From 0bff70878b602b00d6b88a935fc8752bd4fa031c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 30 Apr 2025 07:15:18 -0400 Subject: [PATCH 1/9] attempt to fix wycheproof in CI on centos stream9 skip RSA PSS with SHA224 --- tests/wycheproof/test_rsa.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index d3b26a2ab3ba..2dfb8d61afb2 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -138,8 +138,10 @@ def test_rsa_pkcs1v15_signature_generation(backend, wycheproof): ) def test_rsa_pss_signature(backend, wycheproof): digest = _DIGESTS[wycheproof.testgroup["sha"]] - if backend._fips_enabled and isinstance(digest, hashes.SHA1): - pytest.skip("Invalid params for FIPS. SHA1 is disallowed") + if backend._fips_enabled and isinstance( + digest, (hashes.SHA1, hashes.SHA224) + ): + pytest.skip("Invalid params for FIPS. SHA1 and SHA224 are disallowed") key = wycheproof.cache_value_to_group( "cached_key", From 2d5adea166d5d56a90eb20ab4d436cdb1d65ceb9 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 30 Apr 2025 07:21:10 -0400 Subject: [PATCH 2/9] Update test_rsa.py --- tests/wycheproof/test_rsa.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index 2dfb8d61afb2..802aa29d61e7 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -138,10 +138,11 @@ def test_rsa_pkcs1v15_signature_generation(backend, wycheproof): ) def test_rsa_pss_signature(backend, wycheproof): digest = _DIGESTS[wycheproof.testgroup["sha"]] - if backend._fips_enabled and isinstance( - digest, (hashes.SHA1, hashes.SHA224) + mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] + if backend._fips_enabled and ( + isinstance(digest, hashes.SHA1) or isinstance(mgf_digest, hashes.SHA1) ): - pytest.skip("Invalid params for FIPS. SHA1 and SHA224 are disallowed") + pytest.skip("Invalid params for FIPS. SHA1 is disallowed") key = wycheproof.cache_value_to_group( "cached_key", @@ -150,7 +151,6 @@ def test_rsa_pss_signature(backend, wycheproof): ), ) assert isinstance(key, rsa.RSAPublicKey) - mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] if digest is None or mgf_digest is None: pytest.skip( From 2838ddf495ded3ee4a5775e943ddcb1980fadccb Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 30 Apr 2025 07:28:19 -0400 Subject: [PATCH 3/9] Update backend.py --- src/cryptography/hazmat/backends/openssl/backend.py | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index dbfbcac648ff..9cf567b5270b 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -181,14 +181,7 @@ def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool: if isinstance(padding, PKCS1v15): return True elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1): - # SHA1 is permissible in MGF1 in FIPS even when SHA1 is blocked - # as signature algorithm. - if self._fips_enabled and isinstance( - padding._mgf._algorithm, hashes.SHA1 - ): - return True - else: - return self.hash_supported(padding._mgf._algorithm) + return self.hash_supported(padding._mgf._algorithm) elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1): return self._oaep_hash_supported( padding._mgf._algorithm From b105409d34e504576f67282e8d10c13afb17f8c6 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 30 Apr 2025 07:34:06 -0400 Subject: [PATCH 4/9] fix --- tests/hazmat/backends/test_openssl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index c0fa216a28d1..2829d17c80ef 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -129,7 +129,7 @@ def test_rsa_padding_supported_pkcs1v15(self): def test_rsa_padding_supported_pss(self): assert ( backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0) + padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) ) is True ) From 58cf20b956ce35291b7b3b097df8923ff83568bd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 