sign: Set smlen to 0 in case of failure

mkannwischer · rod-chapman · commit 33337c70cf20 · 2026-02-23T10:09:32.000Z
In mld_sign if a failure is returned from mld_sign_signature, we currently set
the smlen to mlen (mld_sign_signature returns smlen=0, and we increment it by
mlen).
This commit changes it so that in the case of failure smlen=0 is returned.

Signed-off-by: Matthias J. Kannwischer &lt;matthias@kannwischer.eu&gt;
diff --git a/mldsa/src/sign.c b/mldsa/src/sign.c
@@ -964,7 +964,10 @@ int mld_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen,
   }
   ret = mld_sign_signature(sm, smlen, sm + MLDSA_CRYPTO_BYTES, mlen, ctx,
                            ctxlen, sk, context);
-  *smlen += mlen;
+  if (ret == 0)
+  {
+    *smlen += mlen;
+  }
   return ret;
 }
 #endif /* !MLD_CONFIG_NO_RANDOMIZED_API */

Original file line number	Diff line number	Diff line change
`@@ -964,7 +964,10 @@ int mld_sign(uint8_t sm, size_t smlen, const uint8_t *m, size_t mlen,`
`964`	`964`	`}`
`965`	`965`	`ret = mld_sign_signature(sm, smlen, sm + MLDSA_CRYPTO_BYTES, mlen, ctx,`
`966`	`966`	`ctxlen, sk, context);`
`967`		`- *smlen += mlen;`
	`967`	`+ if (ret == 0)`
	`968`	`+ {`
	`969`	`+ *smlen += mlen;`
	`970`	`+ }`
`968`	`971`	`return ret;`
`969`	`972`	`}`
`970`	`973`	`#endif /* !MLD_CONFIG_NO_RANDOMIZED_API */`