From 4fd64892c777a30816c24bf2926ba210b442c86b Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 18 Jul 2017 11:54:29 -0400 Subject: [pkg] cover corner case with scrypt path there is a combination that was failing, with a recent-enough version of cryptography coming from jessie-backports (>1.0), but still being linked to openssl 1.0 which does not have a usable scrypt backend. with this commit we fallback on doing scrypt using python's scrypt package. --- src/leap/soledad/client/_scrypt.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'src/leap/soledad') diff --git a/src/leap/soledad/client/_scrypt.py b/src/leap/soledad/client/_scrypt.py index 03dcab40..674fabd7 100644 --- a/src/leap/soledad/client/_scrypt.py +++ b/src/leap/soledad/client/_scrypt.py @@ -18,18 +18,26 @@ try: from cryptography.hazmat.backends.interfaces import ScryptBackend from cryptography.hazmat.backends import default_backend + from cryptography.exceptions import UnsupportedAlgorithm backend = default_backend() OPENSSL_HAS_SCRYPT = isinstance(backend, ScryptBackend) except ImportError: OPENSSL_HAS_SCRYPT = False +def _fallback_hash(secret, salt, buflen=32): + import scrypt + return scrypt.hash(secret, salt, buflen=buflen) + if OPENSSL_HAS_SCRYPT: from cryptography.hazmat.primitives.kdf.scrypt import Scrypt def hash(secret, salt, buflen=32): - return Scrypt(salt, buflen, 16384, 8, 1, backend).derive(secret) -else: - import scrypt + try: + _hash = Scrypt( + salt, buflen, 16384, 8, 1, backend).derive(secret) + except UnsupportedAlgorithm: + _hash = _fallback_hash(secret, salt, buflen) + return _hash - def hash(secret, salt, buflen=32): - return scrypt.hash(secret, salt, buflen=buflen) +else: + hash = _fallback_hash -- cgit v1.2.3