Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc

--HG--
extra : rebase_source : 76546b57aade1a15b394a2e53d8c12d62906dcac

security/pkix/lib/pkixnss.cpp

@@ -59,18 +59,18 @@ CheckPublicKeySize(Input subjectPublicKeyInfo, unsigned int minimumNonECCBits,
     case ecKey:
       // TODO(bug 1077790): We should check which curve.
       return Success;
-    case dsaKey: // fall through
     case rsaKey:
       if (SECKEY_PublicKeyStrengthInBits(publicKey.get()) < minimumNonECCBits) {
         return Result::ERROR_INADEQUATE_KEY_SIZE;
       }
       break;
-    case nullKey:
+    case dsaKey: // fall through
-    case fortezzaKey:
+    case nullKey: // fall through
-    case dhKey:
+    case fortezzaKey: // fall through
-    case keaKey:
+    case dhKey: // fall through
-    case rsaPssKey:
+    case keaKey: // fall through
-    case rsaOaepKey:
+    case rsaPssKey: // fall through
+    case rsaOaepKey: // fall through
     default:
       return Result::ERROR_UNSUPPORTED_KEYALG;
   }