Issue with ecdsa.Sign when using P-521 with SHA-512

<p>Hello,</p> <p>I&#39;ve generated a EC p-521 cert key pair as such:</p> <p>Private: openssl ecparam -out test/ec512-wrong-private.pem -name secp521r1 -genkey</p> <p>Public: openssl ec -in test/ec512-private.pem -pubout &gt; test/ec512-public.pem</p> <p>When using ecdsa.Sign() to create a signature, the byte sizes of r and s are not consistent to the curve points byte sizes in the certificate.</p> <p>IE, I checked the values by</p> <p>fmt.Println(len(r.Bytes()))</p> <p>fmt.Println(len(s.Bytes()))</p> <p>The funny part is that this fluctuates. Sometimes its correct and sometimes its not. The problem is that if r or s are off then signature validation will fail.</p> <p>Note that I tested P-256:</p> <p>openssl ecparam -out test/ec256-private.pem -name prime256v1 -genkey</p> <p>openssl ec -in test/ec256-private.pem -pubout &gt; test/ec256-public.pem</p> <p>And P-384</p> <p>openssl ecparam -out test/ec384-private.pem -name secp384r1 -genkey</p> <p>openssl ec -in test/ec384-private.pem -pubout &gt; test/ec384-public.pem</p> <p>and they work fine...</p> <p>Question is, why aren&#39;t the byte slice lengths consistent for r and s when using P-521? The P-256 and P-384 are.</p> <hr/>**评论：**<br/><br/>giovannibajo: <pre><p>Please post a repro on playground that reproduces the problem, also including the generated keys in the source code (assuming it&#39;s just a test and you can share them).</p></pre>scythelx: <pre><p><a href="http://play.golang.org/p/yhg_2jvS0e" rel="nofollow">http://play.golang.org/p/yhg_2jvS0e</a></p></pre>scythelx: <pre><p>I was able to resolve by using a asn1 encoding on the r, s big.Int values. IE so I&#39;m able to consistently unmarshal the data.</p></pre>minyosdy: <pre><p>Because sometimes the upper 8+ bits of r or s are zero.</p></pre>