diff --git a/hash.c b/hash.c
index 7c69e07..6724d43 100644
--- a/hash.c
+++ b/hash.c
@@ -91,9 +91,10 @@ int prf_keygen(const xmss_params *params,
 
 /*
  * Computes the message hash using R, the public root, the index of the leaf
- * node, and the message. Notably, it requires m_with_prefix to have 4*n bytes
- * of space before the message, to use for the prefix. This is necessary to
- * prevent having to move the message around (and thus allocate memory for it).
+ * node, and the message. Notably, it requires m_with_prefix to have 3*n plus
+ * the length of the padding as free space available before the message,
+ * to use for the prefix. This is necessary to prevent having to move the
+ * message around (and thus allocate memory for it).
  */
 int hash_message(const xmss_params *params, unsigned char *out,
                  const unsigned char *R, const unsigned char *root,
diff --git a/xmss_commons.c b/xmss_commons.c
index a8108e7..2b76b94 100644
--- a/xmss_commons.c
+++ b/xmss_commons.c
@@ -167,7 +167,8 @@ int xmssmt_core_sign_open(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, mhash, sm + params->index_bytes, pk, idx,
-                 m + params->sig_bytes - 4*params->n, *mlen);
+                 m + params->sig_bytes - params->padding_len - 3*params->n,
+                 *mlen);
     sm += params->index_bytes + params->n;
 
     /* For each subtree.. */
diff --git a/xmss_core.c b/xmss_core.c
index 6e5745b..f5db0b3 100644
--- a/xmss_core.c
+++ b/xmss_core.c
@@ -221,7 +221,8 @@ int xmssmt_core_sign(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, mhash, sm + params->index_bytes, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);
     sm += params->index_bytes + params->n;
 
     set_type(ots_addr, XMSS_ADDR_TYPE_OTS);
diff --git a/xmss_core_fast.c b/xmss_core_fast.c
index 835658c..ad9201c 100644
--- a/xmss_core_fast.c
+++ b/xmss_core_fast.c
@@ -639,7 +639,8 @@ int xmss_core_sign(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, msg_h, R, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);
 
     // Start collecting signature
     *smlen = 0;
@@ -825,7 +826,8 @@ int xmssmt_core_sign(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, msg_h, R, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);
 
     // Start collecting signature
     *smlen = 0;