pkcs11: Skip zero-padding of r and s when preparing EC signature

They are zero padded to fill the buffer.

Fixes #1377.

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index bfc545972110961a8182cb6e5e1e404625ec75ad..aec4550ce941a9c3a8925f3963241b9c35e5f2bd 100644 (file)
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -295,13 +295,19 @@ METHOD(private_key_t, sign, bool,
                case SIGN_ECDSA_WITH_SHA256_DER:
                case SIGN_ECDSA_WITH_SHA384_DER:
                case SIGN_ECDSA_WITH_SHA512_DER:
-                       /* return an ASN.1 encoded sequence of integers r and s */
+               {
+                       chunk_t r, s;
+
+                       /* return an ASN.1 encoded sequence of integers r and s, removing
+                        * any zero-padding */
                        len /= 2;
+                       r = chunk_skip_zero(chunk_create(buf, len));
+                       s = chunk_skip_zero(chunk_create(buf+len, len));
                        *signature = asn1_wrap(ASN1_SEQUENCE, "mm",
-                                                               asn1_integer("c", chunk_create(buf, len)),
-                                                               asn1_integer("c", chunk_create(buf+len, len)));
+                                                                  asn1_integer("c", r), asn1_integer("c", s));
                        free(buf);
                        break;
+               }
                default:
                        *signature = chunk_create(buf, len);
                        break;