From 5a795ce47c4e23d6380f5d6d484840f247c91915 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 28 Nov 2025 22:46:22 +0100
Subject: [PATCH] Add missing check in ML-KEM implementation of gcrypt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
---
 src/mlkem_gcrypt.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/mlkem_gcrypt.c b/src/mlkem_gcrypt.c
index 9e5eec3a..1898becb 100644
--- a/src/mlkem_gcrypt.c
+++ b/src/mlkem_gcrypt.c
@@ -175,6 +175,11 @@ int ssh_mlkem_decapsulate(const ssh_session session,
         return SSH_ERROR;
     }
 
+    if (crypto->mlkem_privkey == NULL) {
+        SSH_LOG(SSH_LOG_WARNING, "Missing ML-KEM private key in session");
+        return SSH_ERROR;
+    }
+
     mlkem_info = kex_type_to_mlkem_info(crypto->kex_type);
     if (mlkem_info == NULL) {
         SSH_LOG(SSH_LOG_WARNING, "Unknown ML-KEM type");