Encoding of AlgorithmIdentifier with NULL parameters

tincanteksup tincanteksup at gmail.com
Fri Jan 29 03:52:45 UTC 2021 

"Reality" ought not be defined this way.

On 29/01/2021 02:38, Jakob Bohm via openssl-users wrote:
> If only one or a few parsers are broken, they need to be fixed.
> 
> If many broken parsers have proliferated due to generators
> semi-violating DER by not omitting the empty field, that has become the
> new reality that generators must deal with.
> 
> PKIX arbitrarily limiting serial numbers to 159 bits has created a 
> similar unfortunate reality.
> 
> On 2021-01-29 03:19, Blumenthal, Uri - 0553 - MITLL wrote:
>> “OPTIONAL” means the parser _must_ deal with complete absence, not 
>> only encoded as ASN.1 NULL.
>>
>> Broken parsers should be fixed.
>>
>> -- 
>>
>> Regards,
>>
>> Uri
>>
>> //
>>
>> /There are two ways to design a system. One is to make is so simple 
>> there are obviously no deficiencies./
>>
>> /The other is to make it so complex there are no obvious deficiencies./
>>
>> / 
>>                                                                                                                     -  
>> C. A. R. Hoare/
>>
>> *From: *openssl-users-bounce <openssl-users-bounces at openssl.org> on 
>> behalf of openssl-users <openssl-users at openssl.org>
>> *Organization: *WiseMo A/S
>> *Reply-To: *Jakob Bohm <jb-openssl at wisemo.com>
>> *Date: *Thursday, January 28, 2021 at 21:10
>> *To: *openssl-users <openssl-users at openssl.org>
>> *Subject: *Re: Encoding of AlgorithmIdentifier with NULL parameters
>>
>> Also note that the official ASN.1 declaration for
>> AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
>> the parameters field as OPTIONAL, so parsers really should
>> accept its absence.
>>
>> However if broken parsers are common (this thread
>> only found one such parser), maybe it would be
>> good practice to include the NULL value for compatibility.
>>
>> AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
>>      algorithm ALGORITHM.&id({SupportedAlgorithms}),
>>      parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) 
>> OPTIONAL,
>> ... }
>>
> 
> 
> 
> Enjoy
> 
> Jakob

More information about the openssl-users mailing list