===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sk-usbhid.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- src/usr.bin/ssh/sk-usbhid.c	2019/11/15 05:26:56	1.4
+++ src/usr.bin/ssh/sk-usbhid.c	2019/11/15 06:00:20	1.5
@@ -278,15 +278,13 @@
 	BIGNUM *x = NULL, *y = NULL;
 	EC_POINT *q = NULL;
 	EC_GROUP *g = NULL;
-	BN_CTX *bn_ctx = NULL;
 	int ret = -1;
 
 	response->public_key = NULL;
 	response->public_key_len = 0;
 
-	if ((bn_ctx = BN_CTX_new()) == NULL ||
-	    (x = BN_CTX_get(bn_ctx)) == NULL ||
-	    (y = BN_CTX_get(bn_ctx)) == NULL ||
+	if ((x = BN_new()) == NULL ||
+	    (y = BN_new()) == NULL ||
 	    (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
 	    (q = EC_POINT_new(g)) == NULL) {
 		skdebug(__func__, "libcrypto setup failed");
@@ -307,12 +305,12 @@
 		skdebug(__func__, "BN_bin2bn failed");
 		goto out;
 	}
-	if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bn_ctx) != 1) {
+	if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
 		skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
 		goto out;
 	}
 	response->public_key_len = EC_POINT_point2oct(g, q,
-	    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx);
+	    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
 	if (response->public_key_len == 0 || response->public_key_len > 2048) {
 		skdebug(__func__, "bad pubkey length %zu",
 		    response->public_key_len);
@@ -323,7 +321,7 @@
 		goto out;
 	}
 	if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
-	    response->public_key, response->public_key_len, bn_ctx) == 0) {
+	    response->public_key, response->public_key_len, NULL) == 0) {
 		skdebug(__func__, "EC_POINT_point2oct failed");
 		goto out;
 	}
@@ -337,7 +335,8 @@
 	}
 	EC_POINT_free(q);
 	EC_GROUP_free(g);
-	BN_CTX_free(bn_ctx);
+	BN_clear_free(x);
+	BN_clear_free(y);
 	return ret;
 }