]> Cypherpunks.ru repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e3b536a)
crypto/tls: use new ecdsa.VerifyASN1 API
authorKatie Hockman <katie@golang.org>
Mon, 24 Feb 2020 22:23:19 +0000 (17:23 -0500)
committerKatie Hockman <katie@golang.org>
Wed, 26 Feb 2020 16:58:30 +0000 (16:58 +0000)
Change-Id: I2a233190bda78ca022ff4074b4553788847d7583
Reviewed-on: https://go-review.googlesource.com/c/go/+/220720
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
src/crypto/tls/auth.go patch | blob | history
src/crypto/tls/common.go patch | blob | history

diff --git a/src/crypto/tls/auth.go b/src/crypto/tls/auth.go
index 009f8d3d1efa117518f4803894146fca18b3a4db..d87f7bdd512decc5472f71a052ab43092f1ce347 100644 (file)
--- a/src/crypto/tls/auth.go
+++ b/src/crypto/tls/auth.go
@@ -11,7 +11,6 @@ import (
        "crypto/ed25519"
        "crypto/elliptic"
        "crypto/rsa"
-       "encoding/asn1"
        "errors"
        "fmt"
        "hash"
@@ -27,14 +26,7 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
                if !ok {
                        return fmt.Errorf("expected an ECDSA public key, got %T", pubkey)
                }
-               ecdsaSig := new(ecdsaSignature)
-               if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil {
-                       return err
-               }
-               if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-                       return errors.New("ECDSA signature contained zero or negative values")
-               }
-               if !ecdsa.Verify(pubKey, signed, ecdsaSig.R, ecdsaSig.S) {
+               if !ecdsa.VerifyASN1(pubKey, signed, sig) {
                        return errors.New("ECDSA verification failure")
                }
        case signatureEd25519:
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index c3de0b3deed7432f3884098bf3c22994862805ff..53719c48df5b65affe4aabe85a998609272e812b 100644 (file)
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -19,7 +19,6 @@ import (
        "fmt"
        "internal/cpu"
        "io"
-       "math/big"
        "net"
        "strings"
        "sync"
@@ -1264,13 +1263,6 @@ func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) {
        return nil, false
 }
 
-// TODO(jsing): Make these available to both crypto/x509 and crypto/tls.
-type dsaSignature struct {
-       R, S *big.Int
-}
-
-type ecdsaSignature dsaSignature
-
 var emptyConfig Config
 
 func defaultConfig() *Config {
Go GOST TLS 1.3