diff --git a/lib/hcrypto/bn.c b/lib/hcrypto/bn.c
index e7d5b0473..15bf78738 100644
--- a/lib/hcrypto/bn.c
+++ b/lib/hcrypto/bn.c
@@ -237,7 +237,7 @@ BN_is_bit_set(const BIGNUM *bn, int bit)
     heim_integer *hi = (heim_integer *)bn;
     unsigned char *p = hi->data;
 
-    if ((bit / 8) > hi->length || hi->length == 0)
+    if ((bit / 8) >= hi->length || hi->length == 0)
 	return 0;
 
     return p[hi->length - 1 - (bit / 8)] & is_set[bit % 8];
diff --git a/lib/hcrypto/dh.c b/lib/hcrypto/dh.c
index ef717d50c..0447c4f48 100644
--- a/lib/hcrypto/dh.c
+++ b/lib/hcrypto/dh.c
@@ -305,7 +305,7 @@ DH_check_pubkey(const DH *dh, const BIGNUM *pub_key, int *codes)
 	unsigned i, n = BN_num_bits(pub_key);
 	unsigned bits = 0;
 
-	for (i = 0; i <= n; i++)
+	for (i = 0; i < n; i++)
 	    if (BN_is_bit_set(pub_key, i))
 		bits++;