From 63195b4a2e472949385d7b752d32604166d04ef1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 24 Oct 2014 13:43:38 -0700 Subject: Refactor our creation of CFFI FFI and libraries slightly. Centralize everything for ease of use. --- .../hazmat/bindings/commoncrypto/binding.py | 4 +-- cryptography/hazmat/bindings/openssl/binding.py | 4 +-- cryptography/hazmat/bindings/utils.py | 35 ++++++++++++++-------- cryptography/hazmat/primitives/constant_time.py | 14 +++------ cryptography/hazmat/primitives/padding.py | 15 +++------- 5 files changed, 35 insertions(+), 37 deletions(-) diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py index e23a2fd9..0e6dffc0 100644 --- a/cryptography/hazmat/bindings/commoncrypto/binding.py +++ b/cryptography/hazmat/bindings/commoncrypto/binding.py @@ -13,7 +13,7 @@ from __future__ import absolute_import, division, print_function -from cryptography.hazmat.bindings.utils import build_ffi +from cryptography.hazmat.bindings.utils import build_ffi_for_binding class Binding(object): @@ -45,7 +45,7 @@ class Binding(object): if cls.ffi is not None and cls.lib is not None: return - cls.ffi, cls.lib = build_ffi( + cls.ffi, cls.lib = build_ffi_for_binding( module_prefix=cls._module_prefix, modules=cls._modules, extra_link_args=[ diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py index 37891f6b..314c5147 100644 --- a/cryptography/hazmat/bindings/openssl/binding.py +++ b/cryptography/hazmat/bindings/openssl/binding.py @@ -17,7 +17,7 @@ import os import sys import threading -from cryptography.hazmat.bindings.utils import build_ffi +from cryptography.hazmat.bindings.utils import build_ffi_for_binding _OSX_PRE_INCLUDE = """ @@ -105,7 +105,7 @@ class Binding(object): link_type = os.environ.get("PYCA_WINDOWS_LINK_TYPE", "static") libraries = _get_windows_libraries(link_type) - cls.ffi, cls.lib = build_ffi( + cls.ffi, cls.lib = build_ffi_for_binding( module_prefix=cls._module_prefix, modules=cls._modules, pre_include=_OSX_PRE_INCLUDE, diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py index 1c48116e..7d8fc66d 100644 --- a/cryptography/hazmat/bindings/utils.py +++ b/cryptography/hazmat/bindings/utils.py @@ -20,8 +20,9 @@ import sys import cffi -def build_ffi(module_prefix, modules, pre_include="", post_include="", - libraries=[], extra_compile_args=[], extra_link_args=[]): +def build_ffi_for_binding(module_prefix, modules, pre_include="", + post_include="", libraries=[], extra_compile_args=[], + extra_link_args=[]): """ Modules listed in ``modules`` should have the following attributes: @@ -36,7 +37,6 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="", library to a list of names which will not be present without the condition. """ - ffi = cffi.FFI() types = [] includes = [] functions = [] @@ -53,9 +53,6 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="", includes.append(module.INCLUDES) customizations.append(module.CUSTOMIZATIONS) - cdef_sources = types + functions + macros - ffi.cdef("\n".join(cdef_sources)) - # We include functions here so that if we got any of their definitions # wrong, the underlying C compiler will explode. In C you are allowed # to re-declare a function if it has the same signature. That is: @@ -64,18 +61,17 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="", # is legal, but the following will fail to compile: # int foo(int); # int foo(short); - source = "\n".join( + verify_source = "\n".join( [pre_include] + includes + [post_include] + functions + customizations ) - lib = ffi.verify( - source=source, - modulename=_create_modulename(cdef_sources, source, sys.version), + ffi, lib = build_ffi( + cdef_source="\n".join(types + functions + macros), + verify_source=verify_source, libraries=libraries, - ext_package="cryptography", extra_compile_args=extra_compile_args, extra_link_args=extra_link_args, ) @@ -91,6 +87,21 @@ def build_ffi(module_prefix, modules, pre_include="", post_include="", return ffi, lib +def build_ffi(cdef_source, verify_source, libraries=[], extra_compile_args=[], + extra_link_args=[]): + ffi = cffi.FFI() + ffi.cdef(cdef_source) + lib = ffi.verify( + source=verify_source, + modulename=_create_modulename(cdef_source, verify_source, sys.version), + libraries=libraries, + ext_package="cryptography", + extra_compile_args=extra_compile_args, + extra_link_args=extra_link_args, + ) + return ffi, lib + + def _create_modulename(cdef_sources, source, sys_version): """ cffi creates a modulename internally that incorporates