Fix HMAC to pass invalid key len test
authorMatt Caswell <matt@openssl.org>
Tue, 10 Feb 2015 13:15:25 +0000 (13:15 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 25 Mar 2015 12:54:23 +0000 (12:54 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/hmac/hmac.c

index f1fdba4..8ee5b2a 100644 (file)
@@ -93,7 +93,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                                     &ctx->key_length))
                 goto err;
         } else {
-            OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key));
+            if(len < 0 || len > (int)sizeof(ctx->key))
+                return 0;
             memcpy(ctx->key, key, len);
             ctx->key_length = len;
         }