10 files changed, 232 insertions, 5 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index ffcdc7dabb..3f5342a72f 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.87 2022/11/10 17:53:45 joshua Exp $
+# $OpenBSD: Makefile,v 1.88 2022/11/11 11:25:18 beck Exp $
 LIB=    crypto
 LIBREBUILD=y
@@ -19,6 +19,10 @@ CFLAGS+= -Wall -Wundef
 CFLAGS+= -Werror
 .endif
 CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL
+.ifdef NAMESPACE
+CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE
+.endif
 .if !defined(NOPIC)
 CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN
@@ -40,6 +44,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/ec
 CFLAGS+= -I${LCRYPTO_SRC}/ecdh
 CFLAGS+= -I${LCRYPTO_SRC}/ecdsa
 CFLAGS+= -I${LCRYPTO_SRC}/evp
+CFLAGS+= -I${LCRYPTO_SRC}/hidden
 CFLAGS+= -I${LCRYPTO_SRC}/hmac
 CFLAGS+= -I${LCRYPTO_SRC}/kdf
 CFLAGS+= -I${LCRYPTO_SRC}/modes
@@ -51,6 +56,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/x509
 VERSION_SCRIPT= Symbols.map
 SYMBOL_LIST=    ${.CURDIR}/Symbols.list
+SYMBOL_NAMESPACE=       ${.CURDIR}/Symbols.namespace
 # crypto/
 SRCS+= cpt_err.c
@@ -875,11 +881,18 @@ includes: prereq
            echo $$j; \
            eval "$$j"; \
        done;
+.ifdef NAMESPACE
+${VERSION_SCRIPT}: ${SYMBOL_LIST} ${SYMBOL_NAMESPACE}
+        { printf '{\n\tglobal:\n'; \
+          sed '/^[._a-zA-Z]/s/$$/;/; s/^/               /' ${SYMBOL_NAMESPACE}; \
+          sed '/^[._a-zA-Z]/s/$$/;/; s/^/               /' ${SYMBOL_LIST}; \
+          printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
+.else
 ${VERSION_SCRIPT}: ${SYMBOL_LIST}
        { printf '{\n\tglobal:\n'; \
          sed '/^[._a-zA-Z]/s/$$/;/; s/^/               /' ${SYMBOL_LIST}; \
          printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
+.endif
 # generated
 CFLAGS+= -I${.OBJDIR}
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
new file mode 100644
index 0000000000..31f7fba4c8
--- /dev/null
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -0,0 +1,9 @@
+_libre_HMAC
+_libre_HMAC_CTX_copy
+_libre_HMAC_CTX_free
+_libre_HMAC_CTX_get_md
+_libre_HMAC_CTX_new
+_libre_HMAC_CTX_set_flags
+_libre_HMAC_Final
+_libre_HMAC_Init_ex
+_libre_HMAC_Update
diff --git a/src/lib/libcrypto/hidden/README b/src/lib/libcrypto/hidden/README
new file mode 100644
index 0000000000..c41830cf55
--- /dev/null
+++ b/src/lib/libcrypto/hidden/README
@@ -0,0 +1,40 @@
+The goals:
+1) calls from inside libcrypto to other libcrypto functions should
+   be via identifiers that are of hidden visibility and -- to avoid
+   confusion or conflicts -- are in the reserved namespace.  By
+   doing this these calls are protected from being overridden by
+   applications and on many platforms can avoid creation or use of
+   GOT or PLT  entries.  I've chosen a prefix of "_lcry_" for this.
+   Note that these symbols aren't in the dynamic symbol table of the
+   libcrypto.so shared library...but they are visible in the static
+   library.
+2) calls from libssl to symbols in libcrypto should be via identifiers
+   which won't be accidentally overridden by the application, libc,
+   other random crypto libraries that are pulled in, etc.  I've
+   chosen a prefix of "_libre_" for this.
+These will not be declared directly; instead, the gcc "asm labels"
+extension will be used rename the function.  In order to actually
+set up the desired asm labels, we use these in the internal .h
+files:
+   LCRYPTO_USED(x)      Symbols used both internally and externally
+        In builds of libcrypto, this makes gcc convert use of x to
+        use _libre_x instead.  In other builds that use these headers,
+        it makes gcc convert use of x to use _libre_x instead.  Use
+        LCRYPTO_ALIAS(x) to create the external aliases.
