From 155df31305bee839041a04247645ad066ada95ee Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 May 2025 14:07:58 +0200
Subject: [PATCH] CVE-2025-5372 libgcrypto: Simplify error checking and
 handling of return codes in ssh_kdf()

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/libcrypto.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/libcrypto.c b/src/libcrypto.c
index 3db75df6..88d93862 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -366,6 +366,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
             int key_type, unsigned char *output,
             size_t requested_len)
 {
+    int ret = SSH_ERROR;
     EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
     int rc;
 
@@ -401,10 +402,12 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
         goto out;
     }
 
+    ret = SSH_OK;
+
 out:
     EVP_KDF_CTX_free(ctx);
-    if (rc < 0) {
-        return rc;
+    if (ret < 0) {
+        return ret;
     }
     return 0;
 }
-- 
2.51.0