From 874154bc49d28c1358037f923e8d773ba0472b9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
Date: Wed, 20 Apr 2016 23:34:09 +0200
Subject: [PATCH] Workaround for incorrect CKA_EC_POINT format

Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
in the ASN1_OCTET_STRING format.  Closes #79.
---
 NEWS         | 3 +++
 src/p11_ec.c | 9 +++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 0a561a6e..f3db4157 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 NEWS for Libp11 -- History of user visible changes
 
 New in 0.4.1; unreleased
+* Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
+  in the ASN1_OCTET_STRING format (Michał Trojnara)
+* Improved building against OpenSSL 1.1.0-dev (Michał Trojnara)
 
 New in 0.4.0; 2016-03-28; Michał Trojnara
 * Merged engine_pkcs11 (Michał Trojnara)
diff --git a/src/p11_ec.c b/src/p11_ec.c
index 6b49775d..20905caa 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -119,15 +119,20 @@ static EC_KEY *pkcs11_get_ec(PKCS11_KEY *key)
 	if (!key_getattr_alloc(pubkey, CKA_EC_POINT, &point, &point_len)) {
 		const unsigned char *a;
 		ASN1_OCTET_STRING *os;
+		EC_KEY *success = NULL;
 
-		/* PKCS#11 returns ASN1_OCTET_STRING */
+		/* PKCS#11-compliant modules should return ASN1_OCTET_STRING */
 		a = point;
 		os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)point_len);
 		if (os) {
 			a = os->data;
-			o2i_ECPublicKey(&ec, &a, os->length);
+			success = o2i_ECPublicKey(&ec, &a, os->length);
 			ASN1_STRING_free(os);
 		}
+		if (success == NULL) { /* Workaround for broken PKCS#11 modules */
+			a = point;
+			o2i_ECPublicKey(&ec, &a, point_len);
+		}
 		OPENSSL_free(point);
 	}