60 files changed, 212 insertions, 245 deletions

diff --git a/src/_cffi_src/__init__.py b/src/_cffi_src/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/src/_cffi_src/__init__.py
diff --git a/src/_cffi_src/build_commoncrypto.py b/src/_cffi_src/build_commoncrypto.py
new file mode 100644
index 00000000..1c2692a7
--- /dev/null
+++ b/src/_cffi_src/build_commoncrypto.py
@@ -0,0 +1,29 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from _cffi_src.utils import build_ffi_for_binding
+
+
+ffi = build_ffi_for_binding(
+    module_name="_commoncrypto",
+    module_prefix="_cffi_src.commoncrypto.",
+    modules=[
+        "cf",
+        "common_digest",
+        "common_hmac",
+        "common_key_derivation",
+        "common_cryptor",
+        "common_symmetric_key_wrap",
+        "secimport",
+        "secitem",
+        "seckey",
+        "seckeychain",
+        "sectransform",
+    ],
+    extra_link_args=[
+        "-framework", "Security", "-framework", "CoreFoundation"
+    ],
+)
diff --git a/src/_cffi_src/build_constant_time.py b/src/_cffi_src/build_constant_time.py
new file mode 100644
index 00000000..eae0f21a
--- /dev/null
+++ b/src/_cffi_src/build_constant_time.py
@@ -0,0 +1,26 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+from _cffi_src.utils import build_ffi
+
+
+with open(os.path.join(
+    os.path.dirname(__file__), "hazmat_src/constant_time.h"
+)) as f:
+    types = f.read()
+
+with open(os.path.join(
+    os.path.dirname(__file__), "hazmat_src/constant_time.c"
+)) as f:
+    functions = f.read()
+
+ffi = build_ffi(
+    module_name="_constant_time",
+    cdef_source=types,
+    verify_source=functions
+)
diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
new file mode 100644
index 00000000..4c30fe48
--- /dev/null
+++ b/src/_cffi_src/build_openssl.py
@@ -0,0 +1,98 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+import sys
+
+from _cffi_src.utils import (
+    build_ffi_for_binding
+)
+
+
+def _get_openssl_libraries(platform):
+    # OpenSSL goes by a different library name on different operating systems.
+    if platform != "win32":
+        # In some circumstances, the order in which these libs are
+        # specified on the linker command-line is significant;
+        # libssl must come before libcrypto
+        # (http://marc.info/?l=openssl-users&m=135361825921871)
+        return ["ssl", "crypto"]
+    else:
+        link_type = os.environ.get("PYCA_WINDOWS_LINK_TYPE", "static")
+        return _get_openssl_windows_libraries(link_type)
+
+
+def _get_openssl_windows_libraries(link_type):
+    if link_type == "dynamic":
+        return ["libeay32", "ssleay32", "advapi32"]
+    elif link_type == "static" or link_type == "":
+        return ["libeay32mt", "ssleay32mt", "advapi32",
+                "crypt32", "gdi32", "user32", "ws2_32"]
+    else:
+        raise ValueError(
+            "PYCA_WINDOWS_LINK_TYPE must be 'static' or 'dynamic'"
+        )
+
+
+_OSX_PRE_INCLUDE = """
+#ifdef __APPLE__
+#include <AvailabilityMacros.h>
+#define __ORIG_DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER \
+    DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#undef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#endif
+"""
+
+_OSX_POST_INCLUDE = """
+#ifdef __APPLE__
+#undef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER \
+    __ORIG_DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#endif
+"""
+
+
+ffi = build_ffi_for_binding(
+    module_name="_openssl",
+    module_prefix="_cffi_src.openssl.",
+    modules=[
+        "aes",
+        "asn1",
+        "bignum",
+        "bio",
+        "cmac",
+        "cms",
+        "conf",
+        "crypto",
+        "dh",
+        "dsa",
+        "ec",
+        "ecdh",
+        "ecdsa",
+        "engine",
+        "err",
+        "evp",
+        "hmac",
+        "nid",
+        "objects",
+        "opensslv",
+        "osrandom_engine",
+        "pem",
+        "pkcs7",
+        "pkcs12",
+        "rand",
+        "rsa",
+        "ssl",
+        "x509",
+        "x509name",
