diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c
index ce9d1d046..00bfe309b 100644
--- a/ctaocrypt/src/error.c
+++ b/ctaocrypt/src/error.c
@@ -277,6 +277,9 @@ const char* CTaoCryptGetErrorString(int error)
     case RNG_FAILURE_E:
         return "Random Number Generator failed";
 
+    case HMAC_MIN_KEYLEN_E:
+        return "FIPS Mode HMAC Minimum Key Length error";
+
     default:
         return "unknown error number";
 
diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c
index cadbd18fc..c5362db55 100644
--- a/ctaocrypt/src/hmac.c
+++ b/ctaocrypt/src/hmac.c
@@ -133,7 +133,7 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 
 #ifdef HAVE_FIPS
     if (length < HMAC_FIPS_MIN_KEY)
-        return -1; /* TODO: next, fix wolfCrypt error range */
+        return HMAC_MIN_KEYLEN_E;
 #endif
 
     switch (hmac->macType) {
diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h
index d2c8266c7..c75d37ceb 100644
--- a/cyassl/ctaocrypt/error-crypt.h
+++ b/cyassl/ctaocrypt/error-crypt.h
@@ -33,7 +33,7 @@
 
 /* error codes */
 enum {
-    MAX_CODE_E         = -100,  /* errors -101 - -199 */
+    MAX_CODE_E         = -100,  /* errors -101 - -299 */
     OPEN_RAN_E         = -101,  /* opening random device error */
     READ_RAN_E         = -102,  /* reading random device error */
     WINCRYPT_E         = -103,  /* windows crypt init error */
@@ -127,6 +127,8 @@ enum {
 
     RNG_FAILURE_E       = -199,  /* RNG Failed, Reinitialize */
 
+    HMAC_MIN_KEYLEN_E   = -200,  /* FIPS Mode HMAC Minimum Key Length error */
+
     MIN_CODE_E         = -300   /* errors -101 - -299 */
 };