Check length of additional input in DRBG generate function.

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 98bd10bce374024434ac37d875a8f0374575c98a..015b95a972682a8ce3c393b7b9fa79e3350db301 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -377,6 +377,12 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
                return 0;
                }
 
+       if (adinlen > dctx->max_adin)
+               {
+               r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
+               goto end;
+               }
+
        if (dctx->flags & DRBG_CUSTOM_RESEED)
                dctx->generate(dctx, NULL, outlen, NULL, 0);
        else if (dctx->reseed_counter >= dctx->reseed_interval)