+        "x509v3",
+        "x509_vfy"
+    ],
+    pre_include=_OSX_PRE_INCLUDE,
+    post_include=_OSX_POST_INCLUDE,
+    libraries=_get_openssl_libraries(sys.platform)
+)
diff --git a/src/_cffi_src/build_padding.py b/src/_cffi_src/build_padding.py
new file mode 100644
index 00000000..3eeac2e2
--- /dev/null
+++ b/src/_cffi_src/build_padding.py
@@ -0,0 +1,26 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+from _cffi_src.utils import build_ffi
+
+
+with open(os.path.join(
+    os.path.dirname(__file__), "hazmat_src/padding.h"
+)) as f:
+    types = f.read()
+
+with open(os.path.join(
+    os.path.dirname(__file__), "hazmat_src/padding.c"
+)) as f:
+    functions = f.read()
+
+ffi = build_ffi(
+    module_name="_padding",
+    cdef_source=types,
+    verify_source=functions
+)
diff --git a/src/_cffi_src/commoncrypto/__init__.py b/src/_cffi_src/commoncrypto/__init__.py
new file mode 100644
index 00000000..4b540884
--- /dev/null
+++ b/src/_cffi_src/commoncrypto/__init__.py
@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/cf.py b/src/_cffi_src/commoncrypto/cf.py
index 77d2d7cc..77d2d7cc 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/cf.py
+++ b/src/_cffi_src/commoncrypto/cf.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py b/src/_cffi_src/commoncrypto/common_cryptor.py
index fc6eef91..fc6eef91 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py
+++ b/src/_cffi_src/commoncrypto/common_cryptor.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/common_digest.py b/src/_cffi_src/commoncrypto/common_digest.py
index a76fc508..a76fc508 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/common_digest.py
+++ b/src/_cffi_src/commoncrypto/common_digest.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/common_hmac.py b/src/_cffi_src/commoncrypto/common_hmac.py
index fcd0c0f4..fcd0c0f4 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/common_hmac.py
+++ b/src/_cffi_src/commoncrypto/common_hmac.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py b/src/_cffi_src/commoncrypto/common_key_derivation.py
index 19525852..19525852 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py
+++ b/src/_cffi_src/commoncrypto/common_key_derivation.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/common_symmetric_key_wrap.py b/src/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
index ea9e459d..ea9e459d 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/common_symmetric_key_wrap.py
+++ b/src/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/secimport.py b/src/_cffi_src/commoncrypto/secimport.py
index 41a799f9..41a799f9 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/secimport.py
+++ b/src/_cffi_src/commoncrypto/secimport.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/secitem.py b/src/_cffi_src/commoncrypto/secitem.py
index dd255430..dd255430 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/secitem.py
+++ b/src/_cffi_src/commoncrypto/secitem.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/seckey.py b/src/_cffi_src/commoncrypto/seckey.py
index 01d42e6a..01d42e6a 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/seckey.py
+++ b/src/_cffi_src/commoncrypto/seckey.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/seckeychain.py b/src/_cffi_src/commoncrypto/seckeychain.py
index 6a2cb4be..6a2cb4be 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/seckeychain.py
+++ b/src/_cffi_src/commoncrypto/seckeychain.py
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/sectransform.py b/src/_cffi_src/commoncrypto/sectransform.py
index bed94953..bed94953 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/sectransform.py
+++ b/src/_cffi_src/commoncrypto/sectransform.py
diff --git a/src/cryptography/hazmat/primitives/src/constant_time.c b/src/_cffi_src/hazmat_src/constant_time.c
index 0a48fe83..0a48fe83 100644
--- a/src/cryptography/hazmat/primitives/src/constant_time.c
+++ b/src/_cffi_src/hazmat_src/constant_time.c
diff --git a/src/cryptography/hazmat/primitives/src/constant_time.h b/src/_cffi_src/hazmat_src/constant_time.h
