From b29e77de1baa344877c681ba91ca38ae58af47ce Mon Sep 17 00:00:00 2001
From: Quentin Retourne <32574188+nitneuqr@users.noreply.github.com>
Date: Sun, 29 Dec 2024 18:49:10 +0100
Subject: [PATCH] passed content encryption algo locally

adapted rust code accordingly
---
 src/cryptography/hazmat/bindings/_rust/pkcs7.pyi          | 1 +
 src/cryptography/hazmat/primitives/serialization/pkcs7.py | 6 ++++--
 src/rust/src/pkcs7.rs                                     | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi b/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi
index f9aa81ea0caf..051e90bad050 100644
--- a/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi
+++ b/src/cryptography/hazmat/bindings/_rust/pkcs7.pyi
@@ -15,6 +15,7 @@ def serialize_certificates(
 ) -> bytes: ...
 def encrypt_and_serialize(
     builder: pkcs7.PKCS7EnvelopeBuilder,
+    content_encryption_algorithm: pkcs7.ContentEncryptionAlgorithm,
     encoding: serialization.Encoding,
     options: typing.Iterable[pkcs7.PKCS7Options],
 ) -> bytes: ...
diff --git a/src/cryptography/hazmat/primitives/serialization/pkcs7.py b/src/cryptography/hazmat/primitives/serialization/pkcs7.py
index ea3927083bb5..c3818724c0c9 100644
--- a/src/cryptography/hazmat/primitives/serialization/pkcs7.py
+++ b/src/cryptography/hazmat/primitives/serialization/pkcs7.py
@@ -267,7 +267,7 @@ def encrypt(
 
         # The default content encryption algorithm is AES-128, which the S/MIME
         # v3.2 RFC specifies as MUST support (https://datatracker.ietf.org/doc/html/rfc5751#section-2.7)
-        self._content_encryption_algorithm = (
+        content_encryption_algorithm = (
             self._content_encryption_algorithm or algorithms.AES128
         )
 
@@ -299,7 +299,9 @@ def encrypt(
                 "Cannot use Binary and Text options at the same time"
             )
 
-        return rust_pkcs7.encrypt_and_serialize(self, encoding, options)
+        return rust_pkcs7.encrypt_and_serialize(
+            self, content_encryption_algorithm, encoding, options
+        )
 
 
 pkcs7_decrypt_der = rust_pkcs7.decrypt_der
diff --git a/src/rust/src/pkcs7.rs b/src/rust/src/pkcs7.rs
index 19d13a2e7555..d9f5ba18a26e 100644
--- a/src/rust/src/pkcs7.rs
+++ b/src/rust/src/pkcs7.rs
@@ -84,6 +84,7 @@ fn serialize_certificates<'p>(
 fn encrypt_and_serialize<'p>(
     py: pyo3::Python<'p>,
     builder: &pyo3::Bound<'p, pyo3::PyAny>,
+    content_encryption_algorithm: &pyo3::Bound<'p, pyo3::PyAny>,
     encoding: &pyo3::Bound<'p, pyo3::PyAny>,
     options: &pyo3::Bound<'p, pyo3::types::PyList>,
 ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
@@ -96,8 +97,7 @@ fn encrypt_and_serialize<'p>(
     };
 
     // Get the content encryption algorithm
-    let content_encryption_algorithm_type =
-        builder.getattr(pyo3::intern!(py, "_content_encryption_algorithm"))?;
+    let content_encryption_algorithm_type = content_encryption_algorithm;
     let key_size = content_encryption_algorithm_type.getattr(pyo3::intern!(py, "key_size"))?;
     let key = types::OS_URANDOM
         .get(py)?