Add visibility rules.

This change marks public symbols as dynamically exported. This means
that it becomes viable to build a shared library of libcrypto and libssl
with -fvisibility=hidden.

On Windows, one not only needs to mark functions for export in a
component, but also for import when using them from a different
component. Because of this we have to build with
|BORINGSSL_IMPLEMENTATION| defined when building the code. Other
components, when including our headers, won't have that defined and then
the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines
in base.h

In the asm code, symbols are now hidden by default and those that need
to be exported are wrapped by a C function.

In order to support Chromium, a couple of libssl functions were moved to
ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache.

Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261
Reviewed-on: https://boringssl-review.googlesource.com/1350
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 26 insertions, 20 deletions

diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h
index a2436f1b..ec4df0fa 100644
--- a/include/openssl/ecdsa.h
+++ b/include/openssl/ecdsa.h
@@ -73,19 +73,21 @@ extern "C" {
  * space. On successful exit, |*sig_len| is set to the actual number of bytes
  * written. The |type| argument should be zero. It returns one on success and
  * zero otherwise. */
-int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig,
-               unsigned int *sig_len, EC_KEY *key);
+OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
+                              size_t digest_len, uint8_t *sig,
+                              unsigned int *sig_len, EC_KEY *key);
 
 /* ECDSA_verify verifies that |sig_len| bytes from |sig| constitute a valid
  * signature by |key| of |digest|. (The |type| argument should be zero.) It
  * returns one on success or zero if the signature is invalid or an error
  * occured. */
-int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len,
-                 const uint8_t *sig, size_t sig_len, EC_KEY *key);
+OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest,
+                                size_t digest_len, const uint8_t *sig,
+                                size_t sig_len, EC_KEY *key);
 
 /* ECDSA_size returns the maximum size of an ECDSA signature using |key|. It
  * returns zero on error. */
-size_t ECDSA_size(const EC_KEY *key);
+OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key);
 
 
 /* Low-level signing and verification.
@@ -99,25 +101,25 @@ struct ecdsa_sig_st {
 };
 
 /* ECDSA_SIG_new returns a fresh |ECDSA_SIG| structure or NULL on error. */
-ECDSA_SIG *ECDSA_SIG_new(void);
+OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_new(void);
 
 /* ECDSA_SIG_free frees |sig| its member |BIGNUM|s. */
-void ECDSA_SIG_free(ECDSA_SIG *sig);
+OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig);
 
 /* ECDSA_sign signs |digest_len| bytes from |digest| with |key| and returns the
  * resulting signature structure, or NULL on error.
  *
  * TODO(fork): remove this function. */
-ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest, size_t digest_len,
-                         EC_KEY *key);
+OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest,
+                                        size_t digest_len, EC_KEY *key);
 
 /* ECDSA_verify verifies that |sig| constitutes a valid signature by |key| of
  * |digest|. It returns one on success or zero if the signature is invalid or
  * on error.
  *
  * TODO(fork): remove this function. */
-int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
-                    const ECDSA_SIG *sig, EC_KEY *key);
+OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
+                                   const ECDSA_SIG *sig, EC_KEY *key);
 
 
 /* Signing with precomputation.
@@ -130,19 +132,22 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
 /* ECDSA_sign_setup precomputes parts of an ECDSA signing operation. It sets
  * |*kinv| and |*rp| to the precomputed values and uses the |ctx| argument, if
  * not NULL. It returns one on success and zero otherwise. */
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+OPENSSL_EXPORT int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
+                                    BIGNUM **rp);
 
 /* ECDSA_do_sign_ex is the same as |ECDSA_do_sign| but takes precomputed values
  * as generated by |ECDSA_sign_setup|. */
-ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len,
-                            const BIGNUM *kinv, const BIGNUM *rp,
-                            EC_KEY *eckey);
+OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest,
+                                           size_t digest_len,
+                                           const BIGNUM *kinv, const BIGNUM *rp,
+                                           EC_KEY *eckey);
 
 /* ECDSA_sign_ex is the same as |ECDSA_sign| but takes precomputed values as
  * generated by |ECDSA_sign_setup|. */
-int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len,
-                  uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv,
-                  const BIGNUM *rp, EC_KEY *eckey);
+OPENSSL_EXPORT int ECDSA_sign_ex(int type, const uint8_t *digest,
+                                 size_t digest_len, uint8_t *sig,
+                                 unsigned int *sig_len, const BIGNUM *kinv,
+                                 const BIGNUM *rp, EC_KEY *eckey);
 
 
 /* ASN.1 functions. */
@@ -153,13 +158,14 @@ int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len,
  * directly into |*out|, otherwise a fresh |ECDSA_SIG| is allocated. On
  * successful exit, |*inp| is advanced past the DER structure. It returns the
  * result or NULL on error. */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len);
+OPENSSL_EXPORT ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp,
+                                        long len);
 
 /* i2d_ECDSA_SIG marshals a signature from |sig| to an ASN.1, DER
  * structure. If |outp| is not NULL then the result is written to |*outp| and
  * |*outp| is advanced just past the output. It returns the number of bytes in
  * the result, whether written or not, or a negative value on error. */
-int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp);
+OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp);
 
 
 #if defined(__cplusplus)