From e8686503dae1f619d00440b2df8c7bdef857a901 Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Fri, 4 Nov 2016 18:23:32 +0000
Subject: Add an explict list of exported symbols with just the functions
declared in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to
optimize internal functions
ok jsing@
---
src/lib/libtls/Makefile | 10 +++++-
src/lib/libtls/Symbols.list | 71 +++++++++++++++++++++++++++++++++++++++++++
src/lib/libtls/tls_internal.h | 6 +++-
3 files changed, 85 insertions(+), 2 deletions(-)
create mode 100644 src/lib/libtls/Symbols.list
(limited to 'src/lib')
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index f90c57d53f..bc46332da3 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.26 2016/11/02 15:18:42 beck Exp $
+# $OpenBSD: Makefile,v 1.27 2016/11/04 18:23:32 guenther Exp $
CFLAGS+= -Wall -Werror -Wimplicit
CFLAGS+= -DLIBRESSL_INTERNAL
@@ -10,6 +10,9 @@ DPADD= ${LIBCRYPTO} ${LIBSSL}
LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
LDADD+= -L${BSDOBJDIR}/lib/libssl -lssl
+VERSION_SCRIPT= Symbols.map
+SYMBOL_LIST= ${.CURDIR}/Symbols.list
+
HDRS= tls.h
SRCS= tls.c \
@@ -34,4 +37,9 @@ includes:
eval "$$j"; \
done;
+${VERSION_SCRIPT}: ${SYMBOL_LIST}
+ { printf '{\n\tglobal:\n'; \
+ sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \
+ printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
+
.include <bsd.lib.mk>
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
new file mode 100644
index 0000000000..9074d5e011
--- /dev/null
+++ b/src/lib/libtls/Symbols.list
@@ -0,0 +1,71 @@
+tls_accept_cbs
+tls_accept_fds
+tls_accept_socket
+tls_client
+tls_close
+tls_config_add_keypair_file
+tls_config_add_keypair_mem
+tls_config_clear_keys
+tls_config_error
+tls_config_free
+tls_config_insecure_noverifycert
+tls_config_insecure_noverifyname
+tls_config_insecure_noverifytime
+tls_config_new
+tls_config_ocsp_require_stapling
+tls_config_parse_protocols
+tls_config_prefer_ciphers_client
+tls_config_prefer_ciphers_server
+tls_config_set_alpn
+tls_config_set_ca_file
+tls_config_set_ca_mem
+tls_config_set_ca_path
+tls_config_set_cert_file
+tls_config_set_cert_mem
+tls_config_set_ciphers
+tls_config_set_dheparams
+tls_config_set_ecdhecurve
+tls_config_set_key_file
+tls_config_set_key_mem
+tls_config_set_keypair_file
+tls_config_set_keypair_mem
+tls_config_set_protocols
+tls_config_set_verify_depth
+tls_config_verify
+tls_config_verify_client
+tls_config_verify_client_optional
+tls_configure
+tls_conn_alpn_selected
+tls_conn_cipher
+tls_conn_servername
+tls_conn_version
+tls_connect
+tls_connect_cbs
+tls_connect_fds
+tls_connect_servername
+tls_connect_socket
+tls_error
+tls_free
+tls_handshake
+tls_init
+tls_load_file
+tls_ocsp_process_response
+tls_peer_cert_contains_name
+tls_peer_cert_hash
+tls_peer_cert_issuer
+tls_peer_cert_notafter
+tls_peer_cert_notbefore
+tls_peer_cert_provided
+tls_peer_cert_subject
+tls_peer_ocsp_cert_status
+tls_peer_ocsp_crl_reason
+tls_peer_ocsp_next_update
+tls_peer_ocsp_response_status
+tls_peer_ocsp_result
+tls_peer_ocsp_revocation_time
+tls_peer_ocsp_this_update
+tls_peer_ocsp_url
+tls_read
+tls_reset
+tls_server
+tls_write
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 7b07c96c86..4fe4ee7811 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.47 2016/11/04 18:07:24 beck Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */
/*
* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -24,6 +24,8 @@
#include <openssl/ssl.h>
+__BEGIN_HIDDEN_DECLS
+
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
@@ -209,4 +211,6 @@ int tls_ocsp_verify_cb(SSL *ssl, void *arg);
void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx);
struct tls_ocsp_ctx *tls_ocsp_setup_from_peer(struct tls *ctx);
+__END_HIDDEN_DECLS
+
#endif /* HEADER_TLS_INTERNAL_H */
--
cgit v1.2.3-55-g6feb