+        ex: LCRYPTO_USED(SSL_get_verify_mode)
+   LCRYPTO_UNUSED(x)    Symbols that are not used internally or by libssl
+        No renaming is done.  In builds of libcrypto, the symbol
+        is marked as deprecated to detect unintentional use of such
+        a synbol, so that it can be marked as used going forward.
+        ex: LCRYPTO_UNUSED(SSL_CIPHER_get_name)
+Finally, to create the expected aliases, we use these in the .c files
+where the definitions are:
+   LCRYPTO_ALIAS(x)
+        This defines both x and _libre_x as strong aliases for _lcry_x.
+        Match uses of this with uses of LCRYPTO_USED()
+        ex: LCRYPTO_ALIAS(SSL_get_verify_mode)
diff --git a/src/lib/libcrypto/hidden/crypto_namespace.h b/src/lib/libcrypto/hidden/crypto_namespace.h
new file mode 100644
index 0000000000..6ceef26e2d
--- /dev/null
+++ b/src/lib/libcrypto/hidden/crypto_namespace.h
@@ -0,0 +1,44 @@
+/*      $OpenBSD: crypto_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $       */
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBCRYPTO_CRYPTO_NAMESPACE_H_
+#define _LIBCRYPTO_CRYPTO_NAMESPACE_H_
+/*
+ * If marked as 'used', then internal calls use the name with prefix "_lcry_"
+ * and we alias that to the normal name *and* the name with prefix "_libre_";
+ * external calls use the latter name.
+ */
+#ifdef LIBRESSL_NAMESPACE
+# define LCRYPTO_UNUSED(x)              typeof(x) x __attribute__((deprecated))
+#ifdef LIBRESSL_CRYPTO_NAMESPACE
+#  define LCRYPTO_USED(x)               __attribute__((visibility("hidden")))   \
+                                typeof(x) x asm("_lcry_"#x)
+#  define LCRYPTO_ALIAS1(pre,x) asm(".global "#pre#x"; "#pre#x" = _lcry_"#x)
+#  define LCRYPTO_ALIAS(x)      LCRYPTO_ALIAS1(,x); LCRYPTO_ALIAS1(_libre_,x);
+#else
+#  define LCRYPTO_USED(x)          typeof(x) x asm("_libre_"#x)
+#endif
+#else
+# define LCRYPTO_UNUSED(x)
+# define LCRYPTO_USED(x)
+# define LCRYPTO_ALIAS1(pre,x)
+# define LCRYPTO_ALIAS(x)
+#endif
+#endif  /* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */
diff --git a/src/lib/libcrypto/hidden/openssl/hmac.h b/src/lib/libcrypto/hidden/openssl/hmac.h
new file mode 100644
index 0000000000..d8370945d0
--- /dev/null
+++ b/src/lib/libcrypto/hidden/openssl/hmac.h
@@ -0,0 +1,36 @@
+/*      $OpenBSD: hmac.h,v 1.1 2022/11/11 11:25:18 beck Exp $   */
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBCRYPTO_HMAC_H_
+#define _LIBCRYPTO_HMAC_H_
+#include_next <openssl/hmac.h>
+#include "crypto_namespace.h"
+LCRYPTO_USED(HMAC_CTX_new);
+LCRYPTO_USED(HMAC_CTX_free);
+LCRYPTO_UNUSED(HMAC_CTX_reset);
+LCRYPTO_UNUSED(HMAC_Init);
+LCRYPTO_USED(HMAC_Init_ex);
+LCRYPTO_USED(HMAC_Update);
+LCRYPTO_USED(HMAC_Final);
+LCRYPTO_USED(HMAC);
+LCRYPTO_USED(HMAC_CTX_copy);
+LCRYPTO_USED(HMAC_CTX_set_flags);
+LCRYPTO_USED(HMAC_CTX_get_md);
+#endif /* _LIBCRYPTO_HMAC_H_ */
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index 3421119b7e..b195ca680b 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.c,v 1.28 2022/05/05 18:29:34 tb Exp $ */
+/* $OpenBSD: hmac.c,v 1.29 2022/11/11 11:25:18 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -134,6 +134,7 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
