={
/* evil casts, but these functions are only called if there's a library bug */
Index: openssl-1.0.1i/ssl/ssl_locl.h
===================================================================
--- openssl-1.0.1i.orig/ssl/ssl_locl.h
+++ openssl-1.0.1i/ssl/ssl_locl.h
@@ -165,6 +165,10 @@
#include <openssl/ssl.h>
#include <openssl/symhacks.h>
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility push(hidden)
+#endif
+
#ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN
# define OPENSSL_EXTERN OPENSSL_EXPORT
@@ -1194,5 +1198,14 @@ int srp_verify_server_param(SSL *s, int
#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
+int private_tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, int seed2_len,
+ const void *seed3, int seed3_len, const void *seed4, int seed4_len, const void *seed5, int seed5_len,
+ const unsigned char *sec, int slen, unsigned char *out1, unsigned char *out2, int olen);
+
#endif
+
+#if defined(__GNUC__) && __GNUC__ >= 4
+#pragma GCC visibility pop
+#endif
+
#endif
Index: openssl-1.0.1i/ssl/t1_lib.c
===================================================================
--- openssl-1.0.1i.orig/ssl/t1_lib.c
+++ openssl-1.0.1i/ssl/t1_lib.c
@@ -117,7 +117,6 @@
#include <openssl/rand.h>
#include "ssl_locl.h"
-const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
#ifndef OPENSSL_NO_TLSEXT
static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
