From c4c4a4801069f3ca6d2cc17c0346dcf42d38b809 Mon Sep 17 00:00:00 2001
From: ADcorpo <setlechat@gmail.com>
Date: Mon, 5 Dec 2022 16:48:56 +0100
Subject: [PATCH] Provide a better safety comment for hmac()

---
 oxidation/libparsec/crates/crypto/src/sodiumoxide/secret.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/oxidation/libparsec/crates/crypto/src/sodiumoxide/secret.rs b/oxidation/libparsec/crates/crypto/src/sodiumoxide/secret.rs
index f81d1ab60c3..23257af8421 100644
--- a/oxidation/libparsec/crates/crypto/src/sodiumoxide/secret.rs
+++ b/oxidation/libparsec/crates/crypto/src/sodiumoxide/secret.rs
@@ -54,7 +54,10 @@ impl SecretKey {
     /// ...
     pub fn hmac(&self, data: &[u8], digest_size: usize) -> Vec<u8> {
         // SAFETY: Sodiumoxide doesn't expose those methods, so we have to access
-        // the libsodium C API directly
+        // the libsodium C API directly.
+        // this remains safe because we provide bounds defined in Rust land when passing vectors.
+        // The only data structure provided by remote code is dropped
+        // at the end of the function.
         unsafe {
             let mut state = libsodium_sys::crypto_generichash_blake2b_state {
                 opaque: [0u8; 384usize],