From 39b7910b37571bf8421581b2f5c004a045fe3249 Mon Sep 17 00:00:00 2001
From: Ben Collins <bcollins@ubuntu.com>
Date: Thu, 2 Jan 2025 12:05:53 +0000
Subject: [PATCH] Hide symbols that aren't meant to be exported

Signed-off-by: Ben Collins <bcollins@ubuntu.com>
---
 libjwt/base64.h            |  4 ++--
 libjwt/gnutls/jwk-parse.c  |  4 ++++
 libjwt/jwt-private.h       |  1 +
 libjwt/mbedtls/jwk-parse.c |  4 ++++
 libjwt/openssl/jwk-parse.c | 13 +++++++++++--
 5 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/libjwt/base64.h b/libjwt/base64.h
index 9345e9ab..96dde12c 100644
--- a/libjwt/base64.h
+++ b/libjwt/base64.h
@@ -8,13 +8,13 @@
  * out is null-terminated encode string.
  * return values is out length, exclusive terminating `\0'
  */
-unsigned int
+JWT_NO_EXPORT unsigned int
 base64_encode(const unsigned char *in, unsigned int inlen, char *out);
 
 /*
  * return values is out length
  */
-unsigned int
+JWT_NO_EXPORT unsigned int
 base64_decode(const char *in, unsigned int inlen, unsigned char *out);
 
 #endif /* BASE64_H */
diff --git a/libjwt/gnutls/jwk-parse.c b/libjwt/gnutls/jwk-parse.c
index 3c584bc4..614383c3 100644
--- a/libjwt/gnutls/jwk-parse.c
+++ b/libjwt/gnutls/jwk-parse.c
@@ -21,24 +21,28 @@
 
 static const char not_implemented[] = "GnuTLS does not yet implement JWK";
 
+JWT_NO_EXPORT
 int gnutls_process_eddsa(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 int gnutls_process_rsa(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 int gnutls_process_ec(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 void gnutls_process_item_free(jwk_item_t *item)
 {
 	return;
diff --git a/libjwt/jwt-private.h b/libjwt/jwt-private.h
index deb6216d..b3c991e5 100644
--- a/libjwt/jwt-private.h
+++ b/libjwt/jwt-private.h
@@ -28,6 +28,7 @@
 #  endif
 #endif
 
+JWT_NO_EXPORT
 extern struct jwt_crypto_ops *jwt_ops;
 
 #define jwks_write_error(__obj, __fmt, __args...)		\
diff --git a/libjwt/mbedtls/jwk-parse.c b/libjwt/mbedtls/jwk-parse.c
index 2f8c42db..d66bc76c 100644
--- a/libjwt/mbedtls/jwk-parse.c
+++ b/libjwt/mbedtls/jwk-parse.c
@@ -14,24 +14,28 @@
 
 static const char not_implemented[] = "MBedTLS does not yet implement JWK";
 
+JWT_NO_EXPORT
 int mbedtls_process_eddsa(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 int mbedtls_process_rsa(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 int mbedtls_process_ec(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 void mbedtls_process_item_free(jwk_item_t *item)
 {
 	return;
diff --git a/libjwt/openssl/jwk-parse.c b/libjwt/openssl/jwk-parse.c
index 03a64395..46f00bd2 100644
--- a/libjwt/openssl/jwk-parse.c
+++ b/libjwt/openssl/jwk-parse.c
@@ -199,6 +199,7 @@ static int pctx_to_pem(EVP_PKEY_CTX *pctx, OSSL_PARAM *params,
 }
 
 /* For EdDSA keys (EDDSA) */
+JWT_NO_EXPORT
 int openssl_process_eddsa(json_t *jwk, jwk_item_t *item)
 {
 	unsigned char *pub_bin = NULL, *priv_bin = NULL;
@@ -214,13 +215,14 @@ int openssl_process_eddsa(json_t *jwk, jwk_item_t *item)
 	d = json_object_get(jwk, "d");
 
 	if (x == NULL && d == NULL) {
-		jwks_write_error(item, "Need an 'x' or 'd' component and found neither");
+		jwks_write_error(item,
+			"Need an 'x' or 'd' component and found neither");
 		goto cleanup_eddsa;
 	}
 
 	if (d != NULL)
 		item->is_private_key = priv = 1;
-	
+
 	pctx = EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
 	if (pctx == NULL) {
 		jwks_write_error(item, "Error creating pkey context");
@@ -273,6 +275,7 @@ int openssl_process_eddsa(json_t *jwk, jwk_item_t *item)
 
 /* For RSA keys (RS256, RS384, RS512). Also works for RSA-PSS
  * (PS256, PS384, PS512) */
+JWT_NO_EXPORT
 int openssl_process_rsa(json_t *jwk, jwk_item_t *item)
 {
 	OSSL_PARAM_BLD *build = NULL;
@@ -385,6 +388,7 @@ int openssl_process_rsa(json_t *jwk, jwk_item_t *item)
 }
 
 /* For EC Keys (ES256, ES384, ES512) */
+JWT_NO_EXPORT
 int openssl_process_ec(json_t *jwk, jwk_item_t *item)
 {
 	OSSL_PARAM *params = NULL;
@@ -468,6 +472,7 @@ int openssl_process_ec(json_t *jwk, jwk_item_t *item)
 	return ret;
 }
 
+JWT_NO_EXPORT
 void openssl_process_item_free(jwk_item_t *item)
 {
 	if (item == NULL || item->provider != JWT_CRYPTO_OPS_OPENSSL)
@@ -485,24 +490,28 @@ void openssl_process_item_free(jwk_item_t *item)
 
 static const char not_implemented[] = "OpenSSL Support for JWK requires 3.0 or higher";
 
+JWT_NO_EXPORT
 int openssl_process_eddsa(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 int openssl_process_rsa(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 int openssl_process_ec(json_t *jwk, jwk_item_t *item)
 {
 	jwks_write_error(item, not_implemented);
 	return -1;
 }
 
+JWT_NO_EXPORT
 void openssl_process_item_free(jwk_item_t *item)
 {
 	return;