- ray@cvs.openbsd.org 2007/09/27 00:15:57

     [dh.c]
     Don't return -1 on error in dh_pub_is_valid(), since it evaluates
     to true.
     Also fix a typo.
     Initial diff from Matthew Dempsky, input from djm.
     OK djm, markus.

1 files changed, 6 insertions, 4 deletions

diff --git a/dh.c b/dh.c
index 78e230b9f..66858104c 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.45 2007/09/27 00:15:57 ray Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -185,7 +185,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
         BIGNUM *tmp;
 
         if (dh_pub->neg) {
-                logit("invalid public DH value: negativ");
+                logit("invalid public DH value: negative");
                 return 0;
         }
         if (BN_cmp(dh_pub, BN_value_one()) != 1) {      /* pub_exp <= 1 */
@@ -193,8 +193,10 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
                 return 0;
         }
 
-        if ((tmp = BN_new()) == NULL)
-                return (-1);
+        if ((tmp = BN_new()) == NULL) {
+                error("%s: BN_new failed", __func__);
+                return 0;
+        }
         if (!BN_sub(tmp, dh->p, BN_value_one()) ||
             BN_cmp(dh_pub, tmp) != -1) {                /* pub_exp > p-2 */
                 BN_clear_free(tmp);