Controlling visibility of ASM functions

[vszakats]

I'd like to limit visibility of non-exported LibreSSL functions. For C functions this is doable with -fvisibility=hidden. For ASM functions however, llvm/gcc don't offer a built-in command-line option.

For macOS, it can be worked around with CPPFLAGS=-Dglobl=private_extern. Converting each of these lines:

.globl <func>

to

.private_extern <func>

Effect: https://github.com/curl/curl-for-win/actions/runs/7159163777/job/19492134204#step:3:9430

This is a case when LibreSSL is statically linked to a libcurl shared lib intending to expose only the libcurl interface. The same should apply when building libcrypto shared lib and wanting to hide these internal symbols.

For Linux / ELF, this workaround doesn't work because Linux needs a extra line to add the 'hidden' attribute to the declaration:

.hidden <func>
.globl <func>

Effect when tested with AES_cbc_encrypt: https://github.com/curl/curl-for-win/actions/runs/7159857921/job/19493575609#step:3:11893

Without this, ASM symbols are visible from a shared lib: https://github.com/curl/curl-for-win/actions/runs/7159163777/job/19492133628#step:3:11730

Some projects solve this by using this for each declaration:

LIBRESSL_ASM_FUNC_VISIBILITY(<func>)
.globl <func>

then do this in its headers:

#ifdef __ELF__
#define LIBRESSL_ASM_FUNC_VISIBILITY(func) .hidden func
#elif defined(__APPLE__)
#define LIBRESSL_ASM_FUNC_VISIBILITY(func) .private_extern func
#else
#define LIBRESSL_ASM_FUNC_VISIBILITY(func)
#endif

Could this (or something to this effect) be implemented in LibreSSL?