Found a few bugs in LTC. Foremost is the undefined behaviour in ecc_sign_hash() when mp_init_multi() fails. Fixed. Runner up is that (imho) pkcs_1_pss_decode() should not return CRYPT_OK if the padding is invalid (note: it will catch invalid signatures, so it’s not a security problem, this is a style thingy).