lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-10-23 03:28:55 +03:00
Code Activity

CVE-2025-8277: mbedtls: Avoid leaking ecdh keys

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-08-06 15:32:56 +02:00
parent 9ada7aa0e4
commit ffed80f8c0
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/ecdh_mbedcrypto.c
View File

@@ -116,6 +116,7 @@ int ssh_client_ecdh_init(ssh_session session)
goto out; goto out;
} }
SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
session->next_crypto->ecdh_client_pubkey = client_pubkey; session->next_crypto->ecdh_client_pubkey = client_pubkey;
client_pubkey = NULL; client_pubkey = NULL;

5
src/wrapper.c
View File

@@ -182,7 +182,10 @@ void crypto_free(struct ssh_crypto_struct *crypto)
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
#elif defined HAVE_GCRYPT_ECC #elif defined HAVE_GCRYPT_ECC
gcry_sexp_release(crypto->ecdh_privkey); gcry_sexp_release(crypto->ecdh_privkey);
#endif #elif defined HAVE_LIBMBEDCRYPTO
mbedtls_ecp_keypair_free(crypto->ecdh_privkey);
SAFE_FREE(crypto->ecdh_privkey);
#endif /* HAVE_LIBGCRYPT */
crypto->ecdh_privkey = NULL; crypto->ecdh_privkey = NULL;
} }
#endif #endif