From 37c02cafd661c0555283516cf445b519365bc065 Mon Sep 17 00:00:00 2001 From: messense Date: Fri, 3 Dec 2021 16:00:41 +0800 Subject: [PATCH 01/25] Make it possible to write code that interacts with OpenSSL in Rust --- setup.py | 3 -- src/_cffi_src/build_openssl.py | 18 ++++++++++ src/rust/.cargo/config.toml | 11 ++++++ src/rust/Cargo.lock | 62 ++++++++++++++++++++++++++++++++++ src/rust/Cargo.toml | 4 +++ src/rust/build.rs | 27 +++++++++++++++ src/rust/src/lib.rs | 10 ++++++ 7 files changed, 132 insertions(+), 3 deletions(-) create mode 100644 src/rust/.cargo/config.toml create mode 100644 src/rust/build.rs diff --git a/setup.py b/setup.py index 24b9f102bbf0..8f781a6ac0d9 100644 --- a/setup.py +++ b/setup.py @@ -37,9 +37,6 @@ try: # See setup.cfg for most of the config metadata. setup( - cffi_modules=[ - "src/_cffi_src/build_openssl.py:ffi", - ], rust_extensions=[ RustExtension( "_rust", diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index c5ab3cb3c68f..a7c460e18d6e 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -112,3 +112,21 @@ def _extra_compile_args(platform): libraries=_get_openssl_libraries(sys.platform), extra_compile_args=_extra_compile_args(sys.platform), ) + +if __name__ == "__main__": + import sysconfig + from cffi import recompiler + + module_name, source, source_extension, kwds = ffi._assigned_source + c_file = os.path.join(os.path.dirname(os.path.dirname(__file__)), "rust", module_name + source_extension) + recompiler.make_c_source(ffi, module_name, source, c_file) + + libraries = _get_openssl_libraries(sys.platform) + for lib in libraries: + print(f"cargo:rustc-link-lib={lib}") + extra_compile_args = _extra_compile_args(sys.platform) + for arg in extra_compile_args: + print(f"cargo:rustc-link-arg={arg}") + + include_path = sysconfig.get_path('include') + print(f'include:{include_path}') diff --git a/src/rust/.cargo/config.toml b/src/rust/.cargo/config.toml new file mode 100644 index 000000000000..d47f983e474f --- /dev/null +++ b/src/rust/.cargo/config.toml @@ -0,0 +1,11 @@ +[target.x86_64-apple-darwin] +rustflags = [ + "-C", "link-arg=-undefined", + "-C", "link-arg=dynamic_lookup", +] + +[target.aarch64-apple-darwin] +rustflags = [ + "-C", "link-arg=-undefined", + "-C", "link-arg=dynamic_lookup", +] diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock index e4bd1d8397a9..d5ecf78f2a9f 100644 --- a/src/rust/Cargo.lock +++ b/src/rust/Cargo.lock @@ -53,6 +53,12 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "cc" +version = "1.0.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" + [[package]] name = "cfg-if" version = "1.0.0" @@ -76,13 +82,30 @@ name = "cryptography-rust" version = "0.1.0" dependencies = [ "asn1", + "cc", "chrono", "lazy_static", + "openssl", "ouroboros", "pem", "pyo3", ] +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "indoc" version = "0.3.6" @@ -161,6 +184,33 @@ version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" +[[package]] +name = "openssl" +version = "0.10.38" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c7ae222234c30df141154f159066c5093ff73b63204dcda7121eb082fc56a95" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-sys", +] + +[[package]] +name = "openssl-sys" +version = "0.9.71" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7df13d165e607909b363a4757a6f133f8a818a74e9d3a98d09c6128e15fa4c73" +dependencies = [ + "autocfg", + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "ouroboros" version = "0.13.0" @@ -240,6 +290,12 @@ dependencies = [ "regex", ] +[[package]] +name = "pkg-config" +version = "0.3.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f" + [[package]] name = "proc-macro-error" version = "1.0.4" @@ -401,6 +457,12 @@ version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f14ee04d9415b52b3aeab06258a3f07093182b88ba0f9b8d203f211a7a7d41c7" +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "version_check" version = "0.9.3" diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml index 617167d04429..91813e9cfcb6 100644 --- a/src/rust/Cargo.toml +++ b/src/rust/Cargo.toml @@ -12,6 +12,10 @@ asn1 = { version = "0.8.7", default-features = false, features = ["derive"] } pem = "1.0" chrono = { version = "0.4", default-features = false, features = ["alloc", "clock"] } ouroboros = "0.13" +openssl = "0.10.38" + +[build-dependencies] +cc = "1.0.72" [features] extension-module = ["pyo3/extension-module"] diff --git a/src/rust/build.rs b/src/rust/build.rs new file mode 100644 index 000000000000..a00b5518eea6 --- /dev/null +++ b/src/rust/build.rs @@ -0,0 +1,27 @@ +use std::env; +use std::process::Command; + +fn main() { + // FIXME: maybe pyo3-build-config should provide a way to do this? + let python = env::var("PYO3_PYTHON").unwrap_or("python3".to_string()); + let output = Command::new(&python) + .env("PYTHONPATH", "../") + .arg("../_cffi_src/build_openssl.py") + .output() + .expect("failed to execute build_openssl.py"); + let stdout = String::from_utf8(output.stdout).unwrap(); + let mut include = String::new(); + for line in stdout.lines() { + if line.starts_with("cargo:") { + println!