File move_cryptography_backend_import.patch of Package python-pyOpenSSL.33804
From a84a52ceeb8deb602515ebf76d3de3ec0e24ba56 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 6 Oct 2016 09:25:40 +0200
Subject: [PATCH] move our cryptography backend import
sad trombone
---
src/OpenSSL/crypto.py | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
Index: pyOpenSSL-17.1.0/src/OpenSSL/crypto.py
===================================================================
--- pyOpenSSL-17.1.0.orig/src/OpenSSL/crypto.py
+++ pyOpenSSL-17.1.0/src/OpenSSL/crypto.py
@@ -56,6 +56,18 @@ def _get_backend():
return backend
+def _get_backend():
+ """
+ Importing the backend from cryptography has the side effect of activating
+ the osrandom engine. This mutates the global state of OpenSSL in the
+ process and causes issues for various programs that use subinterpreters or
+ embed Python. By putting the import in this function we can avoid
+ triggering this side effect unless _get_backend is called.
+ """
+ from cryptography.hazmat.backends.openssl.backend import backend
+ return backend
+
+
def _untested_error(where):
"""
An OpenSSL API failed somehow. Additionally, the failure which was
@@ -283,6 +295,7 @@ class PKey(object):
:raise TypeError: if the key is of a type which cannot be checked.
Only RSA keys can currently be checked.
"""
+ backend = _get_backend()
if self._only_public:
raise TypeError("public key only")