 err:
        return 0;
 }
+LCRYPTO_ALIAS(HMAC_Init_ex)
 int
 HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
@@ -151,6 +152,7 @@ HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        return EVP_DigestUpdate(&ctx->md_ctx, data, len);
 }
+LCRYPTO_ALIAS(HMAC_Update)
 int
 HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
@@ -173,6 +175,7 @@ HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 err:
        return 0;
 }
+LCRYPTO_ALIAS(HMAC_Final)
 HMAC_CTX *
 HMAC_CTX_new(void)
@@ -186,6 +189,7 @@ HMAC_CTX_new(void)
        return ctx;
 }
+LCRYPTO_ALIAS(HMAC_CTX_new)
 void
 HMAC_CTX_free(HMAC_CTX *ctx)
@@ -197,6 +201,7 @@ HMAC_CTX_free(HMAC_CTX *ctx)
        free(ctx);
 }
+LCRYPTO_ALIAS(HMAC_CTX_free)
 int
 HMAC_CTX_reset(HMAC_CTX *ctx)
@@ -231,6 +236,7 @@ HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 err:
        return 0;
 }
+LCRYPTO_ALIAS(HMAC_CTX_copy)
 void
 HMAC_CTX_cleanup(HMAC_CTX *ctx)
@@ -248,12 +254,14 @@ HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
        EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
        EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
 }
+LCRYPTO_ALIAS(HMAC_CTX_set_flags)
 const EVP_MD *
 HMAC_CTX_get_md(const HMAC_CTX *ctx)
 {
        return ctx->md;
 }
+LCRYPTO_ALIAS(HMAC_CTX_get_md)
 unsigned char *
 HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d,
@@ -282,3 +290,4 @@ err:
        HMAC_CTX_cleanup(&c);
        return NULL;
 }
+LCRYPTO_ALIAS(HMAC)
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 1788cd75a3..a6ee26a667 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $
+# $OpenBSD: Makefile,v 1.78 2022/11/11 11:25:18 beck Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -16,6 +16,9 @@ CFLAGS+= -Wall -Wundef
 CFLAGS+= -Werror
 .endif
 CFLAGS+= -DLIBRESSL_INTERNAL
+.ifdef NAMESPACE
+CFLAGS+= -DLIBRESSL_NAMESPACE
+.endif
 .ifdef TLS1_3
 CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
 CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
@@ -24,7 +27,9 @@ CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
 CFLAGS+= -DTLS13_DEBUG
 .endif
 CFLAGS+= -I${.CURDIR}
+CFLAGS+= -I${.CURDIR}/../libcrypto/hidden
 CFLAGS+= -I${.CURDIR}/../libcrypto/bio
+CFLAGS+= -I${.CURDIR}/hidden
 LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index 04dd22f16d..d6974cdb24 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ssl.c,v 1.35 2022/10/05 21:16:14 tb Exp $ */
+/* $OpenBSD: bio_ssl.c,v 1.36 2022/11/11 11:25:18 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -103,6 +103,7 @@ BIO_f_ssl(void)
 {
        return (&methods_sslp);
 }
+LSSL_ALIAS(BIO_f_ssl)
 static int
 ssl_new(BIO *bi)
@@ -532,6 +533,7 @@ BIO_new_ssl_connect(SSL_CTX *ctx)
        BIO_free(ssl);
        return (NULL);
 }
+LSSL_ALIAS(BIO_new_ssl_connect)
 BIO *
 BIO_new_ssl(SSL_CTX *ctx, int client)
@@ -556,6 +558,7 @@ BIO_new_ssl(SSL_CTX *ctx, int client)
        BIO_free(ret);
        return (NULL);
 }
+LSSL_ALIAS(BIO_new_ssl)
 int
 BIO_ssl_copy_session_id(BIO *t, BIO *f)
diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h
new file mode 100644
index 0000000000..540c6e7652
--- /dev/null
+++ b/src/lib/libssl/hidden/openssl/ssl.h
