From 432808be7bf348726f96b58e926777f4ca0dde59 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <cmouse@cmouse.fi>
Date: Sat, 16 May 2015 23:44:49 +0300
Subject: [PATCH] Remove three bytes from PKCS#11 ECPoint string

The CKA_EC_POINT is defined as 'DER encoded X9.62 octet string',
which means it has DER preamble and also compression indicator.
So we remove these from the result string, and pass it along,
to get valid ECPoint value for DNS use.
---
 pdns/pkcs11signers.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 4d97b219b..d668a387e 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -353,7 +353,7 @@ class Pkcs11Token {
             d_ecdsa_params = attr[0].str();
             if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
             if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
-            d_ec_point = attr[1].str();
+            d_ec_point = attr[1].str().substr(3);
           } else {
             throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
           }
-- 
2.40.0