1 files changed, 2 insertions, 3 deletions

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index e25f69dbb6..2391d52994 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */
+/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -903,6 +903,7 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
                 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
                     s->s3->tmp.finish_md);
+                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                 s->s3->tmp.finish_md_len = i;
                 memcpy(p, s->s3->tmp.finish_md, i);
                 p += i;
@@ -913,12 +914,10 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                  * renegotiation checks
                  */
                 if (s->type == SSL_ST_CONNECT) {
-                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                         memcpy(s->s3->previous_client_finished,
                             s->s3->tmp.finish_md, i);
                         s->s3->previous_client_finished_len = i;
                 } else {
-                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                         memcpy(s->s3->previous_server_finished,
                             s->s3->tmp.finish_md, i);
                         s->s3->previous_server_finished_len = i;