@@ -0,0 +1,31 @@
+/*      $OpenBSD: ssl.h,v 1.1 2022/11/11 11:25:18 beck Exp $    */
+/*
+ * Copyright (c) 2022 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBSSL_SSL_H_
+#define _LIBSSL_SSL_H_
+#include_next <openssl/ssl.h>
+#include "ssl_namespace.h"
+LSSL_USED(BIO_f_ssl);
+LSSL_USED(BIO_new_ssl);
+LSSL_USED(BIO_new_ssl_connect);
+LSSL_UNUSED(BIO_new_buffer_ssl_connect);
+LSSL_UNUSED(BIO_ssl_copy_session_id);
+LSSL_UNUSED(BIO_ssl_shutdown);
+#endif /* _LIBSSL_SSL_H_ */
diff --git a/src/lib/libssl/hidden/ssl_namespace.h b/src/lib/libssl/hidden/ssl_namespace.h
new file mode 100644
index 0000000000..803f3e66be
--- /dev/null
+++ b/src/lib/libssl/hidden/ssl_namespace.h
@@ -0,0 +1,37 @@
+/*      $OpenBSD: ssl_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $  */
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBSSL_SSL_NAMESPACE_H_
+#define _LIBSSL_SSL_NAMESPACE_H_
+/*
+ * If marked as 'used', then internal calls use the name with prefix "_lssl_"
+ * and we alias that to the normal name.
+ */
+#ifdef LIBRESSL_NAMESPACE
+#define LSSL_UNUSED(x)          typeof(x) x __attribute__((deprecated))
+#define LSSL_USED(x)            __attribute__((visibility("hidden")))   \
+                                typeof(x) x asm("_lssl_"#x)
+#define LSSL_ALIAS(x)           asm(".global "#x"; "#x" = _lssl_"#x);
+#else
+#define LSSL_UNUSED(x)
+#define LSSL_USED(x)
+#define LSSL_ALIAS(x)
+#endif
+#endif  /* _LIBSSL_SSL_NAMESPACE_H_ */

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index ffcdc7dabb..3f5342a72f 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.87 2022/11/10 17:53:45 joshua Exp $	1	# $OpenBSD: Makefile,v 1.88 2022/11/11 11:25:18 beck Exp $
2		2
3	LIB= crypto	3	LIB= crypto
4	LIBREBUILD=y	4	LIBREBUILD=y
@@ -19,6 +19,10 @@ CFLAGS+= -Wall -Wundef
19	CFLAGS+= -Werror	19	CFLAGS+= -Werror
20	.endif	20	.endif
21	CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL	21	CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL
		22	.ifdef NAMESPACE
		23	CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE
		24	.endif
		25
22		26
23	.if !defined(NOPIC)	27	.if !defined(NOPIC)
24	CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN	28	CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN
@@ -40,6 +44,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/ec
40	CFLAGS+= -I${LCRYPTO_SRC}/ecdh	44	CFLAGS+= -I${LCRYPTO_SRC}/ecdh
41	CFLAGS+= -I${LCRYPTO_SRC}/ecdsa	45	CFLAGS+= -I${LCRYPTO_SRC}/ecdsa
42	CFLAGS+= -I${LCRYPTO_SRC}/evp	46	CFLAGS+= -I${LCRYPTO_SRC}/evp
		47	CFLAGS+= -I${LCRYPTO_SRC}/hidden
43	CFLAGS+= -I${LCRYPTO_SRC}/hmac	48	CFLAGS+= -I${LCRYPTO_SRC}/hmac
44	CFLAGS+= -I${LCRYPTO_SRC}/kdf	49	CFLAGS+= -I${LCRYPTO_SRC}/kdf
45	CFLAGS+= -I${LCRYPTO_SRC}/modes	50	CFLAGS+= -I${LCRYPTO_SRC}/modes
@@ -51,6 +56,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/x509
51		56
52	VERSION_SCRIPT= Symbols.map	57	VERSION_SCRIPT= Symbols.map
53	SYMBOL_LIST= ${.CURDIR}/Symbols.list	58	SYMBOL_LIST= ${.CURDIR}/Symbols.list
		59	SYMBOL_NAMESPACE= ${.CURDIR}/Symbols.namespace
54		60
55	# crypto/	61	# crypto/
56	SRCS+= cpt_err.c	62	SRCS+= cpt_err.c
@@ -875,11 +881,18 @@ includes: prereq
875	echo $$j; \	881	echo $$j; \
