I've submitted a patch in 2007 to make as much as possible static, but it never got applied, so I never bothered writing a patch to make the rest hidden. I think making things static is even better than hiding them, and should work on all platforms. It's just that you can't making everything that isn't public static.
But I do have a patch that only tells the linker which symbols to export that's used in Debian, and so only those that are public are exported. It would of course be better to hide the rest like your patch so that more things can be optimised. Kurt On Wed, Jul 24, 2013 at 11:33:33PM -0400, Cristian Rodríguez wrote: > This patch only contains the libssl part (the easy one) > patch to libcrypto will follow after it is complete and good enough. > > It hides all the library symbols that are not part of the public > API/ABI when GCC 4 or later is used. > --- > ssl/kssl_lcl.h | 9 +++++++++ > ssl/ssl_locl.h | 8 ++++++++ > 2 files changed, 17 insertions(+) > > diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h > index c039c91..69972b1 100644 > --- a/ssl/kssl_lcl.h > +++ b/ssl/kssl_lcl.h > @@ -61,6 +61,10 @@ > > #include <openssl/kssl.h> > > +#if defined(__GNUC__) && __GNUC__ >= 4 > +#pragma GCC visibility push(hidden) > +#endif > + > #ifndef OPENSSL_NO_KRB5 > > #ifdef __cplusplus > @@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); > } > #endif > #endif /* OPENSSL_NO_KRB5 */ > + > +#if defined(__GNUC__) && __GNUC__ >= 4 > +#pragma GCC visibility pop > +#endif > + > #endif /* KSSL_LCL_H */ > diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h > index 56f9b4b..dde4e3e 100644 > --- a/ssl/ssl_locl.h > +++ b/ssl/ssl_locl.h > @@ -165,6 +165,10 @@ > #include <openssl/ssl.h> > #include <openssl/symhacks.h> > > +#if defined(__GNUC__) && __GNUC__ >= 4 > +#pragma GCC visibility push(hidden) > +#endif > + > #ifdef OPENSSL_BUILD_SHLIBSSL > # undef OPENSSL_EXTERN > # define OPENSSL_EXTERN OPENSSL_EXPORT > @@ -1357,4 +1361,8 @@ void tls_fips_digest_extra( > const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, > const unsigned char *data, size_t data_len, size_t orig_len); > > +#if defined(__GNUC__) && __GNUC__ >= 4 > +#pragma GCC visibility pop > +#endif > + > #endif > -- > 1.8.3.1 > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
