1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
import os
import sys
from distutils import dist
from distutils.ccompiler import get_default_compiler
from distutils.command.config import config
from _cffi_src.utils import (
build_ffi_for_binding,
compiler_type,
extra_link_args,
)
def _get_openssl_libraries(platform):
if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None):
return []
# OpenSSL goes by a different library name on different operating systems.
if platform == "win32" and compiler_type() == "msvc":
windows_link_legacy_openssl = os.environ.get(
"CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL", None
)
if windows_link_legacy_openssl is None:
# Link against the 1.1.0 names
# CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
libs = ["libssl", "libcrypto"]
else:
# Link against the 1.0.2 and lower names
libs = ["libeay32", "ssleay32"]
return libs + ["advapi32", "crypt32", "gdi32", "user32", "ws2_32"]
else:
# darwin, linux, mingw all use this path
# In some circumstances, the order in which these libs are
# specified on the linker command-line is significant;
# libssl must come before libcrypto
# (https://marc.info/?l=openssl-users&m=135361825921871)
# -lpthread required due to usage of pthread an potential
# existance of a static part containing e.g. pthread_atfork
# (https://github.com/pyca/cryptography/issues/5084)
if sys.platform == "zos":
return ["ssl", "crypto"]
else:
return ["ssl", "crypto", "pthread"]
def _extra_compile_args(platform):
"""
We set -Wconversion args here so that we only do Wconversion checks on the
code we're compiling and not on cffi itself (as passing -Wconversion in
CFLAGS would do). We set no error on sign conversion because some
function signatures in OpenSSL have changed from long -> unsigned long
in the past. Since that isn't a precision issue we don't care.
When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
revisit this.
"""
# make sure the compiler used supports the flags to be added
is_gcc = False
if get_default_compiler() == "unix":
d = dist.Distribution()
cmd = config(d)
cmd._check_compiler()
is_gcc = (
"gcc" in cmd.compiler.compiler[0]
or "clang" in cmd.compiler.compiler[0]
)
if is_gcc or not (
platform in ["win32", "hp-ux11", "sunos5"]
or platform.startswith("aix")
):
return ["-Wconversion", "-Wno-error=sign-conversion"]
else:
return []
ffi = build_ffi_for_binding(
module_name="_openssl",
module_prefix="_cffi_src.openssl.",
modules=[
# This goes first so we can define some cryptography-wide symbols.
"cryptography",
"aes",
"asn1",
"bignum",
"bio",
"cmac",
"conf",
"crypto",
"ct",
"dh",
"dsa",
"ec",
"ecdh",
"ecdsa",
"engine",
"err",
"evp",
"fips",
"hmac",
"nid",
"objects",
"ocsp",
"opensslv",
"osrandom_engine",
"pem",
"pkcs12",
"rand",
"rsa",
"ssl",
"x509",
"x509name",
"x509v3",
"x509_vfy",
"pkcs7",
"callbacks",
],
libraries=_get_openssl_libraries(sys.platform),
# These args are passed here so that we only do Wconversion checks on the
# code we're compiling and not on cffi itself (as passing -Wconversion in
# CFLAGS would do). We set no error on sign convesrion because some
# function signatures in OpenSSL have changed from long -> unsigned long
# in the past. Since that isn't a precision issue we don't care.
# When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
# revisit this.
extra_compile_args=_extra_compile_args(sys.platform),
extra_link_args=extra_link_args(compiler_type()),
)
|
