From 975c01342a25899962969833d8b2873dc8856a4f Mon Sep 17 00:00:00 2001
From: Katie Hockman <katie@golang.org>
Date: Mon, 24 Feb 2020 17:25:08 -0500
Subject: [PATCH] crypto/x509: use new ecdsa.VerifyASN1 API

Change-Id: Ia4f77d2965e34454e8dd3f2d8bf9c4f3065a9fbc
Reviewed-on: https://go-review.googlesource.com/c/go/+/220721
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---
 src/crypto/x509/x509.go | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index aaf2e684fa..a8bef2a90d 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -163,8 +163,6 @@ type dsaSignature struct {
 	R, S *big.Int
 }
 
-type ecdsaSignature dsaSignature
-
 type validity struct {
 	NotBefore, NotAfter time.Time
 }
@@ -905,16 +903,7 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey
 		if pubKeyAlgo != ECDSA {
 			return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
 		}
-		ecdsaSig := new(ecdsaSignature)
-		if rest, err := asn1.Unmarshal(signature, ecdsaSig); err != nil {
-			return err
-		} else if len(rest) != 0 {
-			return errors.New("x509: trailing data after ECDSA signature")
-		}
-		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-			return errors.New("x509: ECDSA signature contained zero or negative values")
-		}
-		if !ecdsa.Verify(pub, signed, ecdsaSig.R, ecdsaSig.S) {
+		if !ecdsa.VerifyASN1(pub, signed, signature) {
 			return errors.New("x509: ECDSA verification failure")
 		}
 		return
-- 
2.50.0