Check for BoringSSL in the EVP bindings

alex · alex · commit cace4bc0a60e · 2021-11-05T23:14:49.000-04:00
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
@@ -37,6 +37,7 @@
 static const long Cryptography_HAS_RAW_KEY;
 static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF;
 static const long Cryptography_HAS_300_FIPS;
+static const long Cryptography_HAS_EVP_PKEY_DH;
 """
 
 FUNCTIONS = """
@@ -280,4 +281,11 @@
 int (*EVP_default_properties_is_fips_enabled)(OSSL_LIB_CTX *) = NULL;
 int (*EVP_default_properties_enable_fips)(OSSL_LIB_CTX *, int) = NULL;
 #endif
+
+#if CRYPTOGRAPHY_IS_BORINGSSL
+static const long Cryptography_HAS_EVP_PKEY_DH = 0;
+int (*EVP_PKEY_set1_DH)(EVP_PKEY *, DH *) = NULL;
+#else
+static const long Cryptography_HAS_EVP_PKEY_DH = 1;
+#endif
 """
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -293,6 +293,12 @@ def cryptography_has_bn_flags():
         "BN_prime_checks_for_size",
     ]
 
+def cryptography_has_evp_pkey_dh():
+    return [
+        "EVP_PKEY_set1_DH",
+    ]
+
+
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
 # loop over them and delete unsupported names at runtime. It will be removed
@@ -349,4 +355,5 @@ def cryptography_has_bn_flags():
     "Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie,
     "Cryptography_HAS_PKCS7_FUNCS": cryptography_has_pkcs7_funcs,
     "Cryptography_HAS_BN_FLAGS": cryptography_has_bn_flags,
+    "Cryptography_HAS_EVP_PKEY_DH": cryptography_has_evp_pkey_dh,
 }
