From 21f662c7d1d63685c084b7015aab5c7f20357193 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 30 Nov 2023 10:25:08 +1000
Subject: [PATCH] ASN template: StoreECC_DSA_Sig_Bin

Strip leading zeros from R and S before encoding in ASN.1.
---
 wolfcrypt/src/asn.c   |  8 ++++++
 wolfcrypt/test/test.c | 62 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 42b9aaeac..9da5d1be1 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -32062,6 +32062,14 @@ int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen,
 
     /* Clear dynamic data and set buffers for r and s */
     XMEMSET(dataASN, 0, sizeof(dataASN));
+    while ((rLen > 1) && (r[0] == 0)) {
+        rLen--;
+        r++;
+    }
+    while ((sLen > 1) && (s[0] == 0)) {
+        sLen--;
+        s++;
+    }
     SetASN_Buffer(&dataASN[DSASIGASN_IDX_R], r, rLen);
     SetASN_Buffer(&dataASN[DSASIGASN_IDX_S], s, sLen);
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index c2956f2a4..d9b79c3df 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -29898,6 +29898,58 @@ static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng)
 }
 #endif /* WC_ECC_NONBLOCK && WOLFSSL_HAVE_SP_ECC && WOLFSSL_PUBLIC_MP */
 
+#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION > 2)))
+static int ecc_test_raw_enc_dec(void)
+{
+    int ret;
+    unsigned char r[1];
+    word32 rSz;
+    unsigned char s[1];
+    word32 sSz;
+    unsigned char rZero[] = { 0, 0, 0, 0 };
+    unsigned char sOne[] = { 0, 0, 1 };
+    unsigned char sigRaw[32];
+    word32 sigRawSz;
+    unsigned char expSig[] = { 0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01 };
+
+    sigRawSz = sizeof(sigRaw);
+    ret = wc_ecc_rs_raw_to_sig(rZero, sizeof(rZero), sOne, sizeof(sOne),
+        sigRaw, &sigRawSz);
+    if (ret != 0) {
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+    if (sigRawSz != sizeof(expSig)) {
+        return WC_TEST_RET_ENC_EC((int)sigRawSz);
+    }
+    if (XMEMCMP(sigRaw, expSig, sizeof(expSig)) != 0) {
+        return WC_TEST_RET_ENC_NC;
+    }
+
+    rSz = sizeof(r);
+    sSz = sizeof(s);
+    ret = wc_ecc_sig_to_rs(sigRaw, sigRawSz, r, &rSz, s, &sSz);
+    if (ret != 0) {
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+    if (rSz != 1) {
+        return WC_TEST_RET_ENC_EC((int)rSz);
+    }
+    if (sSz != 1) {
+        return WC_TEST_RET_ENC_EC((int)sSz);
+    }
+    if (r[0] != 0) {
+        return WC_TEST_RET_ENC_EC(r[0]);
+    }
+    if (s[0] != 1) {
+        return WC_TEST_RET_ENC_EC(s[0]);
+    }
+
+    return ret;
+}
+#endif
+
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
 {
     wc_test_ret_t ret;
@@ -30022,6 +30074,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
     }
 #endif
 
+#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION > 2)))
+    ret = ecc_test_raw_enc_dec();
+    if (ret != 0) {
+        printf("raw sig encode/decode\n");
+        goto done;
+    }
+#endif
+
 #if defined(WOLFSSL_CUSTOM_CURVES)
     ret = ecc_test_custom_curves(&rng);
     if (ret != 0) {