1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
import os
import sys
from _cffi_src.utils import (
build_ffi_for_binding, compiler_type, extra_link_args
)
def _get_openssl_libraries(platform):
if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None):
return []
# OpenSSL goes by a different library name on different operating systems.
if platform == "win32" and compiler_type() == "msvc":
windows_link_legacy_openssl = os.environ.get(
"CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL", None
)
if windows_link_legacy_openssl is None:
# Link against the 1.1.0 names
libs = ["libssl", "libcrypto"]
else:
# Link against the 1.0.2 and lower names
libs = ["libeay32", "ssleay32"]
return libs + ["advapi32", "crypt32", "gdi32", "user32", "ws2_32"]
else:
# darwin, linux, mingw all use this path
# In some circumstances, the order in which these libs are
# specified on the linker command-line is significant;
# libssl must come before libcrypto
# (https://marc.info/?l=openssl-users&m=135361825921871)
return ["ssl", "crypto"]
def _extra_compile_args(platform):
"""
We set -Wconversion args here so that we only do Wconversion checks on the
code we're compiling and not on cffi itself (as passing -Wconversion in
CFLAGS would do). We set no error on sign conversion because some
function signatures in OpenSSL have changed from long -> unsigned long
in the past. Since that isn't a precision issue we don't care.
When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
revisit this.
"""
if platform not in ["win32", "hp-ux11", "sunos5"]:
return ["-Wconversion", "-Wno-error=sign-conversion"]
else:
return []
ffi = build_ffi_for_binding(
module_name="_openssl",
module_prefix="_cffi_src.openssl.",
modules=[
# This goes first so we can define some cryptography-wide symbols.
"cryptography",
# Provider comes early as well so we define OSSL_LIB_CTX
"provider",
"asn1",
"bignum",
"bio",
"cmac",
"crypto",
"ct",
"dh",
"dsa",
"ec",
"ecdh",
"ecdsa",
"engine",
"err",
"evp",
"fips",
"hmac",
"nid",
"objects",
"ocsp",
"opensslv",
"pem",
"pkcs12",
"rand",
"rsa",
"ssl",
"x509",
"x509name",
"x509v3",
"x509_vfy",
"pkcs7",
"callbacks",
],
libraries=_get_openssl_libraries(sys.platform),
# These args are passed here so that we only do Wconversion checks on the
# code we're compiling and not on cffi itself (as passing -Wconversion in
# CFLAGS would do). We set no error on sign convesrion because some
# function signatures in OpenSSL have changed from long -> unsigned long
# in the past. Since that isn't a precision issue we don't care.
# When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
# revisit this.
extra_compile_args=_extra_compile_args(sys.platform),
extra_link_args=extra_link_args(compiler_type()),
)
|
