From: Katie Hockman <katie@golang.org>
Date: Mon, 24 Feb 2020 22:25:08 +0000 (-0500)
Subject: crypto/x509: use new ecdsa.VerifyASN1 API
X-Git-Tag: go1.15beta1~1049
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=975c01342a25899962969833d8b2873dc8856a4f;p=gostls13.git

crypto/x509: use new ecdsa.VerifyASN1 API

Change-Id: Ia4f77d2965e34454e8dd3f2d8bf9c4f3065a9fbc
Reviewed-on: https://go-review.googlesource.com/c/go/+/220721
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index aaf2e684fa..a8bef2a90d 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -163,8 +163,6 @@ type dsaSignature struct {
 	R, S *big.Int
 }
 
-type ecdsaSignature dsaSignature
-
 type validity struct {
 	NotBefore, NotAfter time.Time
 }
@@ -905,16 +903,7 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey
 		if pubKeyAlgo != ECDSA {
 			return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
 		}
-		ecdsaSig := new(ecdsaSignature)
-		if rest, err := asn1.Unmarshal(signature, ecdsaSig); err != nil {
-			return err
-		} else if len(rest) != 0 {
-			return errors.New("x509: trailing data after ECDSA signature")
-		}
-		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-			return errors.New("x509: ECDSA signature contained zero or negative values")
-		}
-		if !ecdsa.Verify(pub, signed, ecdsaSig.R, ecdsaSig.S) {
+		if !ecdsa.VerifyASN1(pub, signed, signature) {
 			return errors.New("x509: ECDSA verification failure")
 		}
 		return