mikeyhodl · pull · May 2, 2025 · May 2, 2025 · May 2, 2025 · May 2, 2025
diff --git a/.github/actions/fetch-vectors/action.yml b/.github/actions/fetch-vectors/action.yml
@@ -9,8 +9,8 @@ runs:
       with:
         repository: "C2SP/wycheproof"
         path: "wycheproof"
-        # Latest commit on the wycheproof master branch, as of Apr 06, 2025.
-        ref: "3bfb67fca7c7a2ef436e263da53cdabe0fa1dd36" # wycheproof-ref
+        # Latest commit on the wycheproof master branch, as of May 02, 2025.
+        ref: "df4e933efef449fc88af0c06e028d425d84a9495" # wycheproof-ref
 
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:

diff --git a/.github/requirements/build-requirements.txt b/.github/requirements/build-requirements.txt
@@ -92,9 +92,9 @@ pycparser==2.22 ; platform_python_implementation != 'PyPy' \
     --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
     --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
     # via cffi
-setuptools==80.0.0 \
-    --hash=sha256:a38f898dcd6e5380f4da4381a87ec90bd0a7eec23d204a5552e80ee3cab6bd27 \
-    --hash=sha256:c40a5b3729d58dd749c0f08f1a07d134fb8a0a3d7f87dc33e7c5e1f762138650
+setuptools==80.1.0 \
+    --hash=sha256:2e308396e1d83de287ada2c2fd6e64286008fe6aca5008e0b6a8cb0e2c86eedd \
+    --hash=sha256:ea0e7655c05b74819f82e76e11a85b31779fee7c4969e82f72bab0664e8317e4
     # via -r build-requirements.in
 tomli==2.2.1 ; python_full_version < '3.11' \
     --hash=sha256:023aa114dd824ade0100497eb2318602af309e5a55595f76b626d6d9f3b7b0a6 \

