summaryrefslogtreecommitdiff
path: root/src/OpenSSL
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2016-10-06 11:22:01 +0200
committerHynek Schlawack <hs@ox.cx>2016-10-06 11:22:01 +0200
commiteb6338431533566a52ddc48584f1668b767d3499 (patch)
tree38355294c84133409cfe85ad1b8afb04e580114d /src/OpenSSL
parentb20257bee5771afef061fdc1c3abe180c748d7c3 (diff)
downloadpyopenssl-git-eb6338431533566a52ddc48584f1668b767d3499.tar.gz
move our cryptography backend import (#552)
sad trombone
Diffstat (limited to 'src/OpenSSL')
-rw-r--r--src/OpenSSL/crypto.py14
1 files changed, 13 insertions, 1 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 797dfdc..61bddb6 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -10,7 +10,6 @@ from six import (
text_type as _text_type,
PY3 as _PY3)
-from cryptography.hazmat.backends.openssl.backend import backend
from cryptography.hazmat.primitives.asymmetric import dsa, rsa
from OpenSSL._util import (
@@ -44,6 +43,18 @@ _raise_current_error = partial(_exception_from_error_queue, Error)
_openssl_assert = _make_assert(Error)
+def _get_backend():
+ """
+ Importing the backend from cryptography has the side effect of activating
+ the osrandom engine. This mutates the global state of OpenSSL in the
+ process and causes issues for various programs that use subinterpreters or
+ embed Python. By putting the import in this function we can avoid
+ triggering this side effect unless _get_backend is called.
+ """
+ from cryptography.hazmat.backends.openssl.backend import backend
+ return backend
+
+
def _untested_error(where):
"""
An OpenSSL API failed somehow. Additionally, the failure which was
@@ -181,6 +192,7 @@ class PKey(object):
.. versionadded:: 16.1.0
"""
+ backend = _get_backend()
if self._only_public:
return backend._evp_pkey_to_public_key(self._pkey)
else: