From e58fb502ca02fb2bd4f85e5725abd1189d26921c Mon Sep 17 00:00:00 2001
From: miod <>
Date: Thu, 7 Aug 2014 20:02:23 +0000
Subject: Oops, revert changes commited by mistake. The previous commit was
 supposed to only apply to s23_srvr.c.

---
 src/lib/libssl/s3_both.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'src/lib/libssl/s3_both.c')

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index afcaca3c43..6ba3d4bfce 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s3_both.c,v 1.28 2014/08/07 20:02:23 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,7 +161,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		p = &(d[4]);
 
 		i = s->method->ssl3_enc->final_finish_mac(s,
-		    sender, slen, s->s3->tmp.finish_md);
+		sender, slen, s->s3->tmp.finish_md);
 		if (i == 0)
 			return 0;
 		s->s3->tmp.finish_md_len = i;
@@ -171,14 +171,15 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
                 /* Copy the finished so we can use it for
                    renegotiation checks */
-		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
 		if (s->type == SSL_ST_CONNECT) {
+			OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
 			memcpy(s->s3->previous_client_finished,
-			    s->s3->tmp.finish_md, i);
+			s->s3->tmp.finish_md, i);
 			s->s3->previous_client_finished_len = i;
 		} else {
+			OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
 			memcpy(s->s3->previous_server_finished,
-			    s->s3->tmp.finish_md, i);
+			s->s3->tmp.finish_md, i);
 			s->s3->previous_server_finished_len = i;
 		}
 
@@ -215,7 +216,7 @@ ssl3_take_mac(SSL *s)
 	}
 
 	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-	    sender, slen, s->s3->tmp.peer_finish_md);
+	sender, slen, s->s3->tmp.peer_finish_md);
 }
 #endif
 
@@ -249,7 +250,7 @@ ssl3_get_finished(SSL *s, int a, int b)
 	p = (unsigned char *)s->init_msg;
 	i = s->s3->tmp.peer_finish_md_len;
 
-	if (i != n || i > EVP_MAX_MD_SIZE) {
+	if (i != n) {
 		al = SSL_AD_DECODE_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
 		goto f_err;
@@ -264,12 +265,14 @@ ssl3_get_finished(SSL *s, int a, int b)
         /* Copy the finished so we can use it for
            renegotiation checks */
 	if (s->type == SSL_ST_ACCEPT) {
+		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
 		memcpy(s->s3->previous_client_finished,
-		    s->s3->tmp.peer_finish_md, i);
+		s->s3->tmp.peer_finish_md, i);
 		s->s3->previous_client_finished_len = i;
 	} else {
+		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
 		memcpy(s->s3->previous_server_finished,
-		    s->s3->tmp.peer_finish_md, i);
+		s->s3->tmp.peer_finish_md, i);
 		s->s3->previous_server_finished_len = i;
 	}
 
-- 
cgit v1.2.3-55-g6feb