From 937c759998d9502dd1423a56fb698ee7d36ee4ef Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Wed, 22 Nov 2017 07:01:56 +0900
Subject: [PATCH] HMAC_Init, keylen arg check

---
 src/ssl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index d713fb323..615b93a0b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -24759,7 +24759,10 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
         WOLFSSL_MSG("no ctx on init");
         return WOLFSSL_FAILURE;
     }
-
+    if (key && (keylen > HMAC_BLOCK_SIZE)) {
+        WOLFSSL_MSG("invalid keylen");
+        return SSL_FAILURE;
+    }
     if (type) {
         WOLFSSL_MSG("init has type");