diff --git a/.github/requirements/uv-requirements.txt b/.github/requirements/uv-requirements.txt
@@ -1,22 +1,22 @@
 # This file was autogenerated by uv via the following command:
 #    uv pip compile --universal --python-version 3.8 --generate-hashes uv-requirements.in -o uv-requirements.txt
-uv==0.6.17 \
-    --hash=sha256:094026a024818b0c1d2c5794c9b5c20f6b97c74335e7ae088ac121afbae1fd7e \
-    --hash=sha256:71851ecf608504878c0dbe0f4523d3b82398c0947eefa06a53f09100d6e4eadb \
-    --hash=sha256:8e8d084e2f90e2e0648d4b3c3d5fc92669b2764b5c34f276de6d572cf5e498bf \
-    --hash=sha256:8f734c4e3936920bf2b12a581c67de599b2ec503da5fb270eaee0bb9d6d24368 \
-    --hash=sha256:a1117c3787f370b751e01625ee373d53058a5794bb627722d24e98e1c674da21 \
-    --hash=sha256:a3aaf2e8f2c2e998328ea59c1a1d5f7477c7ad70c66fefe61dc59a854f37f9aa \
-    --hash=sha256:aa416f287c81bfffd21e82765944035e6c3f4566615bd4fc03db3a704be8e4d5 \
-    --hash=sha256:b05f991079b9d6231a4d2fcb025989ac998aeb5379d57c90b2b93063733a7d37 \
-    --hash=sha256:b815d20ffd1ad6cd872227d1f92a29311ba27c519bb8c541e75125496d129e7d \
-    --hash=sha256:cbd40a6f8bdf7a96145af01dcf54252c0c9ddf749f21bfa5b7510fe7bc6d7880 \
-    --hash=sha256:ce243bec19c47cc274e7e9eedbaeeb3dacbe94430b0f085dd506ba15a41676ee \
-    --hash=sha256:ce6c58d08431c28bcbc059912690bffea761083e2dd66b1d5cc2b95c5f5cf1fd \
-    --hash=sha256:cedc26bc108916c50b1f9c4bb0c538a865fe2d2bee1053f2e13664445482d8c0 \
-    --hash=sha256:d234bdf77ad466cf8a1dd432431b55e4ea070fc737fffa6ff7315c7678e50387 \
-    --hash=sha256:d4b95d908a86fdab0302ed15435f2bf600527ba6ffc0611dee4c4892ae0cf948 \
-    --hash=sha256:d68686d0f602ea01b388fc9461b980e5095802eacf914a8b67c4b52c8f511eaf \
-    --hash=sha256:da43740d0529ba4bbd365c06376bd01ecb703bb377537782203254af894621e6 \
-    --hash=sha256:fc95d87cbc20cbafb45f2a86b4e1bceddb048a825cc6fd2ca4bf7c3c34fc70c9
+uv==0.7.2 \
+    --hash=sha256:0445e56d3f9651ad84d5a7f16efabba83bf305b73594f1c1bc0659aeab952040 \
+    --hash=sha256:19a64c38657c4fbe7c945055755500116fdaac8e121381a5245ea66823f8c500 \
+    --hash=sha256:1fa315366ee36ad1f734734f3153e2f334342900061fc0ed18b06f3b9bb2dfe2 \
+    --hash=sha256:28fd5d689ae4f8f16533f091a6dd63e1ddf3b7c782003ac8a18584ddb8823cbe \
+    --hash=sha256:45e619bb076916b79df8c5ecc28d1be04d1ccd0b63b080c44ae973b8deb33b25 \
+    --hash=sha256:48c115a3c13c3b29748e325093ee04fd48eaf91145bedc68727f78e6a1c34ab8 \
+    --hash=sha256:63c97cc5e8029a8dc0e1fc39f15f746be931345bc0aeae85feceaa1828f0de87 \
+    --hash=sha256:7236ec776c559fbc3ae4389b7cd506a2428ad9dd0402ac3d9446200ea3dc45f6 \
+    --hash=sha256:78ec372b2f5c7ff8a034e16dd04bc579a62561a5eac4b6dfc96af60298a97d31 \
+    --hash=sha256:81b86fff996c302be6aa1c1ac6eb72b97a7277c319e52c0def50d40b1ffaa617 \
+    --hash=sha256:9aaacb143622cd437a446a4b316a546c02403b438cd7fd7556d62f47a9fd0a99 \
+    --hash=sha256:a314a94b42bc6014f18c877f723292306b76c10b455c2b385728e1470e661ced \
+    --hash=sha256:be2e8d033936ba8ed9ccf85eb2d15c7a8db3bb3e9c4960bdf7c3c98034a6dbda \
+    --hash=sha256:c0edb194c35f1f12c75bec4fe2d7d4d09f0c2cec3a16102217a772620ce1d6e6 \
+    --hash=sha256:c388172209ca5a47706666d570a45fef3dd39db9258682e10b2f62ca521f0e91 \
+    --hash=sha256:dc1ee6114c824f5880c584a96b2947a35817fdd3a0b752d1adbd926ae6872d1c \
+    --hash=sha256:e1e4394b54bc387f227ca1b2aa0348d35f6455b6168ca1826c1dc5f4fc3e8d20 \
+    --hash=sha256:e4d1652fe3608fa564dbeaeb2465208f691ac04b57f655ebef62e9ec6d37103d
     # via -r uv-requirements.in
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -24,40 +24,37 @@ jobs:
       fail-fast: false
       matrix:
         PYTHON:
-          - {VERSION: "3.12", NOXSESSION: "flake"}
-          - {VERSION: "3.12", NOXSESSION: "rust"}
-          - {VERSION: "3.12", NOXSESSION: "docs", OPENSSL: {TYPE: "openssl", VERSION: "3.4.1"}}
-          - {VERSION: "3.13", NOXSESSION: "tests"}
+          - {VERSION: "3.13", NOXSESSION: "flake"}
+          - {VERSION: "3.13", NOXSESSION: "rust"}
+          - {VERSION: "3.12", NOXSESSION: "docs", OPENSSL: {TYPE: "openssl", VERSION: "3.5.0"}}
           - {VERSION: "3.14-dev", NOXSESSION: "tests"}
           - {VERSION: "pypy-3.10", NOXSESSION: "tests-nocoverage"}
