Merge pull request #1441 from alex/refactor-cffi-compilation

Refactor our creation of CFFI FFI and libraries slightly.

6 files changed, 43 insertions, 41 deletions

diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py
index e23a2fd9..0e6dffc0 100644
--- a/cryptography/hazmat/bindings/commoncrypto/binding.py
+++ b/cryptography/hazmat/bindings/commoncrypto/binding.py
@@ -13,7 +13,7 @@
 
 from __future__ import absolute_import, division, print_function
 
-from cryptography.hazmat.bindings.utils import build_ffi
+from cryptography.hazmat.bindings.utils import build_ffi_for_binding
 
 
 class Binding(object):
@@ -45,7 +45,7 @@ class Binding(object):
         if cls.ffi is not None and cls.lib is not None:
             return
 
-        cls.ffi, cls.lib = build_ffi(
+        cls.ffi, cls.lib = build_ffi_for_binding(
             module_prefix=cls._module_prefix,
             modules=cls._modules,
             extra_link_args=[
diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py
index 37891f6b..314c5147 100644
--- a/cryptography/hazmat/bindings/openssl/binding.py
+++ b/cryptography/hazmat/bindings/openssl/binding.py
@@ -17,7 +17,7 @@ import os
 import sys
 import threading
 
-from cryptography.hazmat.bindings.utils import build_ffi
+from cryptography.hazmat.bindings.utils import build_ffi_for_binding
 
 
 _OSX_PRE_INCLUDE = """
@@ -105,7 +105,7 @@ class Binding(object):
             link_type = os.environ.get("PYCA_WINDOWS_LINK_TYPE", "static")
             libraries = _get_windows_libraries(link_type)
 
-        cls.ffi, cls.lib = build_ffi(
+        cls.ffi, cls.lib = build_ffi_for_binding(
             module_prefix=cls._module_prefix,
             modules=cls._modules,
             pre_include=_OSX_PRE_INCLUDE,
diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py
index 1c48116e..63334ff1 100644
--- a/cryptography/hazmat/bindings/utils.py
+++ b/cryptography/hazmat/bindings/utils.py
@@ -17,11 +17,13 @@ import binascii
 
 import sys
 
-import cffi
+from cffi import FFI
+from cffi.verifier import Verifier
 
 
-def build_ffi(module_prefix, modules, pre_include="", post_include="",
-              libraries=[], extra_compile_args=[], extra_link_args=[]):
+def build_ffi_for_binding(module_prefix, modules, pre_include="",
+                          post_include="", libraries=[], extra_compile_args=[],
+                          extra_link_args=[]):
     """
     Modules listed in ``modules`` should have the following attributes:
 
@@ -36,7 +38,6 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="",
         library to a list of names which will not be present without the
         condition.
     """
-    ffi = cffi.FFI()
     types = []
     includes = []
     functions = []
@@ -53,9 +54,6 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="",
         includes.append(module.INCLUDES)
         customizations.append(module.CUSTOMIZATIONS)
 
-    cdef_sources = types + functions + macros
-    ffi.cdef("\n".join(cdef_sources))
-
     # We include functions here so that if we got any of their definitions
     # wrong, the underlying C compiler will explode. In C you are allowed
     # to re-declare a function if it has the same signature. That is:
@@ -64,18 +62,17 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="",
     # is legal, but the following will fail to compile:
     #   int foo(int);
     #   int foo(short);
-    source = "\n".join(
+    verify_source = "\n".join(
         [pre_include] +
         includes +
         [post_include] +
         functions +
         customizations
     )
-    lib = ffi.verify(
-        source=source,
-        modulename=_create_modulename(cdef_sources, source, sys.version),
+    ffi, lib = build_ffi(
+        cdef_source="\n".join(types + functions + macros),
+        verify_source=verify_source,
         libraries=libraries,
-        ext_package="cryptography",
         extra_compile_args=extra_compile_args,
         extra_link_args=extra_link_args,
     )
@@ -91,6 +88,24 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="",
     return ffi, lib
 
