oid = asn1_parse_algorithmIdentifier(asn1, level0, ¶meters);
params->scheme = signature_scheme_from_oid(oid);
+ params->params = NULL;
switch (params->scheme)
{
case SIGN_UNKNOWN:
break;
}
default:
- params->params = NULL;
+ if (parameters.len &&
+ !chunk_equals(parameters, chunk_from_chars(0x05, 0x00)))
+ {
+ DBG1(DBG_IKE, "unexpected parameters for %N",
+ signature_scheme_names, params->scheme);
+ return FALSE;
+ }
break;
}
return TRUE;
{ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }},
{ TRUE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02),
{ .scheme = SIGN_ECDSA_WITH_SHA256_DER, }},
+ { FALSE, chunk_from_chars(0x30,0x0d,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02,0x02,0x01,0x01),
+ { .scheme = SIGN_ECDSA_WITH_SHA256_DER, }},
{ FALSE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0xff), },
};