From 2ae4a931445dd6121f260bcc0af2dde32a871cd0 Mon Sep 17 00:00:00 2001
From: pvalchev <>
Date: Wed, 4 Oct 2006 07:10:32 +0000
Subject: openssl security fixes, diff from markus@, ok & "commit it" djm@
 http://www.openssl.org/news/secadv_20060928.txt for more

---
 src/lib/libcrypto/dsa/dsa_ossl.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 12509a7083..5de5fc7e91 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -274,6 +274,18 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		return -1;
 		}
 
+	if (BN_num_bits(dsa->q) != 160)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+		return -1;
+		}
+
+	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+		return -1;
+		}
+
 	BN_init(&u1);
 	BN_init(&u2);
 	BN_init(&t1);
-- 
cgit v1.2.3-55-g6feb