1 May 2025 14:43:18 -0500 Subject: [PATCH 5/9] make OpenSSL 3.5 FIPS work This replaces the rsa_pss_cert.pem with a new one that uses a salt length matching the digest length (previously it was max length) --- .github/workflows/ci.yml | 1 + .../hazmat/backends/openssl/backend.py | 6 +++ tests/hazmat/backends/test_openssl.py | 5 ++- tests/hazmat/primitives/test_rsa.py | 17 +++++++-- tests/wycheproof/test_rsa.py | 35 ++++++++++++----- tests/x509/test_x509.py | 16 ++++++-- .../x509/custom/rsa_pss_cert.pem | 38 +++++++++---------- 7 files changed, 80 insertions(+), 38 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7612386e5104..b05a508a31f5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,6 +38,7 @@ jobs: - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.2.4", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "0"}} - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.2.4", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "1"}} - {VERSION: "3.12", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.2.4"}} + - {VERSION: "3.12", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.5.0"}} - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.4.1"}} - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.5.0"}} - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "3.9.2"}} diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 9cf567b5270b..1eb1b69b95a4 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -181,6 +181,12 @@ def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool: if isinstance(padding, PKCS1v15): return True elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1): + # FIPS 186-4 only allows salt length == digest length for PSS + if ( + self._fips_enabled + and padding._salt_length != PSS.DIGEST_LENGTH + ): + return False return self.hash_supported(padding._mgf._algorithm) elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1): return self._oaep_hash_supported( diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 2829d17c80ef..a48dc653f033 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -129,7 +129,10 @@ def test_rsa_padding_supported_pkcs1v15(self): def test_rsa_padding_supported_pss(self): assert ( backend.rsa_padding_supported( - padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=0) + padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), + salt_length=padding.PSS.DIGEST_LENGTH, + ) ) is True ) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 820b9aee503f..73ceaf1e65e3 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -503,16 +503,25 @@ def test_pss_signing(self, subtests, backend): hashes.SHA1(), ) + @pytest.mark.supported( + only_if=lambda backend: backend.rsa_padding_supported( + padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), + salt_length=padding.PSS.MAX_LENGTH, + ) + ), + skip_message="Does not support PSS with these parameters.", + ) @pytest.mark.parametrize( "hash_alg", [hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()], ) - def test_pss_signing_sha2(self, rsa_key_2048, hash_alg, backend): + def test_pss_sha2_max_length(self, rsa_key_2048, hash_alg, backend): _skip_pss_hash_algorithm_unsupported(backend, hash_alg) private_key = rsa_key_2048 public_key = private_key.public_key() pss = padding.PSS( - mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH + mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.DIGEST_LENGTH ) msg = b"testing signature" signature = private_key.sign(msg, pss, hash_alg) @@ -1040,7 +1049,7 @@ def test_pss_verification(self, subtests, backend): salt_length=padding.PSS.AUTO, ) ), - skip_message="Does not support PSS.", + skip_message="Does not support PSS with