Enable more nullable reference types in asn.xslt.

string and Oid types on Choice can be null.
Reference types that are @optional can be null.

Also, remove #nullable enable, because all projects that include the ASN.1 generate files should already have nullable enable project-wide.

src/libraries/Common/src/System/Security/Cryptography/Asn1/DirectoryStringAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;
@@ -14,11 +13,11 @@ namespace System.Security.Cryptography.Asn1
     [StructLayout(LayoutKind.Sequential)]
     internal partial struct DirectoryStringAsn
     {
-        internal string TeletexString;
-        internal string PrintableString;
+        internal string? TeletexString;
+        internal string? PrintableString;
         internal ReadOnlyMemory<byte>? UniversalString;
-        internal string Utf8String;
-        internal string BmpString;
+        internal string? Utf8String;
+        internal string? BmpString;
 
 #if DEBUG
         static DirectoryStringAsn()

src/libraries/Common/src/System/Security/Cryptography/Asn1/ECDomainParameters.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;
@@ -15,7 +14,7 @@ namespace System.Security.Cryptography.Asn1
     internal partial struct ECDomainParameters
     {
         internal System.Security.Cryptography.Asn1.SpecifiedECDomain? Specified;
-        internal Oid Named;
+        internal Oid? Named;
 
 #if DEBUG
         static ECDomainParameters()

src/libraries/Common/src/System/Security/Cryptography/Asn1/GeneralNameAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;
@@ -15,14 +14,14 @@ namespace System.Security.Cryptography.Asn1
     internal partial struct GeneralNameAsn
     {
         internal System.Security.Cryptography.Asn1.OtherNameAsn? OtherName;
-        internal string Rfc822Name;
-        internal string DnsName;
+        internal string? Rfc822Name;
+        internal string? DnsName;
         internal ReadOnlyMemory<byte>? X400Address;
         internal ReadOnlyMemory<byte>? DirectoryName;
         internal System.Security.Cryptography.Asn1.EdiPartyNameAsn? EdiPartyName;
-        internal string Uri;
+        internal string? Uri;
         internal ReadOnlyMemory<byte>? IPAddress;
-        internal string RegisteredId;
+        internal string? RegisteredId;
 
 #if DEBUG
         static GeneralNameAsn()

src/libraries/Common/src/System/Security/Cryptography/Asn1/Pbkdf2SaltChoice.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;

src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/SafeBagAsn.xml.cs

@@ -16,7 +16,7 @@ internal partial struct SafeBagAsn
     {
         internal string BagId;
         internal ReadOnlyMemory<byte> BagValue;
-        internal System.Security.Cryptography.Asn1.AttributeAsn[] BagAttributes;
+        internal System.Security.Cryptography.Asn1.AttributeAsn[]? BagAttributes;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs7/EncryptedDataAsn.xml.cs

@@ -16,7 +16,7 @@ internal partial struct EncryptedDataAsn
     {
         internal int Version;
         internal System.Security.Cryptography.Asn1.Pkcs7.EncryptedContentInfoAsn EncryptedContentInfo;
-        internal System.Security.Cryptography.Asn1.AttributeAsn[] UnprotectedAttributes;
+        internal System.Security.Cryptography.Asn1.AttributeAsn[]? UnprotectedAttributes;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/Common/src/System/Security/Cryptography/Asn1/PrivateKeyInfoAsn.xml.cs

@@ -17,7 +17,7 @@ internal partial struct PrivateKeyInfoAsn
         internal byte Version;
         internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn PrivateKeyAlgorithm;
         internal ReadOnlyMemory<byte> PrivateKey;
-        internal System.Security.Cryptography.Asn1.AttributeAsn[] Attributes;
+        internal System.Security.Cryptography.Asn1.AttributeAsn[]? Attributes;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/Common/src/System/Security/Cryptography/Asn1/SpecifiedECDomain.xml.cs

@@ -19,7 +19,7 @@ internal partial struct SpecifiedECDomain
         internal ReadOnlyMemory<byte> Base;
         internal ReadOnlyMemory<byte> Order;
         internal ReadOnlyMemory<byte>? Cofactor;
-        internal Oid Hash;
+        internal Oid? Hash;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xslt

@@ -127,7 +127,6 @@ namespace <xsl:value-of select="@namespace" />
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;<xsl:if test="asn:SequenceOf | asn:SetOf">
 using System.Collections.Generic;</xsl:if>
@@ -690,9 +689,9 @@ namespace <xsl:value-of select="@namespace" />
   <xsl:template match="asn:OctetString" mode="DefaultTag">Asn1Tag.PrimitiveOctetString</xsl:template>
 
   <xsl:template match="asn:ObjectIdentifier[not(@backingType)] | asn:ObjectIdentifier[@backingType = 'Oid']" mode="FieldDef">
-        internal Oid <xsl:value-of select="@name" />;</xsl:template>
+        internal Oid<xsl:if test="@optional | parent::asn:Choice">?</xsl:if> <xsl:value-of select="@name" />;</xsl:template>
   <xsl:template match="asn:ObjectIdentifier[@backingType = 'string']" mode="FieldDef">
-        internal string <xsl:value-of select="@name" />;</xsl:template>
+        internal string<xsl:if test="@optional | parent::asn:Choice">?</xsl:if> <xsl:value-of select="@name" />;</xsl:template>
 
