6 files changed, 79 insertions, 65 deletions

diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py
index 0e6dffc0..bb950aac 100644
--- a/cryptography/hazmat/bindings/commoncrypto/binding.py
+++ b/cryptography/hazmat/bindings/commoncrypto/binding.py
@@ -13,7 +13,9 @@
 
 from __future__ import absolute_import, division, print_function
 
-from cryptography.hazmat.bindings.utils import build_ffi_for_binding
+from cryptography.hazmat.bindings.utils import (
+    build_ffi_for_binding, load_library_for_binding,
+)
 
 
 class Binding(object):
@@ -34,7 +36,13 @@ class Binding(object):
         "sectransform",
     ]
 
-    ffi = None
+    ffi = build_ffi_for_binding(
+        module_prefix=_module_prefix,
+        modules=_modules,
+        extra_link_args=[
+            "-framework", "Security", "-framework", "CoreFoundation"
+        ],
+    )
     lib = None
 
     def __init__(self):
@@ -42,13 +50,11 @@ class Binding(object):
 
     @classmethod
     def _ensure_ffi_initialized(cls):
-        if cls.ffi is not None and cls.lib is not None:
+        if cls.lib is not None:
             return
 
-        cls.ffi, cls.lib = build_ffi_for_binding(
+        cls.lib = load_library_for_binding(
+            cls.ffi,
             module_prefix=cls._module_prefix,
             modules=cls._modules,
-            extra_link_args=[
-                "-framework", "Security", "-framework", "CoreFoundation"
-            ]
         )
diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py
index 056785dc..ff9039cf 100644
--- a/cryptography/hazmat/bindings/openssl/binding.py
+++ b/cryptography/hazmat/bindings/openssl/binding.py
@@ -17,7 +17,9 @@ import os
 import sys
 import threading
 
-from cryptography.hazmat.bindings.utils import build_ffi_for_binding
+from cryptography.hazmat.bindings.utils import (
+    build_ffi_for_binding, load_library_for_binding,
+)
 
 
 _OSX_PRE_INCLUDE = """
@@ -39,6 +41,31 @@ _OSX_POST_INCLUDE = """
 """
 
 
+def _get_libraries(platform):
+    # OpenSSL goes by a different library name on different operating systems.
+    if platform != "win32":
+        # In some circumstances, the order in which these libs are
+        # specified on the linker command-line is significant;
+        # libssl must come before libcrypto
+        # (http://marc.info/?l=openssl-users&m=135361825921871)
+        return ["ssl", "crypto"]
+    else:
+        link_type = os.environ.get("PYCA_WINDOWS_LINK_TYPE", "static")
+        return _get_windows_libraries(link_type)
+
+
+def _get_windows_libraries(link_type):
+    if link_type == "dynamic":
+        return ["libeay32", "ssleay32", "advapi32"]
+    elif link_type == "static" or link_type == "":
+        return ["libeay32mt", "ssleay32mt", "advapi32",
+                "crypt32", "gdi32", "user32", "ws2_32"]
+    else:
+        raise ValueError(
+            "PYCA_WINDOWS_LINK_TYPE must be 'static' or 'dynamic'"
+        )
+
+
 class Binding(object):
     """
     OpenSSL API wrapper.
@@ -82,7 +109,13 @@ class Binding(object):
     _lock_cb_handle = None
     _lock_init_lock = threading.Lock()
 
-    ffi = None
+    ffi = build_ffi_for_binding(
+        module_prefix=_module_prefix,
+        modules=_modules,
+        pre_include=_OSX_PRE_INCLUDE,
+        post_include=_OSX_POST_INCLUDE,
+        libraries=_get_libraries(sys.platform)
+    )
     lib = None
 
     def __init__(self):
@@ -90,20 +123,15 @@ class Binding(object):
 
     @classmethod
     def _ensure_ffi_initialized(cls):
-        if cls.ffi is not None and cls.lib is not None:
+        if cls.lib is not None:
             return
 
-        # OpenSSL goes by a different library name on different operating
-        # systems.
-        libraries = _get_libraries(sys.platform)
-
-        cls.ffi, cls.lib = build_ffi_for_binding(
-            module_prefix=cls._module_prefix,
-            modules=cls._modules,
-            pre_include=_OSX_PRE_INCLUDE,
-            post_include=_OSX_POST_INCLUDE,
-            libraries=libraries,
+        cls.lib = load_library_for_binding(
+            cls.ffi,
+            cls._module_prefix,
+            cls._modules,
         )
+
         res = cls.lib.Cryptography_add_osrandom_engine()
         assert res != 0
 