           - {VERSION: "pypy-3.11", NOXSESSION: "tests-nocoverage"}
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.0.16"}}
-          - {VERSION: "3.12", NOXSESSION: "tests-ssh", OPENSSL: {TYPE: "openssl", VERSION: "3.2.4"}}
-          - {VERSION: "3.12", NOXSESSION: "tests-ssh", OPENSSL: {TYPE: "openssl", VERSION: "3.3.3"}}
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.2.4", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct no-psk"}}
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.2.4", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "0"}}
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.2.4", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "1"}}
-          - {VERSION: "3.12", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.2.4"}}
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.4.1"}}
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.5.0"}}
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "3.9.2"}}
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.0.0"}}
-          - {VERSION: "3.12", NOXSESSION: "tests-randomorder"}
-          # Latest commit on the BoringSSL main branch, as of Apr 29, 2025.
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "918cf66ed841930fe1554ae8d78974b95e989596"}}
-          # Latest tag of AWS-LC main branch, as of March 28, 2025.
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "aws-lc", VERSION: "v1.49.1"}}
-          # Latest commit on the OpenSSL master branch, as of Apr 29, 2025.
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "978a4e199d60b8616180128c5d709d9600409113"}}
+          - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.5.0", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct no-psk"}}
+          - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.5.0", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "0"}}
+          - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.5.0", CONFIG_FLAGS: "no-legacy", NO_LEGACY: "1"}}
+          - {VERSION: "3.13", NOXSESSION: "tests", NOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.5.0"}}
+          - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.0.16"}}
+          - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.3.3"}}
+          - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3.4.1"}}
+          - {VERSION: "3.13", NOXSESSION: "tests-ssh", OPENSSL: {TYPE: "openssl", VERSION: "3.5.0"}}
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.0.0"}}
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.1.0"}}
+          # Latest commit on the BoringSSL main branch, as of May 02, 2025.
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "e88e5069694dd6da6398dab7f020d6c271c3022f"}}
+          # Latest tag of AWS-LC main branch, as of May 02, 2025.
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "aws-lc", VERSION: "v1.50.1"}}
+          # Latest commit on the OpenSSL master branch, as of May 02, 2025.
+          - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "3513a830cc159c913b6c9bf1cbaf1577a1f47808"}}
           # Builds with various Rust versions. Includes MSRV and next
           # potential future MSRV.
           # - 1.70: crates.io sparse protocol by default
           # - 1.77: offset_of! in std (for pyo3)
           # - 1.80: LazyLock in std
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", RUST: "1.65.0"}
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", RUST: "beta"}
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", RUST: "nightly"}
-          - {VERSION: "3.12", NOXSESSION: "tests-rust-debug"}
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "1.65.0"}
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "beta"}
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "nightly"}
+          - {VERSION: "3.13", NOXSESSION: "tests-rust-debug"}
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -429,7 +426,7 @@ jobs:
         if: ${{ always() }}
         uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
-          python-version: '3.12'
+          python-version: '3.13'
           cache: pip
           cache-dependency-path: ci-constraints-requirements.txt
         timeout-minutes: 3

