Merging upstream version 125.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 24 insertions, 0 deletions

diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c
index 20dd698e8f..6cf2c68c31 100644
--- a/security/nss/lib/smime/cmsrecinfo.c
+++ b/security/nss/lib/smime/cmsrecinfo.c
@@ -118,6 +118,8 @@ nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg,
     certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm));
 
     rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
+
+    // This switch must match the switch in NSS_CMSRecipient_IsSupported.
     switch (certalgtag) {
         case SEC_OID_PKCS1_RSA_ENCRYPTION:
             ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans;
@@ -258,6 +260,28 @@ loser:
 }
 
 /*
+ * NSS_CMSRecipient_IsSupported - checks for a support certificate
+ *
+ * Use this function to confirm that the given certificate will be
+ * accepted by NSS_CMSRecipientInfo_Create, which means that the
+ * certificate can be used with a supported encryption algorithm.
+ */
+PRBool
+NSS_CMSRecipient_IsSupported(CERTCertificate *cert)
+{
+    CERTSubjectPublicKeyInfo *spki = &(cert->subjectPublicKeyInfo);
+    SECOidTag certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm));
+
+    switch (certalgtag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+/*
  * NSS_CMSRecipientInfo_Create - create a recipientinfo
  *
  * we currently do not create KeyAgreement recipientinfos with multiple