nettle: sanity check ML-DSA private key in pk_fixup

The caller should set raw_priv properly before calling pk_fixup. Add a
sanity check following the EdDSA case.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 6a00924fc8886dadd6eed489c2b78d716323c136..b949cc5ce75b83da189e4f1727568577d33022ca 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -5038,6 +5038,9 @@ static int wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
        case GNUTLS_PK_MLDSA44:
        case GNUTLS_PK_MLDSA65:
        case GNUTLS_PK_MLDSA87:
+               if (params->raw_priv.data == NULL)
+                       return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY);
+
                if (params->raw_pub.data == NULL) {
                        ret = ml_dsa_privkey_to_pubkey(algo, &params->raw_priv,
                                                       &params->raw_pub);