 
+def build_ffi(cdef_source, verify_source, libraries=[], extra_compile_args=[],
+              extra_link_args=[]):
+    ffi = FFI()
+    ffi.cdef(cdef_source)
+
+    ffi.verifier = Verifier(
+        ffi,
+        verify_source,
+        tmpdir='',
+        modulename=_create_modulename(cdef_source, verify_source, sys.version),
+        libraries=libraries,
+        ext_package="cryptography",
+        extra_compile_args=extra_compile_args,
+        extra_link_args=extra_link_args,
+    )
+    return ffi, ffi.verifier.load_library()
+
+
 def _create_modulename(cdef_sources, source, sys_version):
     """
     cffi creates a modulename internally that incorporates the cffi version.
@@ -99,7 +114,7 @@ def _create_modulename(cdef_sources, source, sys_version):
     resolve this we build our own modulename that uses most of the same code
     from cffi but elides the version key.
     """
-    key = '\x00'.join([sys_version[:3], source] + cdef_sources)
+    key = '\x00'.join([sys_version[:3], source, cdef_sources])
     key = key.encode('utf-8')
     k1 = hex(binascii.crc32(key[0::2]) & 0xffffffff)
     k1 = k1.lstrip('0x').rstrip('L')
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py
index d75528a8..b98eb108 100644
--- a/cryptography/hazmat/primitives/constant_time.py
+++ b/cryptography/hazmat/primitives/constant_time.py
@@ -15,11 +15,8 @@ from __future__ import absolute_import, division, print_function
 
 import hmac
 import os
-import sys
 
-import cffi
-
-from cryptography.hazmat.bindings.utils import _create_modulename
+from cryptography.hazmat.bindings.utils import build_ffi
 
 
 with open(os.path.join(os.path.dirname(__file__), "src/constant_time.h")) as f:
@@ -29,12 +26,9 @@ with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f:
     FUNCTIONS = f.read()
 
 
-_ffi = cffi.FFI()
-_ffi.cdef(TYPES)
-_lib = _ffi.verify(
-    source=FUNCTIONS,
-    modulename=_create_modulename([TYPES], FUNCTIONS, sys.version),
-    ext_package="cryptography",
+_ffi, _lib = build_ffi(
+    cdef_source=TYPES,
+    verify_source=FUNCTIONS,
 )
 
 if hasattr(hmac, "compare_digest"):
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index 74f1ef2e..d799a7e1 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -13,15 +13,11 @@
 
 from __future__ import absolute_import, division, print_function
 
-import sys
-
-import cffi
-
 import six
 
 from cryptography import utils
 from cryptography.exceptions import AlreadyFinalized
-from cryptography.hazmat.bindings.utils import _create_modulename
+from cryptography.hazmat.bindings.utils import build_ffi
 from cryptography.hazmat.primitives import interfaces
 
 
@@ -67,12 +63,9 @@ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data,
 }
 """
 
-_ffi = cffi.FFI()
-_ffi.cdef(TYPES)
-_lib = _ffi.verify(
-    source=FUNCTIONS,
-    modulename=_create_modulename([TYPES], FUNCTIONS, sys.version),
-    ext_package="cryptography",
+_ffi, _lib = build_ffi(
+    cdef_source=TYPES,
+    verify_source=FUNCTIONS,
 )
 
 
diff --git a/tests/hazmat/bindings/test_utils.py b/tests/hazmat/bindings/test_utils.py
index 0d5b34de..3596cd1d 100644
--- a/tests/hazmat/bindings/test_utils.py
+++ b/tests/hazmat/bindings/test_utils.py
@@ -17,9 +17,9 @@ from cryptography.hazmat.bindings import utils
 
 
 def test_create_modulename():
-    cdef_sources = ["cdef sources go here"]
+    cdef_source = "cdef sources go here"
     source = "source code"
-    name = utils._create_modulename(cdef_sources, source, "2.7")
+    name = utils._create_modulename(cdef_source, source, "2.7")
     assert name == "_Cryptography_cffi_bcba7f4bx4a14b588"
-    name = utils._create_modulename(cdef_sources, source, "3.2")
+    name = utils._create_modulename(cdef_source, source, "3.2")
     assert name == "_Cryptography_cffi_a7462526x4a14b588"