Encoding of AlgorithmIdentifier with NULL parameters

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Fri Jan 29 02:19:37 UTC 2021

“OPTIONAL” means the parser must deal with complete absence, not only encoded as ASN.1 NULL.


Broken parsers should be fixed.





There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.

The other is to make it so complex there are no obvious deficiencies.

                                                                                                                                     -  C. A. R. Hoare



From: openssl-users-bounce <openssl-users-bounces at openssl.org> on behalf of openssl-users <openssl-users at openssl.org>
Organization: WiseMo A/S
Reply-To: Jakob Bohm <jb-openssl at wisemo.com>
Date: Thursday, January 28, 2021 at 21:10
To: openssl-users <openssl-users at openssl.org>
Subject: Re: Encoding of AlgorithmIdentifier with NULL parameters


Also note that the official ASN.1 declaration for 
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks 
the parameters field as OPTIONAL, so parsers really should 
accept its absence.

However if broken parsers are common (this thread 
only found one such parser), maybe it would be 
good practice to include the NULL value for compatibility.

AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
    algorithm ALGORITHM.&id({SupportedAlgorithms}),
    parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL,
... }

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210129/d6561f37/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210129/d6561f37/attachment-0001.bin>

More information about the openssl-users mailing list