Remove three bytes from PKCS#11 ECPoint string

The CKA_EC_POINT is defined as 'DER encoded X9.62 octet string',
which means it has DER preamble and also compression indicator.
So we remove these from the result string, and pass it along,
to get valid ECPoint value for DNS use.

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 4d97b219b0a4605e251c6e09d3ee819078c5fd83..d668a387e44db4d08e2a7967e0737e0f59f73ce0 100644 (file)
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -353,7 +353,7 @@ class Pkcs11Token {
             d_ecdsa_params = attr[0].str();
             if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
             if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
-            d_ec_point = attr[1].str();
+            d_ec_point = attr[1].str().substr(3);
           } else {
             throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
           }