That's unfortunate then. I mean it's good if it's working as intended, but having this in sign() as well would be useful in my case (having to sign digests with an erroneous ASN.1 prefix).
> That is not a correct inference. > > _rsa_sig_setup() allows passing algorithm=None because that code path > is used via recover_data_from_signature, which supports > algorithm=None. > > This code is working as intended. > > Alex > > On Sun, Dec 24, 2023 at 1:03 PM M.S. Kandanur <mskandanur at fastmail.in> > wrote: > > > > In the latest released version 41.0.7, comments to _rsa_sig_setup() say: > > > > # Hash algorithm can be absent (None) to initialize the context without > > setting > > # any message digest algorithm. This is currently only valid for the > > PKCS1v15 > > # padding type, where it means that the signature data is encoded/decoded > > # as provided, without being wrapped in a DigestInfo structure. > > > > Which sort of seems to indicate that passing algorithm=None to RSA sign() > > should work if padding=PKCS1v15, but you can't actually do this because yo > > >u can't get through _calculate_digest_and_algorithm() which doesn't allow > > algorithm=None. Unless I'm missing something important here, this seems to > > b>e an inconsistency and most likely a bug as well. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