these parameters.", ) def test_pss_verify_auto_salt_length( self, rsa_key_2048: rsa.RSAPrivateKey, backend @@ -1180,7 +1189,7 @@ def test_invalid_pss_signature_recover( public_key = private_key.public_key() pss_padding = padding.PSS( mgf=padding.MGF1(algorithm=hashes.SHA256()), - salt_length=padding.PSS.MAX_LENGTH, + salt_length=padding.PSS.DIGEST_LENGTH, ) signature = private_key.sign(b"sign me", pss_padding, hashes.SHA256()) diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index 802aa29d61e7..8b56d3487026 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -139,10 +139,23 @@ def test_rsa_pkcs1v15_signature_generation(backend, wycheproof): def test_rsa_pss_signature(backend, wycheproof): digest = _DIGESTS[wycheproof.testgroup["sha"]] mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] + if digest is None or mgf_digest is None: + pytest.skip( + "PSS with digest={} and MGF digest={} not supported".format( + wycheproof.testgroup["sha"], + wycheproof.testgroup["mgfSha"], + ) + ) + salt_length = int(wycheproof.testgroup["sLen"]) if backend._fips_enabled and ( - isinstance(digest, hashes.SHA1) or isinstance(mgf_digest, hashes.SHA1) + isinstance(digest, hashes.SHA1) + or isinstance(mgf_digest, hashes.SHA1) + # FIPS 186-4 only allows salt length == digest length for PSS + or salt_length != mgf_digest.digest_size + # inner MGF1 hash must match outer hash + or wycheproof.testgroup["sha"] != wycheproof.testgroup["mgfSha"] ): - pytest.skip("Invalid params for FIPS. SHA1 is disallowed") + pytest.skip("Invalid params for FIPS") key = wycheproof.cache_value_to_group( "cached_key", @@ -152,14 +165,6 @@ def test_rsa_pss_signature(backend, wycheproof): ) assert isinstance(key, rsa.RSAPublicKey) - if digest is None or mgf_digest is None: - pytest.skip( - "PSS with digest={} and MGF digest={} not supported".format( - wycheproof.testgroup["sha"], - wycheproof.testgroup["mgfSha"], - ) - ) - if wycheproof.valid or wycheproof.acceptable: key.verify( binascii.unhexlify(wycheproof.testcase["sig"]), @@ -204,6 +209,16 @@ def test_rsa_pss_signature(backend, wycheproof): "rsa_oaep_misc_test.json", ) def test_rsa_oaep_encryption(backend, wycheproof): + if ( + backend._fips_enabled + # TODO: Remove this on rebase once wycheproof PR is merged + # and wycheproof.has_flag("SmallIntegerCiphertext") + and wycheproof.testcase["tcId"] in (756, 765, 772) + ): + pytest.skip( + "Small integer ciphertexts are rejected in OpenSSL 3.5 FIPS" + ) + digest = _DIGESTS[wycheproof.testgroup["sha"]] mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]] assert digest is not None diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 8e00d2e15f99..f36373271d36 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -852,7 +852,7 @@ def test_load_cert_pub_key(self, backend): assert isinstance(pss, padding.PSS) assert isinstance(pss._mgf, padding.MGF1) assert isinstance(pss._mgf._algorithm, hashes.SHA256) - assert pss._salt_length == 222 + assert pss._salt_length == 32 assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) pub_key.verify( cert.signature, @@ -2855,6 +2855,11 @@ def test_sign_pss_length_options( computed_len, backend, ): + pss = padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len + ) + if not backend.rsa_padding_supported(pss): + pytest.skip("PSS padding with these parameters not supported") builder = ( x509.CertificateBuilder() .subject_name( @@ -2868,9 +2873,6 @@ def test_sign_pss_length_options( .not_valid_before(datetime.datetime(2020, 1, 1)) .not_valid_after(datetime.datetime(2038, 1, 1)) ) - pss = padding.PSS( - mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len - ) cert = builder.sign(rsa_key_2048, hashes.SHA256(), rsa_padding=pss) assert