From alex.gaynor at gmail.com  Tue Jul  5 09:36:56 2022
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Tue, 5 Jul 2022 09:36:56 -0400
Subject: [Cryptography-dev] PyCA cryptography 37.0.4
Message-ID: <CAFRnB2WJXErCot2y3Lr3Dac3gj=yoe52uiaKbPZgm3fJgyan2Q@mail.gmail.com>

PyCA cryptography 37.0.4 has been released to PyPI. cryptography
includes both high level recipes and low level interfaces to common
cryptographic algorithms such as symmetric ciphers, asymmetric
algorithms, message digests, X509, key derivation functions, and much
more. We support Python 3.6+, and PyPy3.

Changelog (https://cryptography.io/en/latest/changelog/#v37-0-4):
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.

Alex

-- 
All that is necessary for evil to succeed is for good people to do nothing.

From skhandi at gmail.com  Mon Jul 11 15:02:16 2022
From: skhandi at gmail.com (SUDHAKAR REDDY KHANDI)
Date: Mon, 11 Jul 2022 12:02:16 -0700
Subject: [Cryptography-dev] regarding openSSL bindings in
 python-cryptography package
Message-ID: <CAB43F6=mOGsGXDQg-7-XqwgKHrZmDYd8et=3hno3V0QNi9kiTw@mail.gmail.com>

hi

i am using python-cryptography to sign a http request using RSA. I am using
this on the linux platform. In my source tree, I don't  see _openssl.so
under the cryptography/hazmat/bindings directory, but on my target device,
I see this .so under the above mentioned directory. I guess this is
generated from the build. Now,my questions are

1) what is this _openssl.so ? Is this a  lib crypto library from the
openssl project ? if yes, what is the version of this library?

2) when i call _rsa_sig_sign()(from rsa.py file) , does it use the relevant
evp function from above .so . does  evp_pkey_sign is implemented in
_openssl.so ?

3) my target machine already has libcrpto.so and libssl.so installed in
standard lib directory ( this version has our own changes), so, for any
crypto operations we would like to use this library,  how do we make sure
crpyto operations from  python-cryptography are actually using the libcrpto
installed under standard lib dir (/usr/lib)

regards
Sudhakar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20220711/db528755/attachment.html>

From alex.gaynor at gmail.com  Mon Jul 11 15:06:34 2022
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Mon, 11 Jul 2022 15:06:34 -0400
Subject: [Cryptography-dev] regarding openSSL bindings in
 python-cryptography package
In-Reply-To: <CAB43F6=mOGsGXDQg-7-XqwgKHrZmDYd8et=3hno3V0QNi9kiTw@mail.gmail.com>
References: <CAB43F6=mOGsGXDQg-7-XqwgKHrZmDYd8et=3hno3V0QNi9kiTw@mail.gmail.com>
Message-ID: <CAFRnB2XjkhYqH8wvmOY7tKMBpi4YEB2t3-pGOj2=3LPgmDXBig@mail.gmail.com>

Hi Sudhakar,

_openssl.so is the CFFI generated C extension that exposes OpenSSL's
APIs to Python. Depending on how you built and installed cryptography
this can be either statically linked against OpenSSL or dynamically.
If you downloaded one of our wheels then it is statically linked
against a version of OpenSSL you can find in our changelog (generally
the latest at the time of a release), as documented here:
https://cryptography.io/en/latest/changelog/ and
https://cryptography.io/en/latest/installation/#static-wheels

You should not be calling _rsa_sig_sign directly, you should be using
the public RSA API documented here
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/.
EVP_PKEY_sign will ultimately come from OpenSSL, whether statically or
dynamically linked to _openssl.so

You can ensure you are linked against the system OpenSSL by building
from source on a machine with the same version of OpenSSL and headers.

Alex

On Mon, Jul 11, 2022 at 3:02 PM SUDHAKAR REDDY KHANDI <skhandi at gmail.com> wrote:
>
> hi
>
> i am using python-cryptography to sign a http request using RSA. I am using this on the linux platform. In my source tree, I don't  see _openssl.so under the cryptography/hazmat/bindings directory, but on my target device,  I see this .so under the above mentioned directory. I guess this is generated from the build. Now,my questions are
>
> 1) what is this _openssl.so ? Is this a  lib crypto library from the openssl project ? if yes, what is the version of this library?
>
> 2) when i call _rsa_sig_sign()(from rsa.py file) , does it use the relevant evp function from above .so . does  evp_pkey_sign is implemented in _openssl.so ?
>
> 3) my target machine already has libcrpto.so and libssl.so installed in standard lib directory ( this version has our own changes), so, for any crypto operations we would like to use this library,  how do we make sure crpyto operations from  python-cryptography are actually using the libcrpto installed under standard lib dir (/usr/lib)
>
> regards
> Sudhakar
>
>
>
>
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev



-- 
All that is necessary for evil to succeed is for good people to do nothing.