   <xsl:template match="asn:ObjectIdentifier[not(@backingType)] | asn:ObjectIdentifier[@backingType = 'Oid']" mode="CollectionElementType">Oid</xsl:template>
   <xsl:template match="asn:ObjectIdentifier[@backingType = 'string']" mode="CollectionElementType">string</xsl:template>
@@ -761,7 +760,7 @@ namespace <xsl:value-of select="@namespace" />
 
   <!-- All character string types -->
   <xsl:template match="asn:UTF8String | asn:PrintableString | asn:T61String | asn:IA5String | asn:VisibleString | asn:BMPString" mode="FieldDef">
-        internal string <xsl:value-of select="@name"/>;</xsl:template>
+        internal string<xsl:if test="@optional | parent::asn:Choice">?</xsl:if> <xsl:value-of select="@name"/>;</xsl:template>
 
   <xsl:template match="asn:UTF8String | asn:PrintableString | asn:T61String | asn:IA5String | asn:VisibleString | asn:BMPString" mode="CollectionElementType">string</xsl:template>
 
@@ -784,7 +783,7 @@ namespace <xsl:value-of select="@namespace" />
   <xsl:template match="asn:UTF8String | asn:PrintableString | asn:T61String | asn:IA5String | asn:VisibleString | asn:BMPString" mode="DefaultTag">new Asn1Tag(UniversalTagNumber.<xsl:value-of select="local-name()"/>)</xsl:template>
 
   <xsl:template match="asn:SequenceOf | asn:SetOf" mode="FieldDef">
-        internal <xsl:apply-templates mode="CollectionElementType"/>[] <xsl:value-of select="@name"/>;</xsl:template>
+        internal <xsl:apply-templates mode="CollectionElementType"/>[]<xsl:if test="@optional | parent::asn:Choice">?</xsl:if> <xsl:value-of select="@name"/>;</xsl:template>
 
   <xsl:template match="asn:SequenceOf | asn:SetOf" mode="EncodeSimpleValue" xml:space="default">
     <xsl:param name="writerName"/>

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/CertificateChoiceAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/EnvelopedDataAsn.xml.cs

@@ -18,7 +18,7 @@ internal partial struct EnvelopedDataAsn
         internal System.Security.Cryptography.Pkcs.Asn1.OriginatorInfoAsn? OriginatorInfo;
         internal System.Security.Cryptography.Pkcs.Asn1.RecipientInfoAsn[] RecipientInfos;
         internal System.Security.Cryptography.Asn1.Pkcs7.EncryptedContentInfoAsn EncryptedContentInfo;
-        internal System.Security.Cryptography.Asn1.AttributeAsn[] UnprotectedAttributes;
+        internal System.Security.Cryptography.Asn1.AttributeAsn[]? UnprotectedAttributes;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/KeyAgreeRecipientIdentifierAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/OriginatorIdentifierOrKeyAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/OriginatorInfoAsn.xml.cs

@@ -14,8 +14,8 @@ namespace System.Security.Cryptography.Pkcs.Asn1
     [StructLayout(LayoutKind.Sequential)]
     internal partial struct OriginatorInfoAsn
     {
-        internal System.Security.Cryptography.Pkcs.Asn1.CertificateChoiceAsn[] CertificateSet;
-        internal ReadOnlyMemory<byte>[] RevocationInfoChoices;
+        internal System.Security.Cryptography.Pkcs.Asn1.CertificateChoiceAsn[]? CertificateSet;
+        internal ReadOnlyMemory<byte>[]? RevocationInfoChoices;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/PolicyInformation.xml.cs

@@ -15,7 +15,7 @@ namespace System.Security.Cryptography.Pkcs.Asn1
     internal partial struct PolicyInformation
     {
         internal string PolicyIdentifier;
-        internal System.Security.Cryptography.Pkcs.Asn1.PolicyQualifierInfo[] PolicyQualifiers;
+        internal System.Security.Cryptography.Pkcs.Asn1.PolicyQualifierInfo[]? PolicyQualifiers;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/RecipientIdentifierAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/RecipientInfoAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TimeStampReq.xml.cs

@@ -21,7 +21,7 @@ internal partial struct Rfc3161TimeStampReq
         internal Oid? ReqPolicy;
         internal ReadOnlyMemory<byte>? Nonce;
         internal bool CertReq;
-        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[] Extensions;
+        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[]? Extensions;
 
 #if DEBUG
         static Rfc3161TimeStampReq()

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml.cs

@@ -25,7 +25,7 @@ internal partial struct Rfc3161TstInfo
         internal bool Ordering;
         internal ReadOnlyMemory<byte>? Nonce;
         internal System.Security.Cryptography.Asn1.GeneralNameAsn? Tsa;
-        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[] Extensions;
+        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[]? Extensions;
 