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -60,6 +60,13 @@ Changelog
   to the certificate's public key may be used.
 * Added support for compiling against `aws-lc`_.
 
+.. _v44-0-3:
+
+44.0.3 - 2025-05-02
+~~~~~~~~~~~~~~~~~~~
+
+* Fixed compilation when using LibreSSL 4.1.0.
+
 .. _v44-0-2:
 
 44.0.2 - 2025-03-01

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,10 +20,10 @@ publish = false
 rust-version = "1.65.0"
 
 [workspace.dependencies]
-asn1 = { version = "0.21.0", default-features = false }
+asn1 = { version = "0.21.1", default-features = false }
 pyo3 = { version = "0.24.2", features = ["abi3"] }
 openssl = "0.10.72"
-openssl-sys = "0.9.104"
+openssl-sys = "0.9.108"
 
 [profile.release]
 overflow-checks = true
diff --git a/ci-constraints-requirements.txt b/ci-constraints-requirements.txt
@@ -28,7 +28,7 @@ certifi==2025.4.26
     # via
     #   cryptography (pyproject.toml)
     #   requests
-charset-normalizer==3.4.1
+charset-normalizer==3.4.2
     # via requests
 check-sdist==1.2.0 ; python_full_version >= '3.8'
     # via cryptography (pyproject.toml)
@@ -49,7 +49,7 @@ coverage==7.6.1 ; python_full_version == '3.8.*'
     # via pytest-cov
 coverage==7.8.0 ; python_full_version >= '3.9'
     # via pytest-cov
-dependency-groups==1.3.0 ; python_full_version >= '3.8'
+dependency-groups==1.3.1 ; python_full_version >= '3.8'
     # via nox
 distlib==0.3.9
     # via virtualenv
@@ -131,7 +131,7 @@ nh3==0.2.21 ; python_full_version >= '3.8'
     # via readme-renderer
 nox==2024.4.15 ; python_full_version < '3.8'
     # via cryptography (pyproject.toml)
-nox==2025.2.9 ; python_full_version >= '3.8'
+nox==2025.5.1 ; python_full_version >= '3.8'
     # via cryptography (pyproject.toml)
 packaging==24.0 ; python_full_version < '3.8'
     # via
@@ -226,7 +226,7 @@ requests==2.32.3 ; python_full_version >= '3.8'
     #   sphinxcontrib-spelling
 roman-numerals-py==3.1.0 ; python_full_version >= '3.11'
     # via sphinx
-ruff==0.11.7
+ruff==0.11.8
     # via cryptography (pyproject.toml)
 six==1.17.0 ; python_full_version < '3.8'
     # via bleach
@@ -333,7 +333,7 @@ urllib3==2.2.3 ; python_full_version == '3.8.*'
     # via requests
 urllib3==2.4.0 ; python_full_version >= '3.9'
     # via requests
-uv==0.6.17 ; python_full_version >= '3.8'
+uv==0.7.2 ; python_full_version >= '3.8'
     # via nox
 virtualenv==20.26.6 ; python_full_version < '3.8'
     # via nox

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -181,14 +181,17 @@ def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool:
         if isinstance(padding, PKCS1v15):
             return True
         elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1):
-            # SHA1 is permissible in MGF1 in FIPS even when SHA1 is blocked
-            # as signature algorithm.
-            if self._fips_enabled and isinstance(
-                padding._mgf._algorithm, hashes.SHA1
+            # FIPS 186-4 only allows salt length == digest length for PSS
+            # It is technically acceptable to set an explicit salt length
+            # equal to the digest length and this will incorrectly fail, but
+            # since we don't do that in the tests and this method is
+            # private, we'll ignore that until we need to do otherwise.
+            if (
+                self._fips_enabled
+                and padding._salt_length != PSS.DIGEST_LENGTH
             ):
-                return True
-            else:
-                return self.hash_supported(padding._mgf._algorithm)
+                return False
+            return self.hash_supported(padding._mgf._algorithm)
         elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1):
             return self._oaep_hash_supported(
                 padding._mgf._algorithm

diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
@@ -11,7 +11,7 @@ pyo3.workspace = true
 openssl-sys.workspace = true
 
 [build-dependencies]
-cc = "1.2.20"
+cc = "1.2.21"
 