index 593479f6..593479f6 100644
--- a/src/cryptography/hazmat/primitives/src/constant_time.h
+++ b/src/_cffi_src/hazmat_src/constant_time.h
diff --git a/src/cryptography/hazmat/primitives/src/padding.c b/src/_cffi_src/hazmat_src/padding.c
index 570bad9f..570bad9f 100644
--- a/src/cryptography/hazmat/primitives/src/padding.c
+++ b/src/_cffi_src/hazmat_src/padding.c
diff --git a/src/cryptography/hazmat/primitives/src/padding.h b/src/_cffi_src/hazmat_src/padding.h
index 4d218b1a..4d218b1a 100644
--- a/src/cryptography/hazmat/primitives/src/padding.h
+++ b/src/_cffi_src/hazmat_src/padding.h
diff --git a/src/_cffi_src/openssl/__init__.py b/src/_cffi_src/openssl/__init__.py
new file mode 100644
index 00000000..4b540884
--- /dev/null
+++ b/src/_cffi_src/openssl/__init__.py
@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
diff --git a/src/cryptography/hazmat/bindings/openssl/aes.py b/src/_cffi_src/openssl/aes.py
index 15da9b62..15da9b62 100644
--- a/src/cryptography/hazmat/bindings/openssl/aes.py
+++ b/src/_cffi_src/openssl/aes.py
diff --git a/src/cryptography/hazmat/bindings/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py
index c18708c5..c18708c5 100644
--- a/src/cryptography/hazmat/bindings/openssl/asn1.py
+++ b/src/_cffi_src/openssl/asn1.py
diff --git a/src/cryptography/hazmat/bindings/openssl/bignum.py b/src/_cffi_src/openssl/bignum.py
index d974e04e..d974e04e 100644
--- a/src/cryptography/hazmat/bindings/openssl/bignum.py
+++ b/src/_cffi_src/openssl/bignum.py
diff --git a/src/cryptography/hazmat/bindings/openssl/bio.py b/src/_cffi_src/openssl/bio.py
index 6cc1bcb2..6cc1bcb2 100644
--- a/src/cryptography/hazmat/bindings/openssl/bio.py
+++ b/src/_cffi_src/openssl/bio.py
diff --git a/src/cryptography/hazmat/bindings/openssl/cmac.py b/src/_cffi_src/openssl/cmac.py
index c01a449f..c01a449f 100644
--- a/src/cryptography/hazmat/bindings/openssl/cmac.py
+++ b/src/_cffi_src/openssl/cmac.py
diff --git a/src/cryptography/hazmat/bindings/openssl/cms.py b/src/_cffi_src/openssl/cms.py
index a43df5d9..a43df5d9 100644
--- a/src/cryptography/hazmat/bindings/openssl/cms.py
+++ b/src/_cffi_src/openssl/cms.py
diff --git a/src/cryptography/hazmat/bindings/openssl/conf.py b/src/_cffi_src/openssl/conf.py
index cab246f0..cab246f0 100644
--- a/src/cryptography/hazmat/bindings/openssl/conf.py
+++ b/src/_cffi_src/openssl/conf.py
diff --git a/src/cryptography/hazmat/bindings/openssl/crypto.py b/src/_cffi_src/openssl/crypto.py
index 641e95a8..641e95a8 100644
--- a/src/cryptography/hazmat/bindings/openssl/crypto.py
+++ b/src/_cffi_src/openssl/crypto.py
diff --git a/src/cryptography/hazmat/bindings/openssl/dh.py b/src/_cffi_src/openssl/dh.py
index b66e7196..b66e7196 100644
--- a/src/cryptography/hazmat/bindings/openssl/dh.py
+++ b/src/_cffi_src/openssl/dh.py
diff --git a/src/cryptography/hazmat/bindings/openssl/dsa.py b/src/_cffi_src/openssl/dsa.py
index 99a685df..99a685df 100644
--- a/src/cryptography/hazmat/bindings/openssl/dsa.py
+++ b/src/_cffi_src/openssl/dsa.py
diff --git a/src/cryptography/hazmat/bindings/openssl/ec.py b/src/_cffi_src/openssl/ec.py
index c5052d36..c5052d36 100644
--- a/src/cryptography/hazmat/bindings/openssl/ec.py
+++ b/src/_cffi_src/openssl/ec.py
diff --git a/src/cryptography/hazmat/bindings/openssl/ecdh.py b/src/_cffi_src/openssl/ecdh.py
index 6c7e010c..6c7e010c 100644
--- a/src/cryptography/hazmat/bindings/openssl/ecdh.py
+++ b/src/_cffi_src/openssl/ecdh.py
diff --git a/src/cryptography/hazmat/bindings/openssl/ecdsa.py b/src/_cffi_src/openssl/ecdsa.py
index db21025c..db21025c 100644
--- a/src/cryptography/hazmat/bindings/openssl/ecdsa.py
+++ b/src/_cffi_src/openssl/ecdsa.py
diff --git a/src/cryptography/hazmat/bindings/openssl/engine.py b/src/_cffi_src/openssl/engine.py
index 3ebfa6c1..3ebfa6c1 100644
--- a/src/cryptography/hazmat/bindings/openssl/engine.py
+++ b/src/_cffi_src/openssl/engine.py
diff --git a/src/cryptography/hazmat/bindings/openssl/err.py b/src/_cffi_src/openssl/err.py
index 0ee19c9e..0ee19c9e 100644
