-
David Woodhouse authored
I lifted this code to use it elsewhere and found that 'openssl dgst -verify' didn't like the resulting signatures. So ensure we have a definite lengh for the overall SEQUENCE and that we don't have gratuitous zeroes at the start of each INTEGER. Even 'openssl asn1parse' whines about the latter, calling it a :BAD INTEGER:. I can't find any documentation which mandates DER, and I don't see the point since there's a randomly generated salt so there's no 'canonical' signature result anyway. But it doesn't hurt, and this matches what GnuTLS does in 3.6.0 onwards where it *does* provide this function. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
116a80be