From 9ada7aa0e478d5eddcfeb63bcc82b8cfb2699c2f Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 6 Aug 2025 14:22:25 +0200
Subject: [PATCH] CVE-2025-8277: wrapper: Free cv25519 private key on cleanup

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/wrapper.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/wrapper.c b/src/wrapper.c
index ba6c4ea7..0589c7f9 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -188,6 +188,8 @@ void crypto_free(struct ssh_crypto_struct *crypto)
 #endif
 #ifdef HAVE_LIBCRYPTO
     EVP_PKEY_free(crypto->curve25519_privkey);
+#elif defined(HAVE_GCRYPT_CURVE25519)
+    gcry_sexp_release(crypto->curve25519_privkey);
 #endif
     SAFE_FREE(crypto->dh_server_signature);
     if (crypto->session_id != NULL) {