From 25905566118da4264001350525fec7dc2fbbfa94 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 26 Dec 2017 11:36:40 -0500
Subject: Fixed #4006 -- bind functions for dealing with sigalgs (#4063)

* Fixed #4006 -- bind functions for dealing with sigalgs

* oops
---
 src/_cffi_src/openssl/ssl.py                             | 15 +++++++++++++++
 src/cryptography/hazmat/bindings/openssl/_conditional.py |  8 ++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 7f9eff05..fdee30dd 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -27,6 +27,7 @@ static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE;
 static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
 static const long Cryptography_HAS_DTLS;
 static const long Cryptography_HAS_GENERIC_DTLS_METHOD;
+static const long Cryptography_HAS_SIGALGS;
 
 /* Internally invented symbol to tell us if SNI is supported */
 static const long Cryptography_HAS_TLSEXT_HOSTNAME;
@@ -186,6 +187,9 @@ int SSL_use_PrivateKey_ASN1(int, SSL *, const unsigned char *, long);
 int SSL_use_PrivateKey_file(SSL *, const char *, int);
 int SSL_check_private_key(const SSL *);
 
+int SSL_get_sigalgs(SSL *, int, int *, int *, int *, unsigned char *,
+                    unsigned char *);
+
 Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *);
 Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *);
 
@@ -233,6 +237,8 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *);
 void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int));
 void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int);
 
+long SSL_CTX_set1_sigalgs_list(SSL_CTX *, const char *);
+
 /*  SSL_SESSION */
 void SSL_SESSION_free(SSL_SESSION *);
 
@@ -623,4 +629,13 @@ long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec,
 
     return r;
 }
+
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+static const long Cryptography_HAS_SIGALGS = 0;
+const int (*SSL_get_sigalgs)(SSL *, int, int *, int *, int *, unsigned char *,
+                             unsigned char *) = NULL;
+const long (*SSL_CTX_set1_sigalgs_list)(SSL_CTX *, const char *) = NULL;
+#else
+static const long Cryptography_HAS_SIGALGS = 1;
+#endif
 """
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index 866cf4a6..8bc74c97 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -250,6 +250,13 @@ def cryptography_has_fips():
     ]
 
 
+def cryptography_has_ssl_sigalgs():
+    return [
+        "SSL_CTX_set1_sigalgs_list",
+        "SSL_get_sigalgs",
+    ]
+
+
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
 # loop over them and delete unsupported names at runtime. It will be removed
@@ -300,4 +307,5 @@ CONDITIONAL_NAMES = {
         cryptography_has_evp_pkey_get_set_tls_encodedpoint
     ),
     "Cryptography_HAS_FIPS": cryptography_has_fips,
+    "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,
 }
-- 
cgit v1.2.3