projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix HMAC to pass invalid key len test
[openssl.git] / crypto / hmac / hmac.c
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 31d08ef88123f8d7f63522a8147b356d8a6a7cf7..0eea5626e6b24d413f385e2a76b135c188a7257f 100644 (file)
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -123,7 +123,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                                     &ctx->key_length))
                 goto err;
         } else {
-            OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key));
+            if(len < 0 || len > (int)sizeof(ctx->key))
+                return 0;
             memcpy(ctx->key, key, len);
             ctx->key_length = len;
         }
Unnamed repository; edit this file 'description' to name the repository.