From c854da510a7ad83db39cdb97cb59f9cc9044e2b1 Mon Sep 17 00:00:00 2001
From: Jay Wren <jay.wren@slack-corp.com>
Date: Thu, 2 Apr 2026 16:12:36 -0400
Subject: [PATCH] fix: trim leading zeros from p256 signature swap result

bigmod.Nat.Bytes() returns fixed-size 32-byte slices, but ASN.1 INTEGER
parsing strips leading zeros. This caused a flaky test failure (~1/256
chance) when the S value's high byte was zero.

Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
---
 cert/p256/p256.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cert/p256/p256.go b/cert/p256/p256.go
index be0a2381..dc609a35 100644
--- a/cert/p256/p256.go
+++ b/cert/p256/p256.go
@@ -44,7 +44,12 @@ func swap(r, s []byte) ([]byte, []byte, error) {
 	}
 	sNormalized := nMod.Nat().Sub(bigS, nMod)
 
-	return r, sNormalized.Bytes(nMod), nil
+	result := sNormalized.Bytes(nMod)
+	for len(result) > 1 && result[0] == 0 {
+		result = result[1:]
+	}
+
+	return r, result, nil
 }
 
 func Normalize(sig []byte) ([]byte, error) {