Centralize checks for whether scrypt is available (#10376)

pyca · Feb 11, 2024 · e179d30 · e179d30
1 parent 8b521e0
commit e179d30
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 8 deletions.
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
@@ -30,7 +30,6 @@
 static const int EVP_CTRL_AEAD_GET_TAG;
 static const int EVP_CTRL_AEAD_SET_TAG;
 
-static const int Cryptography_HAS_SCRYPT;
 static const int Cryptography_HAS_EVP_PKEY_DHX;
 static const long Cryptography_HAS_300_FIPS;
 static const long Cryptography_HAS_300_EVP_CIPHER;
@@ -94,12 +93,6 @@
 const long Cryptography_HAS_EVP_PKEY_DHX = 0;
 #endif
 
-#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_SCRYPT)
-static const long Cryptography_HAS_SCRYPT = 0;
-#else
-static const long Cryptography_HAS_SCRYPT = 1;
-#endif
-
 /* This is tied to X448 support so we reuse the Cryptography_HAS_X448
    conditional to remove it. OpenSSL 1.1.1 adds this define.  We can remove
    this in the distant future when we drop 1.1.0 support. */

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -194,7 +194,7 @@ def scrypt_supported(self) -> bool:
         if self._fips_enabled:
             return False
         else:
-            return self._lib.Cryptography_HAS_SCRYPT == 1
+            return hasattr(rust_openssl.kdf, "derive_scrypt")
 
     def hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
         # FIPS mode still allows SHA1 for HMAC