• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7import os
8import sys
9from distutils import dist
10from distutils.ccompiler import get_default_compiler
11from distutils.command.config import config
12
13from _cffi_src.utils import (
14    build_ffi_for_binding,
15    compiler_type,
16    extra_link_args,
17)
18
19
20def _get_openssl_libraries(platform):
21    if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None):
22        return []
23    # OpenSSL goes by a different library name on different operating systems.
24    if platform == "win32" and compiler_type() == "msvc":
25        return [
26            "libssl",
27            "libcrypto",
28            "advapi32",
29            "crypt32",
30            "gdi32",
31            "user32",
32            "ws2_32",
33        ]
34    else:
35        # darwin, linux, mingw all use this path
36        # In some circumstances, the order in which these libs are
37        # specified on the linker command-line is significant;
38        # libssl must come before libcrypto
39        # (https://marc.info/?l=openssl-users&m=135361825921871)
40        # -lpthread required due to usage of pthread an potential
41        # existance of a static part containing e.g. pthread_atfork
42        # (https://github.com/pyca/cryptography/issues/5084)
43        if sys.platform == "zos":
44            return ["ssl", "crypto"]
45        else:
46            return ["ssl", "crypto", "pthread"]
47
48
49def _extra_compile_args(platform):
50    """
51    We set -Wconversion args here so that we only do Wconversion checks on the
52    code we're compiling and not on cffi itself (as passing -Wconversion in
53    CFLAGS would do). We set no error on sign conversion because some
54    function signatures in LibreSSL differ from OpenSSL have changed on long
55    vs. unsigned long in the past. Since that isn't a precision issue we don't
56    care.
57    """
58    # make sure the compiler used supports the flags to be added
59    is_gcc = False
60    if get_default_compiler() == "unix":
61        d = dist.Distribution()
62        cmd = config(d)
63        cmd._check_compiler()
64        is_gcc = (
65            "gcc" in cmd.compiler.compiler[0]
66            or "clang" in cmd.compiler.compiler[0]
67        )
68    if is_gcc or not (
69        platform in ["win32", "hp-ux11", "sunos5"]
70        or platform.startswith("aix")
71    ):
72        return ["-Wconversion", "-Wno-error=sign-conversion"]
73    else:
74        return []
75
76
77ffi = build_ffi_for_binding(
78    module_name="_openssl",
79    module_prefix="_cffi_src.openssl.",
80    modules=[
81        # This goes first so we can define some cryptography-wide symbols.
82        "cryptography",
83        "aes",
84        "asn1",
85        "bignum",
86        "bio",
87        "cmac",
88        "conf",
89        "crypto",
90        "ct",
91        "dh",
92        "dsa",
93        "ec",
94        "ecdh",
95        "ecdsa",
96        "engine",
97        "err",
98        "evp",
99        "fips",
100        "hmac",
101        "nid",
102        "objects",
103        "ocsp",
104        "opensslv",
105        "osrandom_engine",
106        "pem",
107        "pkcs12",
108        "rand",
109        "rsa",
110        "ssl",
111        "x509",
112        "x509name",
113        "x509v3",
114        "x509_vfy",
115        "pkcs7",
116        "callbacks",
117    ],
118    libraries=_get_openssl_libraries(sys.platform),
119    extra_compile_args=_extra_compile_args(sys.platform),
120    extra_link_args=extra_link_args(compiler_type()),
121)
122