 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(python_implementation, values("CPython", "PyPy"))'] }
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
@@ -129,7 +129,10 @@ def test_rsa_padding_supported_pkcs1v15(self):
     def test_rsa_padding_supported_pss(self):
         assert (
             backend.rsa_padding_supported(
-                padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
+                padding.PSS(
+                    mgf=padding.MGF1(hashes.SHA256()),
+                    salt_length=padding.PSS.DIGEST_LENGTH,
+                )
             )
             is True
         )

diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
@@ -503,11 +503,20 @@ def test_pss_signing(self, subtests, backend):
                     hashes.SHA1(),
                 )
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.rsa_padding_supported(
+            padding.PSS(
+                mgf=padding.MGF1(hashes.SHA256()),
+                salt_length=padding.PSS.MAX_LENGTH,
+            )
+        ),
+        skip_message="Does not support PSS with these parameters.",
+    )
     @pytest.mark.parametrize(
         "hash_alg",
         [hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()],
     )
-    def test_pss_signing_sha2(self, rsa_key_2048, hash_alg, backend):
+    def test_pss_sha2_max_length(self, rsa_key_2048, hash_alg, backend):
         _skip_pss_hash_algorithm_unsupported(backend, hash_alg)
         private_key = rsa_key_2048
         public_key = private_key.public_key()
@@ -1040,7 +1049,7 @@ def test_pss_verification(self, subtests, backend):
                 salt_length=padding.PSS.AUTO,
             )
         ),
-        skip_message="Does not support PSS.",
+        skip_message="Does not support PSS with these parameters.",
     )
     def test_pss_verify_auto_salt_length(
         self, rsa_key_2048: rsa.RSAPrivateKey, backend
@@ -1180,7 +1189,7 @@ def test_invalid_pss_signature_recover(
         public_key = private_key.public_key()
         pss_padding = padding.PSS(
             mgf=padding.MGF1(algorithm=hashes.SHA256()),
-            salt_length=padding.PSS.MAX_LENGTH,
+            salt_length=padding.PSS.DIGEST_LENGTH,
         )
         signature = private_key.sign(b"sign me", pss_padding, hashes.SHA256())
 

diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py
@@ -138,25 +138,31 @@ def test_rsa_pkcs1v15_signature_generation(backend, wycheproof):
 )
 def test_rsa_pss_signature(backend, wycheproof):
     digest = _DIGESTS[wycheproof.testgroup["sha"]]
-    if backend._fips_enabled and isinstance(digest, hashes.SHA1):
-        pytest.skip("Invalid params for FIPS. SHA1 is disallowed")
-
-    key = wycheproof.cache_value_to_group(
-        "cached_key",
-        lambda: serialization.load_der_public_key(
-            binascii.unhexlify(wycheproof.testgroup["keyDer"]),
-        ),
-    )
-    assert isinstance(key, rsa.RSAPublicKey)
     mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]]
-
     if digest is None or mgf_digest is None:
         pytest.skip(
             "PSS with digest={} and MGF digest={} not supported".format(
                 wycheproof.testgroup["sha"],
                 wycheproof.testgroup["mgfSha"],
             )
         )
+    if backend._fips_enabled and (
+        isinstance(digest, hashes.SHA1)
+        or isinstance(mgf_digest, hashes.SHA1)
+        # FIPS 186-4 only allows salt length == digest length for PSS
+        or wycheproof.testgroup["sLen"] != mgf_digest.digest_size
+        # inner MGF1 hash must match outer hash
+        or wycheproof.testgroup["sha"] != wycheproof.testgroup["mgfSha"]
+    ):
+        pytest.skip("Invalid params for FIPS")
+
+    key = wycheproof.cache_value_to_group(
+        "cached_key",
+        lambda: serialization.load_der_public_key(
+            binascii.unhexlify(wycheproof.testgroup["keyDer"]),
+        ),
+    )
+    assert isinstance(key, rsa.RSAPublicKey)
 
     if wycheproof.valid or wycheproof.acceptable:
         key.verify(
@@ -202,6 +208,11 @@ def test_rsa_pss_signature(backend, wycheproof):
     "rsa_oaep_misc_test.json",
 )
 def test_rsa_oaep_encryption(backend, wycheproof):
+    if backend._fips_enabled and wycheproof.has_flag("SmallIntegerCiphertext"):
+        pytest.skip(
+            "Small integer ciphertexts are rejected in OpenSSL 3.5 FIPS"
+        )
+
     digest = _DIGESTS[wycheproof.testgroup["sha"]]
     mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]]
     assert digest is not None