===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/kexgexc.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- src/usr.bin/ssh/kexgexc.c	2018/12/27 03:25:25	1.29
+++ src/usr.bin/ssh/kexgexc.c	2019/01/21 09:54:11	1.30
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -93,13 +93,8 @@
 
 	debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
 
-	if ((p = BN_new()) == NULL ||
-	    (g = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = sshpkt_get_bignum2(ssh, p)) != 0 ||
-	    (r = sshpkt_get_bignum2(ssh, g)) != 0 ||
+	if ((r = sshpkt_get_bignum2(ssh, &p)) != 0 ||
+	    (r = sshpkt_get_bignum2(ssh, &g)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
 		goto out;
 	if ((bits = BN_num_bits(p)) < 0 ||
@@ -170,13 +165,8 @@
 		r = SSH_ERR_SIGNATURE_INVALID;
 		goto out;
 	}
-	/* DH parameter f, server public DH key */
-	if ((dh_server_pub = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	/* signed H */
-	if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||
+	/* DH parameter f, server public DH key, signed H */
+	if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 ||
 	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
 		goto out;