upstream: cleanup unnecessary code in ECDSA pkcs#11 signature

work by markus@, feedback and ok djm@

OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d

ssh-pkcs11.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -411,7 +411,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
 	CK_RV			rv;
 	ECDSA_SIG		*ret = NULL;
 	u_char			*sig;
-	const u_char		*cp;
 
 	if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) {
 		ossl_error("EC_KEY_get_key_method_data failed for ec");
@@ -435,29 +434,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
 		error("C_Sign failed: %lu", rv);
 		goto done;
 	}
-	cp = sig;
+	if (siglen < 64 || siglen > 132 || siglen % 2) {
-	ret = d2i_ECDSA_SIG(NULL, &cp, siglen);
+		ossl_error("d2i_ECDSA_SIG failed");
-	if (ret == NULL) {
+		goto done;
-		/*
+	}
-		 * d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded
+	bnlen = siglen/2;
-		 * sequence, but to the concatenation r|s.
+	if ((ret = ECDSA_SIG_new()) == NULL) {
-		 */
+		error("ECDSA_SIG_new failed");
-		if (siglen < 64 || siglen > 132 || siglen % 2) {
+		goto done;
-			ossl_error("d2i_ECDSA_SIG failed");
+	}
-			goto done;
+	if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
-		}
+	    BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
-		bnlen = siglen/2;
+		ossl_error("d2i_ECDSA_SIG failed");
-		if ((ret = ECDSA_SIG_new()) == NULL) {
+		ECDSA_SIG_free(ret);
-			error("ECDSA_SIG_new failed");
+		ret = NULL;
-			goto done;
+		goto done;
-		}
-		if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
-		    BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
-			ossl_error("d2i_ECDSA_SIG failed");
-			ECDSA_SIG_free(ret);
-			ret = NULL;
-			goto done;
-		}
 	}
  done:
 	free(sig);