“OPTIONAL” means the parser must deal with complete absence, not only encoded as ASN.1 NULL.
Broken parsers should be fixed.
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
From: openssl-users-bounce <[email protected]> on behalf of
openssl-users <[email protected]>
Organization: WiseMo A/S
Reply-To: Jakob Bohm <[email protected]>
Date: Thursday, January 28, 2021 at 21:10
To: openssl-users <[email protected]>
Subject: Re: Encoding of AlgorithmIdentifier with NULL parameters
Also note that the official ASN.1 declaration for
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
the parameters field as OPTIONAL, so parsers really should
accept its absence.
However if broken parsers are common (this thread
only found one such parser), maybe it would be
good practice to include the NULL value for compatibility.
AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
algorithm ALGORITHM.&id({SupportedAlgorithms}),
parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL,
... }
smime.p7s
Description: S/MIME cryptographic signature
