[Cryptography-dev] Building cryptography on Windows for Python 3.3

Paul Kehrer paul.l.kehrer at gmail.com
Thu Feb 20 16:30:30 CET 2014 

We will be offering wheels (32-bit) for the 0.2 release (forthcoming today), but as you noted they still require the installation of OpenSSL independently. This decision was originally made because we didn’t want to get in the business of feeling like we needed to rev cryptography whenever OpenSSL did a security release, but maybe we need to revisit that position.  

Everyone, time to express some opinions!

-Paul  


On Thursday, February 20, 2014 at 2:15 AM, Alexander Belchenko wrote:

> IMO, static build is more appropriate for Windows users. That means user doesn't need to additionally install openssl binaries.
>  
> E.g. CPython itself (ssl standard library) has openssl linked statically AFAIK. I suspect this is also to avoid "dll hell". E.g. win64 binary installation of OpenSSL has dlls with the exactly same names as win32 installation: libeay32.dll and ssleay32.dll. I suspect there is no way to have both versions co-exists as system-wide dll libraries.
>  
> I won't ask you to change your build scripts to use static libs on Windows, but I'd like to help with a patch to make this supported in some way. I'm going to try to build whl (wheel) file for cryptography with static openssl libs for both 32/64. I'm mostly interested in working pyOpenSSL library for my project, actually. But it depends on `cryptography`.  
>  
> Any hints on approach to provide support for static build for Windows? Probably some sort of config option needed? I'm not sure how it should work with pip and wheels.
>  
>  
> 2014-02-18 16:24 GMT+02:00 Paul Kehrer <paul.l.kehrer at gmail.com (mailto:paul.l.kehrer at gmail.com)>:
> > Thanks for the information, I don’t believe anyone has ever tried to do a static build on Windows before!
> >  
> > Some of the codegen from cffi on the Windows side causes warnings that, to our knowledge, are not an issue. We definitely would like to be warning clean when compiling with cl.exe (as we are with clang/gcc on OS X and Linux).  
> >  
> > To run our test suite you should pip install -r dev-requirements.txt and then you can run py.test (or tox) to execute the tests.
> >  
> > -Paul Kehrer
> >  
> > On Tuesday, February 18, 2014 at 8:13 AM, Alexander Belchenko wrote:
> >  
> >  
> >  
> > > Hi,
> > >  
> > > I started to write an email with request for help building cryptography on Windows for Python 3.3, but then I figured out how to get the desired result, so now I only want to share some knowledge and also provide you a build log in the case you're interested in compiler warnings.  
> > >  
> > > Also I'd like to know it built correctly, is there any easy-to-use unittest suite I can run? I see there tests package, but I'm not sure what is your method to run tests in your project? Obvioulsly `python3 -m unittest` does not work.  
> > >  
> > > My intent was to build cryptography library against static libs of OpenSSL because I had problems with running simple C code with OpenSSL dlls, I found on StackOverflow suggestion that only linking against static libraries would help. It does help for me.  
> > >  
> > > Here is openssl directories I've used:
> > > include: C:\OpenSSL-Win32\include
> > > lib: C:\OpenSSL-Win32\lib\VC\static
> > >  
> > > My C code successfully linked against this set of libraries:  
> > > 'libeay32MD', 'ssleay32MD', 'gdi32', 'user32', 'advapi32'
> > >  
> > > So here is my steps similar to what you wrote on Installation page:
> > > https://cryptography.io/en/latest/installation/#on-windows
> > >  
> > > "C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat" x86
> > > set LIB=C:\OpenSSL-Win32\lib\VC\static;%LIB%
> > > set INCLUDE=C:\OpenSSL-Win32\include;%INCLUDE%
> > > C:\Python33\python setup.py install
> > >  
> > >  
> > > That wasn't enough because of set of libraries you need to link against. So I just changed settings in bindings.py:
> > >  
> > >  
> > > === modified file cryptography/hazmat/bindings/openssl/binding.py
> > >  
> > >  
> > > --- cryptography/hazmat/bindings/openssl/binding.py 2014-02-18 13:18:03 +0000
> > >  
> > >  
> > > +++ cryptography/hazmat/bindings/openssl/binding.py 2014-02-18 13:54:26 +0000
> > >  
> > >  
> > > @@ -92,7 +92,9 @@
> > >  
> > >  
> > > if sys.platform != "win32":
> > >  
> > >  
> > > libraries = ["crypto", "ssl"]
> > >  
> > >  
> > > else: # pragma: no cover
> > >  
> > >  
> > > - libraries = ["libeay32", "ssleay32", "advapi32"]
> > >  
> > >  
> > > + libraries = ["libeay32MD", "ssleay32MD",  
> > >  
> > >  
> > > + "gdi32", "user32", "advapi32",
> > >  
> > >  
> > > + "Ws2_32", "Crypt32"]
> > >  
> > >  
> > >  
> > >  
> > >  
> > > cls.ffi, cls.lib = build_ffi(cls._module_prefix, cls._modules,
> > >  
> > >  
> > > _OSX_PRE_INCLUDE, _OSX_POST_INCLUDE,
> > >  
> > >  
> > > With the last change I was finally able to build cryptography python library. \o/
> > >  
> > >  
> > >  
> > >  
> > >  
> > >  
> > >  
> > >  
> > > Attached is the build log in the case you want to see compiler errors.
> > >  
> > > Some warnings catched my eye, like this:  
> > >  
> > > cryptography\hazmat\primitives\__pycache__\_cffi__xcd368b2dx4a8b9ec1.c(218) : warning C4244: '=' : conversion from 'unsigned __int64' to 'uint8_t', possible loss of data
> > >  
> > > or
> > >  
> > > cryptography\hazmat\bindings\__pycache__\_cffi__xabccc2b1x4bab9030.c(4386) : warning C4308: negative integral constant converted to unsigned type  
> > >  
> > > Probably you might know that everything is OK, I just wanted to test somehow my build is OK.
> > >  
> > > Alexander.
> > >  
> > > _______________________________________________
> > > Cryptography-dev mailing list
> > > Cryptography-dev at python.org (mailto:Cryptography-dev at python.org)
> > > https://mail.python.org/mailman/listinfo/cryptography-dev
> > >  
> > >  
> > >  
> > >  
> > > Attachments:  
> > > - setup.log
> > >  
> > >  
> >  
> >  
> >  
> > _______________________________________________
> > Cryptography-dev mailing list
> > Cryptography-dev at python.org (mailto:Cryptography-dev at python.org)
> > https://mail.python.org/mailman/listinfo/cryptography-dev
> >  
>  
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org (mailto:Cryptography-dev at python.org)
> https://mail.python.org/mailman/listinfo/cryptography-dev
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140220/f478f8f3/attachment.html>

More information about the Cryptography-dev mailing list