From 9f45608ca1a3cff3a6d5a81dfad8af67d1e69c23 Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Wed, 4 Oct 2017 11:21:18 -0700 Subject: [PATCH] Bug 1405431 - Be more precise in WebAuthn signature verification assertion r=keeler There's an intermittent which might be spurious because ASN.1 signatures might sometimes be less than 70 bytes, but the actual floor is probably 68 (32 + 32 + 4). It's a sanity check, so I've adjusted it down and also am now emitting the offending key bytes if this triggers again. MozReview-Commit-ID: 1wwU9Q3BUPF --HG-- extra : rebase_source : 2877deb770f8bf4bcf31dae40f75016892dc9d53 --- dom/webauthn/tests/u2futil.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dom/webauthn/tests/u2futil.js b/dom/webauthn/tests/u2futil.js index fa50809f6413..30eaf50c8e00 100644 --- a/dom/webauthn/tests/u2futil.js +++ b/dom/webauthn/tests/u2futil.js @@ -283,9 +283,9 @@ function sanitizeSigArray(arr) { } function verifySignature(key, data, derSig) { - if (derSig.byteLength < 70) { - console.log("bad sig: " + hexEncode(new Uint8Array(derSig))) - return Promise.reject("Invalid signature length: " + derSig.byteLength); + if (derSig.byteLength < 68) { + return Promise.reject("Invalid signature (length=" + derSig.byteLength + + "): " + hexEncode(new Uint8Array(derSig))); } let sigAsn1 = org.pkijs.fromBER(derSig);