diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index a8e55a3bf253..209fbeb73a8f 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -37,17 +37,6 @@ def _openssl_assert( ) -def _legacy_provider_error(loaded: bool) -> None: - if not loaded: - raise RuntimeError( - "OpenSSL 3.0's legacy provider failed to load. This is a fatal " - "error by default, but cryptography supports running without " - "legacy algorithms by setting the environment variable " - "CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error," - " you have likely made a mistake with your OpenSSL configuration." - ) - - def build_conditional_library( lib: typing.Any, conditional_names: dict[str, typing.Callable[[], list[str]]], diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs index 29a52c196e6a..193492cfcb5d 100644 --- a/src/rust/src/lib.rs +++ b/src/rust/src/lib.rs @@ -23,20 +23,9 @@ mod x509; #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] #[pyo3::prelude::pyclass(frozen, module = "cryptography.hazmat.bindings._rust")] struct LoadedProviders { - _default: Option, legacy: Option, } -#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] -impl LoadedProviders { - fn new( - _default: Option, - legacy: Option, - ) -> LoadedProviders { - LoadedProviders { _default, legacy } - } -} - #[pyo3::prelude::pyfunction] fn openssl_version() -> i64 { openssl::version::number() @@ -57,14 +46,14 @@ fn _initialize_legacy_provider() -> CryptographyResult { let load_legacy = env::var("CRYPTOGRAPHY_OPENSSL_NO_LEGACY") .map(|v| v.is_empty() || v == "0") .unwrap_or(true); - if load_legacy { - let legacy = provider::Provider::load(None, "legacy"); - _legacy_provider_error(legacy.is_ok())?; - let default = provider::Provider::load(None, "default")?; - Ok(LoadedProviders::new(Some(default), Some(legacy?))) + let legacy= if load_legacy { + let legacy_result = provider::Provider::try_load(None, "legacy", true); + _legacy_provider_error(legacy_result.is_ok())?; + Some(legacy_result?) } else { - Ok(LoadedProviders::new(None, None)) - } + None + }; + Ok(LoadedProviders { legacy }) } fn _legacy_provider_error(success: bool) -> pyo3::PyResult<()> { @@ -106,7 +95,6 @@ fn _rust(py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()> cfg_if::cfg_if! { if #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)] { let providers = _initialize_legacy_provider()?; - m.add_class::()?; if providers.legacy.is_some() { openssl_mod.add("_legacy_provider_loaded", true)?; openssl_mod.add("_providers", providers)?; diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 64c3cfdec05c..ef45b304b4ef 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -8,7 +8,6 @@ from cryptography.hazmat.bindings._rust import openssl as rust_openssl from cryptography.hazmat.bindings.openssl.binding import ( Binding, - _legacy_provider_error, _openssl_assert, _verify_package_version, ) @@ -84,12 +83,6 @@ def test_version_mismatch(self): with pytest.raises(ImportError): _verify_package_version("nottherightversion") - def test_legacy_provider_error(self): - with pytest.raises(RuntimeError): - _legacy_provider_error(False) - - _legacy_provider_error(True) - def test_rust_internal_error(self): with pytest.raises(InternalError) as exc_info: rust_openssl.raise_openssl_error()