--- a/src/cryptography/hazmat/bindings/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
diff --git a/src/cryptography/hazmat/bindings/openssl/evp.py b/src/_cffi_src/openssl/evp.py
index 93aa83de..93aa83de 100644
--- a/src/cryptography/hazmat/bindings/openssl/evp.py
+++ b/src/_cffi_src/openssl/evp.py
diff --git a/src/cryptography/hazmat/bindings/openssl/hmac.py b/src/_cffi_src/openssl/hmac.py
index 86bbdfc2..86bbdfc2 100644
--- a/src/cryptography/hazmat/bindings/openssl/hmac.py
+++ b/src/_cffi_src/openssl/hmac.py
diff --git a/src/cryptography/hazmat/bindings/openssl/nid.py b/src/_cffi_src/openssl/nid.py
index c2c0552b..c2c0552b 100644
--- a/src/cryptography/hazmat/bindings/openssl/nid.py
+++ b/src/_cffi_src/openssl/nid.py
diff --git a/src/cryptography/hazmat/bindings/openssl/objects.py b/src/_cffi_src/openssl/objects.py
index 9c480b37..9c480b37 100644
--- a/src/cryptography/hazmat/bindings/openssl/objects.py
+++ b/src/_cffi_src/openssl/objects.py
diff --git a/src/cryptography/hazmat/bindings/openssl/opensslv.py b/src/_cffi_src/openssl/opensslv.py
index e6c5f269..e6c5f269 100644
--- a/src/cryptography/hazmat/bindings/openssl/opensslv.py
+++ b/src/_cffi_src/openssl/opensslv.py
diff --git a/src/cryptography/hazmat/bindings/openssl/osrandom_engine.py b/src/_cffi_src/openssl/osrandom_engine.py
index a8479b07..a8479b07 100644
--- a/src/cryptography/hazmat/bindings/openssl/osrandom_engine.py
+++ b/src/_cffi_src/openssl/osrandom_engine.py
diff --git a/src/cryptography/hazmat/bindings/openssl/pem.py b/src/_cffi_src/openssl/pem.py
index 8ec3fefd..8ec3fefd 100644
--- a/src/cryptography/hazmat/bindings/openssl/pem.py
+++ b/src/_cffi_src/openssl/pem.py
diff --git a/src/cryptography/hazmat/bindings/openssl/pkcs12.py b/src/_cffi_src/openssl/pkcs12.py
index fa7564ac..fa7564ac 100644
--- a/src/cryptography/hazmat/bindings/openssl/pkcs12.py
+++ b/src/_cffi_src/openssl/pkcs12.py
diff --git a/src/cryptography/hazmat/bindings/openssl/pkcs7.py b/src/_cffi_src/openssl/pkcs7.py
index df82afef..df82afef 100644
--- a/src/cryptography/hazmat/bindings/openssl/pkcs7.py
+++ b/src/_cffi_src/openssl/pkcs7.py
diff --git a/src/cryptography/hazmat/bindings/openssl/rand.py b/src/_cffi_src/openssl/rand.py
index 6330482c..6330482c 100644
--- a/src/cryptography/hazmat/bindings/openssl/rand.py
+++ b/src/_cffi_src/openssl/rand.py
diff --git a/src/cryptography/hazmat/bindings/openssl/rsa.py b/src/_cffi_src/openssl/rsa.py
index 8bac7895..8bac7895 100644
--- a/src/cryptography/hazmat/bindings/openssl/rsa.py
+++ b/src/_cffi_src/openssl/rsa.py
diff --git a/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
index 27894712..27894712 100644
--- a/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.c
+++ b/src/_cffi_src/openssl/src/osrandom_engine.c
diff --git a/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.h b/src/_cffi_src/openssl/src/osrandom_engine.h
index 11a3159e..11a3159e 100644
--- a/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.h
+++ b/src/_cffi_src/openssl/src/osrandom_engine.h
diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index fa0aefc8..fa0aefc8 100644
--- a/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 534f5b08..534f5b08 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
diff --git a/src/cryptography/hazmat/bindings/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py
index 02631409..02631409 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
diff --git a/src/cryptography/hazmat/bindings/openssl/x509name.py b/src/_cffi_src/openssl/x509name.py
index be5b3a75..be5b3a75 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509name.py
+++ b/src/_cffi_src/openssl/x509name.py
diff --git a/src/cryptography/hazmat/bindings/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py
index e9bc461a..e9bc461a 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509v3.py
+++ b/src/_cffi_src/openssl/x509v3.py
diff --git a/src/cryptography/hazmat/bindings/utils.py b/src/_cffi_src/utils.py
index 52c6f8b6..b1ad74d4 100644
--- a/src/cryptography/hazmat/bindings/utils.py
+++ b/src/_cffi_src/utils.py
@@ -4,44 +4,12 @@
 