876	eval "$$j"; \	882	eval "$$j"; \
877	done;	883	done;
878		884	.ifdef NAMESPACE
		885	${VERSION_SCRIPT}: ${SYMBOL_LIST} ${SYMBOL_NAMESPACE}
		886	{ printf '{\n\tglobal:\n'; \
		887	sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_NAMESPACE}; \
		888	sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \
		889	printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
		890	.else
879	${VERSION_SCRIPT}: ${SYMBOL_LIST}	891	${VERSION_SCRIPT}: ${SYMBOL_LIST}
880	{ printf '{\n\tglobal:\n'; \	892	{ printf '{\n\tglobal:\n'; \
881	sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \	893	sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \
882	printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@	894	printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
		895	.endif
883		896
884	# generated	897	# generated
885	CFLAGS+= -I${.OBJDIR}	898	CFLAGS+= -I${.OBJDIR}


diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace new file mode 100644 index 0000000000..31f7fba4c8 --- /dev/null +++ b/src/lib/libcrypto/Symbols.namespace
@@ -0,0 +1,9 @@
		1	_libre_HMAC
		2	_libre_HMAC_CTX_copy
		3	_libre_HMAC_CTX_free
		4	_libre_HMAC_CTX_get_md
		5	_libre_HMAC_CTX_new
		6	_libre_HMAC_CTX_set_flags
		7	_libre_HMAC_Final
		8	_libre_HMAC_Init_ex
		9	_libre_HMAC_Update


diff --git a/src/lib/libcrypto/hidden/README b/src/lib/libcrypto/hidden/README new file mode 100644 index 0000000000..c41830cf55 --- /dev/null +++ b/src/lib/libcrypto/hidden/README
@@ -0,0 +1,40 @@
		1	The goals:
		2	1) calls from inside libcrypto to other libcrypto functions should
		3	be via identifiers that are of hidden visibility and -- to avoid
		4	confusion or conflicts -- are in the reserved namespace. By
		5	doing this these calls are protected from being overridden by
		6	applications and on many platforms can avoid creation or use of
		7	GOT or PLT entries. I've chosen a prefix of "_lcry_" for this.
		8	Note that these symbols aren't in the dynamic symbol table of the
		9	libcrypto.so shared library...but they are visible in the static
		10	library.
		11
		12	2) calls from libssl to symbols in libcrypto should be via identifiers
		13	which won't be accidentally overridden by the application, libc,
		14	other random crypto libraries that are pulled in, etc. I've
		15	chosen a prefix of "_libre_" for this.
		16
		17	These will not be declared directly; instead, the gcc "asm labels"
		18	extension will be used rename the function. In order to actually
		19	set up the desired asm labels, we use these in the internal .h
		20	files:
		21
		22	LCRYPTO_USED(x) Symbols used both internally and externally
		23	In builds of libcrypto, this makes gcc convert use of x to
		24	use _libre_x instead. In other builds that use these headers,
		25	it makes gcc convert use of x to use _libre_x instead. Use
		26	LCRYPTO_ALIAS(x) to create the external aliases.
		27	ex: LCRYPTO_USED(SSL_get_verify_mode)
		28
		29	LCRYPTO_UNUSED(x) Symbols that are not used internally or by libssl
		30	No renaming is done. In builds of libcrypto, the symbol
		31	is marked as deprecated to detect unintentional use of such
		32	a synbol, so that it can be marked as used going forward.
		33	ex: LCRYPTO_UNUSED(SSL_CIPHER_get_name)
		34
		35	Finally, to create the expected aliases, we use these in the .c files
		36	where the definitions are:
		37	LCRYPTO_ALIAS(x)
		38	This defines both x and _libre_x as strong aliases for _lcry_x.
		39	Match uses of this with uses of LCRYPTO_USED()
		40	ex: LCRYPTO_ALIAS(SSL_get_verify_mode)


diff --git a/src/lib/libcrypto/hidden/crypto_namespace.h b/src/lib/libcrypto/hidden/crypto_namespace.h new file mode 100644 index 0000000000..6ceef26e2d --- /dev/null +++ b/src/lib/libcrypto/hidden/crypto_namespace.h
@@ -0,0 +1,44 @@
		1	/* $OpenBSD: crypto_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
		2	/*
		3	* Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#ifndef _LIBCRYPTO_CRYPTO_NAMESPACE_H_
		19	#define _LIBCRYPTO_CRYPTO_NAMESPACE_H_
		20
		21	/*
		22	* If marked as 'used', then internal calls use the name with prefix "_lcry_"
		23	* and we alias that to the normal name and the name with prefix "_libre_";
		24	* external calls use the latter name.
		25	*/
		26
		27	#ifdef LIBRESSL_NAMESPACE
		28	# define LCRYPTO_UNUSED(x) typeof(x) x __attribute__((deprecated))
		29	#ifdef LIBRESSL_CRYPTO_NAMESPACE
		30	# define LCRYPTO_USED(x) __attribute__((visibility("hidden"))) \
		31	typeof(x) x asm("_lcry_"#x)
		32	# define LCRYPTO_ALIAS1(pre,x) asm(".global "#pre#x"; "#pre#x" = _lcry_"#x)
		33	# define LCRYPTO_ALIAS(x) LCRYPTO_ALIAS1(,x); LCRYPTO_ALIAS1(_libre_,x);
		34	#else
		35	# define LCRYPTO_USED(x) typeof(x) x asm("_libre_"#x)
		36	#endif
		37	#else
		38	# define LCRYPTO_UNUSED(x)
		39	# define LCRYPTO_USED(x)
		40	# define LCRYPTO_ALIAS1(pre,x)
		41	# define LCRYPTO_ALIAS(x)
		42	#endif
		43
		44	#endif /* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */


diff --git a/src/lib/libcrypto/hidden/openssl/hmac.h b/src/lib/libcrypto/hidden/openssl/hmac.h new file mode 100644 index 0000000000..d8370945d0 --- /dev/null +++ b/src/lib/libcrypto/hidden/openssl/hmac.h
@@ -0,0 +1,36 @@
		1	/* $OpenBSD: hmac.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
		2	/*
		3	* Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#ifndef _LIBCRYPTO_HMAC_H_
		19	#define _LIBCRYPTO_HMAC_H_
		20
		21	#include_next <openssl/hmac.h>
		22	#include "crypto_namespace.h"
		23
		24	LCRYPTO_USED(HMAC_CTX_new);
		25	LCRYPTO_USED(HMAC_CTX_free);
		26	LCRYPTO_UNUSED(HMAC_CTX_reset);
		27	LCRYPTO_UNUSED(HMAC_Init);
		28	LCRYPTO_USED(HMAC_Init_ex);
		29	LCRYPTO_USED(HMAC_Update);
		30	LCRYPTO_USED(HMAC_Final);
		31	LCRYPTO_USED(HMAC);
		32	LCRYPTO_USED(HMAC_CTX_copy);
		33	LCRYPTO_USED(HMAC_CTX_set_flags);
		34	LCRYPTO_USED(HMAC_CTX_get_md);
		35
		36	#endif /* _LIBCRYPTO_HMAC_H_ */


diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index 3421119b7e..b195ca680b 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: hmac.c,v 1.28 2022/05/05 18:29:34 tb Exp $ */	1	/* $OpenBSD: hmac.c,v 1.29 2022/11/11 11:25:18 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -134,6 +134,7 @@ HMAC_Init_ex(HMAC_CTX ctx, const void key, int len, const EVP_MD *md,
134	err:	134	err:
135	return 0;	135	return 0;
136	}	136	}
		137	LCRYPTO_ALIAS(HMAC_Init_ex)
137		138
138	int	139	int
139	HMAC_Init(HMAC_CTX ctx, const void key, int len, const EVP_MD *md)	140	HMAC_Init(HMAC_CTX ctx, const void key, int len, const EVP_MD *md)
