JLSEC-2026-749 HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted...
HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...