Doing this at link time is far easier and can cover all the OS's.
Static doesn't work for symbols that are called inter-module but which
shouldn't be in the public API and GCC specific constructs only work for -
well, GCC.
libeay.num and ssleay.num already list all the public symbols. Parse those
with Perl and generate the necessary linker files - there are only minor
formatting differences between OS's to deal with and some minor differences
in how the files are specified.
Windows -def:
;
; Definition file for the DLL version of the LIBEAY library from OpenSSL
;
LIBRARY LIBEAY32
EXPORTS
SSLeay @1
...
AIX -bexport:
#!
*DESCRIPTION 'LIBSSL EXPORT FILE'
SSLeay
...
HP/UX -c
#DESCRIPTION 'LIBSSL EXPORT FILE'
+e SSLeay
...
Linux -Wl,--version-script,
#DESCRIPTION 'LIBSSL EXPORT FILE'
LIBSSL {
global:
SSLeay;
...
local:
*;
};
OSX -exported_symbols_list
SSLeay
Solaris -Wl,-M
#DESCRIPTION 'LIBSSL EXPORT FILE'
LIBSSL {
global:
SSLeay;
...
local:
*;
};
Peter
From: Kurt Roeckx <[email protected]>
To: [email protected],
Cc: Cristian Rodríguez <[email protected]>
Date: 26/07/2013 03:57
Subject: Re: [PATCH] libssl: Hide library private symbols
Sent by: [email protected]
I've submitted a patch in 2007 to make as much as possible static,
but it never got applied, so I never bothered writing a patch to
make the rest hidden. I think making things static is even better
than hiding them, and should work on all platforms. It's just
that you can't making everything that isn't public static.
But I do have a patch that only tells the linker which symbols
to export that's used in Debian, and so only those that are
public are exported. It would of course be better to hide the
rest like your patch so that more things can be optimised.
Kurt
On Wed, Jul 24, 2013 at 11:33:33PM -0400, Cristian Rodríguez wrote:
> This patch only contains the libssl part (the easy one)
> patch to libcrypto will follow after it is complete and good enough.
>
> It hides all the library symbols that are not part of the public
> API/ABI when GCC 4 or later is used.
> ---
> ssl/kssl_lcl.h | 9 +++++++++
> ssl/ssl_locl.h | 8 ++++++++
> 2 files changed, 17 insertions(+)
>
> diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
> index c039c91..69972b1 100644
> --- a/ssl/kssl_lcl.h
> +++ b/ssl/kssl_lcl.h
> @@ -61,6 +61,10 @@
>
> #include <openssl/kssl.h>
>
> +#if defined(__GNUC__) && __GNUC__ >= 4
> +#pragma GCC visibility push(hidden)
> +#endif
> +
> #ifndef OPENSSL_NO_KRB5
>
> #ifdef __cplusplus
> @@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
> }
> #endif
> #endif /* OPENSSL_NO_KRB5 */
> +
> +#if defined(__GNUC__) && __GNUC__ >= 4
> +#pragma GCC visibility pop
> +#endif
> +
> #endif /* KSSL_LCL_H */
> diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
> index 56f9b4b..dde4e3e 100644
> --- a/ssl/ssl_locl.h
> +++ b/ssl/ssl_locl.h
> @@ -165,6 +165,10 @@
> #include <openssl/ssl.h>
> #include <openssl/symhacks.h>
>
> +#if defined(__GNUC__) && __GNUC__ >= 4
> +#pragma GCC visibility push(hidden)
> +#endif
> +
> #ifdef OPENSSL_BUILD_SHLIBSSL
> # undef OPENSSL_EXTERN
> # define OPENSSL_EXTERN OPENSSL_EXPORT
> @@ -1357,4 +1361,8 @@ void tls_fips_digest_extra(
> const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
> const unsigned char *data, size_t data_len, size_t orig_len);
>
> +#if defined(__GNUC__) && __GNUC__ >= 4
> +#pragma GCC visibility pop
> +#endif
> +
> #endif
> --
> 1.8.3.1
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [email protected]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