isinstance(cert.signature_algorithm_parameters, padding.PSS) assert cert.signature_algorithm_parameters._salt_length == computed_len @@ -5290,6 +5292,12 @@ def test_sign_pss_length_options( computed_len, backend, ): + pss = padding.PSS( + mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len + ) + if not backend.rsa_padding_supported(pss): + pytest.skip("PSS padding with these parameters not supported") + builder = x509.CertificateSigningRequestBuilder().subject_name( x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")]) ) diff --git a/vectors/cryptography_vectors/x509/custom/rsa_pss_cert.pem b/vectors/cryptography_vectors/x509/custom/rsa_pss_cert.pem index e0509174c823..906bf43147fb 100644 --- a/vectors/cryptography_vectors/x509/custom/rsa_pss_cert.pem +++ b/vectors/cryptography_vectors/x509/custom/rsa_pss_cert.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDfTCCAjCgAwIBAgIUP4D/5rcT93vdYGPhsKf+hbes/JgwQgYJKoZIhvcNAQEK -MDWgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF -AKIEAgIA3jAaMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wHhcNMjIwNDMwMjAz -MTE4WhcNMzMwNDEyMjAzMTE4WjAaMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8w -ggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEAt1jpboUoNppBVamc+nA+zEjl -jn/gPbRFCvyveRd8Yr0p8y1mlmjKXcQlXcHPVM4TopgFXqDykIHXxJxLV56ysb4K -UGe0nxpmhEso5ZGUgkDIIoH0NAQAsS8rS2ZzNJcLrLGrMY6DRgFsa+G6h2DvMwgl -nsX++a8FIm7Vu+OZnfWpDEuhJU4TRtHVviJSYkFMckyYBB48k1MU+0b4pezHconZ -mMEisBFFbwarNvowf2i/tRESe3myKXfiJsZZ2UzdE3FqycSgw1tx8qV/Z8myozUW -uihIdw8TGbbsJhEeVFxQEP/DVzC6HHDI3EVpr2jPYeIE60hhZwM7jUmQscLerQID -AQABo1MwUTAdBgNVHQ4EFgQUb1QD8QEIQn5DALIAujTDATssNcQwHwYDVR0jBBgw -FoAUb1QD8QEIQn5DALIAujTDATssNcQwDwYDVR0TAQH/BAUwAwEB/zBCBgkqhkiG -9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFl -AwQCAQUAogQCAgDeA4IBAQAvKBXlx07tdmtfhNTPn16dupBIS5344ZE4tfGSE5Ir -iA1X0bukKQ6V+6xJXGreaIw0wvwtIeI/R0JwcR114HBDqjt40vklyNSpGCJzgkfD -Q/d8JXN/MLyQrk+5F9JMy+HuZAgefAQAjugC6389Klpqx2Z1CgwmALhjIs48GnMp -Iz9vU2O6RDkMBlBRdmfkJVjhhPvJYpDDW1ic5O3pxtMoiC1tAHHMm4gzM1WCFeOh -cDNxABlvVNPTnqkOhKBmmwRaBwdvvksgeu2RyBNR0KEy44gWzYB9/Ter2t4Z8ASq -qCv8TuYr2QGaCnI2FVS5S9n6l4JNkFHqPMtuhrkr3gEz +MIIDeTCCAi2gAwIBAgIUXlaVdgeEIMp9IqY8UwE76aL54owwQQYJKoZIhvcNAQEK +MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF +AKIDAgEgMBkxFzAVBgNVBAMMDmNyeXB0b2dhcGh5LmlvMB4XDTI1MDUwMTE5MTcx +NVoXDTI2MDUwMTE5MTcxNVowGTEXMBUGA1UEAwwOY3J5cHRvZ2FwaHkuaW8wggEg +MAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEAt1jpboUoNppBVamc+nA+zEjljn/g +PbRFCvyveRd8Yr0p8y1mlmjKXcQlXcHPVM4TopgFXqDykIHXxJxLV56ysb4KUGe0 +nxpmhEso5ZGUgkDIIoH0NAQAsS8rS2ZzNJcLrLGrMY6DRgFsa+G6h2DvMwglnsX+ ++a8FIm7Vu+OZnfWpDEuhJU4TRtHVviJSYkFMckyYBB48k1MU+0b4pezHconZmMEi +sBFFbwarNvowf2i/tRESe3myKXfiJsZZ2UzdE3FqycSgw1tx8qV/Z8myozUWuihI +dw8TGbbsJhEeVFxQEP/DVzC6HHDI3EVpr2jPYeIE60hhZwM7jUmQscLerQIDAQAB +o1MwUTAdBgNVHQ4EFgQUb1QD8QEIQn5DALIAujTDATssNcQwHwYDVR0jBBgwFoAU +b1QD8QEIQn5DALIAujTDATssNcQwDwYDVR0TAQH/BAUwAwEB/zBBBgkqhkiG9w0B +AQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQC +AQUAogMCASADggEBAFQIq9+51vAjBwHapeNe6LaTfPoVrWAKBFz9oJn5rHsk1DQP +glLyi7CQYzz5ByYvA4oXMzN84iSmi500uGeG2g5gPWQJfGFdycmyCEfEzXO6xnJR +YxsHVOcBUI0iME7BnREVmHrAMY4wKRDNzF3Cau/STT3m/RTEGWZM6gMx2SeWw5c0 +uUusHoStyIxM53UyydrwImauiKdFj8uDcELPP7CK+xhEqfxUg8P2q2kKfKN8ODne +7UdQ8aZBvey/n28qZimDY9Q96cjLgI6h/RkhQ/4tVNg6D3sPtUu1XEYyc5rZ97T6 +x63waW4waRdIPbIfVc9s21432MVBscXZNaHopOM= -----END CERTIFICATE----- From 5c86a1472a02abfdbb804ef59b001cc3872216c6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 1 May 2025 17:08:16 -0500 Subject: [PATCH 6/9] simplify --- tests/wycheproof/test_rsa.