("{}", line); + } else if line.starts_with("include:") { + include = line.replace("include:", ""); + } + } + cc::Build::new() + .file("_openssl.c") + .include(include) + // FIXME: should not hardcode this + .include("/opt/homebrew/opt/openssl/include") + .compile("_openssl.a"); +} diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs index 4d1bdd2e9447..63deb412990b 100644 --- a/src/rust/src/lib.rs +++ b/src/rust/src/lib.rs @@ -7,8 +7,13 @@ mod asn1; mod x509; +use pyo3::FromPyPointer; use std::convert::TryInto; +extern "C" { + fn PyInit__openssl() -> *mut pyo3::ffi::PyObject; +} + /// Returns the value of the input with the most-significant-bit copied to all /// of the bits. fn duplicate_msb_to_all(a: u8) -> u8 { @@ -91,6 +96,11 @@ fn _rust(py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()> crate::x509::ocsp_resp::add_to_module(ocsp_mod)?; m.add_submodule(ocsp_mod)?; + let openssl_mod = unsafe { + let ptr = PyInit__openssl(); + pyo3::types::PyModule::from_owned_ptr(py, ptr) + }; + m.add_submodule(openssl_mod)?; Ok(()) } From accb2322e8e9051a0c20517241d9d80d3418174e Mon Sep 17 00:00:00 2001 From: messense Date: Fri, 3 Dec 2021 16:22:41 +0800 Subject: [PATCH 02/25] Use the new _openssl submodule to allow running tests --- src/cryptography/hazmat/bindings/openssl/binding.py | 4 +++- tests/hazmat/backends/test_openssl_memleak.py | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index c8e6cc4dc981..8dedb441c67f 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -11,9 +11,11 @@ import cryptography from cryptography import utils from cryptography.exceptions import InternalError -from cryptography.hazmat.bindings._openssl import ffi, lib +from cryptography.hazmat.bindings._rust import _openssl from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES +ffi = _openssl.ffi +lib = _openssl.lib _OpenSSLErrorWithText = typing.NamedTuple( "_OpenSSLErrorWithText", [("code", int), ("lib", int), ("reason", int), ("reason_text", bytes)], diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py index d83387c96ff1..d1d672a4f507 100644 --- a/tests/hazmat/backends/test_openssl_memleak.py +++ b/tests/hazmat/backends/test_openssl_memleak.py @@ -24,7 +24,10 @@ def main(argv): import cffi - from cryptography.hazmat.bindings._openssl import ffi, lib + from cryptography.hazmat.bindings._rust import _openssl + + ffi = _openssl.ffi + lib = _openssl.lib heap = {} From e7d71a3d296ca05494322053dd8d664a7ce102aa Mon Sep 17 00:00:00 2001 From: messense Date: Sun, 12 Dec 2021 23:53:20 +0800 Subject: [PATCH 03/25] Use `DEP_OPENSSL_INCLUDE` --- src/_cffi_src/build_openssl.py | 3 --- src/rust/.cargo/config.toml | 11 ----------- src/rust/Cargo.lock | 5 +++-- src/rust/Cargo.toml | 1 + src/rust/build.rs | 5 +++-- 5 files changed, 7 insertions(+), 18 deletions(-) delete mode 100644 src/rust/.cargo/config.toml diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index a7c460e18d6e..9d5ea021897d 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -121,9 +121,6 @@ def _extra_compile_args(platform): c_file = os.path.join(os.path.dirname(os.path.dirname(__file__)), "rust", module_name + source_extension) recompiler.make_c_source(ffi, module_name, source, c_file) - libraries = _get_openssl_libraries(sys.platform) - for lib in libraries: - print(f"cargo:rustc-link-lib={lib}") extra_compile_args = _extra_compile_args(sys.platform) for arg in extra_compile_args: print(f"cargo:rustc-link-arg={arg}") diff --git a/src/rust/.cargo/config.toml b/src/rust/.cargo/config.toml deleted file mode 100644 index d47f983e474f..000000000000 --- a/src/rust/.cargo/config.toml +++ /dev/null @@ -1,11 +0,0 @@ -[target.x86_64-apple-darwin] -rustflags = [ - "-C", "link-arg=-undefined", - "-C", "link-arg=dynamic_lookup", -] - -[target.aarch64-apple-darwin] -rustflags = [ - "-C", "link-arg=-undefined", - "-C", "link-arg=dynamic_lookup", -] diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock index d5ecf78f2a9f..e3a63694c4eb 100644 --- a/src/rust/Cargo.lock +++ b/src/rust/Cargo.lock @@ -86,6 +86,7 @@ dependencies = [ "chrono", "lazy_static", "openssl", + "openssl-sys", "ouroboros", "pem", "pyo3", @@ -200,9 +201,9 @@ dependencies = [ [[package]] name = "openssl-sys" -version = "0.9.71" +version = "0.9.