From ff1afa81addc87664795280b24d20d17db3865d5 Mon Sep 17 00:00:00 2001
From: Armando Faz <armfazh@cloudflare.com>
Date: Tue, 6 Jan 2026 05:23:31 -0800
Subject: [PATCH] Check opts for nil value.

---
 sign/dilithium/mode2/dilithium.go     | 4 ++--
 sign/dilithium/mode3/dilithium.go     | 4 ++--
 sign/dilithium/mode5/dilithium.go     | 4 ++--
 sign/dilithium/templates/pkg.templ.go | 4 ++--
 sign/mldsa/mldsa44/dilithium.go       | 4 ++--
 sign/mldsa/mldsa65/dilithium.go       | 4 ++--
 sign/mldsa/mldsa87/dilithium.go       | 4 ++--
 7 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/sign/dilithium/mode2/dilithium.go b/sign/dilithium/mode2/dilithium.go
index 15ba83bb..d0556643 100644
--- a/sign/dilithium/mode2/dilithium.go
+++ b/sign/dilithium/mode2/dilithium.go
@@ -149,7 +149,7 @@ func (sk *PrivateKey) Seed() []byte {
 // Sign signs the given message.
 //
 // opts.HashFunc() must return zero, which can be achieved by passing
-// crypto.Hash(0) for opts.  rand is ignored.  Will only return an error
+// crypto.Hash(0) or nil for opts.  rand is ignored.  Will only return an error
 // if opts.HashFunc() is non-zero.
 //
 // This function is used to make PrivateKey implement the crypto.Signer
@@ -159,7 +159,7 @@ func (sk *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (
 	sig []byte, err error) {
 	var ret [SignatureSize]byte
 
-	if opts.HashFunc() != crypto.Hash(0) {
+	if opts != nil && opts.HashFunc() != crypto.Hash(0) {
 		return nil, errors.New("dilithium: cannot sign hashed message")
 	}
 	SignTo(sk, msg, ret[:])
diff --git a/sign/dilithium/mode3/dilithium.go b/sign/dilithium/mode3/dilithium.go
index 312c6356..981a98c8 100644
--- a/sign/dilithium/mode3/dilithium.go
+++ b/sign/dilithium/mode3/dilithium.go
@@ -149,7 +149,7 @@ func (sk *PrivateKey) Seed() []byte {
 // Sign signs the given message.
 //
 // opts.HashFunc() must return zero, which can be achieved by passing
-// crypto.Hash(0) for opts.  rand is ignored.  Will only return an error
+// crypto.Hash(0) or nil for opts.  rand is ignored.  Will only return an error
 // if opts.HashFunc() is non-zero.
 //
 // This function is used to make PrivateKey implement the crypto.Signer
@@ -159,7 +159,7 @@ func (sk *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (
 	sig []byte, err error) {
 	var ret [SignatureSize]byte
 
-	if opts.HashFunc() != crypto.Hash(0) {
+	if opts != nil && opts.HashFunc() != crypto.Hash(0) {
 		return nil, errors.New("dilithium: cannot sign hashed message")
 	}
 	SignTo(sk, msg, ret[:])
diff --git a/sign/dilithium/mode5/dilithium.go b/sign/dilithium/mode5/dilithium.go
index e44aa725..52364a84 100644
--- a/sign/dilithium/mode5/dilithium.go
+++ b/sign/dilithium/mode5/dilithium.go
@@ -149,7 +149,7 @@ func (sk *PrivateKey) Seed() []byte {
 // Sign signs the given message.
 //
 // opts.HashFunc() must return zero, which can be achieved by passing
-// crypto.Hash(0) for opts.  rand is ignored.  Will only return an error
+// crypto.Hash(0) or nil for opts.  rand is ignored.  Will only return an error
 // if opts.HashFunc() is non-zero.
 //
 // This function is used to make PrivateKey implement the crypto.Signer
@@ -159,7 +159,7 @@ func (sk *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (
 	sig []byte, err error) {
 	var ret [SignatureSize]byte
 
