diff --git a/include/polarssl/ecdsa.h b/include/polarssl/ecdsa.h
index b5e363ea4..4f06328c9 100644
--- a/include/polarssl/ecdsa.h
+++ b/include/polarssl/ecdsa.h
@@ -175,7 +175,9 @@ int ecdsa_write_signature_det( ecdsa_context *ctx,
  * \param slen      Size of sig
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
+ *                  POLARSSL_ERR_ECP_SIG_LEN_MISTMATCH if the signature is
+ *                  valid but its actual length is less than siglen,
  *                  or a POLARSSL_ERR_ECP or POLARSSL_ERR_MPI error code
  */
 int ecdsa_read_signature( ecdsa_context *ctx,
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index 888604821..93fbe3d6e 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -39,6 +39,7 @@
 #define POLARSSL_ERR_ECP_MALLOC_FAILED                     -0x4D80  /**< Memory allocation failed. */
 #define POLARSSL_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
 #define POLARSSL_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
+#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index 23c0ed704..83102bd3a 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -87,7 +87,7 @@
  * DHM       3   9
  * PKCS5     3   4 (Started from top)
  * RSA       4   9
- * ECP       4   7 (Started from top)
+ * ECP       4   8 (Started from top)
  * MD        5   4
  * CIPHER    6   6
  * SSL       6   9 (Started from top)
diff --git a/library/ecdsa.c b/library/ecdsa.c
index c9ab62fa3..6e45f2f1d 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -422,11 +422,14 @@ int ecdsa_read_signature( ecdsa_context *ctx,
         ( ret = asn1_get_mpi( &p, end, &ctx->s ) ) != 0 )
         return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + ret );
 
-    if( p != end )
-        return( POLARSSL_ERR_ECP_BAD_INPUT_DATA +
-                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+    if( ( ret = ecdsa_verify( &ctx->grp, hash, hlen,
+                              &ctx->Q, &ctx->r, &ctx->s ) ) != 0 )
+        return( ret );
 
-    return( ecdsa_verify( &ctx->grp, hash, hlen, &ctx->Q, &ctx->r, &ctx->s ) );
+    if( p != end )
+        return( POLARSSL_ERR_ECP_SIG_LEN_MISMATCH );
+
+    return( 0 );
 }
 
 /*
diff --git a/library/error.c b/library/error.c
index 3cc3aa3ba..2e6bba6c4 100644
--- a/library/error.c
+++ b/library/error.c
@@ -245,6 +245,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
             snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
         if( use_ret == -(POLARSSL_ERR_ECP_INVALID_KEY) )
             snprintf( buf, buflen, "ECP - Invalid private or public key" );
+        if( use_ret == -(POLARSSL_ERR_ECP_SIG_LEN_MISMATCH) )
+            snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
 #endif /* POLARSSL_ECP_C */
 
 #if defined(POLARSSL_MD_C)