From cdc47dcf195b309f48abf11a81b957cf697da162 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 26 May 2015 00:05:28 +0100
Subject: [PATCH] Don't check for a negative SRP extension size

The size of the SRP extension can never be negative (the variable
|size| is unsigned). Therefore don't check if it is less than zero.

RT#3862

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b)
---
 ssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8cde013138..bf11f93e62 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2120,7 +2120,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
         }
 # ifndef OPENSSL_NO_SRP
         else if (type == TLSEXT_TYPE_srp) {
-            if (size <= 0 || ((len = data[0])) != (size - 1)) {
+            if (size == 0 || ((len = data[0])) != (size - 1)) {
                 *al = SSL_AD_DECODE_ERROR;
                 return 0;
             }
-- 
2.25.1