dsa_verify_hash: properly handle (=reject) negative r, s

src/pk/dsa/dsa_verify_hash.c

@@ -47,7 +47,7 @@ int dsa_verify_hash_raw(         void   *r,          void   *s,
    }
 
    /* neither r or s can be null or >q*/
-   if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {
+   if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {
       err = CRYPT_INVALID_PACKET;
       goto error;
    }