From 171594a92de4f9d594ad288c4cf6a04453c6726a Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 28 Feb 2017 12:18:34 +0100
Subject: [PATCH] fix leading zero padding in ECDSA sig conversion

---
 src/com/verisignlabs/dnssec/security/SignUtils.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java
index 9fbb1e5..5ef1923 100644
--- a/src/com/verisignlabs/dnssec/security/SignUtils.java
+++ b/src/com/verisignlabs/dnssec/security/SignUtils.java
@@ -526,6 +526,15 @@ public class SignUtils
     s_src_pos = (byte) (r_src_pos + r_src_len); s_pad = 0;
     len = (byte) (6 + r_src_len + s_src_len);
 
+    // leading zeroes are forbidden
+    if (signature[r_src_pos] == 0) {
+       r_src_pos++; r_src_len--; len--;
+    }
+    if (signature[s_src_pos] == 0) {
+       s_src_pos++; s_src_len--; len--;
+    }
+
+    // except when they are mandatory
     if (signature[r_src_pos] < 0) {
         r_pad = 1; len++;
     }