sanity check on q value with DSA sign

tests/api.c

@@ -19594,6 +19594,9 @@ static int test_wc_DsaSignVerify (void)
     mp_free(&key.q);
     mp_init(&key.q);
     AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
+
+    mp_set_int(&key.q, 1);
+    AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
 #endif
 
     if (wc_FreeRng(&rng) && ret == 0) {

wolfcrypt/src/dsa.c

@@ -762,6 +762,12 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng)
             break;
         }
 
+        /* if q-1 is 0 or smaller, k will never end up being less than it */
+        if (mp_iszero(qMinus1) || mp_isneg(qMinus1)) {
+            ret = BAD_FUNC_ARG;
+            break;
+        }
+
         do {
             /* Step 4: generate k */
             if ((ret = wc_RNG_GenerateBlock(rng, buffer, halfSz))) {