From 544b4047de689519ab3e6ec55b776b95b3e264a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Thu, 4 Aug 2016 10:22:26 +0200
Subject: [PATCH] Check for invalid keys, with even p, in dsa_sign.

---
 ChangeLog  | 3 +++
 dsa-sign.c | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 771632c9..84710c46 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2016-08-04  Niels Möller  <nisse@lysator.liu.se>
 
+	* dsa-sign.c (dsa_sign): Return failure if p is even, so that an
+	invalid key doesn't result in a crash inside mpz_powm_sec.
+
 	* rsa-sign-tr.c (rsa_compute_root_tr): Return failure if any of p,
 	q or n is even, to avoid crashing inside mpz_powm_sec. Invalid
 	keys with even modulo are rejected by rsa_public_key_prepare and
diff --git a/dsa-sign.c b/dsa-sign.c
index 9d6bb184..b713743e 100644
--- a/dsa-sign.c
+++ b/dsa-sign.c
@@ -56,6 +56,11 @@ dsa_sign(const struct dsa_params *params,
   mpz_t tmp;
   int res;
   
+  /* Check that p is odd, so that invalid keys don't result in a crash
+     inside mpz_powm_sec. */
+  if (mpz_even_p (params->p))
+    return 0;
+
   /* Select k, 0<k<q, randomly */
   mpz_init_set(tmp, params->q);
   mpz_sub_ui(tmp, tmp, 1);
-- 
GitLab