Update hkdf.c to avoid potentially vulnerable code pattern. Change-Id: I190fcdb0b9667b0ac6f490b36edc63237af7fffb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59905 Reviewed-by: David Benjamin <davidben@google.com>

commit: 47b2fefb03122e49375a252698c857e477c8cf35 [log] [tgz]
author: Nicky Mouha <nmouha@gmail.com> Wed May 17 18:07:00 2023 -0400
committer: David Benjamin <davidben@google.com> Thu May 18 23:05:56 2023 +0000
tree: 5d99a0c6a6ed3dd0f2df4e270357ac4d8948519f
parent: dd5219451c3ce26221762a15d867edf43b463bb2 [diff]
diff --git a/crypto/fipsmodule/hkdf/hkdf.c b/crypto/fipsmodule/hkdf/hkdf.c
index fa1cc72..c2ebce8 100644
--- a/crypto/fipsmodule/hkdf/hkdf.c
+++ b/crypto/fipsmodule/hkdf/hkdf.c

@@ -94,7 +94,7 @@
     }
 
     todo = digest_len;
-    if (done + todo > out_len) {
+    if (todo > out_len - done) {
       todo = out_len - done;
     }
     OPENSSL_memcpy(out_key + done, previous, todo);
commit	47b2fefb03122e49375a252698c857e477c8cf35	[log] [tgz]
author	Nicky Mouha <nmouha@gmail.com>	Wed May 17 18:07:00 2023 -0400
committer	David Benjamin <davidben@google.com>	Thu May 18 23:05:56 2023 +0000
tree	5d99a0c6a6ed3dd0f2df4e270357ac4d8948519f
parent	dd5219451c3ce26221762a15d867edf43b463bb2 [diff]