diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a2f5a7fa2..530b1b97e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1391,7 +1391,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 const unsigned short ext_len = 2;
                 const unsigned char list_len = 1;
 
-		if ((lenmax = limit - ret - 6) < 0) return NULL;
+		if (limit < ret + 6)
+			return NULL;
+		lenmax = limit - ret - 6;
 
 		s2n(TLSEXT_TYPE_server_authz, ret);
                 /* Extension length: 2 bytes */