Commit 05ac679039 for openssl.org

commit 05ac67903950f4dfc78a65148cab794410edac32
Author: slontis <shane.lontis@oracle.com>
Date:   Mon Mar 16 15:32:01 2026 +1100

    SLH_DSA: signing operation incorrectly returned 1 on failure.

    Initially Reported by Zehua qiao

    Fixes #30414

    A block copy bug incorrectly set ret = 1 straight after assigning
    ret.

    Setting the *sig_len has been delayed to the err path in case
    WPACKET_finish fails.

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Wed Mar 18 07:19:54 2026
    (Merged from https://github.com/openssl/openssl/pull/30438)

diff --git a/crypto/slh_dsa/slh_dsa.c b/crypto/slh_dsa/slh_dsa.c
index 77c20daceb..36d0a61531 100644
--- a/crypto/slh_dsa/slh_dsa.c
+++ b/crypto/slh_dsa/slh_dsa.c
@@ -119,11 +119,11 @@ static int slh_sign_internal(SLH_DSA_HASH_CTX *hctx,
         /* Generate ht signature and append to the SLH-DSA signature */
         && ossl_slh_ht_sign(hctx, pk_fors, sk_seed, pk_seed, tree_id, leaf_id,
             wpkt);
-    *sig_len = sig_len_expected;
-    ret = 1;
 err:
     if (!WPACKET_finish(wpkt))
         ret = 0;
+    if (ret)
+        *sig_len = sig_len_expected;
     return ret;
 }