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7df13d165e607909b363a4757a6f133f8a818a74e9d3a98d09c6128e15fa4c73" +checksum = "7e46109c383602735fa0a2e48dd2b7c892b048e1bf69e5c3b1d804b7d9c203cb" dependencies = [ "autocfg", "cc", diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml index 91813e9cfcb6..5b0ed505c62b 100644 --- a/src/rust/Cargo.toml +++ b/src/rust/Cargo.toml @@ -13,6 +13,7 @@ pem = "1.0" chrono = { version = "0.4", default-features = false, features = ["alloc", "clock"] } ouroboros = "0.13" openssl = "0.10.38" +openssl-sys = "0.9.72" [build-dependencies] cc = "1.0.72" diff --git a/src/rust/build.rs b/src/rust/build.rs index a00b5518eea6..286c3244a462 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -18,10 +18,11 @@ fn main() { include = line.replace("include:", ""); } } + let openssl_include = + std::env::var_os("DEP_OPENSSL_INCLUDE").expect("unable to find openssl include path"); cc::Build::new() .file("_openssl.c") .include(include) - // FIXME: should not hardcode this - .include("/opt/homebrew/opt/openssl/include") + .include(openssl_include) .compile("_openssl.a"); } From 71c8424d6644b467edef5aa2771d653d4e09bbde Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 00:15:48 +0800 Subject: [PATCH 04/25] Generate `_openssl.c` in Rust's `OUT_DIR` --- src/_cffi_src/build_openssl.py | 5 ++++- src/rust/build.rs | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 9d5ea021897d..321a84a0b3c1 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -117,8 +117,11 @@ def _extra_compile_args(platform): import sysconfig from cffi import recompiler + out_dir = os.getenv("OUT_DIR") + if not out_dir: + out_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), "rust") module_name, source, source_extension, kwds = ffi._assigned_source - c_file = os.path.join(os.path.dirname(os.path.dirname(__file__)), "rust", module_name + source_extension) + c_file = os.path.join(out_dir, module_name + source_extension) recompiler.make_c_source(ffi, module_name, source, c_file) extra_compile_args = _extra_compile_args(sys.platform) diff --git a/src/rust/build.rs b/src/rust/build.rs index 286c3244a462..60d28131725a 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -1,11 +1,14 @@ use std::env; +use std::path::Path; use std::process::Command; fn main() { + let out_dir = env::var("OUT_DIR").unwrap(); // FIXME: maybe pyo3-build-config should provide a way to do this? let python = env::var("PYO3_PYTHON").unwrap_or("python3".to_string()); let output = Command::new(&python) .env("PYTHONPATH", "../") + .env("OUT_DIR", &out_dir) .arg("../_cffi_src/build_openssl.py") .output() .expect("failed to execute build_openssl.py"); @@ -20,8 +23,9 @@ fn main() { } let openssl_include = std::env::var_os("DEP_OPENSSL_INCLUDE").expect("unable to find openssl include path"); + let openssl_c = Path::new(&out_dir).join("_openssl.c"); cc::Build::new() - .file("_openssl.c") + .file(openssl_c) .include(include) .include(openssl_include) .compile("_openssl.a"); From e5f940761b9d01b919b9fb9bc1fb349ab669cf82 Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 08:19:35 +0800 Subject: [PATCH 05/25] Fix PYTHONPATH --- src/_cffi_src/build_openssl.py | 2 -- src/rust/build.rs | 12 +++++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 321a84a0b3c1..20707f603267 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -118,8 +118,6 @@ def _extra_compile_args(platform): from cffi import recompiler out_dir = os.getenv("OUT_DIR") - if not out_dir: - out_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), "rust") module_name, source, source_extension, kwds = ffi._assigned_source c_file = os.path.join(out_dir, module_name + source_extension) recompiler.make_c_source(ffi, module_name, source, c_file) diff --git a/src/rust/build.rs b/src/rust/build.rs index 60d28131725a..3ca33a5af190 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -6,12 +6,22 @@ fn main() { let out_dir = env::var("OUT_DIR").unwrap(); // FIXME: maybe pyo3-build-config should provide a way to do this? let python = env::var("PYO3_PYTHON").unwrap_or("python3".to_string()); + println!("cargo:rerun-if-changed=../_cffi_src/"); + let python_path = match env::var("PYTHONPATH") { + Ok(mut val) => { + val.push_str(":../"); + val + } + Err(_) => "../".to_string(), + }; let output = Command::new(&python) - .env("PYTHONPATH", "../") + .env("PYTHONPATH", python_path) .env("OUT_DIR", &out_dir) .arg("../_cffi_src/build_openssl.py") .output() .expect("failed to execute build_openssl.py"); + assert!(output.status.success()); + let stdout = String::from_utf8(output.stdout).unwrap(); let mut include = String::new(); for line in stdout.lines() { From 68214d4e64b46149a30d96e1e522fc4faf089f5d Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 08:29:00 +0800 Subject: [PATCH 06/25] Force OpenSSL link --- src/rust/src/lib.