Encoding of AlgorithmIdentifier with NULL parameters
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Fri Jan 29 02:19:37 UTC 2021
“OPTIONAL” means the parser must deal with complete absence, not only encoded as ASN.1 NULL.
Broken parsers should be fixed.
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
From: openssl-users-bounce <openssl-users-bounces at openssl.org> on behalf of openssl-users <openssl-users at openssl.org>
Organization: WiseMo A/S
Reply-To: Jakob Bohm <jb-openssl at wisemo.com>
Date: Thursday, January 28, 2021 at 21:10
To: openssl-users <openssl-users at openssl.org>
Subject: Re: Encoding of AlgorithmIdentifier with NULL parameters
Also note that the official ASN.1 declaration for
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
the parameters field as OPTIONAL, so parsers really should
accept its absence.
However if broken parsers are common (this thread
only found one such parser), maybe it would be
good practice to include the NULL value for compatibility.
AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
algorithm ALGORITHM.&id({SupportedAlgorithms}),
parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL,
... }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210129/d6561f37/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210129/d6561f37/attachment-0001.bin>
More information about the openssl-users
mailing list