diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index 4e477755..4b803f0b 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -45,7 +45,7 @@ void ssh_server_dh_init(ssh_session session);
 #endif /* WITH_SERVER */
 
 int ssh_dh_init_common(ssh_session session);
-void ssh_dh_cleanup(ssh_session session);
+void ssh_dh_cleanup(struct ssh_crypto_struct *crypto);
 int ssh_dh_generate_secret(ssh_session session, bignum dest);
 
 #endif /* DH_H_ */
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 508b6363..6cbc9fd8 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -85,7 +85,7 @@ int ssh_client_dhgex_init(ssh_session session)
     }
     return rc;
 error:
-    ssh_dh_cleanup(session);
+    ssh_dh_cleanup(session->next_crypto);
     return SSH_ERROR;
 }
 
@@ -201,7 +201,7 @@ error:
     if(!bignum_ctx_invalid(ctx)) {
         bignum_ctx_free(ctx);
     }
-    ssh_dh_cleanup(session);
+    ssh_dh_cleanup(session->next_crypto);
     session->session_state = SSH_SESSION_STATE_ERROR;
 
     return SSH_PACKET_USED;
@@ -252,7 +252,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
 
     return SSH_PACKET_USED;
 error:
-    ssh_dh_cleanup(session);
+    ssh_dh_cleanup(session->next_crypto);
     session->session_state = SSH_SESSION_STATE_ERROR;
 
     return SSH_PACKET_USED;
diff --git a/src/dh.c b/src/dh.c
index f6a9a039..8301a8dc 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -357,8 +357,7 @@ int ssh_dh_init_common(ssh_session session){
     }
 }
 
-void ssh_dh_cleanup(ssh_session session){
-    struct ssh_crypto_struct *crypto=session->next_crypto;
+void ssh_dh_cleanup(struct ssh_crypto_struct *crypto){
     bignum_safe_free(crypto->x);
     bignum_safe_free(crypto->y);
     bignum_safe_free(crypto->e);
@@ -521,7 +520,7 @@ int ssh_client_dh_init(ssh_session session){
   rc = ssh_packet_send(session);
   return rc;
 error:
-  ssh_dh_cleanup(session);
+  ssh_dh_cleanup(session->next_crypto);
   return SSH_ERROR;
 }
 
@@ -566,7 +565,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
   session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
   return SSH_PACKET_USED;
 error:
-  ssh_dh_cleanup(session);
+  ssh_dh_cleanup(session->next_crypto);
   session->session_state=SSH_SESSION_STATE_ERROR;
   return SSH_PACKET_USED;
 }
@@ -689,15 +688,14 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dh_init)
     }
     SSH_LOG(SSH_LOG_PACKET, "SSH_MSG_NEWKEYS sent");
     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    ssh_dh_cleanup(session);
     return SSH_PACKET_USED;
 error:
-    ssh_dh_cleanup(session);
     if (!bignum_ctx_invalid(ctx)) {
         bignum_ctx_free(ctx);
     }
 
     session->session_state = SSH_SESSION_STATE_ERROR;
+    ssh_dh_cleanup(session->next_crypto);
     return SSH_PACKET_USED;
 }
 
diff --git a/src/wrapper.c b/src/wrapper.c
index b4429e47..74a2acb1 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -165,10 +165,7 @@ void crypto_free(struct ssh_crypto_struct *crypto)
     cipher_free(crypto->in_cipher);
     cipher_free(crypto->out_cipher);
 
-    bignum_safe_free(crypto->e);
-    bignum_safe_free(crypto->f);
-    bignum_safe_free(crypto->x);
-    bignum_safe_free(crypto->y);
+    ssh_dh_cleanup(crypto);
     bignum_safe_free(crypto->k);
 #ifdef HAVE_ECDH
     SAFE_FREE(crypto->ecdh_client_pubkey);