diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 45092a2da98..b24a7710d39 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -315,7 +315,7 @@ const char* wc_GetErrorString(int error)
         return "Random Number Generator failed";
 
     case HMAC_MIN_KEYLEN_E:
-        return "FIPS Mode HMAC Minimum Key Length error";
+        return "FIPS Mode HMAC Minimum Key or Salt Length error";
 
     case RSA_PAD_E:
         return "Rsa Padding error";
diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h
index 855555536bb..326ed4a52b7 100644
--- a/wolfssl/wolfcrypt/hmac.h
+++ b/wolfssl/wolfcrypt/hmac.h
@@ -66,8 +66,9 @@
 #define WC_HMAC_INNER_HASH_KEYED_DEV    2
 
 enum {
-    HMAC_FIPS_MIN_KEY = 14,   /* 112 bit key length minimum */
-
+    HMAC_FIPS_MIN_KEY = 14,   /* 112 bit key length minimum. Note that this
+                               * minimum also applies to the salt length for
+                               * HKDF. */
     IPAD    = 0x36,
     OPAD    = 0x5C,