[Cryptography-dev] RSA sign() with algorithm=None
M.S. Kandanur
mskandanur at fastmail.in
Sun Dec 24 14:07:07 EST 2023
That's unfortunate then. I mean it's good if it's working as intended, but having this in sign() as well would be useful in my case (having to sign digests with an erroneous ASN.1 prefix).
> That is not a correct inference.
>
> _rsa_sig_setup() allows passing algorithm=None because that code path
> is used via recover_data_from_signature, which supports
> algorithm=None.
>
> This code is working as intended.
>
> Alex
>
> On Sun, Dec 24, 2023 at 1:03 PM M.S. Kandanur <mskandanur at fastmail.in> wrote:
> >
> > In the latest released version 41.0.7, comments to _rsa_sig_setup() say:
> >
> > # Hash algorithm can be absent (None) to initialize the context without setting
> > # any message digest algorithm. This is currently only valid for the PKCS1v15
> > # padding type, where it means that the signature data is encoded/decoded
> > # as provided, without being wrapped in a DigestInfo structure.
> >
> > Which sort of seems to indicate that passing algorithm=None to RSA sign() should work if padding=PKCS1v15, but you can't actually do this because yo >u can't get through _calculate_digest_and_algorithm() which doesn't allow algorithm=None. Unless I'm missing something important here, this seems to b>e an inconsistency and most likely a bug as well.
More information about the Cryptography-dev
mailing list