From 6615f019f513238aec0cf5c5e5b5678642e91cce Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 27 Jan 2022 11:08:08 -0800
Subject: [PATCH] Improved `HMAC_Init` error logging and code comment for FIPS
 failure on `wc_HmacSetKey` call.

---
 src/ssl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 47752eb77..d9a1cccd7 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -36194,6 +36194,9 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
             hmac_error = wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key,
                                        (word32)keylen);
             if (hmac_error < 0){
+                /* in FIPS mode a key < 14 characters will fail here */
+                WOLFSSL_MSG("hmac set key error");
+                WOLFSSL_ERROR(hmac_error);
                 wc_HmacFree(&ctx->hmac);
                 return WOLFSSL_FAILURE;
             }
@@ -36218,7 +36221,9 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
                                        WC_HMAC_BLOCK_SIZE);
             if ((hmac_error = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap))
                     !=0) {
-               return hmac_error;
+                WOLFSSL_MSG("hmac init error");
+                WOLFSSL_ERROR(hmac_error);
+                return WOLFSSL_FAILURE;
             }
         }
     }