Backport fix for 40.0.1 (#8603)40.0.1

* Fix handling very large pointer values (32-bit) (#8602)

* Changelog and backport fo 40.0.1

5 files changed, 14 insertions, 7 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 7bf627776..f12c5c106 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,12 +1,19 @@
 Changelog
 =========
 
+.. _v40-0-1:
+
+40.0.1 - 2023-03-24
+~~~~~~~~~~~~~~~~~~~
+
+* Fixed a bug where certain operations would fail if an object happened to be
+  in the top-half of the memory-space. This only impacted 32-bit systems.
+
 .. _v40-0-0:
 
 40.0.0 - 2023-03-24
 ~~~~~~~~~~~~~~~~~~~
 
-
 * **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way
   ``cryptography`` links OpenSSL has changed. This only impacts users who
   build ``cryptography`` from source (i.e., not from a ``wheel``), and
diff --git a/src/cryptography/__about__.py b/src/cryptography/__about__.py
index 20d197b6b..de686bbc6 100644
--- a/src/cryptography/__about__.py
+++ b/src/cryptography/__about__.py
@@ -9,7 +9,7 @@ __all__ = [
     "__copyright__",
 ]
 
-__version__ = "40.0.0"
+__version__ = "40.0.1"
 
 __author__ = "The Python Cryptographic Authority and individual contributors"
-__copyright__ = f"Copyright 2013-2022 {__author__}"
+__copyright__ = f"Copyright 2013-2023 {__author__}"
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 53e3486c0..a3fe1bce4 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -712,7 +712,7 @@ class Backend:
             return _X448PrivateKey(self, evp_pkey)
         elif key_type == self._lib.EVP_PKEY_X25519:
             return rust_openssl.x25519.private_key_from_ptr(
-                int(self._ffi.cast("intptr_t", evp_pkey))
+                int(self._ffi.cast("uintptr_t", evp_pkey))
             )
         elif key_type == getattr(self._lib, "EVP_PKEY_ED448", None):
             # EVP_PKEY_ED448 is not present in CRYPTOGRAPHY_IS_LIBRESSL
@@ -771,7 +771,7 @@ class Backend:
             return _X448PublicKey(self, evp_pkey)
         elif key_type == self._lib.EVP_PKEY_X25519:
             return rust_openssl.x25519.public_key_from_ptr(
-                int(self._ffi.cast("intptr_t", evp_pkey))
+                int(self._ffi.cast("uintptr_t", evp_pkey))
             )
         elif key_type == getattr(self._lib, "EVP_PKEY_ED448", None):
             # EVP_PKEY_ED448 is not present in CRYPTOGRAPHY_IS_LIBRESSL
diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py
index a84069f1c..1a2d490a2 100644
--- a/src/cryptography/utils.py
+++ b/src/cryptography/utils.py
@@ -47,7 +47,7 @@ def _extract_buffer_length(obj: typing.Any) -> typing.Tuple[int, int]:
     from cryptography.hazmat.bindings._rust import _openssl
 
     buf = _openssl.ffi.from_buffer(obj)
-    return int(_openssl.ffi.cast("intptr_t", buf)), len(buf)
+    return int(_openssl.ffi.cast("uintptr_t", buf)), len(buf)
 
 
 class InterfaceNotImplemented(Exception):
diff --git a/vectors/cryptography_vectors/__about__.py b/vectors/cryptography_vectors/__about__.py
index e99963664..ecd8c18fe 100644
--- a/vectors/cryptography_vectors/__about__.py
+++ b/vectors/cryptography_vectors/__about__.py
@@ -6,4 +6,4 @@ __all__ = [
     "__version__",
 ]
 
-__version__ = "40.0.0"
+__version__ = "40.0.1"