@@ -151,6 +152,7 @@ HMAC_Update(HMAC_CTX ctx, const unsigned char data, size_t len)
151		152
152	return EVP_DigestUpdate(&ctx->md_ctx, data, len);	153	return EVP_DigestUpdate(&ctx->md_ctx, data, len);
153	}	154	}
		155	LCRYPTO_ALIAS(HMAC_Update)
154		156
155	int	157	int
156	HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len)	158	HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len)
@@ -173,6 +175,7 @@ HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len)
173	err:	175	err:
174	return 0;	176	return 0;
175	}	177	}
		178	LCRYPTO_ALIAS(HMAC_Final)
176		179
177	HMAC_CTX *	180	HMAC_CTX *
178	HMAC_CTX_new(void)	181	HMAC_CTX_new(void)
@@ -186,6 +189,7 @@ HMAC_CTX_new(void)
186		189
187	return ctx;	190	return ctx;
188	}	191	}
		192	LCRYPTO_ALIAS(HMAC_CTX_new)
189		193
190	void	194	void
191	HMAC_CTX_free(HMAC_CTX *ctx)	195	HMAC_CTX_free(HMAC_CTX *ctx)
@@ -197,6 +201,7 @@ HMAC_CTX_free(HMAC_CTX *ctx)
197		201
198	free(ctx);	202	free(ctx);
199	}	203	}
		204	LCRYPTO_ALIAS(HMAC_CTX_free)
200		205
201	int	206	int
202	HMAC_CTX_reset(HMAC_CTX *ctx)	207	HMAC_CTX_reset(HMAC_CTX *ctx)
@@ -231,6 +236,7 @@ HMAC_CTX_copy(HMAC_CTX dctx, HMAC_CTX sctx)
231	err:	236	err:
232	return 0;	237	return 0;
233	}	238	}
		239	LCRYPTO_ALIAS(HMAC_CTX_copy)
234		240
235	void	241	void
236	HMAC_CTX_cleanup(HMAC_CTX *ctx)	242	HMAC_CTX_cleanup(HMAC_CTX *ctx)
@@ -248,12 +254,14 @@ HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
248	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);	254	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
249	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);	255	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
250	}	256	}
		257	LCRYPTO_ALIAS(HMAC_CTX_set_flags)
251		258
252	const EVP_MD *	259	const EVP_MD *
253	HMAC_CTX_get_md(const HMAC_CTX *ctx)	260	HMAC_CTX_get_md(const HMAC_CTX *ctx)
254	{	261	{
255	return ctx->md;	262	return ctx->md;
256	}	263	}
		264	LCRYPTO_ALIAS(HMAC_CTX_get_md)
257		265
258	unsigned char *	266	unsigned char *
259	HMAC(const EVP_MD evp_md, const void key, int key_len, const unsigned char *d,	267	HMAC(const EVP_MD evp_md, const void key, int key_len, const unsigned char *d,
@@ -282,3 +290,4 @@ err:
282	HMAC_CTX_cleanup(&c);	290	HMAC_CTX_cleanup(&c);
283	return NULL;	291	return NULL;
284	}	292	}
		293	LCRYPTO_ALIAS(HMAC)


diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 1788cd75a3..a6ee26a667 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $	1	# $OpenBSD: Makefile,v 1.78 2022/11/11 11:25:18 beck Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -16,6 +16,9 @@ CFLAGS+= -Wall -Wundef
16	CFLAGS+= -Werror	16	CFLAGS+= -Werror
17	.endif	17	.endif
18	CFLAGS+= -DLIBRESSL_INTERNAL	18	CFLAGS+= -DLIBRESSL_INTERNAL
		19	.ifdef NAMESPACE
		20	CFLAGS+= -DLIBRESSL_NAMESPACE
		21	.endif
19	.ifdef TLS1_3	22	.ifdef TLS1_3
20	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT	23	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
21	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER	24	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
@@ -24,7 +27,9 @@ CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
24	CFLAGS+= -DTLS13_DEBUG	27	CFLAGS+= -DTLS13_DEBUG
