File libssh-CVE-2025-5372.patch of Package libssh.39450

From e2afe196d8d77c42b2a764ae86f92c2964221f69 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 May 2025 14:07:58 +0200
Subject: CVE-2025-5372 libgcrypto: Simplify error checking and handling of
 return codes in ssh_kdf()

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/libcrypto.c | 62 ++++++++++++++++++++++++++-------------------------------
 1 file changed, 28 insertions(+), 34 deletions(-)

Index: libssh-0.9.8/src/libcrypto.c
===================================================================
--- libssh-0.9.8.orig/src/libcrypto.c
+++ libssh-0.9.8/src/libcrypto.c
@@ -407,45 +407,47 @@ int ssh_kdf(struct ssh_crypto_struct *cr
             int key_type, unsigned char *output,
             size_t requested_len)
 {
+
+    int ret = SSH_ERROR, rv;
     EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
-    int rc;
 
     if (ctx == NULL) {
-        return -1;
+        return ret;
     }
 
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD,
+    rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD,
                       sshkdf_digest_to_md(crypto->digest_type));
-    if (rc != 1) {
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
-    if (rc != 1) {
+    rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
+    rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
                       crypto->secret_hash, crypto->digest_len);
-    if (rc != 1) {
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
-    if (rc != 1) {
+    rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
+    rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
                       crypto->session_id, crypto->session_id_len);
-    if (rc != 1) {
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_derive(ctx, output, requested_len);
-    if (rc != 1) {
+    rv = EVP_KDF_derive(ctx, output, requested_len);
+    if (rv != 1) {
         goto out;
     }
+    ret = SSH_OK;
 
 out:
     EVP_KDF_CTX_free(ctx);
-    if (rc < 0) {
-        return rc;
+    if (ret < 0) {
+        return ret;
     }
     return 0;
 }