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs index 63deb412990b..0b7c98f192a5 100644 --- a/src/rust/src/lib.rs +++ b/src/rust/src/lib.rs @@ -4,6 +4,10 @@ #![deny(rust_2018_idioms)] +// Force linking of OpenSSL since we're not using it in Rust side yet +#[allow(unused_extern_crates)] +extern crate openssl_sys; + mod asn1; mod x509; From d68c6851b63da5b5e6f0f91ed059c8592cd9b377 Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 09:09:46 +0800 Subject: [PATCH 07/25] Use OPENSSL_DIR instead of LDFLAGS --- .github/workflows/ci.yml | 10 ++++++---- tox.ini | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2685778ed2ee..cf3b3fabccb7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -110,8 +110,9 @@ jobs: if: matrix.PYTHON.OPENSSL && steps.ossl-cache.outputs.cache-hit != 'true' - name: Set CFLAGS/LDFLAGS run: | - echo "CFLAGS=${CFLAGS} -Werror=implicit-function-declaration -I${OSSL_PATH}/include" >> $GITHUB_ENV - echo "LDFLAGS=${LDFLAGS} -L${OSSL_PATH}/lib -L${OSSL_PATH}/lib64 -Wl,-rpath=${OSSL_PATH}/lib -Wl,-rpath=${OSSL_PATH}/lib64" >> $GITHUB_ENV + echo "OPENSSL_DIR=${OSSL_PATH}" >> $GITHUB_ENV + echo "CFLAGS=${CFLAGS} -Werror=implicit-function-declaration" >> $GITHUB_ENV + echo "LDFLAGS=${LDFLAGS} -L${OSSL_PATH}/lib64 -Wl,-rpath=${OSSL_PATH}/lib -Wl,-rpath=${OSSL_PATH}/lib64" >> $GITHUB_ENV if: matrix.PYTHON.OPENSSL - name: Tests run: | @@ -381,8 +382,9 @@ jobs: - name: Tests run: | CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 \ - LDFLAGS="${HOME}/openssl-macos-x86-64/lib/libcrypto.a ${HOME}/openssl-macos-x86-64/lib/libssl.a" \ - CFLAGS="-I${HOME}/openssl-macos-x86-64/include -Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.10 -march=core2 $EXTRA_CFLAGS" \ + OPENSSL_DIR="${HOME}/openssl-macos-x86-64" \ + OPENSSL_STATIC=1 \ + CFLAGS="-Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.10 -march=core2 $EXTRA_CFLAGS" \ tox -r -- --color=yes --wycheproof-root=wycheproof env: TOXENV: ${{ matrix.PYTHON.TOXENV }} diff --git a/tox.ini b/tox.ini index 2591c618c271..a732ec6a9e17 100644 --- a/tox.ini +++ b/tox.ini @@ -10,7 +10,7 @@ deps = -e ./vectors pytest-shard>=0.1.2 randomorder: pytest-randomly -passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH RUSTFLAGS CARGO_TARGET_DIR LLVM_PROFILE_FILE OPENSSL_FORCE_FIPS_MODE +passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH RUSTFLAGS CARGO_TARGET_DIR LLVM_PROFILE_FILE OPENSSL_FORCE_FIPS_MODE OPENSSL_DIR OPENSSL_STATIC commands = pip list pytest -n auto --cov=cryptography --cov=tests --durations=10 {posargs} tests/ From d07fd9ab3d97854746a16aed037404b46d656687 Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 13:16:54 +0800 Subject: [PATCH 08/25] Fix a clippy warning --- src/rust/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rust/build.rs b/src/rust/build.rs index 3ca33a5af190..523f02b0656b 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -5,7 +5,7 @@ use std::process::Command; fn main() { let out_dir = env::var("OUT_DIR").unwrap(); // FIXME: maybe pyo3-build-config should provide a way to do this? - let python = env::var("PYO3_PYTHON").unwrap_or("python3".to_string()); + let python = env::var("PYO3_PYTHON").unwrap_or_else(|_| "python3".to_string()); println!("cargo:rerun-if-changed=../_cffi_src/"); let python_path = match env::var("PYTHONPATH") { Ok(mut val) => { From b895314554e66307cca57725a7c665efa8618707 Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 13:32:55 +0800 Subject: [PATCH 09/25] Move finding python include dir to Rust side --- src/_cffi_src/build_openssl.py | 4 --- src/rust/build.rs | 47 ++++++++++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 9 deletions(-) diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 20707f603267..288b952b17eb 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -114,7 +114,6 @@ def _extra_compile_args(platform): ) if __name__ == "__main__": - import sysconfig from cffi import recompiler out_dir = os.getenv("OUT_DIR") @@ -125,6 +124,3 @@ def _extra_compile_args(platform): extra_compile_args = _extra_compile_args(sys.platform) for arg in extra_compile_args: print(f"cargo:rustc-link-arg={arg}") - - include_path = sysconfig.get_path('include') - print(f'include:{include_path}') diff --git a/src/rust/build.rs b/src/rust/build.rs index 523f02b0656b..3432dd21d6c1 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -1,6 +1,7 @@ use std::env; +use std::io::Write; use std::path::Path; -use std::process::Command; +use std::process::{Command, Stdio}; fn main() { let out_dir = env::var("OUT_DIR").unwrap(); @@ -23,20 +24,56 @@ fn main() { assert!(output.status.success()); let stdout = String::from_utf8(output.stdout).unwrap(); - let mut include = String::new(); for line in stdout.lines() { if line.starts_with("cargo:") { println!("{}", line); - } else if line.starts_with("include:") { - include = line.replace("include:", ""); } } + let python_include = run_python_script( + &python, + "import sysconfig; print(sysconfig.get_path('include'), end='')", + ) + .unwrap(); let openssl_include = std::env::var_os("DEP_OPENSSL_INCLUDE").expect("unable to find openssl include path"); let openssl_c = Path::new(&out_dir).join("_openssl.c"); cc::Build::new() .file(openssl_c) - .include(include) + .include(python_include) .include(openssl_include) .compile("_openssl.a"); } + +/// Run a python script using the specified interpreter binary. +fn run_python_script(interpreter: impl AsRef, script: &str) -> Result { + let interpreter = interpreter.as_ref(); + let out = Command::new(interpreter) + .env("PYTHONIOENCODING", "utf-8") + .stdin(Stdio::piped()) + .stdout(Stdio::piped()) + .stderr(Stdio::inherit()) + .spawn() + .and_then(|mut child| { + child + .stdin + .as_mut() + .expect("piped stdin") + .write_all(script.as_bytes())?; + child.wait_with_output() + }); + + match out { + Err(err) => Err(format!