passed content encryption algo locally

adapted rust code accordingly
pyca · Dec 29, 2024 · b29e77d · b29e77d
1 parent 6b9f59e
commit b29e77d
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi b/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi
@@ -15,6 +15,7 @@ def serialize_certificates(
 ) -> bytes: ...
 def encrypt_and_serialize(
     builder: pkcs7.PKCS7EnvelopeBuilder,
+    content_encryption_algorithm: pkcs7.ContentEncryptionAlgorithm,
     encoding: serialization.Encoding,
     options: typing.Iterable[pkcs7.PKCS7Options],
 ) -> bytes: ...

diff --git a/src/cryptography/hazmat/primitives/serialization/pkcs7.py b/src/cryptography/hazmat/primitives/serialization/pkcs7.py
@@ -267,7 +267,7 @@ def encrypt(
 
         # The default content encryption algorithm is AES-128, which the S/MIME
         # v3.2 RFC specifies as MUST support (https://datatracker.ietf.org/doc/html/rfc5751#section-2.7)
-        self._content_encryption_algorithm = (
+        content_encryption_algorithm = (
             self._content_encryption_algorithm or algorithms.AES128
         )
 
@@ -299,7 +299,9 @@ def encrypt(
                 "Cannot use Binary and Text options at the same time"
             )
 
-        return rust_pkcs7.encrypt_and_serialize(self, encoding, options)
+        return rust_pkcs7.encrypt_and_serialize(
+            self, content_encryption_algorithm, encoding, options
+        )
 
 
 pkcs7_decrypt_der = rust_pkcs7.decrypt_der

diff --git a/src/rust/src/pkcs7.rs b/src/rust/src/pkcs7.rs
@@ -84,6 +84,7 @@ fn serialize_certificates<'p>(
 fn encrypt_and_serialize<'p>(
     py: pyo3::Python<'p>,
     builder: &pyo3::Bound<'p, pyo3::PyAny>,
+    content_encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>,
     encoding: &pyo3::Bound<'p, pyo3::PyAny>,
     options: &pyo3::Bound<'p, pyo3::types::PyList>,
 ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
@@ -96,8 +97,7 @@ fn encrypt_and_serialize<'p>(
     };
 
     // Get the content encryption algorithm
-    let content_encryption_algorithm_type =
-        builder.getattr(pyo3::intern!(py, "_content_encryption_algorithm"))?;
+    let content_encryption_algorithm_type = content_encryption_algorithm;
     let key_size = content_encryption_algorithm_type.getattr(pyo3::intern!(py, "key_size"))?;
     let key = types::OS_URANDOM
         .get(py)?