commit a6b93d106d844a743a6eafc98e868d69f3ecb2dd
author Adam Langley <agl@imperialviolet.org> Thu Sep 25 22:47:30 2025 +0000
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Sep 25 17:05:03 2025 -0700
tree 2908147c2acdacc0196f20dc85730cfeeea5a979
parent d5e9aa6dcee1ba31bfb6fb5ccebce0044de50f14

Document that HMAC_Final can have a nullptr `out_len`.

This is practically true in the ecosystem, and even true for some of the
calls within BoringSSL itself.

Change-Id: I6841ec844b511ea759af64c9f507ab7a13b43225
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82247
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

include/openssl/hmac.h

diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
index 7f62643..2266f99 100644
--- a/include/openssl/hmac.h
+++ b/include/openssl/hmac.h
@@ -81,10 +81,10 @@
                                size_t data_len);
 
 // HMAC_Final completes the HMAC operation in |ctx| and writes the result to
-// |out| and the sets |*out_len| to the length of the result. On entry, |out|
-// must contain at least |HMAC_size| bytes of space. An output size of
-// |EVP_MAX_MD_SIZE| will always be large enough. It returns one on success or
-// zero on allocation failure.
+// |out|. If |out_len| is not |NULL| then it writes the length of the result to
+// |*out_len|. On entry, |out| must contain at least |HMAC_size| bytes of
+// space. An output size of |EVP_MAX_MD_SIZE| will always be large enough. It
+// returns one on success or zero on allocation failure.
 OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
                               unsigned int *out_len);