| Alex Stapleton | c368ac2 | 2013-12-31 13:43:38 +0000 | [diff] [blame] | 1 | .. hazmat:: |
| 2 | |
| Alex Stapleton | c5fffd3 | 2014-03-18 15:29:00 +0000 | [diff] [blame] | 3 | OpenSSL binding |
| Alex Stapleton | c368ac2 | 2013-12-31 13:43:38 +0000 | [diff] [blame] | 4 | =============== |
| 5 | |
| 6 | .. currentmodule:: cryptography.hazmat.bindings.openssl.binding |
| 7 | |
| Paul Kehrer | 12649af | 2014-03-10 12:45:19 -0400 | [diff] [blame] | 8 | These are `CFFI`_ bindings to the `OpenSSL`_ C library. Cryptography supports |
| Alex Gaynor | 0e8cdf1 | 2016-12-13 21:05:35 -0500 | [diff] [blame] | 9 | OpenSSL version 1.0.1 and greater. |
| Alex Stapleton | c368ac2 | 2013-12-31 13:43:38 +0000 | [diff] [blame] | 10 | |
| 11 | .. class:: cryptography.hazmat.bindings.openssl.binding.Binding() |
| 12 | |
| 13 | This is the exposed API for the OpenSSL bindings. It has two public |
| 14 | attributes: |
| 15 | |
| 16 | .. attribute:: ffi |
| 17 | |
| Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 18 | This is a ``cffi.FFI`` instance. It can be used to allocate and |
| Alex Stapleton | c368ac2 | 2013-12-31 13:43:38 +0000 | [diff] [blame] | 19 | otherwise manipulate OpenSSL structures. |
| 20 | |
| 21 | .. attribute:: lib |
| 22 | |
| 23 | This is a ``cffi`` library. It can be used to call OpenSSL functions, |
| 24 | and access constants. |
| 25 | |
| Alex Stapleton | fcae150 | 2014-01-23 20:43:34 +0000 | [diff] [blame] | 26 | .. classmethod:: init_static_locks |
| 27 | |
| 28 | Enables the best available locking callback for OpenSSL. |
| 29 | See :ref:`openssl-threading`. |
| 30 | |
| 31 | .. _openssl-threading: |
| 32 | |
| 33 | Threading |
| 34 | --------- |
| 35 | |
| Alex Stapleton | 5fb7eb4 | 2014-01-24 19:02:33 +0000 | [diff] [blame] | 36 | ``cryptography`` enables OpenSSLs `thread safety facilities`_ in two different |
| Alex Stapleton | fcae150 | 2014-01-23 20:43:34 +0000 | [diff] [blame] | 37 | ways depending on the configuration of your system. Normally the locking |
| 38 | callbacks provided by your Python implementation specifically for OpenSSL will |
| Alex Gaynor | 16b67fc | 2015-09-24 21:48:51 -0400 | [diff] [blame] | 39 | be used. However, if you have linked ``cryptography`` to a different version of |
| Alex Stapleton | fcae150 | 2014-01-23 20:43:34 +0000 | [diff] [blame] | 40 | OpenSSL than that used by your Python implementation we enable an alternative |
| 41 | locking callback. This version is implemented in Python and so may result in |
| 42 | lower performance in some situations. In particular parallelism is reduced |
| 43 | because it has to acquire the GIL whenever any lock operations occur within |
| 44 | OpenSSL. |
| Alex Stapleton | c368ac2 | 2013-12-31 13:43:38 +0000 | [diff] [blame] | 45 | |
| Alex Gaynor | 988df9b | 2016-04-28 10:57:16 -0400 | [diff] [blame] | 46 | .. _`CFFI`: https://cffi.readthedocs.io |
| Alex Stapleton | c368ac2 | 2013-12-31 13:43:38 +0000 | [diff] [blame] | 47 | .. _`OpenSSL`: https://www.openssl.org/ |
| Alex Gaynor | e51236d | 2016-11-06 10:13:35 -0500 | [diff] [blame] | 48 | .. _`thread safety facilities`: https://www.openssl.org/docs/man1.0.2/crypto/threads.html |