From 603077ab4c2446d19784e84590ae13c58f9d5032 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 26 Oct 2007 14:25:55 +1000 Subject: [PATCH] - ray@cvs.openbsd.org 2007/09/27 00:15:57 [dh.c] Don't return -1 on error in dh_pub_is_valid(), since it evaluates to true. Also fix a typo. Initial diff from Matthew Dempsky, input from djm. OK djm, markus. --- ChangeLog | 9 ++++++++- dh.c | 10 ++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8345586e8..ef1a945cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,13 @@ [ssh-agent.c] When adding a key that already exists, update the properties (time, confirm, comment) instead of discarding them. ok djm@ markus@ + - ray@cvs.openbsd.org 2007/09/27 00:15:57 + [dh.c] + Don't return -1 on error in dh_pub_is_valid(), since it evaluates + to true. + Also fix a typo. + Initial diff from Matthew Dempsky, input from djm. + OK djm, markus. 20070927 - (dtucker) [configure.ac atomicio.c] Fall back to including if @@ -3291,4 +3298,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4764 2007/10/26 04:25:31 djm Exp $ +$Id: ChangeLog,v 1.4765 2007/10/26 04:25:55 djm Exp $ diff --git a/dh.c b/dh.c index 78e230b9f..66858104c 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */ +/* $OpenBSD: dh.c,v 1.45 2007/09/27 00:15:57 ray Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -185,7 +185,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) BIGNUM *tmp; if (dh_pub->neg) { - logit("invalid public DH value: negativ"); + logit("invalid public DH value: negative"); return 0; } if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */ @@ -193,8 +193,10 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) return 0; } - if ((tmp = BN_new()) == NULL) - return (-1); + if ((tmp = BN_new()) == NULL) { + error("%s: BN_new failed", __func__); + return 0; + } if (!BN_sub(tmp, dh->p, BN_value_one()) || BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp);