From 0961a88d7caf8de4f7d602b97c22c69b149798a9 Mon Sep 17 00:00:00 2001 From: Joe Richey <joerichey@google.com> Date: Wed, 23 Mar 2022 19:50:52 -0700 Subject: [PATCH] parseEfiSignature: Don't rely on type of error code The specific error type is not part of x509.ParseCertificate documented API. So we shouldn't rely on it for this workaround. Signed-off-by: Joe Richey <joerichey@google.com> --- attest/internal/events.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/attest/internal/events.go b/attest/internal/events.go index 1c99116..393368b 100644 --- a/attest/internal/events.go +++ b/attest/internal/events.go @@ -3,7 +3,6 @@ package internal import ( "bytes" "crypto/x509" - "encoding/asn1" "encoding/binary" "errors" "fmt" @@ -443,13 +442,11 @@ func parseEfiSignature(b []byte) ([]x509.Certificate, error) { } else { // A bug in shim may cause an event to be missing the SignatureOwner GUID. // We handle this, but signal back to the caller using ErrSigMissingGUID. - if _, isStructuralErr := err.(asn1.StructuralError); isStructuralErr { - var err2 error - cert, err2 = x509.ParseCertificate(b) - if err2 == nil { - certificates = append(certificates, *cert) - err = ErrSigMissingGUID - } + var err2 error + cert, err2 = x509.ParseCertificate(b) + if err2 == nil { + certificates = append(certificates, *cert) + err = ErrSigMissingGUID } } return certificates, err