From 0a6e92a88ff02bebd04feec58903cbadcacaec15 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 13 Aug 2007 13:28:31 +0000
Subject: [PATCH] Include modulus sanity checks.

---
 fips-1.0/dh/fips_dh_key.c    |  6 ++++++
 fips-1.0/dsa/fips_dsa_ossl.c | 12 ++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/fips-1.0/dh/fips_dh_key.c b/fips-1.0/dh/fips_dh_key.c
index 7f5854f476..b30a85f2e4 100644
--- a/fips-1.0/dh/fips_dh_key.c
+++ b/fips-1.0/dh/fips_dh_key.c
@@ -188,6 +188,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	if (ctx == NULL) goto err;
 	BN_CTX_start(ctx);
 	tmp = BN_CTX_get(ctx);
+
+	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+		{
+		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+		goto err;
+		}
 	
 	if (dh->priv_key == NULL)
 		{
diff --git a/fips-1.0/dsa/fips_dsa_ossl.c b/fips-1.0/dsa/fips_dsa_ossl.c
index fb3893afc3..a29be0f7fc 100644
--- a/fips-1.0/dsa/fips_dsa_ossl.c
+++ b/fips-1.0/dsa/fips_dsa_ossl.c
@@ -297,6 +297,18 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS
 	    return -1;
 	    }
 
+	if (BN_num_bits(dsa->q) != 160)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+		return -1;
+		}
+
+	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+		return -1;
+		}
+
 	BN_init(&u1);
 	BN_init(&u2);
 	BN_init(&t1);