crypto/tls: use new ecdsa.VerifyASN1 API

Change-Id: I2a233190bda78ca022ff4074b4553788847d7583 Reviewed-on: https://go-review.googlesource.com/c/go/+/220720 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
2025-04-04 12:37:35 +03:00 · 2020-02-24 17:23:19 -05:00 · 2020-02-24 17:23:19 -05:00 · 008ada74ec
commit 008ada74ec
parent 5e6895faa7
2 changed files with 1 additions and 17 deletions
--- a/auth.go
+++ b/auth.go
@ -11,7 +11,6 @@ import (
 	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rsa"
 	"encoding/asn1"
 	"errors"
 	"fmt"
 	"hash"
@ -27,14 +26,7 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 		if !ok {
 			return fmt.Errorf("expected an ECDSA public key, got %T", pubkey)
 		}
-		ecdsaSig := new(ecdsaSignature)
+		if !ecdsa.VerifyASN1(pubKey, signed, sig) {
 		if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil {
 			return err
 		}
 		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
 			return errors.New("ECDSA signature contained zero or negative values")
 		}
 		if !ecdsa.Verify(pubKey, signed, ecdsaSig.R, ecdsaSig.S) {
 			return errors.New("ECDSA verification failure")
 		}
 	case signatureEd25519:
--- a/common.go
+++ b/common.go
@ -19,7 +19,6 @@ import (
 	"fmt"
 	"internal/cpu"
 	"io"
 	"math/big"
 	"net"
 	"strings"
 	"sync"
@ -1264,13 +1263,6 @@ func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) {
 	return nil, false
 }
 // TODO(jsing): Make these available to both crypto/x509 and crypto/tls.
 type dsaSignature struct {
 	R, S *big.Int
 }
 type ecdsaSignature dsaSignature
 var emptyConfig Config
 func defaultConfig() *Config {