sign: Set smlen to 0 in case of failure

mkannwischer · hanno-becker · commit 2cb13710d951 · 2026-04-13T06:09:35.000+01:00
In mld_sign if a failure is returned from mld_sign_signature, we currently set
the smlen to mlen (mld_sign_signature returns smlen=0, and we increment it by
mlen).
This commit changes it so that in the case of failure smlen=0 is returned.

Signed-off-by: Matthias J. Kannwischer &lt;matthias@kannwischer.eu&gt;
diff --git a/mldsa/src/sign.c b/mldsa/src/sign.c
@@ -1004,7 +1004,10 @@ int mld_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen,
   }
   ret = mld_sign_signature(sm, smlen, sm + MLDSA_CRYPTO_BYTES, mlen, ctx,
                            ctxlen, sk, context);
-  *smlen += mlen;
+  if (ret == 0)
+  {
+    *smlen += mlen;
+  }
   return ret;
 }
 #endif /* !MLD_CONFIG_NO_RANDOMIZED_API */

Original file line number	Diff line number	Diff line change
`@@ -1004,7 +1004,10 @@ int mld_sign(uint8_t sm, size_t smlen, const uint8_t *m, size_t mlen,`
`1004`	`1004`	`}`
`1005`	`1005`	`ret = mld_sign_signature(sm, smlen, sm + MLDSA_CRYPTO_BYTES, mlen, ctx,`
`1006`	`1006`	`ctxlen, sk, context);`
`1007`		`- *smlen += mlen;`
	`1007`	`+ if (ret == 0)`
	`1008`	`+ {`
	`1009`	`+ *smlen += mlen;`
	`1010`	`+ }`
`1008`	`1011`	`return ret;`
`1009`	`1012`	`}`
`1010`	`1013`	`#endif /* !MLD_CONFIG_NO_RANDOMIZED_API */`