 #if DEBUG
         static Rfc3161TstInfo()

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/SignedAttributesSet.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Collections.Generic;
@@ -15,7 +14,7 @@ namespace System.Security.Cryptography.Pkcs
     [StructLayout(LayoutKind.Sequential)]
     internal partial struct SignedAttributesSet
     {
-        internal System.Security.Cryptography.Asn1.AttributeAsn[] SignedAttributes;
+        internal System.Security.Cryptography.Asn1.AttributeAsn[]? SignedAttributes;
 
 #if DEBUG
         static SignedAttributesSet()

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/SignedDataAsn.xml.cs

@@ -17,8 +17,8 @@ internal partial struct SignedDataAsn
         internal int Version;
         internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn[] DigestAlgorithms;
         internal System.Security.Cryptography.Pkcs.Asn1.EncapsulatedContentInfoAsn EncapContentInfo;
-        internal System.Security.Cryptography.Pkcs.Asn1.CertificateChoiceAsn[] CertificateSet;
-        internal ReadOnlyMemory<byte>[] Crls;
+        internal System.Security.Cryptography.Pkcs.Asn1.CertificateChoiceAsn[]? CertificateSet;
+        internal ReadOnlyMemory<byte>[]? Crls;
         internal System.Security.Cryptography.Pkcs.Asn1.SignerInfoAsn[] SignerInfos;
 
         internal void Encode(AsnWriter writer)

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/SignerIdentifierAsn.xml.cs

@@ -2,7 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-#nullable enable
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
 using System;
 using System.Runtime.InteropServices;

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/SigningCertificateAsn.xml.cs

@@ -15,7 +15,7 @@ namespace System.Security.Cryptography.Pkcs.Asn1
     internal partial struct SigningCertificateAsn
     {
         internal System.Security.Cryptography.Pkcs.Asn1.EssCertId[] Certs;
-        internal System.Security.Cryptography.Pkcs.Asn1.PolicyInformation[] Policies;
+        internal System.Security.Cryptography.Pkcs.Asn1.PolicyInformation[]? Policies;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/SigningCertificateV2Asn.xml.cs

@@ -15,7 +15,7 @@ namespace System.Security.Cryptography.Pkcs.Asn1
     internal partial struct SigningCertificateV2Asn
     {
         internal System.Security.Cryptography.Pkcs.Asn1.EssCertIdV2[] Certs;
-        internal System.Security.Cryptography.Pkcs.Asn1.PolicyInformation[] Policies;
+        internal System.Security.Cryptography.Pkcs.Asn1.PolicyInformation[]? Policies;
 
         internal void Encode(AsnWriter writer)
         {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Rfc3161TimestampRequest.cs

@@ -38,7 +38,7 @@ public X509ExtensionCollection GetExtensions()
                 return coll;
             }
 
-            X509ExtensionAsn[] rawExtensions = _parsedData.Extensions;
+            X509ExtensionAsn[] rawExtensions = _parsedData.Extensions!;
 
             foreach (X509ExtensionAsn rawExtension in rawExtensions)
             {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Rfc3161TimestampTokenInfo.cs

@@ -97,7 +97,7 @@ public X509ExtensionCollection GetExtensions()
                 return coll;
             }
 
-            X509ExtensionAsn[] rawExtensions = _parsedData.Extensions;
+            X509ExtensionAsn[] rawExtensions = _parsedData.Extensions!;
 
             foreach (X509ExtensionAsn rawExtension in rawExtensions)
             {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs

@@ -80,7 +80,7 @@ public X509Certificate2Collection Certificates
                     return coll;
                 }
 
-                CertificateChoiceAsn[] certChoices = _signedData.CertificateSet;
+                CertificateChoiceAsn[]? certChoices = _signedData.CertificateSet;
 
                 if (certChoices == null)
                 {

src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/UnixExportProvider.cs

@@ -197,25 +197,23 @@ private void BuildBags(
                 attrBytes[1] = sizeof(int);
                 MemoryMarshal.Write(attrBytes.AsSpan(2), ref keyIdx);
 
+                AttributeAsn attribute = new AttributeAsn
+                {
+                    AttrType = new Oid(Oids.LocalKeyId, null),
+                    AttrValues = new ReadOnlyMemory<byte>[]
+                    {
+                        attrBytes,
+                    }
+                };
                 keyBags[keyIdx] = new SafeBagAsn
                 {
                     BagId = Oids.Pkcs12ShroudedKeyBag,
                     BagValue = ExportPkcs8(certPal, passwordSpan),
-                    BagAttributes = new[]
-                    {
-                        new AttributeAsn
-                        {
-                            AttrType = new Oid(Oids.LocalKeyId, null),
-                            AttrValues = new ReadOnlyMemory<byte>[]
-                            {
-                                attrBytes,
-                            }
-                        }
-                    }
+                    BagAttributes = new[] { attribute }
                 };
 
                 // Reuse the attribute between the cert and the key.
-                certAttrs[certIdx] = keyBags[keyIdx].BagAttributes[0];
+                certAttrs[certIdx] = attribute;
                 keyIdx++;
             }