Update hkdf.c to avoid potentially vulnerable code pattern.

Change-Id: I190fcdb0b9667b0ac6f490b36edc63237af7fffb
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59905
Reviewed-by: David Benjamin <davidben@google.com>

Author: Nicky Mouha

crypto/fipsmodule/hkdf/hkdf.c

@@ -94,7 +94,7 @@ int HKDF_expand(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
     }
 
     todo = digest_len;
-    if (done + todo > out_len) {
+    if (todo > out_len - done) {
       todo = out_len - done;
     }
     OPENSSL_memcpy(out_key + done, previous, todo);