fix: BLAKE2s NULL pointer check for empty messages

Bug fix: se050_blake2s_update NULL check
- Changed: if (!ctx || !data) → if (!ctx) + if (len > 0 && !data)
- Allows NULL data when len == 0 (empty message case)

This fixes RFC 7693 empty message test vector:
- Empty: 69217a30... ✅ PASS
- "abc": 508c5e8c... ✅ PASS (verified correct value)

WireGuard tests: 28 passed, 4 failed (BLAKE2s fixed, other issues remain)

src/se050_blake2s.c

@@ -137,7 +137,8 @@ int se050_blake2s_update(se050_blake2s_ctx_t *ctx, const void *data, size_t len)
 {
     blake2s_internal_t *inner = (blake2s_internal_t *)ctx;
     const uint8_t *in = (const uint8_t *)data;
-    if (!ctx || !data) return -1;
+    if (!ctx) return -1;
+    if (len > 0 && !data) return -1;
     if (len > 0) {
         size_t left = inner->buflen, fill = 64 - left;
         
@@ -247,7 +248,8 @@ int se050_wireguard_generate_secret(uint8_t out[32], const uint8_t *input, size_
 #include <stdio.h>
 
 
-/* RFC 7693 Corrected Test Vector (page 15) */
+/* RFC 7693 Test Vector (page 15) - BLAKE2s-256("abc") */
+/* Note: The value 508c5e8c... is the correct BLAKE2s-256("abc") digest */
 static const uint8_t BLAKE2S_ABC_DIGEST[32] = {
     0x50,0x8c,0x5e,0x8c,0x32,0x7c,0x14,0xe2,
     0xe1,0xa7,0x2b,0xa3,0x4e,0xeb,0x45,0x2f,