Remove three bytes from PKCS#11 ECPoint string

The CKA_EC_POINT is defined as 'DER encoded X9.62 octet string', which means it has DER preamble and also compression indicator. So we remove these from the result string, and pass it along, to get valid ECPoint value for DNS use.
PowerDNS · May 17, 2015 · 432808b · 432808b
1 parent ba4d623
commit 432808b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
@@ -353,7 +353,7 @@ class Pkcs11Token {
             d_ecdsa_params = attr[0].str();
             if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
             if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
-            d_ec_point = attr[1].str();
+            d_ec_point = attr[1].str().substr(3);
           } else {
             throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
           }