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index 8b56d3487026..c5de65c70951 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -146,12 +146,11 @@ def test_rsa_pss_signature(backend, wycheproof): wycheproof.testgroup["mgfSha"], ) ) - salt_length = int(wycheproof.testgroup["sLen"]) if backend._fips_enabled and ( isinstance(digest, hashes.SHA1) or isinstance(mgf_digest, hashes.SHA1) # FIPS 186-4 only allows salt length == digest length for PSS - or salt_length != mgf_digest.digest_size + or wycheproof.testgroup["sLen"] != mgf_digest.digest_size # inner MGF1 hash must match outer hash or wycheproof.testgroup["sha"] != wycheproof.testgroup["mgfSha"] ): From 3ca3d92d5d5a890c26f158635d0faecf333dead1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 1 May 2025 17:11:06 -0500 Subject: [PATCH 7/9] comment --- src/cryptography/hazmat/backends/openssl/backend.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 1eb1b69b95a4..361011a86c44 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -182,6 +182,10 @@ def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool: return True elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1): # FIPS 186-4 only allows salt length == digest length for PSS + # It is technically acceptable to set an explicit salt length + # equal to the digest length and this will incorrectly fail, but + # since we don't do that in the tests and this method is + # private, we'll ignore that until we need to do otherwise. if ( self._fips_enabled and padding._salt_length != PSS.DIGEST_LENGTH From 0cad048bb1562664a831ae136f116412f31a41ec Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 1 May 2025 17:28:14 -0500 Subject: [PATCH 8/9] fix --- tests/hazmat/primitives/test_rsa.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 73ceaf1e65e3..17c8c7c1f543 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -521,7 +521,7 @@ def test_pss_sha2_max_length(self, rsa_key_2048, hash_alg, backend): private_key = rsa_key_2048 public_key = private_key.public_key() pss = padding.PSS( - mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.DIGEST_LENGTH + mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH ) msg = b"testing signature" signature = private_key.sign(msg, pss, hash_alg) From edde5a1afba3736cacc334861596adfe215fab2c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 2 May 2025 07:24:05 -0700 Subject: [PATCH 9/9] update with new wycheproof --- .github/actions/fetch-vectors/action.yml | 4 ++-- tests/wycheproof/test_rsa.py | 7 +------ 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/actions/fetch-vectors/action.yml b/.github/actions/fetch-vectors/action.yml index 2b012316dc27..d40c99e07f86 100644 --- a/.github/actions/fetch-vectors/action.yml +++ b/.github/actions/fetch-vectors/action.yml @@ -9,8 +9,8 @@ runs: with: repository: "C2SP/wycheproof" path: "wycheproof" - # Latest commit on the wycheproof master branch, as of Apr 06, 2025. - ref: "3bfb67fca7c7a2ef436e263da53cdabe0fa1dd36" # wycheproof-ref + # Latest commit on the wycheproof master branch, as of May 02, 2025. + ref: "df4e933efef449fc88af0c06e028d425d84a9495" # wycheproof-ref - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index c5de65c70951..5bee2f9a9ee0 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -208,12 +208,7 @@ def test_rsa_pss_signature(backend, wycheproof): "rsa_oaep_misc_test.json", ) def test_rsa_oaep_encryption(backend, wycheproof): - if ( - backend._fips_enabled - # TODO: Remove this on rebase once wycheproof PR is merged - # and wycheproof.has_flag("SmallIntegerCiphertext") - and wycheproof.testcase["tcId"] in (756, 765, 772) - ): + if backend._fips_enabled and wycheproof.has_flag("SmallIntegerCiphertext"): pytest.skip( "Small integer ciphertexts are rejected in OpenSSL 3.5 FIPS" )