 from __future__ import absolute_import, division, print_function
 
-import binascii
 import sys
-import threading
 
 from cffi import FFI
-from cffi.verifier import Verifier
 
 
-class LazyLibrary(object):
-    def __init__(self, ffi):
-        self._ffi = ffi
-        self._lib = None
-        self._lock = threading.Lock()
-
-    def __getattr__(self, name):
-        if self._lib is None:
-            with self._lock:
-                if self._lib is None:
-                    self._lib = self._ffi.verifier.load_library()
-
-        return getattr(self._lib, name)
-
-
-def load_library_for_binding(ffi, module_prefix, modules):
-    lib = ffi.verifier.load_library()
-
-    for name in modules:
-        module_name = module_prefix + name
-        module = sys.modules[module_name]
-        for condition, names in module.CONDITIONAL_NAMES.items():
-            if not getattr(lib, condition):
-                for name in names:
-                    delattr(lib, name)
-
-    return lib
-
-
-def build_ffi_for_binding(module_prefix, modules, pre_include="",
+def build_ffi_for_binding(module_name, module_prefix, modules, pre_include="",
                           post_include="", libraries=[], extra_compile_args=[],
                           extra_link_args=[]):
     """
@@ -64,9 +32,8 @@ def build_ffi_for_binding(module_prefix, modules, pre_include="",
     macros = []
     customizations = []
     for name in modules:
-        module_name = module_prefix + name
-        __import__(module_name)
-        module = sys.modules[module_name]
+        __import__(module_prefix + name)
+        module = sys.modules[module_prefix + name]
 
         types.append(module.TYPES)
         macros.append(module.MACROS)
@@ -90,6 +57,7 @@ def build_ffi_for_binding(module_prefix, modules, pre_include="",
         customizations
     )
     ffi = build_ffi(
+        module_name,
         cdef_source="\n".join(types + functions + macros),
         verify_source=verify_source,
         libraries=libraries,
@@ -100,47 +68,15 @@ def build_ffi_for_binding(module_prefix, modules, pre_include="",
     return ffi
 
 
-def build_ffi(cdef_source, verify_source, libraries=[], extra_compile_args=[],
-              extra_link_args=[]):
+def build_ffi(module_name, cdef_source, verify_source, libraries=[],
+              extra_compile_args=[], extra_link_args=[]):
     ffi = FFI()
     ffi.cdef(cdef_source)
-
-    ffi.verifier = Verifier(
-        ffi,
+    ffi.set_source(
+        module_name,
         verify_source,
-        tmpdir='',
-        modulename=_create_modulename(cdef_source, verify_source, sys.version),
         libraries=libraries,
-        ext_package="cryptography",
         extra_compile_args=extra_compile_args,
         extra_link_args=extra_link_args,
     )
-
-    ffi.verifier.compile_module = _compile_module
-    ffi.verifier._compile_module = _compile_module
-
     return ffi
-
-
-def _compile_module(*args, **kwargs):
-    raise RuntimeError(
-        "Attempted implicit compile of a cffi module. All cffi modules should "
-        "be pre-compiled at installation time."
-    )
-
-
-def _create_modulename(cdef_sources, source, sys_version):
-    """
-    cffi creates a modulename internally that incorporates the cffi version.
-    This will cause cryptography's wheels to break when the version of cffi
-    the user has does not match what was used when building the wheel. To
-    resolve this we build our own modulename that uses most of the same code
-    from cffi but elides the version key.
-    """
-    key = '\x00'.join([sys_version[:3], source, cdef_sources])
-    key = key.encode('utf-8')
-    k1 = hex(binascii.crc32(key[0::2]) & 0xffffffff)
-    k1 = k1.lstrip('0x').rstrip('L')
-    k2 = hex(binascii.crc32(key[1::2]) & 0xffffffff)
-    k2 = k2.lstrip('0').rstrip('L')
-    return '_Cryptography_cffi_{0}{1}'.format(k1, k2)
diff --git a/src/cryptography/hazmat/bindings/commoncrypto/binding.py b/src/cryptography/hazmat/bindings/commoncrypto/binding.py
index 54c7603d..1695c041 100644
--- a/src/cryptography/hazmat/bindings/commoncrypto/binding.py
+++ b/src/cryptography/hazmat/bindings/commoncrypto/binding.py
@@ -4,54 +4,15 @@
 
