- ray@cvs.openbsd.org 2007/09/27 00:15:57

[dh.c]
     Don't return -1 on error in dh_pub_is_valid(), since it evaluates
     to true.
     Also fix a typo.
     Initial diff from Matthew Dempsky, input from djm.
     OK djm, markus.

ChangeLog

@@ -20,6 +20,13 @@
      [ssh-agent.c]
      When adding a key that already exists, update the properties
      (time, confirm, comment) instead of discarding them. ok djm@ markus@
+   - ray@cvs.openbsd.org 2007/09/27 00:15:57
+     [dh.c]
+     Don't return -1 on error in dh_pub_is_valid(), since it evaluates
+     to true.
+     Also fix a typo.
+     Initial diff from Matthew Dempsky, input from djm.
+     OK djm, markus.
 
 20070927
  - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
@@ -3291,4 +3298,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4764 2007/10/26 04:25:31 djm Exp $
+$Id: ChangeLog,v 1.4765 2007/10/26 04:25:55 djm Exp $

dh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.45 2007/09/27 00:15:57 ray Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -185,7 +185,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 	BIGNUM *tmp;
 
 	if (dh_pub->neg) {
-		logit("invalid public DH value: negativ");
+		logit("invalid public DH value: negative");
 		return 0;
 	}
 	if (BN_cmp(dh_pub, BN_value_one()) != 1) {	/* pub_exp <= 1 */
@@ -193,8 +193,10 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 		return 0;
 	}
 
-	if ((tmp = BN_new()) == NULL)
+	if ((tmp = BN_new()) == NULL) {
-		return (-1);
+		error("%s: BN_new failed", __func__);
+		return 0;
+	}
 	if (!BN_sub(tmp, dh->p, BN_value_one()) ||
 	    BN_cmp(dh_pub, tmp) != -1) {		/* pub_exp > p-2 */
 		BN_clear_free(tmp);