===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-pkcs11.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- src/usr.bin/ssh/ssh-pkcs11.c	2019/01/20 22:51:37	1.28
+++ src/usr.bin/ssh/ssh-pkcs11.c	2019/01/20 23:00:12	1.29
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -404,7 +404,6 @@
 	CK_RV			rv;
 	ECDSA_SIG		*ret = NULL;
 	u_char			*sig;
-	const u_char		*cp;
 
 	if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) {
 		ossl_error("EC_KEY_get_key_method_data failed for ec");
@@ -428,29 +427,21 @@
 		error("C_Sign failed: %lu", rv);
 		goto done;
 	}
-	cp = sig;
-	ret = d2i_ECDSA_SIG(NULL, &cp, siglen);
-	if (ret == NULL) {
-		/*
-		 * d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded
-		 * sequence, but to the concatenation r|s.
-		 */
-		if (siglen < 64 || siglen > 132 || siglen % 2) {
-			ossl_error("d2i_ECDSA_SIG failed");
-			goto done;
-		}
-		bnlen = siglen/2;
-		if ((ret = ECDSA_SIG_new()) == NULL) {
-			error("ECDSA_SIG_new failed");
-			goto done;
-		}
-		if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
-		    BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
-			ossl_error("d2i_ECDSA_SIG failed");
-			ECDSA_SIG_free(ret);
-			ret = NULL;
-			goto done;
-		}
+	if (siglen < 64 || siglen > 132 || siglen % 2) {
+		ossl_error("d2i_ECDSA_SIG failed");
+		goto done;
+	}
+	bnlen = siglen/2;
+	if ((ret = ECDSA_SIG_new()) == NULL) {
+		error("ECDSA_SIG_new failed");
+		goto done;
+	}
+	if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
+	    BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
+		ossl_error("d2i_ECDSA_SIG failed");
+		ECDSA_SIG_free(ret);
+		ret = NULL;
+		goto done;
 	}
  done:
 	free(sig);