the cffi version. @@ -99,7 +110,7 @@ def _create_modulename(cdef_sources, source, sys_version): resolve this we build our own modulename that uses most of the same code from cffi but elides the version key. """ - key = '\x00'.join([sys_version[:3], source] + cdef_sources) + key = '\x00'.join([sys_version[:3], source, cdef_sources]) key = key.encode('utf-8') k1 = hex(binascii.crc32(key[0::2]) & 0xffffffff) k1 = k1.lstrip('0x').rstrip('L') diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index d75528a8..b98eb108 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -15,11 +15,8 @@ from __future__ import absolute_import, division, print_function import hmac import os -import sys -import cffi - -from cryptography.hazmat.bindings.utils import _create_modulename +from cryptography.hazmat.bindings.utils import build_ffi with open(os.path.join(os.path.dirname(__file__), "src/constant_time.h")) as f: @@ -29,12 +26,9 @@ with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f: FUNCTIONS = f.read() -_ffi = cffi.FFI() -_ffi.cdef(TYPES) -_lib = _ffi.verify( - source=FUNCTIONS, - modulename=_create_modulename([TYPES], FUNCTIONS, sys.version), - ext_package="cryptography", +_ffi, _lib = build_ffi( + cdef_source=TYPES, + verify_source=FUNCTIONS, ) if hasattr(hmac, "compare_digest"): diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index 74f1ef2e..d799a7e1 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -13,15 +13,11 @@ from __future__ import absolute_import, division, print_function -import sys - -import cffi - import six from cryptography import utils from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.bindings.utils import _create_modulename +from cryptography.hazmat.bindings.utils import build_ffi from cryptography.hazmat.primitives import interfaces @@ -67,12 +63,9 @@ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, } """ -_ffi = cffi.FFI() -_ffi.cdef(TYPES) -_lib = _ffi.verify( - source=FUNCTIONS, - modulename=_create_modulename([TYPES], FUNCTIONS, sys.version), - ext_package="cryptography", +_ffi, _lib = build_ffi( + cdef_source=TYPES, + verify_source=FUNCTIONS, ) -- cgit v1.2.3 From f0dde60a20bbbf750f6833c624c0c5bf20c7ac9c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 24 Oct 2014 14:05:10 -0700 Subject: Update test for new API --- tests/hazmat/bindings/test_utils.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/hazmat/bindings/test_utils.py b/tests/hazmat/bindings/test_utils.py index 0d5b34de..3596cd1d 100644 --- a/tests/hazmat/bindings/test_utils.py +++ b/tests/hazmat/bindings/test_utils.py @@ -17,9 +17,9 @@ from cryptography.hazmat.bindings import utils def test_create_modulename(): - cdef_sources = ["cdef sources go here"] + cdef_source = "cdef sources go here" source = "source code" - name = utils._create_modulename(cdef_sources, source, "2.7") + name = utils._create_modulename(cdef_source, source, "2.7") assert name == "_Cryptography_cffi_bcba7f4bx4a14b588" - name = utils._create_modulename(cdef_sources, source, "3.2") + name = utils._create_modulename(cdef_source, source, "3.2") assert name == "_Cryptography_cffi_a7462526x4a14b588" -- cgit v1.2.3 From 1628dd41b609fd4e996a949b9be2f6e4ea62cfc1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 24 Oct 2014 15:11:01 -0700 Subject: Also switch to the explicit verifier construction approach, so the diff for disabling implicit compile is even shorter --- cryptography/hazmat/bindings/utils.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py index 7d8fc66d..63334ff1 100644 --- a/cryptography/hazmat/bindings/utils.py +++ b/cryptography/hazmat/bindings/utils.py @@ -17,7 +17,8 @@ import binascii import sys -import cffi +from cffi import FFI +from cffi.verifier import Verifier def build_ffi_for_binding(module_prefix, modules, pre_include="", @@ -89,17 +90,20 @@ def build_ffi_for_binding(module_prefix, modules, pre_include="", def build_ffi(cdef_source, verify_source, libraries=[], extra_compile_args=[], extra_link_args=[]): - ffi = cffi.FFI() + ffi = FFI() ffi.cdef(cdef_source) - lib = ffi.verify( - source=verify_source, + + ffi.verifier = Verifier( + ffi, + verify_source, + tmpdir='', modulename=_create_modulename(cdef_source, verify_source, sys.version), libraries=libraries, ext_package="cryptography", extra_compile_args=extra_compile_args, extra_link_args=extra_link_args, ) - return ffi, lib + return ffi, ffi.verifier.load_library() def _create_modulename(cdef_sources, source, sys_version): -- cgit v1.2.3