( + "failed to run the Python interpreter at {}: {}", + interpreter.display(), + err + )), + Ok(ok) if !ok.status.success() => Err(format!( + "Python script failed: {}", + String::from_utf8(ok.stderr).expect("failed to parse Python script output as utf-8") + )), + Ok(ok) => Ok( + String::from_utf8(ok.stdout).expect("failed to parse Python script output as utf-8") + ), + } +} From add33fa3cbb5df6da71fcfe96f15b5960f52a3ac Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 13:39:06 +0800 Subject: [PATCH 10/25] CI: set OPENSSL_DIR for Windows --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cf3b3fabccb7..3c6d5da0cb11 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -444,8 +444,7 @@ jobs: - name: Download OpenSSL run: | python .github/workflows/download_openssl.py windows openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }} - echo "INCLUDE=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;$INCLUDE" >> $GITHUB_ENV - echo "LIB=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;$LIB" >> $GITHUB_ENV + echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}" >> $GITHUB_ENV echo "CL=${{ matrix.PYTHON.CL_FLAGS }}" >> $GITHUB_ENV env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 8a6f0f982c69be7493e2cc0236197e09fa265ab2 Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 13:48:51 +0800 Subject: [PATCH 11/25] Print stdout and stderr when build_openssl.py fails --- src/rust/build.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/rust/build.rs b/src/rust/build.rs index 3432dd21d6c1..210a7c6863d5 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -21,7 +21,13 @@ fn main() { .arg("../_cffi_src/build_openssl.py") .output() .expect("failed to execute build_openssl.py"); - assert!(output.status.success()); + if !output.status.success() { + panic!( + "failed to run build_openssl.py, stdout: \n{}\nstderr: \n{}\n", + String::from_utf8(output.stdout).unwrap(), + String::from_utf8(output.stderr).unwrap() + ); + } let stdout = String::from_utf8(output.stdout).unwrap(); for line in stdout.lines() { From c11218ae7838f97885135d988c9c0ccb2fb40b40 Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 14:00:53 +0800 Subject: [PATCH 12/25] Try to fix Windows --- src/rust/build.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/rust/build.rs b/src/rust/build.rs index 210a7c6863d5..7e1e102edf97 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -1,6 +1,6 @@ use std::env; use std::io::Write; -use std::path::Path; +use std::path::{Path, MAIN_SEPARATOR}; use std::process::{Command, Stdio}; fn main() { @@ -10,10 +10,15 @@ fn main() { println!("cargo:rerun-if-changed=../_cffi_src/"); let python_path = match env::var("PYTHONPATH") { Ok(mut val) => { - val.push_str(":../"); + if cfg!(target_os = "windows") { + val.push(';'); + } else { + val.push(':'); + } + val.push_str(&format!("..{}", MAIN_SEPARATOR)); val } - Err(_) => "../".to_string(), + Err(_) => format!("..{}", MAIN_SEPARATOR), }; let output = Command::new(&python) .env("PYTHONPATH", python_path) From b0872239779e59695681c68af6e719368341126e Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 14:26:55 +0800 Subject: [PATCH 13/25] Set rpath with RUSTFLAGS --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c6d5da0cb11..feb244cd4e64 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -112,7 +112,7 @@ jobs: run: | echo "OPENSSL_DIR=${OSSL_PATH}" >> $GITHUB_ENV echo "CFLAGS=${CFLAGS} -Werror=implicit-function-declaration" >> $GITHUB_ENV - echo "LDFLAGS=${LDFLAGS} -L${OSSL_PATH}/lib64 -Wl,-rpath=${OSSL_PATH}/lib -Wl,-rpath=${OSSL_PATH}/lib64" >> $GITHUB_ENV + echo "RUSTFLAGS=-Clink-arg=-Wl,-rpath=${OSSL_PATH}/lib -Clink-arg=-Wl,-rpath=${OSSL_PATH}/lib64" >> $GITHUB_ENV if: matrix.PYTHON.OPENSSL - name: Tests run: | From 1ef6259630b340834e9e344f76d896b54b4f2dac Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 19:11:24 +0800 Subject: [PATCH 14/25] Install cffi in Rust Coverage job --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index feb244cd4e64..c796cd4160d5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -285,7 +285,7 @@ jobs: repository: "google/wycheproof" path: "wycheproof" ref: "master" - - run: python -m pip install tox coverage + - run: python -m pip install tox coverage cffi - name: Tests run: | tox -r -- --color=yes --wycheproof-root=wycheproof From 65340cb30ff4b2e65fefa7fa8d0a17e6ab95def2 Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 13 Dec 2021 21:03:29 +0800 Subject: [PATCH 15/25] Move extra compile args to Rust side --- src/_cffi_src/build_openssl.py | 4 ---- src/rust/build.rs | 8 ++------ 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 288b952b17eb..c412fad96aba 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -120,7 +120,3 @@ def _extra_compile_args(platform): module_name, source, source_extension, kwds = ffi._assigned_source c_file = os.path.join(out_dir, module_name + source_extension) recompiler.make_c_source(ffi, module_name, source, c_file) - - extra_compile_args = _extra_compile_args(sys.platform) - for arg in extra_compile_args: - print(f"cargo:rustc-link-arg={arg}") diff --git a/src/rust/build.rs b/src/rust/build.rs index 7e1e102edf97..3f5686e3b0f1 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -34,12 +34,6 @@ fn main() { ); } - let stdout = String::from_utf8(output.stdout).unwrap(); - for line in stdout.lines() { - if line.starts_with("cargo:") { - println!("{}", line); - } - } let python_include = run_python_script( &python, "import sysconfig; print(sysconfig.get_path('include'), end='')", @@ -52,6 +46,8 @@ fn main() { .file(openssl_c) .include(python_include) .include(openssl_include) + .flag_if_supported("-Wconversion") + .flag_if_supported("-Wno-error=sign-conversion") .compile("_openssl.a"); } From a9aa151c928d591fd25e476cd7580922e575636a Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 14 Dec 2021 09:06:21 +0800 Subject: [PATCH 16/25] Link against clang runtime on static builds on macOS --- src/rust/build.rs | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/src/rust/build.rs b/src/rust/build.rs index 3f5686e3b0f1..f7d4a66ffd54 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -4,6 +4,21 @@ use std::path::{Path, MAIN_SEPARATOR}; use std::process::{Command, Stdio}; fn main() { + let target = env::var("TARGET").unwrap(); + let openssl_static = env::var("OPENSSL_STATIC") + .map(|x| x == "1") + .unwrap_or(false); + if target.contains("apple") && openssl_static { + // On (older) OSX we need to link against the clang runtime, + // which is hidden in some non-default path. + // + // More details at https://github.com/alexcrichton/curl-rust/issues/279. + if let Some(path) = macos_link_search_path() { + println!("cargo:rustc-link-lib=clang_rt.osx"); + println!("cargo:rustc-link-search={}", path); + } + } + let out_dir = env::var("OUT_DIR").unwrap(); // FIXME: maybe pyo3-build-config should provide a way to do this? let python = env::var("PYO3_PYTHON").unwrap_or_else(|_| "python3".to_string()); @@ -84,3 +99,27 @@ fn run_python_script(interpreter: impl AsRef, script: &str) -> Result Option { + let output = Command::new("clang") + .arg("--print-search-dirs") + .output() + .ok()?; + if !output.status.success() { + println!( + "failed to run 'clang --print-search-dirs', continuing without a link search path" + ); + return None; + } + + let stdout = String::from_utf8_lossy(&output.stdout); + for line in stdout.lines() { + if line.contains("libraries: =") { + let path = line.split('=').nth(1)?; + return Some(format!("{}/lib/darwin", path)); + } + } + + println!("failed to determine link search path, continuing without it"); + None +} From e36ba2b71c76e051e0834edb9cd597f49fb3f7b4 Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 14 Dec 2021 19:09:55 +0800 Subject: [PATCH 17/25] Bump MSRV to 1.48.0 --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c796cd4160d5..51afd7e135b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -189,8 +189,7 @@ jobs: - {VERSION: "3.9", TOXENV: "py39"} RUST: # Cover MSRV (and likely next MSRV) and in-dev versions - - 1.41.0 - - 1.45.0 + - 1.48.0 - beta name: "${{ matrix.PYTHON.TOXENV }} with Rust ${{ matrix.RUST }}" timeout-minutes: 15 From 21208ff342d4d196ce92ed262598a95baa3cf101 Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 14 Dec 2021 19:49:32 +0800 Subject: [PATCH 18/25] Define `Py_LIMITED_API` --- src/rust/build.rs | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/rust/build.rs b/src/rust/build.rs index f7d4a66ffd54..ad0ac51c0406 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -49,6 +49,11 @@ fn main() { ); } + let python_impl = run_python_script( + &python, + "import platform; print(platform.python_implementation(), end='')", + ) + .unwrap(); let python_include = run_python_script( &python, "import sysconfig; print(sysconfig.get_path('include'), end='')", @@ -57,13 +62,22 @@ fn main() { let openssl_include = std::env::var_os("DEP_OPENSSL_INCLUDE").expect("unable to find openssl include path"); let openssl_c = Path::new(&out_dir).join("_openssl.c"); - cc::Build::new() + + let mut build = cc::Build::new(); + build .file(openssl_c) .include(python_include) .include(openssl_include) .flag_if_supported("-Wconversion") - .flag_if_supported("-Wno-error=sign-conversion") - .compile("_openssl.a"); + .flag_if_supported("-Wno-error=sign-conversion"); + + // Enable abi3 mode if we're not using PyPy. + if python_impl != "PyPy" { + // cp36 + build.define("Py_LIMITED_API", "0x030600f0"); + } + + build.compile("_openssl.a"); } /// Run a python script using the specified interpreter binary. From 916716ce34401783630910ac1661a297cea7889e Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 14 Dec 2021 20:03:46 +0800 Subject: [PATCH 19/25] Use OPENSSL_DIR for zuul wheel build --- .../wheel/roles/build-wheel-manylinux/files/build-wheels.