Avoid a potentially overflowing check

This doesn't actually overflow, but still is poor style.

Speaking of which: this is now the second time I get to fix something
reported by Nicky Mouha by way of a blog post. The first time was the
actual SHA-3 buffer overflow in Python where it is not entirely clear
who screwed up and how. Hopefully next time proper communication will
happen and work.

ok jsing

diff --git a/lib/libcrypto/hkdf/hkdf.c b/lib/libcrypto/hkdf/hkdf.c
index 47ad4ec..9e0e206 100644 (file)
--- a/lib/libcrypto/hkdf/hkdf.c
+++ b/lib/libcrypto/hkdf/hkdf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hkdf.c,v 1.8 2022/11/26 16:08:53 tb Exp $ */
+/* $OpenBSD: hkdf.c,v 1.9 2023/06/01 02:34:23 tb Exp $ */
 /* Copyright (c) 2014, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -102,7 +102,7 @@ HKDF_expand(uint8_t *out_key, size_t out_len,
                        goto out;
 
                todo = digest_len;
-               if (done + todo > out_len)
+               if (todo > out_len - done)
                        todo = out_len - done;
 
                memcpy(out_key + done, previous, todo);