Check for BoringSSL in the bignum bindings

alex · alex · commit e74b5f9240a5 · 2021-11-05T23:59:03.000-04:00
diff --git a/src/_cffi_src/openssl/bignum.py b/src/_cffi_src/openssl/bignum.py
@@ -8,6 +8,8 @@
 """
 
 TYPES = """
+static const long Cryptography_HAS_BN_FLAGS;
+
 typedef ... BN_CTX;
 typedef ... BN_MONT_CTX;
 typedef ... BIGNUM;
@@ -81,4 +83,13 @@
 """
 
 CUSTOMIZATIONS = """
+#if CRYPTOGRAPHY_IS_BORINGSSL
+static const long Cryptography_HAS_BN_FLAGS = 0;
+
+static const int BN_FLG_CONSTTIME = 0;
+void (*BN_set_flags)(BIGNUM *, int) = NULL;
+int (*BN_prime_checks_for_size)(int) = NULL;
+#else
+static const long Cryptography_HAS_BN_FLAGS = 1;
+#endif
 """
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -279,6 +279,15 @@ def cryptography_has_pkcs7_funcs():
         "PKCS7_get0_signers",
     ]
 
+
+def cryptography_has_bn_flags():
+    return [
+        "BN_FLG_CONSTTIME",
+        "BN_set_flags",
+        "BN_prime_checks_for_size",
+    ]
+
+
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
 # loop over them and delete unsupported names at runtime. It will be removed
@@ -333,4 +342,5 @@ def cryptography_has_pkcs7_funcs():
     "Cryptography_HAS_300_FIPS": cryptography_has_300_fips,
     "Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie,
     "Cryptography_HAS_PKCS7_FUNCS": cryptography_has_pkcs7_funcs,
+    "Cryptography_HAS_BN_FLAGS": cryptography_has_bn_flags,
 }
