From bd345185700a8fb2b4f149194899328aca3a49e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Sun, 28 Aug 2022 13:56:32 +0200
Subject: [PATCH] Crypto.DSA: Fix rejection of signatures with offset r and/or
 s.

Fixes #10077.
---
 lib/modules/Crypto.pmod/DSA.pmod | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/modules/Crypto.pmod/DSA.pmod b/lib/modules/Crypto.pmod/DSA.pmod
index 710c23881c..eb90e3718b 100644
--- a/lib/modules/Crypto.pmod/DSA.pmod
+++ b/lib/modules/Crypto.pmod/DSA.pmod
@@ -368,6 +368,9 @@ class State {
   //! Verify the signature @[r],@[s] against the message @[h].
   int(0..1) raw_verify(Gmp.mpz h, Gmp.mpz r, Gmp.mpz s)
   {
+    if ((r > q) || (s > q)) {
+      return 0;
+    }
     Gmp.mpz w;
     if (catch
       {
-- 
GitLab