diff options
author | Philip Guenther <guenther@cvs.openbsd.org> | 2016-11-04 18:23:33 +0000 |
---|---|---|
committer | Philip Guenther <guenther@cvs.openbsd.org> | 2016-11-04 18:23:33 +0000 |
commit | f3c6351e2cd3582fc103bcc916914979a8684df0 (patch) | |
tree | 8090600574c6902f5f6fd4df7eb285d068d75795 | |
parent | 41cd744964d935feb4c08ba78e9b2e0b85dc7b76 (diff) |
Add an explict list of exported symbols with just the functions declared
in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to
optimize internal functions
ok jsing@
-rw-r--r-- | lib/libtls/Makefile | 10 | ||||
-rw-r--r-- | lib/libtls/Symbols.list | 71 | ||||
-rw-r--r-- | lib/libtls/tls_internal.h | 6 |
3 files changed, 85 insertions, 2 deletions
diff --git a/lib/libtls/Makefile b/lib/libtls/Makefile index f90c57d53fd..bc46332da36 100644 --- a/lib/libtls/Makefile +++ b/lib/libtls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.26 2016/11/02 15:18:42 beck Exp $ +# $OpenBSD: Makefile,v 1.27 2016/11/04 18:23:32 guenther Exp $ CFLAGS+= -Wall -Werror -Wimplicit CFLAGS+= -DLIBRESSL_INTERNAL @@ -10,6 +10,9 @@ DPADD= ${LIBCRYPTO} ${LIBSSL} LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto LDADD+= -L${BSDOBJDIR}/lib/libssl -lssl +VERSION_SCRIPT= Symbols.map +SYMBOL_LIST= ${.CURDIR}/Symbols.list + HDRS= tls.h SRCS= tls.c \ @@ -34,4 +37,9 @@ includes: eval "$$j"; \ done; +${VERSION_SCRIPT}: ${SYMBOL_LIST} + { printf '{\n\tglobal:\n'; \ + sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \ + printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@ + .include <bsd.lib.mk> diff --git a/lib/libtls/Symbols.list b/lib/libtls/Symbols.list new file mode 100644 index 00000000000..9074d5e0110 --- /dev/null +++ b/lib/libtls/Symbols.list @@ -0,0 +1,71 @@ +tls_accept_cbs +tls_accept_fds +tls_accept_socket +tls_client +tls_close +tls_config_add_keypair_file +tls_config_add_keypair_mem +tls_config_clear_keys +tls_config_error +tls_config_free +tls_config_insecure_noverifycert +tls_config_insecure_noverifyname +tls_config_insecure_noverifytime +tls_config_new +tls_config_ocsp_require_stapling +tls_config_parse_protocols +tls_config_prefer_ciphers_client +tls_config_prefer_ciphers_server +tls_config_set_alpn +tls_config_set_ca_file +tls_config_set_ca_mem +tls_config_set_ca_path +tls_config_set_cert_file +tls_config_set_cert_mem +tls_config_set_ciphers +tls_config_set_dheparams +tls_config_set_ecdhecurve +tls_config_set_key_file +tls_config_set_key_mem +tls_config_set_keypair_file +tls_config_set_keypair_mem +tls_config_set_protocols +tls_config_set_verify_depth +tls_config_verify +tls_config_verify_client +tls_config_verify_client_optional +tls_configure +tls_conn_alpn_selected +tls_conn_cipher +tls_conn_servername +tls_conn_version +tls_connect +tls_connect_cbs +tls_connect_fds +tls_connect_servername +tls_connect_socket +tls_error +tls_free +tls_handshake +tls_init +tls_load_file +tls_ocsp_process_response +tls_peer_cert_contains_name +tls_peer_cert_hash +tls_peer_cert_issuer +tls_peer_cert_notafter +tls_peer_cert_notbefore +tls_peer_cert_provided +tls_peer_cert_subject +tls_peer_ocsp_cert_status +tls_peer_ocsp_crl_reason +tls_peer_ocsp_next_update +tls_peer_ocsp_response_status +tls_peer_ocsp_result +tls_peer_ocsp_revocation_time +tls_peer_ocsp_this_update +tls_peer_ocsp_url +tls_read +tls_reset +tls_server +tls_write diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index 7b07c96c86a..4fe4ee7811e 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.47 2016/11/04 18:07:24 beck Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> @@ -24,6 +24,8 @@ #include <openssl/ssl.h> +__BEGIN_HIDDEN_DECLS + #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem" #define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE" @@ -209,4 +211,6 @@ int tls_ocsp_verify_cb(SSL *ssl, void *arg); void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx); struct tls_ocsp_ctx *tls_ocsp_setup_from_peer(struct tls *ctx); +__END_HIDDEN_DECLS + #endif /* HEADER_TLS_INTERNAL_H */ |