Hi Sudhakar, _openssl.so is the CFFI generated C extension that exposes OpenSSL's APIs to Python. Depending on how you built and installed cryptography this can be either statically linked against OpenSSL or dynamically. If you downloaded one of our wheels then it is statically linked against a version of OpenSSL you can find in our changelog (generally the latest at the time of a release), as documented here: https://cryptography.io/en/latest/changelog/ and https://cryptography.io/en/latest/installation/#static-wheels
You should not be calling _rsa_sig_sign directly, you should be using the public RSA API documented here https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/. EVP_PKEY_sign will ultimately come from OpenSSL, whether statically or dynamically linked to _openssl.so You can ensure you are linked against the system OpenSSL by building from source on a machine with the same version of OpenSSL and headers. Alex On Mon, Jul 11, 2022 at 3:02 PM SUDHAKAR REDDY KHANDI <skha...@gmail.com> wrote: > > hi > > i am using python-cryptography to sign a http request using RSA. I am using > this on the linux platform. In my source tree, I don't see _openssl.so under > the cryptography/hazmat/bindings directory, but on my target device, I see > this .so under the above mentioned directory. I guess this is generated from > the build. Now,my questions are > > 1) what is this _openssl.so ? Is this a lib crypto library from the openssl > project ? if yes, what is the version of this library? > > 2) when i call _rsa_sig_sign()(from rsa.py file) , does it use the relevant > evp function from above .so . does evp_pkey_sign is implemented in > _openssl.so ? > > 3) my target machine already has libcrpto.so and libssl.so installed in > standard lib directory ( this version has our own changes), so, for any > crypto operations we would like to use this library, how do we make sure > crpyto operations from python-cryptography are actually using the libcrpto > installed under standard lib dir (/usr/lib) > > regards > Sudhakar > > > > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
