9 files changed, 17 insertions, 97 deletions

diff --git a/kex.c b/kex.c
index 30e1c261d..0d5618ecc 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.143 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1009,6 +1009,14 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen,
         u_int i, j, mode, ctos;
         int r;
 
+        /* save initial hash as session id */
+        if (kex->session_id == NULL) {
+                kex->session_id_len = hashlen;
+                kex->session_id = malloc(kex->session_id_len);
+                if (kex->session_id == NULL)
+                        return SSH_ERR_ALLOC_FAIL;
+                memcpy(kex->session_id, hash, kex->session_id_len);
+        }
         for (i = 0; i < NKEYS; i++) {
                 if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
                     shared_secret, &keys[i])) != 0) {
diff --git a/kexc25519c.c b/kexc25519c.c
index 75e7d8c57..59b4e4cc0 100644
--- a/kexc25519c.c
+++ b/kexc25519c.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519c.c,v 1.10 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexc25519c.c,v 1.11 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -144,17 +144,6 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh)
             kex->hostkey_alg, ssh->compat)) != 0)
                 goto out;
 
-        /* save session id */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
                 r = kex_send_newkeys(ssh);
 out:
diff --git a/kexc25519s.c b/kexc25519s.c
index 9ff74d912..65df18c4b 100644
--- a/kexc25519s.c
+++ b/kexc25519s.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */
+/* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -121,17 +121,6 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh)
             hash, &hashlen)) < 0)
                 goto out;
 
-        /* save session id := H */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         /* sign H */
         if ((r = kex->sign(ssh, server_host_private, server_host_public,
             &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
diff --git a/kexdhc.c b/kexdhc.c
index 236075eec..a37452abd 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.25 2019/01/21 09:54:11 djm Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -188,17 +188,6 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
             kex->hostkey_alg, ssh->compat)) != 0)
                 goto out;
 
-        /* save session id */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
                 r = kex_send_newkeys(ssh);
  out:
diff --git a/kexdhs.c b/kexdhs.c
index 4e4872580..b7b64a82a 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.31 2019/01/21 09:54:11 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -173,17 +173,6 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
             hash, &hashlen)) != 0)
                 goto out;
 
-        /* save session id := H */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         /* sign H */
         if ((r = kex->sign(ssh, server_host_private, server_host_public,
             &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
diff --git a/kexecdhc.c b/kexecdhc.c
index af556dc58..2cff34347 100644
--- a/kexecdhc.c
+++ b/kexecdhc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhc.c,v 1.14 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexecdhc.c,v 1.15 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -190,17 +190,6 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh)
             hashlen, kex->hostkey_alg, ssh->compat)) != 0)
                 goto out;
 
-        /* save session id */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
                 r = kex_send_newkeys(ssh);
  out:
diff --git a/kexecdhs.c b/kexecdhs.c
index 45ac3f794..4ba2072df 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -156,17 +156,6 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh)
             hash, &hashlen)) != 0)
                 goto out;
 
-        /* save session id := H */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         /* sign H */
         if ((r = kex->sign(ssh, server_host_private, server_host_public,
             &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
diff --git a/kexgexc.c b/kexgexc.c
index dec01fd4f..0425309d4 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.31 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -229,17 +229,6 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
             hashlen, kex->hostkey_alg, ssh->compat)) != 0)
                 goto out;
 
-        /* save session id */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
                 r = kex_send_newkeys(ssh);
  out:
diff --git a/kexgexs.c b/kexgexs.c
index 2a8997302..4ffbb1918 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.38 2019/01/21 09:54:11 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.39 2019/01/21 09:55:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -207,17 +207,6 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
             hash, &hashlen)) != 0)
                 goto out;
 
-        /* save session id := H */
-        if (kex->session_id == NULL) {
-                kex->session_id_len = hashlen;
-                kex->session_id = malloc(kex->session_id_len);
-                if (kex->session_id == NULL) {
-                        r = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                memcpy(kex->session_id, hash, kex->session_id_len);
-        }
-
         /* sign H */
         if ((r = kex->sign(ssh, server_host_private, server_host_public,
             &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)