HMAC: Note the MAC output length is checked inside of OpenSSL

Signed-off-by: Jakub Jelen <[email protected]>
latchset · Jan 3, 2025 · 8400afc · 8400afc
1 parent e2bb804
commit 8400afc
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/ossl/hmac.rs b/src/ossl/hmac.rs
@@ -120,6 +120,9 @@ impl HMACOperation {
         output.copy_from_slice(&buf[..output.len()]);
         buf.zeroize();
 
+        /* The OpenSSL implementation verifies the truncation is > 112b according to the
+         * FIPS 140-3 IG, C.D Use of a Truncated HMAC
+         */
         self.fips_approved = check_mac_fips_indicators(&mut self.ctx)?;
         Ok(())
     }