1 files changed, 19 insertions, 1 deletions

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index a3ddd7d281..4fead07e80 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -148,6 +148,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
         s=BN_new();
         if (s == NULL) goto err;
+
+        /* reject a excessive digest length (currently at most
+         * dsa-with-SHA256 is supported) */
+        if (dlen > SHA256_DIGEST_LENGTH)
+                {
+                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+                goto err;
+                }
+
         ctx=BN_CTX_new();
         if (ctx == NULL) goto err;
 
@@ -176,7 +185,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
         if (!BN_add(s, &xr, &m)) goto err;              /* s = m + xr */
         if (BN_cmp(s,dsa->q) > 0)
-                if (!BN_sub(s,s,dsa->q)) goto err;
+                BN_sub(s,s,dsa->q);
         if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 
         ret=DSA_SIG_new();
@@ -316,6 +325,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
                 return -1;
                 }
+
+        /* reject a excessive digest length (currently at most
+         * dsa-with-SHA256 is supported) */
+        if (dgst_len > SHA256_DIGEST_LENGTH)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return -1;
+                }
+
         BN_init(&u1);
         BN_init(&u2);
         BN_init(&t1);