The fix for CR 7054637 introduced a PKCS11 token attribute to control whether an EC point encoding is wrapped in an ASN.1 OCTET STRING or not.
It has been reported that the numeric identifier chosen for that attribute will clash with
the identifier already chosen by a vendor of PKCS11 tokens as a vendor extension.
To avoid this and any future namespace collisions from other token vendors a JCE provider
attribute should be used instead of a token attribute.
Problem identified for one PKCS11 token vendor.
Fix as suggested
Modify the fix for CR 7054637 to use a JCE provider attribute rather than a PKCS11 token attribute to avoid a namespace collision and unintended behaviour in the token.