More correct omit

gpotter2 · gpotter2 · commit 5981bbbde5c4 · 2025-12-13T00:08:46.000+01:00
diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py
@@ -488,7 +488,6 @@ def m2i(self, pkt, s):
                 obj.set_val(pkt, None)
         else:
             for obj in self.seq:
-                # DEBUG: print(repr(obj), repr)
                 try:
                     s = obj.dissect(pkt, s)
                 except ASN1F_badsequence:
@@ -642,6 +641,9 @@ class ASN1F_TIME_TICKS(ASN1F_INTEGER):
 #############################
 
 class ASN1F_optional(ASN1F_element):
+    """
+    ASN.1 field that is optional.
+    """
     def __init__(self, field):
         # type: (ASN1F_field[Any, Any]) -> None
         field.flexible_tag = False
@@ -682,6 +684,20 @@ def i2repr(self, pkt, x):
         return self._field.i2repr(pkt, x)
 
 
+class ASN1F_omit(ASN1F_field[None, None]):
+    """
+    ASN.1 field that is not specified. This is simply ommited on the network.
+    This is different from ASN1F_NULL which has a network representation.
+    """
+    def m2i(self, pkt, s):
+        # type: (ASN1_Packet, bytes) -> Tuple[None, bytes]
+        return None, s
+
+    def i2m(self, pkt, x):
+        # type: (ASN1_Packet, Optional[bytes]) -> bytes
+        return x
+
+
 _CHOICE_T = Union['ASN1_Packet', Type[ASN1F_field[Any, Any]], 'ASN1F_PACKET']
 
 
diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py
@@ -36,6 +36,7 @@
     ASN1F_ISO646_STRING,
     ASN1F_NULL,
     ASN1F_OID,
+    ASN1F_omit,
     ASN1F_optional,
     ASN1F_PACKET,
     ASN1F_PRINTABLE_STRING,
@@ -866,6 +867,33 @@ class X509_AlgorithmIdentifier(ASN1_Packet):
         ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"),
         MultipleTypeField(
             [
+                (
+                    # RFC4055:
+                    # "The correct encoding is to omit the parameters field"
+                    # "All implementations MUST accept both NULL and absent
+                    # parameters as legal and equivalent encodings."
+
+                    # RFC8017:
+                    # "should generally be omitted, but if present, it shall have a
+                    # value of type NULL."
+                    ASN1F_optional(ASN1F_NULL("parameters", None)),
+                    lambda pkt: (
+                        pkt.algorithm.val[:19] == "1.2.840.113549.1.1." or
+                        pkt.algorithm.val[:21] == "2.16.840.1.101.3.4.2."
+                    )
+                ),
+                (
+                    # RFC5758:
+                    # "the encoding MUST omit the parameters field"
+
+                    # RFC8410:
+                    # "For all of the OIDs, the parameters MUST be absent."
+                    ASN1F_omit("parameters", None),
+                    lambda pkt: (
+                        pkt.algorithm.val[:16] == "1.2.840.10045.4." or
+                        pkt.algorithm.val in ["1.3.101.112", "1.3.101.113"]
+                    )
+                ),
                 # RFC5480
                 (
                     ASN1F_PACKET(
@@ -893,10 +921,9 @@ class X509_AlgorithmIdentifier(ASN1_Packet):
                     ),
                     lambda pkt: pkt.algorithm.val == "1.2.840.113549.1.3.1",
                 ),
-
             ],
-            # RFC4055 (=1.2.840.113549.1.1.11) / Default
-            ASN1F_optional(ASN1F_NULL("parameters", 0)),
+            # Default: fail, probably. This is most likely unimplemented.
+            ASN1F_NULL("parameters", 0),
         )
     )
 
