From 029e8f3ac9d54133c37145ad8d86208f0ffa26fa Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 26 May 2015 00:05:28 +0100
Subject: [PATCH] Don't check for a negative SRP extension size

The size of the SRP extension can never be negative (the variable
|size| is unsigned). Therefore don't check if it is less than zero.

RT#3862

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b)
---
 ssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1ad25078c1..36ea9b0a09 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1134,7 +1134,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
         }
 # ifndef OPENSSL_NO_SRP
         else if (type == TLSEXT_TYPE_srp) {
-            if (size <= 0 || ((len = data[0])) != (size - 1)) {
+            if (size == 0 || ((len = data[0])) != (size - 1)) {
                 *al = SSL_AD_DECODE_ERROR;
                 return 0;
             }
-- 
2.25.1