diff --git a/src/ssl.c b/src/ssl.c
index d713fb323..615b93a0b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -24759,7 +24759,10 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
         WOLFSSL_MSG("no ctx on init");
         return WOLFSSL_FAILURE;
     }
-
+    if (key && (keylen > HMAC_BLOCK_SIZE)) {
+        WOLFSSL_MSG("invalid keylen");
+        return SSL_FAILURE;
+    }
     if (type) {
         WOLFSSL_MSG("init has type");