25	.endif	28	.endif
26	CFLAGS+= -I${.CURDIR}	29	CFLAGS+= -I${.CURDIR}
		30	CFLAGS+= -I${.CURDIR}/../libcrypto/hidden
27	CFLAGS+= -I${.CURDIR}/../libcrypto/bio	31	CFLAGS+= -I${.CURDIR}/../libcrypto/bio
		32	CFLAGS+= -I${.CURDIR}/hidden
28		33
29	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto	34	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
30		35


diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index 04dd22f16d..d6974cdb24 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bio_ssl.c,v 1.35 2022/10/05 21:16:14 tb Exp $ */	1	/* $OpenBSD: bio_ssl.c,v 1.36 2022/11/11 11:25:18 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -103,6 +103,7 @@ BIO_f_ssl(void)
103	{	103	{
104	return (&methods_sslp);	104	return (&methods_sslp);
105	}	105	}
		106	LSSL_ALIAS(BIO_f_ssl)
106		107
107	static int	108	static int
108	ssl_new(BIO *bi)	109	ssl_new(BIO *bi)
@@ -532,6 +533,7 @@ BIO_new_ssl_connect(SSL_CTX *ctx)
532	BIO_free(ssl);	533	BIO_free(ssl);
533	return (NULL);	534	return (NULL);
534	}	535	}
		536	LSSL_ALIAS(BIO_new_ssl_connect)
535		537
536	BIO *	538	BIO *
537	BIO_new_ssl(SSL_CTX *ctx, int client)	539	BIO_new_ssl(SSL_CTX *ctx, int client)
@@ -556,6 +558,7 @@ BIO_new_ssl(SSL_CTX *ctx, int client)
556	BIO_free(ret);	558	BIO_free(ret);
557	return (NULL);	559	return (NULL);
558	}	560	}
		561	LSSL_ALIAS(BIO_new_ssl)
559		562
560	int	563	int
561	BIO_ssl_copy_session_id(BIO t, BIO f)	564	BIO_ssl_copy_session_id(BIO t, BIO f)


diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h new file mode 100644 index 0000000000..540c6e7652 --- /dev/null +++ b/src/lib/libssl/hidden/openssl/ssl.h
@@ -0,0 +1,31 @@
		1	/* $OpenBSD: ssl.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
		2	/*
		3	* Copyright (c) 2022 Philip Guenther <guenther@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#ifndef _LIBSSL_SSL_H_
		19	#define _LIBSSL_SSL_H_
		20
		21	#include_next <openssl/ssl.h>
		22	#include "ssl_namespace.h"
		23
		24	LSSL_USED(BIO_f_ssl);
		25	LSSL_USED(BIO_new_ssl);
		26	LSSL_USED(BIO_new_ssl_connect);
		27	LSSL_UNUSED(BIO_new_buffer_ssl_connect);
		28	LSSL_UNUSED(BIO_ssl_copy_session_id);
		29	LSSL_UNUSED(BIO_ssl_shutdown);
		30
		31	#endif /* _LIBSSL_SSL_H_ */


diff --git a/src/lib/libssl/hidden/ssl_namespace.h b/src/lib/libssl/hidden/ssl_namespace.h new file mode 100644 index 0000000000..803f3e66be --- /dev/null +++ b/src/lib/libssl/hidden/ssl_namespace.h
@@ -0,0 +1,37 @@
		1	/* $OpenBSD: ssl_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
		2	/*
		3	* Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#ifndef _LIBSSL_SSL_NAMESPACE_H_
		19	#define _LIBSSL_SSL_NAMESPACE_H_
		20
		21	/*
		22	* If marked as 'used', then internal calls use the name with prefix "_lssl_"
		23	* and we alias that to the normal name.
		24	*/
		25
		26	#ifdef LIBRESSL_NAMESPACE
		27	#define LSSL_UNUSED(x) typeof(x) x __attribute__((deprecated))
		28	#define LSSL_USED(x) __attribute__((visibility("hidden"))) \
		29	typeof(x) x asm("_lssl_"#x)
		30	#define LSSL_ALIAS(x) asm(".global "#x"; "#x" = _lssl_"#x);
		31	#else
		32	#define LSSL_UNUSED(x)
		33	#define LSSL_USED(x)
		34	#define LSSL_ALIAS(x)
		35	#endif
		36
		37	#endif /* _LIBSSL_SSL_NAMESPACE_H_ */