summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/smime
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:33 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:33 +0000
commit086c044dc34dfc0f74fbe41f4ecb402b2cd34884 (patch)
treea4f824bd33cb075dd5aa3eb5a0a94af221bbe83a /security/nss/lib/smime
parentAdding debian version 124.0.1-1. (diff)
downloadfirefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.tar.xz
firefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.zip
Merging upstream version 125.0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/smime')
-rw-r--r--security/nss/lib/smime/cms.h3
-rw-r--r--security/nss/lib/smime/cmsrecinfo.c24
-rw-r--r--security/nss/lib/smime/smime.def6
3 files changed, 33 insertions, 0 deletions
diff --git a/security/nss/lib/smime/cms.h b/security/nss/lib/smime/cms.h
index f4a8a39e9e..fb803e1f79 100644
--- a/security/nss/lib/smime/cms.h
+++ b/security/nss/lib/smime/cms.h
@@ -815,6 +815,9 @@ NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd);
* cmsrecinfo.c - CMS recipientInfo methods
************************************************************************/
+extern PRBool
+NSS_CMSRecipient_IsSupported(CERTCertificate *cert);
+
/*
* NSS_CMSRecipientInfo_Create - create a recipientinfo
*
diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c
index 20dd698e8f..6cf2c68c31 100644
--- a/security/nss/lib/smime/cmsrecinfo.c
+++ b/security/nss/lib/smime/cmsrecinfo.c
@@ -118,6 +118,8 @@ nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg,
certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm));
rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
+
+ // This switch must match the switch in NSS_CMSRecipient_IsSupported.
switch (certalgtag) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans;
@@ -258,6 +260,28 @@ loser:
}
/*
+ * NSS_CMSRecipient_IsSupported - checks for a support certificate
+ *
+ * Use this function to confirm that the given certificate will be
+ * accepted by NSS_CMSRecipientInfo_Create, which means that the
+ * certificate can be used with a supported encryption algorithm.
+ */
+PRBool
+NSS_CMSRecipient_IsSupported(CERTCertificate *cert)
+{
+ CERTSubjectPublicKeyInfo *spki = &(cert->subjectPublicKeyInfo);
+ SECOidTag certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm));
+
+ switch (certalgtag) {
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
+ return PR_TRUE;
+ default:
+ return PR_FALSE;
+ }
+}
+
+/*
* NSS_CMSRecipientInfo_Create - create a recipientinfo
*
* we currently do not create KeyAgreement recipientinfos with multiple
diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def
index ba9d09d8cb..d5cff92f37 100644
--- a/security/nss/lib/smime/smime.def
+++ b/security/nss/lib/smime/smime.def
@@ -291,3 +291,9 @@ NSS_CMSSignerInfo_GetDigestAlgTag;
;+ local:
;+ *;
;+};
+;+NSS_3.99 { # NSS 3.99 release
+;+ global:
+NSS_CMSRecipient_IsSupported;
+;+ local:
+;+ *;
+;+};