[3908] Addressed comments (no code change)

src/lib/cryptolink/botan_hmac.cc

@@ -180,9 +180,9 @@ public:
     ///
     /// See @ref isc::cryptolink::HMAC::verify() for details.
     bool verify(const void* sig, size_t len) {
-        /// @todo Botan's verify_mac checks if len matches the output_length,
-        /// which causes it to fail for truncated signatures, so we do
-        /// the check ourselves
+        // Botan's verify_mac checks if len matches the output_length,
+        // which causes it to fail for truncated signatures, so we do
+        // the check ourselves
         try {
             size_t size = getOutputLength();
             if (len < 10 || len < size / 2) {
@@ -194,6 +194,8 @@ public:
             if (digest_.empty()) {
                 digest_ = hmac_->final();
             }
+            // digest_.size() == size by construction
+            // if you are not convinced, add an assert()
             return (Botan::same_mem(&digest_[0],
                                     static_cast<const unsigned char*>(sig),
                                     len));

src/lib/cryptolink/crypto_hash.h

@@ -51,6 +51,8 @@ public:
     ~Hash();
 
     /// \brief Returns the HashAlgorithm of the object
+    ///
+    /// \return hash algorithm
     HashAlgorithm getHashAlgorithm() const;
 
     /// \brief Returns the output size of the digest

src/lib/cryptolink/crypto_hmac.h

@@ -61,6 +61,8 @@ public:
     ~HMAC();
 
     /// \brief Returns the HashAlgorithm of the object
+    ///
+    /// \return hash algorithm
     HashAlgorithm getHashAlgorithm() const;
 
     /// \brief Returns the output size of the digest
@@ -126,7 +128,9 @@ public:
     /// \param sig The signature to verify
     /// \param len The length of the signature. If this is smaller
     ///            than the output length of the algorithm,
-    ///            only len bytes will be checked
+    ///            only len bytes will be checked. If this is
+    ///            larger than the output length of the algorithm,
+    ///            only output size bytes will be checked
     /// \return true if the signature is correct, false otherwise
     ///
     /// \note verify() does not destroy its context so it can be

src/lib/cryptolink/openssl_hmac.cc

@@ -163,6 +163,8 @@ public:
         if (len > size) {
             len = size;
         }
+        // digest.size() == size by construction
+        // if you are not convinced, add an assert()
         return (digest.same(sig, len));
     }