From a76a41655e57b72b30a373aae6e75afedf920076 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Fri, 12 Oct 2018 22:17:51 +0200
Subject: [PATCH] ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac.

(back-port of commit 7d0effeacbb50b12bfc24df7614d7cf5c8686f51)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7392)
---
 ssl/s3_enc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index e08857df9b..89b7739466 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -404,13 +404,14 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
     }
     if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
         SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
-        return 0;
+        ret = 0;
+        goto err;
     }
 
     ret = EVP_MD_CTX_size(ctx);
     if (ret < 0) {
-        EVP_MD_CTX_reset(ctx);
-        return 0;
+        ret = 0;
+        goto err;
     }
 
     if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
@@ -422,6 +423,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
         ret = 0;
     }
 
+ err:
     EVP_MD_CTX_free(ctx);
 
     return ret;
-- 
2.25.1