Remove superfluous check

|tls_process_finished| was checking that |peer_finish_md_len| was
non-negative. However neither |tls1_final_finish_mac| or
|ssl3_final_finish_mac| can ever return a negative value, so the check is
superfluous.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index f2a2925deb5a678c950b8bacc291054f3588632c..2c100dc817fcef0c0e38e0189dfbb57b6f11e85c 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -306,7 +306,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
 
     i = s->s3->tmp.peer_finish_md_len;
 
-    if (i < 0 || (unsigned long)i != PACKET_remaining(pkt)) {
+    if ((unsigned long)i != PACKET_remaining(pkt)) {
         al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
         goto f_err;