Fixes #12993
The implementation follows the standards/recommendations specified by https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12999)
int default_salt_len;
EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx);
- /*
- * TODO(3.0) investigate the necessity to have all these controls.
- * Why does KMAC require a salt length that's shorter than the MD
- * block size?
- */
if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_HMAC)) {
/* H(x) = HMAC(x, salt, hash) */
if (md == NULL) {