Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/kexgexs.c,v
rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/kexgexs.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- src/crypto/external/bsd/openssh/dist/kexgexs.c	2017/10/07 19:39:19	1.14
+++ src/crypto/external/bsd/openssh/dist/kexgexs.c	2018/02/05 00:13:50	1.15
@@ -1,4 +1,4 @@
-/*	$NetBSD: kexgexs.c,v 1.14 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: kexgexs.c,v 1.15 2018/02/05 00:13:50 christos Exp $	*/
 /* $OpenBSD: kexgexs.c,v 1.31 2017/05/30 14:23:52 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: kexgexs.c,v 1.14 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: kexgexs.c,v 1.15 2018/02/05 00:13:50 christos Exp $");
 
 #include <sys/param.h>	/* MIN MAX */
 #include <stdio.h>
@@ -100,11 +100,16 @@ input_kex_dh_gex_request(int type, u_int
 		goto out;
 	}
 	debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
+	{
+	const BIGNUM *p, *g;
+	DH_get0_pqg(kex->dh, &p, NULL, &g);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 ||
-	    (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 ||
-	    (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
+	    (r = sshpkt_put_bignum2(ssh, p)) != 0 ||
+	    (r = sshpkt_put_bignum2(ssh, g)) != 0 ||
+	    (r = sshpkt_send(ssh)) != 0) {
 		goto out;
+	}
+	}
 
 	/* Compute our exchange value in parallel with the client */
 	if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
@@ -114,6 +119,10 @@ input_kex_dh_gex_request(int type, u_int
 	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init);
 	r = 0;
  out:
+	if (r != 0) {
+		DH_free(kex->dh);
+		kex->dh = NULL;
+	}
 	return r;
 }
 
@@ -190,6 +199,10 @@ input_kex_dh_gex_init(int type, u_int32_
 		goto out;
 	/* calc H */
 	hashlen = sizeof(hash);
+	{
+	const BIGNUM *p, *g, *pub_key;
+	DH_get0_pqg(kex->dh, &p, NULL, &g);
+	DH_get0_key(kex->dh, &pub_key, NULL);
 	if ((r = kexgex_hash(
 	    kex->hash_alg,
 	    kex->client_version_string,
@@ -198,12 +211,14 @@ input_kex_dh_gex_init(int type, u_int32_
 	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
 	    server_host_key_blob, sbloblen,
 	    kex->min, kex->nbits, kex->max,
-	    kex->dh->p, kex->dh->g,
+	    p, g,
 	    dh_client_pub,
-	    kex->dh->pub_key,
+	    pub_key,
 	    shared_secret,
-	    hash, &hashlen)) != 0)
+	    hash, &hashlen)) != 0) {
 		goto out;
+	}
+	}
 
 	/* save session id := H */
 	if (kex->session_id == NULL) {
@@ -224,12 +239,17 @@ input_kex_dh_gex_init(int type, u_int32_
 	/* destroy_sensitive_data(); */
 
 	/* send server hostkey, DH pubkey 'f' and singed H */
+	{
+	const BIGNUM *pub_key;
+	DH_get0_key(kex->dh, &pub_key, NULL);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
 	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-	    (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||     /* f */
+	    (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||     /* f */
 	    (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
+	    (r = sshpkt_send(ssh)) != 0) {
 		goto out;
+	}
+	}
 
 	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
 		r = kex_send_newkeys(ssh);