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.zuul.playbooks/playbooks/wheel/roles/build-wheel-manylinux/files/build-wheels.sh b/.zuul.playbooks/playbooks/wheel/roles/build-wheel-manylinux/files/build-wheels.sh index 216a839338e8..efda176fdd8d 100644 --- a/.zuul.playbooks/playbooks/wheel/roles/build-wheel-manylinux/files/build-wheels.sh +++ b/.zuul.playbooks/playbooks/wheel/roles/build-wheel-manylinux/files/build-wheels.sh @@ -20,8 +20,8 @@ for P in ${PYTHONS}; do PY_LIMITED_API="--py-limited-api=cp3${BASH_REMATCH[1]}" fi - LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \ - CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \ + OPENSSL_DIR="/opt/pyca/cryptography/openssl" \ + RUSTFLAGS="-Clink-arg=-Wl,--exclude-libs,ALL" \ .venv/bin/python setup.py bdist_wheel $PY_LIMITED_API auditwheel repair --plat ${PLAT} -w wheelhouse/ dist/cryptography*.whl From a1145351c28ffda4be329cb8fd7a32e5088bcb66 Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 14 Dec 2021 20:15:37 +0800 Subject: [PATCH 20/25] Install pkg-config in zuul --- .zuul.playbooks/playbooks/tox/pre.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.zuul.playbooks/playbooks/tox/pre.yaml b/.zuul.playbooks/playbooks/tox/pre.yaml index 33d3487a22bd..cc6e231ece53 100644 --- a/.zuul.playbooks/playbooks/tox/pre.yaml +++ b/.zuul.playbooks/playbooks/tox/pre.yaml @@ -17,6 +17,7 @@ - libssl-dev - libffi-dev - python3-dev + - pkg-config become: yes when: ansible_distribution in ['Debian', 'Ubuntu'] From 2eea530567753d687f397ca1c8dbf409bd1e7357 Mon Sep 17 00:00:00 2001 From: messense Date: Wed, 15 Dec 2021 11:59:27 +0800 Subject: [PATCH 21/25] Try to fix mypy error --- pyproject.toml | 2 +- src/cryptography/hazmat/bindings/_rust/_openssl.pyi | 1 + src/cryptography/hazmat/bindings/openssl/binding.py | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 src/cryptography/hazmat/bindings/_rust/_openssl.pyi diff --git a/pyproject.toml b/pyproject.toml index ad29d7af36d3..0dca0e772b0b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,7 +30,7 @@ warn_unused_ignores = true [[tool.mypy.overrides]] module = [ - "cryptography.hazmat.bindings._openssl", + "cryptography.hazmat.bindings._rust._openssl", "pretend" ] ignore_missing_imports = true diff --git a/src/cryptography/hazmat/bindings/_rust/_openssl.pyi b/src/cryptography/hazmat/bindings/_rust/_openssl.pyi new file mode 100644 index 000000000000..4a687d5cf0c4 --- /dev/null +++ b/src/cryptography/hazmat/bindings/_rust/_openssl.pyi @@ -0,0 +1 @@ +# An empty file to make mypy recognize this module diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index 8dedb441c67f..b9d4912eeaee 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -14,8 +14,8 @@ from cryptography.hazmat.bindings._rust import _openssl from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES -ffi = _openssl.ffi -lib = _openssl.lib +ffi = _openssl.ffi # type: ignore +lib = _openssl.lib # type: ignore _OpenSSLErrorWithText = typing.NamedTuple( "_OpenSSLErrorWithText", [("code", int), ("lib", int), ("reason", int), ("reason_text", bytes)], From 1377cee03708c3b445718c33491d697f1bf7a05d Mon Sep 17 00:00:00 2001 From: messense Date: Mon, 27 Dec 2021 11:03:39 +0800 Subject: [PATCH 22/25] Use git dependency for openssl crate --- src/rust/Cargo.lock | 17 +++++++++++++---- src/rust/Cargo.toml | 4 ++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock index e3a63694c4eb..df0563bbebd2 100644 --- a/src/rust/Cargo.lock +++ b/src/rust/Cargo.lock @@ -188,22 +188,31 @@ checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" [[package]] name = "openssl" version = "0.10.38" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c7ae222234c30df141154f159066c5093ff73b63204dcda7121eb082fc56a95" +source = "git+https://github.com/sfackler/rust-openssl.git#16f65124674afd935b52ba6e6b10f963fb440968" dependencies = [ "bitflags", "cfg-if", "foreign-types", "libc", "once_cell", + "openssl-macros", "openssl-sys", ] +[[package]] +name = "openssl-macros" +version = "0.1.0" +source = "git+https://github.com/sfackler/rust-openssl.git#16f65124674afd935b52ba6e6b10f963fb440968" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "openssl-sys" version = "0.9.72" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e46109c383602735fa0a2e48dd2b7c892b048e1bf69e5c3b1d804b7d9c203cb" +source = "git+https://github.com/sfackler/rust-openssl.git#16f65124674afd935b52ba6e6b10f963fb440968" dependencies = [ "autocfg", "cc", diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml index 5b0ed505c62b..2aed2e05a9ed 100644 --- a/src/rust/Cargo.toml +++ b/src/rust/Cargo.toml @@ -29,3 +29,7 @@ crate-type = ["cdylib"] [profile.release] lto = "thin" overflow-checks = true + +[patch.crates-io] +openssl-sys = { git = "https://github.com/sfackler/rust-openssl.git" } +openssl = { git = "https://github.com/sfackler/rust-openssl.git" } From 9518ea1ae1289acae0940c54feb9c21ca57c47e4 Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 28 Dec 2021 13:20:13 +0800 Subject: [PATCH 23/25] Try to fix circleci build failures --- .circleci/build-wheel.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/build-wheel.sh b/.circleci/build-wheel.sh index d69e8c9213fe..1cd80487992b 100755 --- a/.circleci/build-wheel.sh +++ b/.circleci/build-wheel.sh @@ -23,8 +23,8 @@ if [[ "${PYBIN}" =~ $REGEX ]]; then PY_LIMITED_API="--py-limited-api=cp3${BASH_REMATCH[1]}" fi -LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \ - CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \ +OPENSSL_DIR="/opt/pyca/cryptography/openssl" \ + RUSTFLAGS="-Clink-arg=-Wl,--exclude-libs,ALL" \ ../../.venv/bin/python setup.py bdist_wheel "$PY_LIMITED_API" auditwheel repair --plat "${PLATFORM}" -w wheelhouse/ dist/cryptography*.whl From 0604d80c733ca485a876c6529700927f776287be Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 28 Dec 2021 13:55:49 +0800 Subject: [PATCH 24/25] Try cffi embedding API --- src/_cffi_src/build_openssl.py | 10 +++++++--- src/_cffi_src/utils.py | 6 ++++++ src/rust/build.rs | 2 +- src/rust/src/lib.rs | 7 +++---- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index c412fad96aba..c2c3858adeb4 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -114,9 +114,13 @@ def _extra_compile_args(platform): ) if __name__ == "__main__": - from cffi import recompiler - out_dir = os.getenv("OUT_DIR") module_name, source, source_extension, kwds = ffi._assigned_source c_file = os.path.join(out_dir, module_name + source_extension) - recompiler.make_c_source(ffi, module_name, source, c_file) + ffi.embedding_api( + """ + extern "Python" void _this_is_not_used(void); + """ + ) + ffi.embedding_init_code("") + ffi.emit_c_code(c_file) diff --git a/src/_cffi_src/utils.py b/src/_cffi_src/utils.py index bb742a4a383c..80d5c99c4fdf 100644 --- a/src/_cffi_src/utils.py +++ b/src/_cffi_src/utils.py @@ -73,6 +73,12 @@ def build_ffi( verify_source += '\n#define CRYPTOGRAPHY_PACKAGE_VERSION "{}"'.format( about["__version__"] ) + verify_source += r""" + +int make_cryptography_openssl_module(void) { + return cffi_start_python(); +} +""" ffi.cdef(cdef_source) ffi.set_source( module_name, diff --git a/src/rust/build.rs b/src/rust/build.rs index ad0ac51c0406..9ac388e2b995 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -74,7 +74,7 @@ fn main() { // Enable abi3 mode if we're not using PyPy. if python_impl != "PyPy" { // cp36 - build.define("Py_LIMITED_API", "0x030600f0"); + // build.define("Py_LIMITED_API", "0x030600f0"); } build.compile("_openssl.a"); diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs index 0b7c98f192a5..776eb6eaa170 100644 --- a/src/rust/src/lib.rs +++ b/src/rust/src/lib.rs @@ -11,11 +11,10 @@ extern crate openssl_sys; mod asn1; mod x509; -use pyo3::FromPyPointer; use std::convert::TryInto; extern "C" { - fn PyInit__openssl() -> *mut pyo3::ffi::PyObject; + fn make_cryptography_openssl_module() -> std::os::raw::c_int; } /// Returns the value of the input with the most-significant-bit copied to all @@ -101,8 +100,8 @@ fn _rust(py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()> m.add_submodule(ocsp_mod)?; let openssl_mod = unsafe { - let ptr = PyInit__openssl(); - pyo3::types::PyModule::from_owned_ptr(py, ptr) + make_cryptography_openssl_module(); + pyo3::types::PyModule::import(py, "_openssl")? }; m.add_submodule(openssl_mod)?; Ok(()) From 50a751a426d6058d1d9271efb8001191a81d6d80 Mon Sep 17 00:00:00 2001 From: messense Date: Tue, 28 Dec 2021 14:31:15 +0800 Subject: [PATCH 25/25] Define WIN32_LEAN_AND_MEAN in Rust side --- src/_cffi_src/openssl/cryptography.py | 2 ++ src/rust/build.rs | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index 7cbcb591dd68..a0e22932c261 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -32,7 +32,9 @@ #include #endif #if defined(_WIN32) +#if !defined(WIN32_LEAN_AND_MEAN) #define WIN32_LEAN_AND_MEAN +#endif #include #include #include diff --git a/src/rust/build.rs b/src/rust/build.rs index 9ac388e2b995..5ed7bb0facd6 100644 --- a/src/rust/build.rs +++ b/src/rust/build.rs @@ -77,6 +77,10 @@ fn main() { // build.define("Py_LIMITED_API", "0x030600f0"); } + if cfg!(windows) { + build.define("WIN32_LEAN_AND_MEAN", None); + } + build.compile("_openssl.a"); }