$NetBSD: patch-at,v 1.1 2006/09/30 04:20:24 taca Exp $

# http://secunia.com/advisories/22130/

--- crypto/dsa/dsa_ossl.c.orig	2005-05-26 13:40:42.000000000 +0900
+++ crypto/dsa/dsa_ossl.c
@@ -274,6 +274,18 @@ static int dsa_do_verify(const unsigned 
 		return -1;
 		}
 
+	if (BN_num_bits(dsa->q) != 160)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+		return -1;
+		}
+
+	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+		return -1;
+		}
+
 	BN_init(&u1);
 	BN_init(&u2);
 	BN_init(&t1);