-	if opts.HashFunc() != crypto.Hash(0) {
+	if opts != nil && opts.HashFunc() != crypto.Hash(0) {
 		return nil, errors.New("dilithium: cannot sign hashed message")
 	}
 	SignTo(sk, msg, ret[:])
diff --git a/sign/dilithium/templates/pkg.templ.go b/sign/dilithium/templates/pkg.templ.go
index 184d8bb0..da3d2a3a 100644
--- a/sign/dilithium/templates/pkg.templ.go
+++ b/sign/dilithium/templates/pkg.templ.go
@@ -248,7 +248,7 @@ func (sk *PrivateKey) Seed() []byte {
 // Sign signs the given message.
 //
 // opts.HashFunc() must return zero, which can be achieved by passing
-// crypto.Hash(0) for opts.  rand is ignored.  Will only return an error
+// crypto.Hash(0) or nil for opts.  rand is ignored.  Will only return an error
 // if opts.HashFunc() is non-zero.
 //
 // This function is used to make PrivateKey implement the crypto.Signer
@@ -258,7 +258,7 @@ func (sk *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (
 	sig []byte, err error) {
 	var ret [SignatureSize]byte
 
-	if opts.HashFunc() != crypto.Hash(0) {
+	if opts != nil && opts.HashFunc() != crypto.Hash(0) {
 		return nil, errors.New("dilithium: cannot sign hashed message")
 	}
 
diff --git a/sign/mldsa/mldsa44/dilithium.go b/sign/mldsa/mldsa44/dilithium.go
index 10bc80e1..6a9b3e31 100644
--- a/sign/mldsa/mldsa44/dilithium.go
+++ b/sign/mldsa/mldsa44/dilithium.go
@@ -205,7 +205,7 @@ func (sk *PrivateKey) Seed() []byte {
 // Sign signs the given message.
 //
 // opts.HashFunc() must return zero, which can be achieved by passing
-// crypto.Hash(0) for opts.  rand is ignored.  Will only return an error
+// crypto.Hash(0) or nil for opts.  rand is ignored.  Will only return an error
 // if opts.HashFunc() is non-zero.
 //
 // This function is used to make PrivateKey implement the crypto.Signer
@@ -215,7 +215,7 @@ func (sk *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (
 	sig []byte, err error) {
 	var ret [SignatureSize]byte
 
-	if opts.HashFunc() != crypto.Hash(0) {
+	if opts != nil && opts.HashFunc() != crypto.Hash(0) {
 		return nil, errors.New("dilithium: cannot sign hashed message")
 	}
 	if err = SignTo(sk, msg, nil, false, ret[:]); err != nil {
diff --git a/sign/mldsa/mldsa65/dilithium.go b/sign/mldsa/mldsa65/dilithium.go
index 12c7923b..6f8f182e 100644
--- a/sign/mldsa/mldsa65/dilithium.go
+++ b/sign/mldsa/mldsa65/dilithium.go
@@ -205,7 +205,7 @@ func (sk *PrivateKey) Seed() []byte {
 // Sign signs the given message.
 //
 // opts.HashFunc() must return zero, which can be achieved by passing
-// crypto.Hash(0) for opts.  rand is ignored.  Will only return an error
+// crypto.Hash(0) or nil for opts.  rand is ignored.  Will only return an error
 // if opts.HashFunc() is non-zero.
 //
 // This function is used to make PrivateKey implement the crypto.Signer
@@ -215,7 +215,7 @@ func (sk *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (
 	sig []byte, err error) {
 	var ret [SignatureSize]byte
 
-	if opts.HashFunc() != crypto.Hash(0) {
+	if opts != nil && opts.HashFunc() != crypto.Hash(0) {
 		return nil, errors.New("dilithium: cannot sign hashed message")
 	}
 	if err = SignTo(sk, msg, nil, false, ret[:]); err != nil {
diff --git a/sign/mldsa/mldsa87/dilithium.go b/sign/mldsa/mldsa87/dilithium.go
index d00377cd..f9092c0e 100644
--- a/sign/mldsa/mldsa87/dilithium.go
+++ b/sign/mldsa/mldsa87/dilithium.go
@@ -205,7 +205,7 @@ func (sk *PrivateKey) Seed() []byte {
 // Sign signs the given message.
 //
 // opts.HashFunc() must return zero, which can be achieved by passing
-// crypto.Hash(0) for opts.  rand is ignored.  Will only return an error
+// crypto.Hash(0) or nil for opts.  rand is ignored.  Will only return an error
 // if opts.HashFunc() is non-zero.
 //
 // This function is used to make PrivateKey implement the crypto.Signer
@@ -215,7 +215,7 @@ func (sk *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (
 	sig []byte, err error) {
 	var ret [SignatureSize]byte
 
-	if opts.HashFunc() != crypto.Hash(0) {
+	if opts != nil && opts.HashFunc() != crypto.Hash(0) {
 		return nil, errors.New("dilithium: cannot sign hashed message")
 	}
 	if err = SignTo(sk, msg, nil, false, ret[:]); err != nil {