1 files changed, 16 insertions, 10 deletions

diff --git a/kexgexs.c b/kexgexs.c
index f6983fd69..dc9c0bc60 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.33 2018/04/10 00:10:49 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.35 2018/10/04 00:04:41 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -36,6 +36,8 @@
 
 #include <openssl/dh.h>
 
+#include "openbsd-compat/openssl-compat.h"
+
 #include "sshkey.h"
 #include "cipher.h"
 #include "digest.h"
@@ -72,6 +74,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
         struct kex *kex = ssh->kex;
         int r;
         u_int min = 0, max = 0, nbits = 0;
+        const BIGNUM *dh_p, *dh_g;
 
         debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
         if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
@@ -101,9 +104,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
                 goto out;
         }
         debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
+        DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
         if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 ||
-            (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 ||
-            (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 ||
+            (r = sshpkt_put_bignum2(ssh, dh_p)) != 0 ||
+            (r = sshpkt_put_bignum2(ssh, dh_g)) != 0 ||
             (r = sshpkt_send(ssh)) != 0)
                 goto out;
 
@@ -123,6 +127,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
 {
         struct kex *kex = ssh->kex;
         BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
+        const BIGNUM *pub_key, *dh_p, *dh_g;
         struct sshkey *server_host_public, *server_host_private;
         u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
         u_char hash[SSH_DIGEST_MAX_LENGTH];
@@ -153,17 +158,17 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
             (r = sshpkt_get_end(ssh)) != 0)
                 goto out;
 
+        DH_get0_key(kex->dh, &pub_key, NULL);
+        DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
+
 #ifdef DEBUG_KEXDH
         fprintf(stderr, "dh_client_pub= ");
         BN_print_fp(stderr, dh_client_pub);
         fprintf(stderr, "\n");
         debug("bits %d", BN_num_bits(dh_client_pub));
-#endif
-
-#ifdef DEBUG_KEXDH
         DHparams_print_fp(stderr, kex->dh);
         fprintf(stderr, "pub= ");
-        BN_print_fp(stderr, kex->dh->pub_key);
+        BN_print_fp(stderr, pub_key);
         fprintf(stderr, "\n");
 #endif
         if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
@@ -199,9 +204,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
             sshbuf_ptr(kex->my), sshbuf_len(kex->my),
             server_host_key_blob, sbloblen,
             kex->min, kex->nbits, kex->max,
-            kex->dh->p, kex->dh->g,
+            dh_p, dh_g,
             dh_client_pub,
-            kex->dh->pub_key,
+            pub_key,
             shared_secret,
             hash, &hashlen)) != 0)
                 goto out;
@@ -227,7 +232,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
         /* send server hostkey, DH pubkey 'f' and signed H */
         if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
             (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-            (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||     /* f */
+            (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||     /* f */
             (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
             (r = sshpkt_send(ssh)) != 0)
                 goto out;
@@ -235,6 +240,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
         if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
                 r = kex_send_newkeys(ssh);
  out:
+        explicit_bzero(hash, sizeof(hash));
         DH_free(kex->dh);
         kex->dh = NULL;
         BN_clear_free(dh_client_pub);