diff --git a/fips-1.0/dh/fips_dh_key.c b/fips-1.0/dh/fips_dh_key.c
index 7f5854f47..b30a85f2e 100644
--- a/fips-1.0/dh/fips_dh_key.c
+++ b/fips-1.0/dh/fips_dh_key.c
@@ -188,6 +188,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	if (ctx == NULL) goto err;
 	BN_CTX_start(ctx);
 	tmp = BN_CTX_get(ctx);
+
+	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+		{
+		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+		goto err;
+		}
 	
 	if (dh->priv_key == NULL)
 		{
diff --git a/fips-1.0/dsa/fips_dsa_ossl.c b/fips-1.0/dsa/fips_dsa_ossl.c
index fb3893afc..a29be0f7f 100644
--- a/fips-1.0/dsa/fips_dsa_ossl.c
+++ b/fips-1.0/dsa/fips_dsa_ossl.c
@@ -297,6 +297,18 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS
 	    return -1;
 	    }
 
+	if (BN_num_bits(dsa->q) != 160)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+		return -1;
+		}
+
+	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+		return -1;
+		}
+
 	BN_init(&u1);
 	BN_init(&u2);
 	BN_init(&t1);