 from __future__ import absolute_import, division, print_function
 
-import threading
-
-from cryptography.hazmat.bindings.utils import (
-    build_ffi_for_binding, load_library_for_binding,
-)
+from cryptography.hazmat.bindings._commoncrypto import ffi, lib
 
 
 class Binding(object):
     """
     CommonCrypto API wrapper.
     """
-    _module_prefix = "cryptography.hazmat.bindings.commoncrypto."
-    _modules = [
-        "cf",
-        "common_digest",
-        "common_hmac",
-        "common_key_derivation",
-        "common_cryptor",
-        "common_symmetric_key_wrap",
-        "secimport",
-        "secitem",
-        "seckey",
-        "seckeychain",
-        "sectransform",
-    ]
-
-    ffi = build_ffi_for_binding(
-        module_prefix=_module_prefix,
-        modules=_modules,
-        extra_link_args=[
-            "-framework", "Security", "-framework", "CoreFoundation"
-        ],
-    )
-    lib = None
-    _init_lock = threading.Lock()
+    lib = lib
+    ffi = ffi
 
     def __init__(self):
-        self._ensure_ffi_initialized()
-
-    @classmethod
-    def _ensure_ffi_initialized(cls):
-        if cls.lib is not None:
-            return
-
-        with cls._init_lock:
-            if cls.lib is None:
-                cls.lib = load_library_for_binding(
-                    cls.ffi,
-                    module_prefix=cls._module_prefix,
-                    modules=cls._modules,
-                )
+        pass
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 5ccee974..e0a83972 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -4,128 +4,34 @@
 
 from __future__ import absolute_import, division, print_function
 
-import os
-import sys
 import threading
 
-from cryptography.hazmat.bindings.utils import (
-    build_ffi_for_binding, load_library_for_binding,
-)
-
-
-_OSX_PRE_INCLUDE = """
-#ifdef __APPLE__
-#include <AvailabilityMacros.h>
-#define __ORIG_DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER \
-    DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
-#undef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
-#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
-#endif
-"""
-
-_OSX_POST_INCLUDE = """
-#ifdef __APPLE__
-#undef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
-#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER \
-    __ORIG_DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
-#endif
-"""
-
-
-def _get_libraries(platform):
-    # OpenSSL goes by a different library name on different operating systems.
-    if platform != "win32":
-        # In some circumstances, the order in which these libs are
-        # specified on the linker command-line is significant;
-        # libssl must come before libcrypto
-        # (http://marc.info/?l=openssl-users&m=135361825921871)
-        return ["ssl", "crypto"]
-    else:
-        link_type = os.environ.get("PYCA_WINDOWS_LINK_TYPE", "static")
-        return _get_windows_libraries(link_type)
-
-
-def _get_windows_libraries(link_type):
-    if link_type == "dynamic":
-        return ["libeay32", "ssleay32", "advapi32"]
-    elif link_type == "static" or link_type == "":
-        return ["libeay32mt", "ssleay32mt", "advapi32",
-                "crypt32", "gdi32", "user32", "ws2_32"]
-    else:
-        raise ValueError(
-            "PYCA_WINDOWS_LINK_TYPE must be 'static' or 'dynamic'"
-        )
+from cryptography.hazmat.bindings._openssl import ffi, lib
 
