[44.0.x] backports for libressl 4.1.0 support release (#12848)

* FIPS fixes (#12839)

* attempt to fix wycheproof in CI on centos stream9

skip RSA PSS with SHA224

* Update test_rsa.py

* Update backend.py

* fix

* make OpenSSL 3.5 FIPS work

This replaces the rsa_pss_cert.pem with a new one that uses a salt
length matching the digest length (previously it was max length)

* simplify

* comment

* fix

* update with new wycheproof

---------

Co-authored-by: Alex Gaynor <[email protected]>

* chore(deps): bump openssl-sys from 0.9.107 to 0.9.108 (#12832)

Bumps [openssl-sys](https://github.com/sfackler/rust-openssl) from 0.9.107 to 0.9.108.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-sys-v0.9.107...openssl-sys-v0.9.108)

---
updated-dependencies:
- dependency-name: openssl-sys
  dependency-version: 0.9.108
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* test on libressl 4.1.0 (#12845)

* 44.0.3 release

* Make wycheproof x25519 and x448 tests more flexible (#12676)

* Update test_x448.py

* Update test_x25519.py

* Update test_x25519.py

* Update test_x448.py

* fix mitmproxy downstream tests (#12776)

* clippy nightly fixes

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Paul Kehrer <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: 3 people

.github/actions/fetch-vectors/action.yml

@@ -9,8 +9,8 @@ runs:
       with:
         repository: "C2SP/wycheproof"
         path: "wycheproof"
-        # Latest commit on the wycheproof master branch, as of Apr 09, 2024.
-        ref: "cd27d6419bedd83cbd24611ec54b6d4bfdb0cdca" # wycheproof-ref
+        # Latest commit on the wycheproof master branch, as of May 02, 2025.
+        ref: "df4e933efef449fc88af0c06e028d425d84a9495" # wycheproof-ref
 
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:

.github/downstream.d/mitmproxy.sh

@@ -2,10 +2,11 @@
 
 case "${1}" in
     install)
+        pip install uv
         git clone --depth=1 https://github.com/mitmproxy/mitmproxy
         cd mitmproxy
         git rev-parse HEAD
-        pip install -e ".[dev]"
+        uv pip install --system --group dev -e .
         ;;
     run)
         cd mitmproxy

.github/workflows/ci.yml

@@ -42,9 +42,11 @@ jobs:
           - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.2.3", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "1"}}
           - {VERSION: "3.12", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.1.7"}}
           - {VERSION: "3.12", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.2.3"}}
+          - {VERSION: "3.12", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.5.0"}}
           - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.4.0"}}
           - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "3.9.2"}}
           - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.0.0"}}
+          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.1.0"}}
           - {VERSION: "3.12", NOXSESSION: "tests-randomorder"}
           # Latest commit on the BoringSSL master branch, as of Nov 27, 2024.
           - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "fcef13a49852397a0d39c00be8d7bc2ba1ab6fb9"}}

CHANGELOG.rst

@@ -1,6 +1,13 @@
 Changelog
 =========
 
+.. _v44-0-3:
+
+44.0.3 - 2025-05-02
+~~~~~~~~~~~~~~~~~~~
+
+* Fixed compilation when using LibreSSL 4.1.0.
+
 .. _v44-0-2:
 
 44.0.2 - 2025-03-01

Cargo.lock

@@ -21,6 +21,8 @@ rust-version = "1.65.0"
 [workspace.dependencies]
 asn1 = { version = "0.20.0", default-features = false }
 pyo3 = { version = "0.23.5", features = ["abi3"] }
+openssl = "0.10.72"
+openssl-sys = "0.9.108"
 
 [profile.release]
 overflow-checks = true

Cargo.toml

@@ -14,7 +14,7 @@ build-backend = "maturin"
 
 [project]
 name = "cryptography"
-version = "44.0.2"
+version = "44.0.3"
 authors = [
     {name = "The Python Cryptographic Authority and individual contributors", email = "[email protected]"}
 ]
@@ -65,7 +65,7 @@ ssh = ["bcrypt >=3.1.5"]
 # All the following are used for our own testing.
 nox = ["nox >=2024.04.15", "nox[uv] >=2024.03.02; python_version >= '3.8'"]
 test = [
-    "cryptography_vectors==44.0.2",
+    "cryptography_vectors==44.0.3",
     "pytest >=7.4.0",
     "pytest-benchmark >=4.0",
     "pytest-cov >=2.10.1",

pyproject.toml

@@ -10,7 +10,7 @@
     "__version__",
 ]
 
-__version__ = "44.0.2"
+__version__ = "44.0.3"
 
 
 __author__ = "The Python Cryptographic Authority and individual contributors"

src/cryptography/__about__.py

@@ -169,14 +169,17 @@ def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool:
         if isinstance(padding, PKCS1v15):
             return True
         elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1):
-            # SHA1 is permissible in MGF1 in FIPS even when SHA1 is blocked
-            # as signature algorithm.
-            if self._fips_enabled and isinstance(
-                padding._mgf._algorithm, hashes.SHA1
+            # FIPS 186-4 only allows salt length == digest length for PSS
+            # It is technically acceptable to set an explicit salt length
+            # equal to the digest length and this will incorrectly fail, but
+            # since we don't do that in the tests and this method is
+            # private, we'll ignore that until we need to do otherwise.
+            if (
+                self._fips_enabled
+                and padding._salt_length != PSS.DIGEST_LENGTH
             ):
-                return True
-            else:
-                return self.hash_supported(padding._mgf._algorithm)
+                return False
+            return self.hash_supported(padding._mgf._algorithm)
         elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1):
             return self._oaep_hash_supported(
                 padding._mgf._algorithm

src/cryptography/hazmat/backends/openssl/backend.py

@@ -71,7 +71,7 @@ fn main() {
     // This is because we don't want a potentially random build path to end up in the binary because
     // CFFI generated code uses the __FILE__ macro in its debug messages.
     if let Some(out_dir_str) = Path::new(&out_dir).to_str() {
-        build.flag_if_supported(format!("-fmacro-prefix-map={}=.", out_dir_str).as_str());
+        build.flag_if_supported(format!("-fmacro-prefix-map={out_dir_str}").as_str());
     }
 
     for python_include in env::split_paths(&python_includes) {