diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-01 23:52:09 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-01 23:52:09 -0600 |
| commit | b8dbb89676836db16272e0485086191263f98c45 (patch) | |
| tree | a0533b10b3abdd3a9854557c9344d83e3df72c79 /docs/hazmat | |
| parent | 607688cdcb5b262715bd4eb70f9770f0326ce9e5 (diff) | |
| parent | fa3d5aacd9d8047467ef4f7aaec45fd69ba4fb59 (diff) | |
| download | cryptography-b8dbb89676836db16272e0485086191263f98c45.tar.gz cryptography-b8dbb89676836db16272e0485086191263f98c45.tar.bz2 cryptography-b8dbb89676836db16272e0485086191263f98c45.zip | |
Merge branch 'master' into urandom-engine
* master:
Split OpenSSL binding
Fixed test for earlier exceptino
Rearrange
Move GCM tag size/value validation farther forward -- this makes it easier by not requiring future backends to implement the same checks
expose num_locks and {get,set}_{id,locking}_callback
Make the PyPy tox job consistent with the main one.
THis should be a seperate PR
Typo fix
This page has been subsumed by the index
Bump the copyright year
Document compiling OpenSSL to avoid conflicts
Conflicts:
cryptography/hazmat/backends/openssl/backend.py
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/backends/openssl.rst | 34 | ||||
| -rw-r--r-- | docs/hazmat/bindings/index.rst | 22 | ||||
| -rw-r--r-- | docs/hazmat/bindings/openssl.rst | 27 |
3 files changed, 73 insertions, 10 deletions
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 5e51c75e..404573a3 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -3,23 +3,37 @@ OpenSSL Backend =============== -These are `CFFI`_ bindings to the `OpenSSL`_ C library. +The `OpenSSL`_ C library. .. data:: cryptography.hazmat.backends.openssl.backend - This is the exposed API for the OpenSSL bindings. It has two public - attributes: + This is the exposed API for the OpenSSL backend. It has no public attributes. - .. attribute:: ffi +Using your own OpenSSL on Linux +------------------------------- - This is a :class:`cffi.FFI` instance. It can be used to allocate and - otherwise manipulate OpenSSL structures. +Python links to OpenSSL for its own purposes and this can sometimes cause +problems when you wish to use a different version of OpenSSL with cryptography. +If you want to use cryptography with your own build of OpenSSL you will need to +make sure that the build is configured correctly so that your version of +OpenSSL doesn't conflict with Python's. - .. attribute:: lib +The options you need to add allow the linker to identify every symbol correctly +even when multiple versions of the library are linked into the same program. If +you are using your distribution's source packages these will probably be +patched in for you already, otherwise you'll need to use options something like +this when configuring OpenSSL:: - This is a ``cffi`` library. It can be used to call OpenSSL functions, - and access constants. + ./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared +You'll also need to generate your own ``openssl.ld`` file. For example:: + + OPENSSL_1.0.1F_CUSTOM { + global: + *; + }; + +You should replace the version string on the first line as appropriate for your +build. -.. _`CFFI`: https://cffi.readthedocs.org/ .. _`OpenSSL`: https://www.openssl.org/ diff --git a/docs/hazmat/bindings/index.rst b/docs/hazmat/bindings/index.rst new file mode 100644 index 00000000..809eddfc --- /dev/null +++ b/docs/hazmat/bindings/index.rst @@ -0,0 +1,22 @@ +.. hazmat:: + +Bindings +======== + +.. currentmodule:: cryptography.hazmat.bindings + +``cryptography`` aims to provide low-level CFFI based bindings to multiple +native C libraries. These provide no automatic initialisation of the library +and may not provide complete wrappers for its API. + +Using these functions directly is likely to require you to be careful in +managing memory allocation, locking and other resources. + + +Individual Bindings +------------------- + +.. toctree:: + :maxdepth: 1 + + openssl diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst new file mode 100644 index 00000000..373fe472 --- /dev/null +++ b/docs/hazmat/bindings/openssl.rst @@ -0,0 +1,27 @@ +.. hazmat:: + +OpenSSL Binding +=============== + +.. currentmodule:: cryptography.hazmat.bindings.openssl.binding + +These are `CFFI`_ bindings to the `OpenSSL`_ C library. + +.. class:: cryptography.hazmat.bindings.openssl.binding.Binding() + + This is the exposed API for the OpenSSL bindings. It has two public + attributes: + + .. attribute:: ffi + + This is a :class:`cffi.FFI` instance. It can be used to allocate and + otherwise manipulate OpenSSL structures. + + .. attribute:: lib + + This is a ``cffi`` library. It can be used to call OpenSSL functions, + and access constants. + + +.. _`CFFI`: https://cffi.readthedocs.org/ +.. _`OpenSSL`: https://www.openssl.org/ |