Bug 925591: Support 2048- and 3072-bit DSA certificates. r=wtc.
authorKaspar Brand <mozbugzilla@velox.ch>
Fri, 11 Oct 2013 10:27:37 -0700
changeset 10872 c3db6134802b786b6d7ba8aff8ed448b4b9fb1f6
parent 10871 d29898e0981c5a98294329f58118b45ad63758b7
child 10873 612d7d1eb9e71dc1ff38f1ca442ab281ea2bcd02
push id175
push userwtc@google.com
push dateFri, 11 Oct 2013 17:27:47 +0000
reviewerswtc
bugs925591
Bug 925591: Support 2048- and 3072-bit DSA certificates. r=wtc.
lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -1002,17 +1002,17 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash
 	    hashItem.data = hash->u.s.sha;
 	    hashItem.len = sizeof(hash->u.s.sha);
 	} else {
 	    hashItem.data = hash->u.raw;
 	    hashItem.len = hash->len;
 	}
 	/* Allow DER encoded DSA signatures in SSL 3.0 */
 	if (isTLS || buf->len != SECKEY_SignatureLen(key)) {
-	    signature = DSAU_DecodeDerSig(buf);
+	    signature = DSAU_DecodeDerSigToLen(buf, SECKEY_SignatureLen(key));
 	    if (!signature) {
 	    	PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
 		return SECFailure;
 	    }
 	    buf = signature;
 	}
 	break;