diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 256523271..66d81a365 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -446,6 +446,10 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
 {
     key_slot_t *slot;
 
+    *signature_length = 0;
+    (void) salt;
+    (void) salt_length;
+
     if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
         return( PSA_ERROR_EMPTY_SLOT );
     slot = &global_data.key_slots[key];
@@ -454,9 +458,6 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
     if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
-    (void) salt;
-    (void) salt_length;
-
 #if defined(MBEDTLS_RSA_C)
     if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
     {
@@ -512,7 +513,8 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
         {
             return( PSA_ERROR_INVALID_ARGUMENT );
         }
-        *signature_length = ( ret == 0 ? rsa->len : 0 );
+        if( ret == 0 )
+            *signature_length = rsa->len;
         return( mbedtls_to_psa_error( ret ) );
     }
     else
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 80a778881..c5d536e46 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -159,9 +159,9 @@ void sign_deterministic( int key_type_arg, char *key_hex,
     size_t input_size;
     unsigned char *output_data = NULL;
     size_t output_size;
-    size_t signature_length;
     unsigned char *signature = NULL;
     size_t signature_size;
+    size_t signature_length = 0xdeadbeef;
 
     key_data = mbedtls_calloc( 1, strlen( key_hex ) / 2 );
     TEST_ASSERT( key_data != NULL );
@@ -219,7 +219,7 @@ void sign_fail( int key_type_arg, char *key_hex,
     psa_status_t actual_status;
     psa_status_t expected_status = expected_status_arg;
     unsigned char *signature;
-    size_t signature_length;
+    size_t signature_length = 0xdeadbeef;
 
     key_data = mbedtls_calloc( 1, strlen( key_hex ) / 2 );
     TEST_ASSERT( key_data != NULL );
@@ -241,6 +241,7 @@ void sign_fail( int key_type_arg, char *key_hex,
                                          signature, signature_size,
                                          &signature_length );
     TEST_ASSERT( actual_status == expected_status );
+    TEST_ASSERT( signature_length == 0 );
 
 exit:
     psa_destroy_key( slot );