 
 class Binding(object):
     """
     OpenSSL API wrapper.
     """
-    _module_prefix = "cryptography.hazmat.bindings.openssl."
-    _modules = [
-        "aes",
-        "asn1",
-        "bignum",
-        "bio",
-        "cmac",
-        "cms",
-        "conf",
-        "crypto",
-        "dh",
-        "dsa",
-        "ec",
-        "ecdh",
-        "ecdsa",
-        "engine",
-        "err",
-        "evp",
-        "hmac",
-        "nid",
-        "objects",
-        "opensslv",
-        "osrandom_engine",
-        "pem",
-        "pkcs7",
-        "pkcs12",
-        "rand",
-        "rsa",
-        "ssl",
-        "x509",
-        "x509name",
-        "x509v3",
-        "x509_vfy"
-    ]
-
+    lib = lib
+    ffi = ffi
+    _lib_loaded = False
     _locks = None
     _lock_cb_handle = None
     _init_lock = threading.Lock()
     _lock_init_lock = threading.Lock()
 
-    ffi = build_ffi_for_binding(
-        module_prefix=_module_prefix,
-        modules=_modules,
-        pre_include=_OSX_PRE_INCLUDE,
-        post_include=_OSX_POST_INCLUDE,
-        libraries=_get_libraries(sys.platform)
-    )
-    lib = None
-
     def __init__(self):
         self._ensure_ffi_initialized()
 
     @classmethod
     def _ensure_ffi_initialized(cls):
-        if cls.lib is not None:
+        if cls._lib_loaded:
             return
 
         with cls._init_lock:
-            if cls.lib is None:
-                cls.lib = load_library_for_binding(
-                    cls.ffi,
-                    cls._module_prefix,
-                    cls._modules,
-                )
-
+            if not cls._lib_loaded:
+                cls._lib_loaded = True
                 res = cls.lib.Cryptography_add_osrandom_engine()
                 assert res != 0
 
diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py
index bf85bde1..5a682ca9 100644
--- a/src/cryptography/hazmat/primitives/constant_time.py
+++ b/src/cryptography/hazmat/primitives/constant_time.py
@@ -5,20 +5,8 @@
 from __future__ import absolute_import, division, print_function
 
 import hmac
-import os
 
-from cryptography.hazmat.bindings.utils import LazyLibrary, build_ffi
-
-
-with open(os.path.join(os.path.dirname(__file__), "src/constant_time.h")) as f:
-    TYPES = f.read()
-
-with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f:
-    FUNCTIONS = f.read()
-
-
-_ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS)
-_lib = LazyLibrary(_ffi)
+from cryptography.hazmat.bindings._constant_time import lib
 
 
 if hasattr(hmac, "compare_digest"):
@@ -33,6 +21,6 @@ else:
         if not isinstance(a, bytes) or not isinstance(b, bytes):
             raise TypeError("a and b must be bytes.")
 
-        return _lib.Cryptography_constant_time_bytes_eq(
+        return lib.Cryptography_constant_time_bytes_eq(
             a, len(a), b, len(b)
         ) == 1
diff --git a/src/cryptography/hazmat/primitives/padding.py b/src/cryptography/hazmat/primitives/padding.py
index 6247f7b5..f6491eb7 100644
--- a/src/cryptography/hazmat/primitives/padding.py
+++ b/src/cryptography/hazmat/primitives/padding.py
@@ -6,24 +6,11 @@ from __future__ import absolute_import, division, print_function
 
 import abc
 
-import os
-
 import six
 
 from cryptography import utils
 from cryptography.exceptions import AlreadyFinalized
-from cryptography.hazmat.bindings.utils import LazyLibrary, build_ffi
-
-
-with open(os.path.join(os.path.dirname(__file__), "src/padding.h")) as f:
-    TYPES = f.read()
-
-with open(os.path.join(os.path.dirname(__file__), "src/padding.c")) as f:
-    FUNCTIONS = f.read()
-
-
-_ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS)
-_lib = LazyLibrary(_ffi)
+from cryptography.hazmat.bindings._padding import lib
 
 
 @six.add_metaclass(abc.ABCMeta)
@@ -124,7 +111,7 @@ class _PKCS7UnpaddingContext(object):
         if len(self._buffer) != self.block_size // 8:
             raise ValueError("Invalid padding bytes.")
 
-        valid = _lib.Cryptography_check_pkcs7_padding(
+        valid = lib.Cryptography_check_pkcs7_padding(
             self._buffer, self.block_size // 8
         )