From 749aef30321595435ddacef2f31d7a8f2b289309 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 20 Jan 2019 23:00:12 +0000
Subject: upstream: cleanup unnecessary code in ECDSA pkcs#11 signature

work by markus@, feedback and ok djm@

OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d
---
 ssh-pkcs11.c | 41 ++++++++++++++++-------------------------
 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 01f968a9b..dd8d501ae 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -411,7 +411,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
 	CK_RV			rv;
 	ECDSA_SIG		*ret = NULL;
 	u_char			*sig;
-	const u_char		*cp;
 
 	if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) {
 		ossl_error("EC_KEY_get_key_method_data failed for ec");
@@ -435,29 +434,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
 		error("C_Sign failed: %lu", rv);
 		goto done;
 	}
-	cp = sig;
-	ret = d2i_ECDSA_SIG(NULL, &cp, siglen);
-	if (ret == NULL) {
-		/*
-		 * d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded
-		 * sequence, but to the concatenation r|s.
-		 */
-		if (siglen < 64 || siglen > 132 || siglen % 2) {
-			ossl_error("d2i_ECDSA_SIG failed");
-			goto done;
-		}
-		bnlen = siglen/2;
-		if ((ret = ECDSA_SIG_new()) == NULL) {
-			error("ECDSA_SIG_new failed");
-			goto done;
-		}
-		if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
-		    BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
-			ossl_error("d2i_ECDSA_SIG failed");
-			ECDSA_SIG_free(ret);
-			ret = NULL;
-			goto done;
-		}
+	if (siglen < 64 || siglen > 132 || siglen % 2) {
+		ossl_error("d2i_ECDSA_SIG failed");
+		goto done;
+	}
+	bnlen = siglen/2;
+	if ((ret = ECDSA_SIG_new()) == NULL) {
+		error("ECDSA_SIG_new failed");
+		goto done;
+	}
+	if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
+	    BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
+		ossl_error("d2i_ECDSA_SIG failed");
+		ECDSA_SIG_free(ret);
+		ret = NULL;
+		goto done;
 	}
  done:
 	free(sig);
-- 
cgit v1.2.3