refact(der-to-jose) add additional param length checks

[omsmith]

No description provided.

[omsmith]

@j3parker When you have a minute, no real rush as its not particularly important. Suggested reading with ?w=1

Just adds an additional sanity/correctness check when reading in a DER signature.

The DER representation, a minimally represented signed integer, should be at most paramLength + 1, given they could be the full length with a leading zero when necessary to disambiguate positivity. Using the "happy path fuzzing", this is usually the case.

[j3parker]

Whoops! Will look tomorrow

[j3parker]

Haha I forgot about the leading zero for positivity thing. Sigh.

but you're the expert :)

Is the sanity check just for helping lawful-good devs or is it also a perf thing?

[omsmith]

Eh, would just be to avoid following through the whole process, allocating buffers and copying and whatnot if it couldn't possibly be valid

[j3parker]

Sounds reasonable. Better to reject crap data early.