diff --git a/common/mbedtls/ecdsa.c b/common/mbedtls/ecdsa.c
index 1d087f386..a7d7bb720 100644
--- a/common/mbedtls/ecdsa.c
+++ b/common/mbedtls/ecdsa.c
@@ -289,20 +289,18 @@ cleanup:
 int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
                             unsigned char *sig, size_t *slen) {
     int ret;
-    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
-    unsigned char *p = buf + sizeof(buf);
+    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
+    unsigned char *p = buf + sizeof(buf) - 1;
     size_t len = 0;
 
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, s));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, r));
 
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
-                                                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
 
     memcpy(sig, p, len);
     *slen = len;
-
     return (0);
 }