1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7import os
8import sys
9
10from _cffi_src.utils import (
11    build_ffi_for_binding, compiler_type, extra_link_args
12)
13
14
15def _get_openssl_libraries(platform):
16    if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None):
17        return []
18    # OpenSSL goes by a different library name on different operating systems.
19    if platform == "win32" and compiler_type() == "msvc":
20        windows_link_legacy_openssl = os.environ.get(
21            "CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL", None
22        )
23        if windows_link_legacy_openssl is None:
24            # Link against the 1.1.0 names
25            libs = ["libssl", "libcrypto"]
26        else:
27            # Link against the 1.0.2 and lower names
28            libs = ["libeay32", "ssleay32"]
29        return libs + ["advapi32", "crypt32", "gdi32", "user32", "ws2_32"]
30    else:
31        # darwin, linux, mingw all use this path
32        # In some circumstances, the order in which these libs are
33        # specified on the linker command-line is significant;
34        # libssl must come before libcrypto
35        # (https://marc.info/?l=openssl-users&m=135361825921871)
36        return ["ssl", "crypto"]
37
38
39def _extra_compile_args(platform):
40    """
41    We set -Wconversion args here so that we only do Wconversion checks on the
42    code we're compiling and not on cffi itself (as passing -Wconversion in
43    CFLAGS would do). We set no error on sign conversion because some
44    function signatures in OpenSSL have changed from long -> unsigned long
45    in the past. Since that isn't a precision issue we don't care.
46    When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
47    revisit this.
48    """
49    if platform not in ["win32", "hp-ux11", "sunos5"]:
50        return ["-Wconversion", "-Wno-error=sign-conversion"]
51    else:
52        return []
53
54
55ffi = build_ffi_for_binding(
56    module_name="_openssl",
57    module_prefix="_cffi_src.openssl.",
58    modules=[
59        # This goes first so we can define some cryptography-wide symbols.
60        "cryptography",
61
62        "aes",
63        "asn1",
64        "bignum",
65        "bio",
66        "cmac",
67        "conf",
68        "crypto",
69        "ct",
70        "dh",
71        "dsa",
72        "ec",
73        "ecdh",
74        "ecdsa",
75        "engine",
76        "err",
77        "evp",
78        "fips",
79        "hmac",
80        "nid",
81        "objects",
82        "ocsp",
83        "opensslv",
84        "osrandom_engine",
85        "pem",
86        "pkcs12",
87        "rand",
88        "rsa",
89        "ssl",
90        "x509",
91        "x509name",
92        "x509v3",
93        "x509_vfy",
94        "pkcs7",
95        "callbacks",
96    ],
97    libraries=_get_openssl_libraries(sys.platform),
98    # These args are passed here so that we only do Wconversion checks on the
99    # code we're compiling and not on cffi itself (as passing -Wconversion in
100    # CFLAGS would do). We set no error on sign convesrion because some
101    # function signatures in OpenSSL have changed from long -> unsigned long
102    # in the past. Since that isn't a precision issue we don't care.
103    # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
104    # revisit this.
105    extra_compile_args=_extra_compile_args(sys.platform),
106    extra_link_args=extra_link_args(compiler_type()),
107)
108