Check for invalid keys, with even p, in dsa_sign.

544b4047 · Niels Möller · 52b92231 · 544b4047 · 544b4047
Commit 544b4047 authored Aug 04, 2016 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
 2016-08-04  Niels Möller  <nisse@lysator.liu.se>

+	* dsa-sign.c (dsa_sign): Return failure if p is even, so that an
+	invalid key doesn't result in a crash inside mpz_powm_sec.
+
 	* rsa-sign-tr.c (rsa_compute_root_tr): Return failure if any of p,
 	q or n is even, to avoid crashing inside mpz_powm_sec. Invalid
 	keys with even modulo are rejected by rsa_public_key_prepare and

--- a/dsa-sign.c
+++ b/dsa-sign.c
@@ -56,6 +56,11 @@ dsa_sign(const struct dsa_params *params,
  mpz_t tmp;
  int res;
  
+  /* Check that p is odd, so that invalid keys don't result in a crash
+     inside mpz_powm_sec. */
+  if (mpz_even_p (params->p))
+    return 0;
+
  /* Select k, 0<k<q, randomly */
  mpz_init_set(tmp, params->q);
  mpz_sub_ui(tmp, tmp, 1);