diff options
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/backends/openssl.rst | 34 | ||||
| -rw-r--r-- | docs/hazmat/bindings/index.rst | 22 | ||||
| -rw-r--r-- | docs/hazmat/bindings/openssl.rst | 27 |
3 files changed, 73 insertions, 10 deletions
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 5e51c75e..404573a3 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -3,23 +3,37 @@ OpenSSL Backend =============== -These are `CFFI`_ bindings to the `OpenSSL`_ C library. +The `OpenSSL`_ C library. .. data:: cryptography.hazmat.backends.openssl.backend - This is the exposed API for the OpenSSL bindings. It has two public - attributes: + This is the exposed API for the OpenSSL backend. It has no public attributes. - .. attribute:: ffi +Using your own OpenSSL on Linux +------------------------------- - This is a :class:`cffi.FFI` instance. It can be used to allocate and - otherwise manipulate OpenSSL structures. +Python links to OpenSSL for its own purposes and this can sometimes cause +problems when you wish to use a different version of OpenSSL with cryptography. +If you want to use cryptography with your own build of OpenSSL you will need to +make sure that the build is configured correctly so that your version of +OpenSSL doesn't conflict with Python's. - .. attribute:: lib +The options you need to add allow the linker to identify every symbol correctly +even when multiple versions of the library are linked into the same program. If +you are using your distribution's source packages these will probably be +patched in for you already, otherwise you'll need to use options something like +this when configuring OpenSSL:: - This is a ``cffi`` library. It can be used to call OpenSSL functions, - and access constants. + ./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared +You'll also need to generate your own ``openssl.ld`` file. For example:: + + OPENSSL_1.0.1F_CUSTOM { + global: + *; + }; + +You should replace the version string on the first line as appropriate for your +build. -.. _`CFFI`: https://cffi.readthedocs.org/ .. _`OpenSSL`: https://www.openssl.org/ diff --git a/docs/hazmat/bindings/index.rst b/docs/hazmat/bindings/index.rst new file mode 100644 index 00000000..809eddfc --- /dev/null +++ b/docs/hazmat/bindings/index.rst @@ -0,0 +1,22 @@ +.. hazmat:: + +Bindings +======== + +.. currentmodule:: cryptography.hazmat.bindings + +``cryptography`` aims to provide low-level CFFI based bindings to multiple +native C libraries. These provide no automatic initialisation of the library +and may not provide complete wrappers for its API. + +Using these functions directly is likely to require you to be careful in +managing memory allocation, locking and other resources. + + +Individual Bindings +------------------- + +.. toctree:: + :maxdepth: 1 + + openssl diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst new file mode 100644 index 00000000..373fe472 --- /dev/null +++ b/docs/hazmat/bindings/openssl.rst @@ -0,0 +1,27 @@ +.. hazmat:: + +OpenSSL Binding +=============== + +.. currentmodule:: cryptography.hazmat.bindings.openssl.binding + +These are `CFFI`_ bindings to the `OpenSSL`_ C library. + +.. class:: cryptography.hazmat.bindings.openssl.binding.Binding() + + This is the exposed API for the OpenSSL bindings. It has two public + attributes: + + .. attribute:: ffi + + This is a :class:`cffi.FFI` instance. It can be used to allocate and + otherwise manipulate OpenSSL structures. + + .. attribute:: lib + + This is a ``cffi`` library. It can be used to call OpenSSL functions, + and access constants. + + +.. _`CFFI`: https://cffi.readthedocs.org/ +.. _`OpenSSL`: https://www.openssl.org/ |