crypto/x509: use new ecdsa.VerifyASN1 API

Change-Id: Ia4f77d2965e34454e8dd3f2d8bf9c4f3065a9fbc
Reviewed-on: https://go-review.googlesource.com/c/go/+/220721
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index aaf2e684fa52546f5e7f59be05ef9756f74b64d9..a8bef2a90dd154f481cc5bee1821d1fe8421c9b7 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -163,8 +163,6 @@ type dsaSignature struct {
        R, S *big.Int
 }
 
-type ecdsaSignature dsaSignature
-
 type validity struct {
        NotBefore, NotAfter time.Time
 }
@@ -905,16 +903,7 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey
                if pubKeyAlgo != ECDSA {
                        return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
                }
-               ecdsaSig := new(ecdsaSignature)
-               if rest, err := asn1.Unmarshal(signature, ecdsaSig); err != nil {
-                       return err
-               } else if len(rest) != 0 {
-                       return errors.New("x509: trailing data after ECDSA signature")
-               }
-               if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-                       return errors.New("x509: ECDSA signature contained zero or negative values")
-               }
-               if !ecdsa.Verify(pub, signed, ecdsaSig.R, ecdsaSig.S) {
+               if !ecdsa.VerifyASN1(pub, signed, signature) {
                        return errors.New("x509: ECDSA verification failure")
                }
                return