Remove three bytes from PKCS#11 ECPoint string

The CKA_EC_POINT is defined as 'DER encoded X9.62 octet string',
which means it has DER preamble and also compression indicator.
So we remove these from the result string, and pass it along,
to get valid ECPoint value for DNS use.

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 0a3380b36fddfee33379c4db530dc13769e2469b..a840f74dc3f749f626cbe0fe0e5b84d52f4ea95e 100644 (file)
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -355,7 +355,7 @@ class Pkcs11Token {
             d_ecdsa_params = attr[0].str();
             if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
             if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
-            d_ec_point = attr[1].str();
+            d_ec_point = attr[1].str().substr(3);
           } else {
             throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
           }