review comments

src/cryptography/hazmat/bindings/openssl/binding.py

@@ -37,17 +37,6 @@ def _openssl_assert(
         )
 
 
-def _legacy_provider_error(loaded: bool) -> None:
-    if not loaded:
-        raise RuntimeError(
-            "OpenSSL 3.0's legacy provider failed to load. This is a fatal "
-            "error by default, but cryptography supports running without "
-            "legacy algorithms by setting the environment variable "
-            "CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error,"
-            " you have likely made a mistake with your OpenSSL configuration."
-        )
-
-
 def build_conditional_library(
     lib: typing.Any,
     conditional_names: dict[str, typing.Callable[[], list[str]]],

src/rust/src/lib.rs

@@ -23,20 +23,9 @@ mod x509;
 #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
 #[pyo3::prelude::pyclass(frozen, module = "cryptography.hazmat.bindings._rust")]
 struct LoadedProviders {
-    _default: Option<provider::Provider>,
     legacy: Option<provider::Provider>,
 }
 
-#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
-impl LoadedProviders {
-    fn new(
-        _default: Option<provider::Provider>,
-        legacy: Option<provider::Provider>,
-    ) -> LoadedProviders {
-        LoadedProviders { _default, legacy }
-    }
-}
-
 #[pyo3::prelude::pyfunction]
 fn openssl_version() -> i64 {
     openssl::version::number()
@@ -57,14 +46,14 @@ fn _initialize_legacy_provider() -> CryptographyResult<LoadedProviders> {
     let load_legacy = env::var("CRYPTOGRAPHY_OPENSSL_NO_LEGACY")
         .map(|v| v.is_empty() || v == "0")
         .unwrap_or(true);
-    if load_legacy {
-        let legacy = provider::Provider::load(None, "legacy");
-        _legacy_provider_error(legacy.is_ok())?;
-        let default = provider::Provider::load(None, "default")?;
-        Ok(LoadedProviders::new(Some(default), Some(legacy?)))
+    let legacy= if load_legacy {
+        let legacy_result = provider::Provider::try_load(None, "legacy", true);
+        _legacy_provider_error(legacy_result.is_ok())?;
+        Some(legacy_result?)
     } else {
-        Ok(LoadedProviders::new(None, None))
-    }
+        None
+    };
+    Ok(LoadedProviders { legacy })
 }
 
 fn _legacy_provider_error(success: bool) -> pyo3::PyResult<()> {
@@ -106,7 +95,6 @@ fn _rust(py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()>
     cfg_if::cfg_if! {
         if #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] {
             let providers = _initialize_legacy_provider()?;
-            m.add_class::<LoadedProviders>()?;
             if providers.legacy.is_some() {
                 openssl_mod.add("_legacy_provider_loaded", true)?;
                 openssl_mod.add("_providers", providers)?;

tests/hazmat/bindings/test_openssl.py

@@ -8,7 +8,6 @@
 from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.bindings.openssl.binding import (
     Binding,
-    _legacy_provider_error,
     _openssl_assert,
     _verify_package_version,
 )
@@ -84,12 +83,6 @@ def test_version_mismatch(self):
         with pytest.raises(ImportError):
             _verify_package_version("nottherightversion")
 
-    def test_legacy_provider_error(self):
-        with pytest.raises(RuntimeError):
-            _legacy_provider_error(False)
-
-        _legacy_provider_error(True)
-
     def test_rust_internal_error(self):
         with pytest.raises(InternalError) as exc_info:
             rust_openssl.raise_openssl_error()