2 files changed, 14 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 8345586e8..ef1a945cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,13 @@
     [ssh-agent.c]
     When adding a key that already exists, update the properties
     (time, confirm, comment) instead of discarding them. ok djm@ markus@
+   - ray@cvs.openbsd.org 2007/09/27 00:15:57
+     [dh.c]
+     Don't return -1 on error in dh_pub_is_valid(), since it evaluates
+     to true.
+     Also fix a typo.
+     Initial diff from Matthew Dempsky, input from djm.
+     OK djm, markus.
 20070927
 - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
@@ -3291,4 +3298,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4764 2007/10/26 04:25:31 djm Exp $
+$Id: ChangeLog,v 1.4765 2007/10/26 04:25:55 djm Exp $
diff --git a/dh.c b/dh.c
index 78e230b9f..66858104c 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.45 2007/09/27 00:15:57 ray Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 *
@@ -185,7 +185,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
        BIGNUM *tmp;
        if (dh_pub->neg) {
-                logit("invalid public DH value: negativ");
+                logit("invalid public DH value: negative");
                return 0;
        }
        if (BN_cmp(dh_pub, BN_value_one()) != 1) {      /* pub_exp <= 1 */
@@ -193,8 +193,10 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
                return 0;
        }
-        if ((tmp = BN_new()) == NULL)
+        if ((tmp = BN_new()) == NULL) {
-                return (-1);
+                error("%s: BN_new failed", __func__);
+                return 0;
+        }
        if (!BN_sub(tmp, dh->p, BN_value_one()) ||
            BN_cmp(dh_pub, tmp) != -1) {                /* pub_exp > p-2 */
                BN_clear_free(tmp);