From mskandanur at fastmail.in Sun Dec 24 13:01:30 2023 From: mskandanur at fastmail.in (M.S. Kandanur) Date: Sun, 24 Dec 2023 20:01:30 +0200 Subject: [Cryptography-dev] RSA sign() with algorithm=None Message-ID: <82ed0fac-99a3-456d-8def-87fd3385183b@app.fastmail.com> In the latest released version 41.0.7, comments to _rsa_sig_setup() say: # Hash algorithm can be absent (None) to initialize the context without setting # any message digest algorithm. This is currently only valid for the PKCS1v15 # padding type, where it means that the signature data is encoded/decoded # as provided, without being wrapped in a DigestInfo structure. Which sort of seems to indicate that passing algorithm=None to RSA sign() should work if padding=PKCS1v15, but you can't actually do this because you can't get through _calculate_digest_and_algorithm() which doesn't allow algorithm=None. Unless I'm missing something important here, this seems to be an inconsistency and most likely a bug as well. From alex.gaynor at gmail.com Sun Dec 24 13:19:16 2023 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Sun, 24 Dec 2023 13:19:16 -0500 Subject: [Cryptography-dev] RSA sign() with algorithm=None In-Reply-To: <82ed0fac-99a3-456d-8def-87fd3385183b@app.fastmail.com> References: <82ed0fac-99a3-456d-8def-87fd3385183b@app.fastmail.com> Message-ID: That is not a correct inference. _rsa_sig_setup() allows passing algorithm=None because that code path is used via recover_data_from_signature, which supports algorithm=None. This code is working as intended. Alex On Sun, Dec 24, 2023 at 1:03?PM M.S. Kandanur wrote: > > In the latest released version 41.0.7, comments to _rsa_sig_setup() say: > > # Hash algorithm can be absent (None) to initialize the context without setting > # any message digest algorithm. This is currently only valid for the PKCS1v15 > # padding type, where it means that the signature data is encoded/decoded > # as provided, without being wrapped in a DigestInfo structure. > > Which sort of seems to indicate that passing algorithm=None to RSA sign() should work if padding=PKCS1v15, but you can't actually do this because you can't get through _calculate_digest_and_algorithm() which doesn't allow algorithm=None. Unless I'm missing something important here, this seems to be an inconsistency and most likely a bug as well. > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. From mskandanur at fastmail.in Sun Dec 24 14:07:07 2023 From: mskandanur at fastmail.in (M.S. Kandanur) Date: Sun, 24 Dec 2023 21:07:07 +0200 Subject: [Cryptography-dev] RSA sign() with algorithm=None Message-ID: <37ea9b68-ae98-4be1-84b3-99b89b5d0048@app.fastmail.com> That's unfortunate then. I mean it's good if it's working as intended, but having this in sign() as well would be useful in my case (having to sign digests with an erroneous ASN.1 prefix). > That is not a correct inference. > > _rsa_sig_setup() allows passing algorithm=None because that code path > is used via recover_data_from_signature, which supports > algorithm=None. > > This code is working as intended. > > Alex > > On Sun, Dec 24, 2023 at 1:03?PM M.S. Kandanur wrote: > > > > In the latest released version 41.0.7, comments to _rsa_sig_setup() say: > > > > # Hash algorithm can be absent (None) to initialize the context without setting > > # any message digest algorithm. This is currently only valid for the PKCS1v15 > > # padding type, where it means that the signature data is encoded/decoded > > # as provided, without being wrapped in a DigestInfo structure. > > > > Which sort of seems to indicate that passing algorithm=None to RSA sign() should work if padding=PKCS1v15, but you can't actually do this because yo >u can't get through _calculate_digest_and_algorithm() which doesn't allow algorithm=None. Unless I'm missing something important here, this seems to b>e an inconsistency and most likely a bug as well.