From bc4804aa9bb1092a4ede288cb29cae4506c0e393 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 6 May 2025 22:51:41 +0200
Subject: CVE-2025-5987 libcrypto: Correctly detect failures of chacha
 initialization

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/libcrypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: libssh-0.10.6/src/libcrypto.c
===================================================================
--- libssh-0.10.6.orig/src/libcrypto.c
+++ libssh-0.10.6/src/libcrypto.c
@@ -771,9 +771,9 @@ chacha20_poly1305_set_key(struct ssh_cip
         SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed");
         goto out;
     }
-    ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
+    rv = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
                              u8key + CHACHA20_KEYLEN, NULL);
-    if (ret != 1) {
+    if (rv != 1) {
         SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed");
         goto out;
     }