@@ -146,27 +174,3 @@ class Binding(object):
                     mode, n, file, line
                 )
             )
-
-
-def _get_libraries(platform):
-    if platform != "win32":
-        # In some circumstances, the order in which these libs are
-        # specified on the linker command-line is significant;
-        # libssl must come before libcrypto
-        # (http://marc.info/?l=openssl-users&m=135361825921871)
-        return ["ssl", "crypto"]
-    else:
-        link_type = os.environ.get("PYCA_WINDOWS_LINK_TYPE", "static")
-        return _get_windows_libraries(link_type)
-
-
-def _get_windows_libraries(link_type):
-    if link_type == "dynamic":
-        return ["libeay32", "ssleay32", "advapi32"]
-    elif link_type == "static" or link_type == "":
-        return ["libeay32mt", "ssleay32mt", "advapi32",
-                "crypt32", "gdi32", "user32", "ws2_32"]
-    else:
-        raise ValueError(
-            "PYCA_WINDOWS_LINK_TYPE must be 'static' or 'dynamic'"
-        )
diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py
index 63334ff1..f741aada 100644
--- a/cryptography/hazmat/bindings/utils.py
+++ b/cryptography/hazmat/bindings/utils.py
@@ -21,6 +21,20 @@ from cffi import FFI
 from cffi.verifier import Verifier
 
 
+def load_library_for_binding(ffi, module_prefix, modules):
+    lib = ffi.verifier.load_library()
+
+    for name in modules:
+        module_name = module_prefix + name
+        module = sys.modules[module_name]
+        for condition, names in module.CONDITIONAL_NAMES.items():
+            if not getattr(lib, condition):
+                for name in names:
+                    delattr(lib, name)
+
+    return lib
+
+
 def build_ffi_for_binding(module_prefix, modules, pre_include="",
                           post_include="", libraries=[], extra_compile_args=[],
                           extra_link_args=[]):
@@ -69,7 +83,7 @@ def build_ffi_for_binding(module_prefix, modules, pre_include="",
         functions +
         customizations
     )
-    ffi, lib = build_ffi(
+    ffi = build_ffi(
         cdef_source="\n".join(types + functions + macros),
         verify_source=verify_source,
         libraries=libraries,
@@ -77,15 +91,7 @@ def build_ffi_for_binding(module_prefix, modules, pre_include="",
         extra_link_args=extra_link_args,
     )
 
-    for name in modules:
-        module_name = module_prefix + name
-        module = sys.modules[module_name]
-        for condition, names in module.CONDITIONAL_NAMES.items():
-            if not getattr(lib, condition):
-                for name in names:
-                    delattr(lib, name)
-
-    return ffi, lib
+    return ffi
 
 
 def build_ffi(cdef_source, verify_source, libraries=[], extra_compile_args=[],
@@ -103,7 +109,7 @@ def build_ffi(cdef_source, verify_source, libraries=[], extra_compile_args=[],
         extra_compile_args=extra_compile_args,
         extra_link_args=extra_link_args,
     )
-    return ffi, ffi.verifier.load_library()
+    return ffi
 
 
 def _create_modulename(cdef_sources, source, sys_version):
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py
index b98eb108..8ba045aa 100644
--- a/cryptography/hazmat/primitives/constant_time.py
+++ b/cryptography/hazmat/primitives/constant_time.py
@@ -26,10 +26,9 @@ with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f:
     FUNCTIONS = f.read()
 
 
-_ffi, _lib = build_ffi(
-    cdef_source=TYPES,
-    verify_source=FUNCTIONS,
-)
+_ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS)
+_lib = _ffi.verifier.load_library()
+
 
 if hasattr(hmac, "compare_digest"):
     def bytes_eq(a, b):
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index d799a7e1..6bb51ab9 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -63,10 +63,9 @@ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data,
 }
 """
 
-_ffi, _lib = build_ffi(
-    cdef_source=TYPES,
-    verify_source=FUNCTIONS,
-)
+
+_ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS)
+_lib = _ffi.verifier.load_library()
 
 
 class PKCS7(object):
diff --git a/setup.py b/setup.py
index bf4e864b..2a6646db 100644
--- a/setup.py
+++ b/setup.py
@@ -83,12 +83,12 @@ def get_ext_modules():
     from cryptography.hazmat.primitives import constant_time, padding
 
     ext_modules = [
-        OpenSSLBinding().ffi.verifier.get_extension(),
+        OpenSSLBinding.ffi.verifier.get_extension(),
         constant_time._ffi.verifier.get_extension(),
         padding._ffi.verifier.get_extension()
     ]
     if cc_is_available():
-        ext_modules.append(CommonCryptoBinding().ffi.verifier.get_extension())
+        ext_modules.append(CommonCryptoBinding.ffi.verifier.get_extension())
     return ext_modules