Check for BoringSSL in the pkcs7 bindings

alex · alex · commit b3e20a16b01f · 2021-11-05T23:59:03.000-04:00
diff --git a/src/_cffi_src/openssl/pkcs7.py b/src/_cffi_src/openssl/pkcs7.py
@@ -8,6 +8,8 @@
 """
 
 TYPES = """
+static const long Cryptography_HAS_PKCS7_FUNCS;
+
 typedef struct {
     Cryptography_STACK_OF_X509 *cert;
     Cryptography_STACK_OF_X509_CRL *crl;
@@ -80,4 +82,22 @@
 int PKCS7_type_is_data(PKCS7 *);
 """
 
-CUSTOMIZATIONS = ""
+CUSTOMIZATIONS = """
+#if CRYPTOGRAPHY_IS_BORINGSSL
+static const long Cryptography_HAS_PKCS7_FUNCS = 0;
+
+int (*SMIME_write_PKCS7)(BIO *, PKCS7 *, BIO *, int) = NULL;
+int (*PEM_write_bio_PKCS7_stream)(BIO *, PKCS7 *, BIO *, int) = NULL;
+PKCS7_SIGNER_INFO *(*PKCS7_sign_add_signer)(PKCS7 *, X509 *, EVP_PKEY *,
+                                            const EVP_MD *, int) = NULL;
+int (*PKCS7_final)(PKCS7 *, BIO *, int);
+int (*PKCS7_verify)(PKCS7 *, Cryptography_STACK_OF_X509 *, X509_STORE *, BIO *,
+                    BIO *, int) = NULL;
+PKCS7 *(*SMIME_read_PKCS7)(BIO *, BIO **) = NULL;
+Cryptography_STACK_OF_X509 *(*PKCS7_get0_signers)(PKCS7 *,
+                                                  Cryptography_STACK_OF_X509 *,
+                                                  int) = NULL;
+#else
+static const long Cryptography_HAS_PKCS7_FUNCS = 1;
+#endif
+"""
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -268,6 +268,17 @@ def cryptography_has_ssl_cookie():
     ]
 
 
+def cryptography_has_pkcs7_funcs():
+    return [
+        "SMIME_write_PKCS7",
+        "PEM_write_bio_PKCS7_stream",
+        "PKCS7_sign_add_signer",
+        "PKCS7_final",
+        "PKCS7_verify",
+        "SMIME_read_PKCS7",
+        "PKCS7_get0_signers",
+    ]
+
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
 # loop over them and delete unsupported names at runtime. It will be removed
@@ -321,4 +332,5 @@ def cryptography_has_ssl_cookie():
     "Cryptography_HAS_DTLS_GET_DATA_MTU": cryptography_has_dtls_get_data_mtu,
     "Cryptography_HAS_300_FIPS": cryptography_has_300_fips,
     "Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie,
+    "Cryptography_HAS_PKCS7_FUNCS": cryptography_has_pkcs7_funcs,
 }
