Don't drop leading zeroes when performing generic ECDSA signing

call ret.FillBytes() instead of ret.Bytes() to preserve leading zeroes that may have been dropped when converting the digest to an integer
smallstep · Oct 10, 2024 · f57178e · f57178e
1 parent 3b625a2
commit f57178e
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/attest/wrapped_tpm20.go b/attest/wrapped_tpm20.go
@@ -613,7 +613,9 @@ func signECDSA(rw io.ReadWriter, key tpmutil.Handle, digest []byte, curve ellipt
 	if excess > 0 {
 		ret.Rsh(ret, uint(excess))
 	}
-	digest = ret.Bytes()
+	// call ret.FillBytes() here instead of ret.Bytes() to preserve leading zeroes
+	// that may have been dropped when converting the digest to an integer
+	digest = ret.FillBytes(digest)
 
 	sig, err := tpm2.Sign(rw, key, "", digest, nil, scheme)
 	if err != nil {