summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Guenther <guenther@cvs.openbsd.org>2016-11-04 18:23:33 +0000
committerPhilip Guenther <guenther@cvs.openbsd.org>2016-11-04 18:23:33 +0000
commitf3c6351e2cd3582fc103bcc916914979a8684df0 (patch)
tree8090600574c6902f5f6fd4df7eb285d068d75795
parent41cd744964d935feb4c08ba78e9b2e0b85dc7b76 (diff)
Add an explict list of exported symbols with just the functions declared
in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
-rw-r--r--lib/libtls/Makefile10
-rw-r--r--lib/libtls/Symbols.list71
-rw-r--r--lib/libtls/tls_internal.h6
3 files changed, 85 insertions, 2 deletions
diff --git a/lib/libtls/Makefile b/lib/libtls/Makefile
index f90c57d53fd..bc46332da36 100644
--- a/lib/libtls/Makefile
+++ b/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.26 2016/11/02 15:18:42 beck Exp $
+# $OpenBSD: Makefile,v 1.27 2016/11/04 18:23:32 guenther Exp $
CFLAGS+= -Wall -Werror -Wimplicit
CFLAGS+= -DLIBRESSL_INTERNAL
@@ -10,6 +10,9 @@ DPADD= ${LIBCRYPTO} ${LIBSSL}
LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
LDADD+= -L${BSDOBJDIR}/lib/libssl -lssl
+VERSION_SCRIPT= Symbols.map
+SYMBOL_LIST= ${.CURDIR}/Symbols.list
+
HDRS= tls.h
SRCS= tls.c \
@@ -34,4 +37,9 @@ includes:
eval "$$j"; \
done;
+${VERSION_SCRIPT}: ${SYMBOL_LIST}
+ { printf '{\n\tglobal:\n'; \
+ sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \
+ printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
+
.include <bsd.lib.mk>
diff --git a/lib/libtls/Symbols.list b/lib/libtls/Symbols.list
new file mode 100644
index 00000000000..9074d5e0110
--- /dev/null
+++ b/lib/libtls/Symbols.list
@@ -0,0 +1,71 @@
+tls_accept_cbs
+tls_accept_fds
+tls_accept_socket
+tls_client
+tls_close
+tls_config_add_keypair_file
+tls_config_add_keypair_mem
+tls_config_clear_keys
+tls_config_error
+tls_config_free
+tls_config_insecure_noverifycert
+tls_config_insecure_noverifyname
+tls_config_insecure_noverifytime
+tls_config_new
+tls_config_ocsp_require_stapling
+tls_config_parse_protocols
+tls_config_prefer_ciphers_client
+tls_config_prefer_ciphers_server
+tls_config_set_alpn
+tls_config_set_ca_file
+tls_config_set_ca_mem
+tls_config_set_ca_path
+tls_config_set_cert_file
+tls_config_set_cert_mem
+tls_config_set_ciphers
+tls_config_set_dheparams
+tls_config_set_ecdhecurve
+tls_config_set_key_file
+tls_config_set_key_mem
+tls_config_set_keypair_file
+tls_config_set_keypair_mem
+tls_config_set_protocols
+tls_config_set_verify_depth
+tls_config_verify
+tls_config_verify_client
+tls_config_verify_client_optional
+tls_configure
+tls_conn_alpn_selected
+tls_conn_cipher
+tls_conn_servername
+tls_conn_version
+tls_connect
+tls_connect_cbs
+tls_connect_fds
+tls_connect_servername
+tls_connect_socket
+tls_error
+tls_free
+tls_handshake
+tls_init
+tls_load_file
+tls_ocsp_process_response
+tls_peer_cert_contains_name
+tls_peer_cert_hash
+tls_peer_cert_issuer
+tls_peer_cert_notafter
+tls_peer_cert_notbefore
+tls_peer_cert_provided
+tls_peer_cert_subject
+tls_peer_ocsp_cert_status
+tls_peer_ocsp_crl_reason
+tls_peer_ocsp_next_update
+tls_peer_ocsp_response_status
+tls_peer_ocsp_result
+tls_peer_ocsp_revocation_time
+tls_peer_ocsp_this_update
+tls_peer_ocsp_url
+tls_read
+tls_reset
+tls_server
+tls_write
diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 7b07c96c86a..4fe4ee7811e 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.47 2016/11/04 18:07:24 beck Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */
/*
* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -24,6 +24,8 @@
#include <openssl/ssl.h>
+__BEGIN_HIDDEN_DECLS
+
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
@@ -209,4 +211,6 @@ int tls_ocsp_verify_cb(SSL *ssl, void *arg);
void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx);
struct tls_ocsp_ctx *tls_ocsp_setup_from_peer(struct tls *ctx);
+__END_HIDDEN_DECLS
+
#endif /* HEADER_TLS_INTERNAL_H */