diff --git a/g10/ChangeLog b/g10/ChangeLog
index e7714cc1e..8527827d8 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2002-04-18  Werner Koch  <wk@gnupg.org>
+
+	* seskey.c (encode_md_value): Print an error message if a wrong
+	digest algorithm is used with DSA.  Changed all callers to cope
+	with a NULL return.  Problem noted by Imad R. Faiad.
+
 2002-04-18  David Shaw  <dshaw@jabberwocky.com>
 
 	* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
diff --git a/g10/seskey.c b/g10/seskey.c
index 844f2e4c1..fc912eeb5 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -195,6 +195,12 @@ encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo,
     MPI frame;
 
     if( pubkey_algo == PUBKEY_ALGO_DSA ) {
+        mdlen = md_digest_length (hash_algo);
+        if (mdlen != 20) {
+            log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
+            return NULL;
+        }
+
 	frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo)
 				 +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
 				: mpi_alloc((md_digest_length(hash_algo)
diff --git a/g10/sig-check.c b/g10/sig-check.c
index fd7cb379e..6920b8c13 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -291,6 +291,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
 
     result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
 			      mpi_get_nbits(pk->pkey[0]), 0 );
+    if (!result)
+        return G10ERR_GENERAL;
     ctx.sig = sig;
     ctx.md = digest;
     rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
@@ -302,10 +304,14 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
 	 * the hash right. There is no problem with DSA however  */
 	result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
 			      mpi_get_nbits(pk->pkey[0]), (sig->version < 5) );
-	ctx.sig = sig;
-	ctx.md = digest;
-	rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
-			    cmp_help, &ctx );
+        if (!result)
+            rc = G10ERR_GENERAL;
+        else {
+            ctx.sig = sig;
+            ctx.md = digest;
+            rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
+                                cmp_help, &ctx );
+        }
     }
 
     if( !rc && sig->flags.unknown_critical ) {
diff --git a/g10/sign.c b/g10/sign.c
index c1a09bae4..155dab6dc 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -246,6 +246,8 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
     sig->digest_start[1] = dp[1];
     frame = encode_md_value( sk->pubkey_algo, md,
 			     digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
+    if (!frame)
+        return G10ERR_GENERAL;
     rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
     mpi_free(frame);
     if (!rc && !opt.no_sig_create_check) {
@@ -260,8 +262,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
             frame = encode_md_value (pk->pubkey_algo, md,
                                      sig->digest_algo,
                                      mpi_get_nbits(pk->pkey[0]), 0);
-            rc = pubkey_verify (pk->pubkey_algo, frame, sig->data, pk->pkey,
-                                NULL, NULL );
+            if (!frame)
+                rc = G10ERR_GENERAL;
+            else
+                rc = pubkey_verify (pk->pubkey_algo, frame,
+                                    sig->data, pk->pkey,
+                                    NULL, NULL );
             mpi_free (frame);
         }
         if (rc)