From: Aki Tuomi <cmouse@cmouse.fi>
Date: Sat, 16 May 2015 20:44:49 +0000 (+0300)
Subject: Remove three bytes from PKCS#11 ECPoint string
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~28^2~46^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=415c31ae95bf8e4e8262916d7d980a1504993740;p=thirdparty%2Fpdns.git

Remove three bytes from PKCS#11 ECPoint string

The CKA_EC_POINT is defined as 'DER encoded X9.62 octet string',
which means it has DER preamble and also compression indicator.
So we remove these from the result string, and pass it along,
to get valid ECPoint value for DNS use.
---

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 0a3380b36f..a840f74dc3 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -355,7 +355,7 @@ class Pkcs11Token {
             d_ecdsa_params = attr[0].str();
             if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
             if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
-            d_ec_point = attr[1].str();
+            d_ec_point = attr[1].str().substr(3);
           } else {
             throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
           }