diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:13:33 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:13:33 +0000 |
commit | 086c044dc34dfc0f74fbe41f4ecb402b2cd34884 (patch) | |
tree | a4f824bd33cb075dd5aa3eb5a0a94af221bbe83a /security/nss/lib/smime | |
parent | Adding debian version 124.0.1-1. (diff) | |
download | firefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.tar.xz firefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.zip |
Merging upstream version 125.0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/smime')
-rw-r--r-- | security/nss/lib/smime/cms.h | 3 | ||||
-rw-r--r-- | security/nss/lib/smime/cmsrecinfo.c | 24 | ||||
-rw-r--r-- | security/nss/lib/smime/smime.def | 6 |
3 files changed, 33 insertions, 0 deletions
diff --git a/security/nss/lib/smime/cms.h b/security/nss/lib/smime/cms.h index f4a8a39e9e..fb803e1f79 100644 --- a/security/nss/lib/smime/cms.h +++ b/security/nss/lib/smime/cms.h @@ -815,6 +815,9 @@ NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd); * cmsrecinfo.c - CMS recipientInfo methods ************************************************************************/ +extern PRBool +NSS_CMSRecipient_IsSupported(CERTCertificate *cert); + /* * NSS_CMSRecipientInfo_Create - create a recipientinfo * diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index 20dd698e8f..6cf2c68c31 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -118,6 +118,8 @@ nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg, certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier; + + // This switch must match the switch in NSS_CMSRecipient_IsSupported. switch (certalgtag) { case SEC_OID_PKCS1_RSA_ENCRYPTION: ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans; @@ -258,6 +260,28 @@ loser: } /* + * NSS_CMSRecipient_IsSupported - checks for a support certificate + * + * Use this function to confirm that the given certificate will be + * accepted by NSS_CMSRecipientInfo_Create, which means that the + * certificate can be used with a supported encryption algorithm. + */ +PRBool +NSS_CMSRecipient_IsSupported(CERTCertificate *cert) +{ + CERTSubjectPublicKeyInfo *spki = &(cert->subjectPublicKeyInfo); + SECOidTag certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); + + switch (certalgtag) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */ + return PR_TRUE; + default: + return PR_FALSE; + } +} + +/* * NSS_CMSRecipientInfo_Create - create a recipientinfo * * we currently do not create KeyAgreement recipientinfos with multiple diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index ba9d09d8cb..d5cff92f37 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -291,3 +291,9 @@ NSS_CMSSignerInfo_GetDigestAlgTag; ;+ local: ;+ *; ;+}; +;+NSS_3.99 { # NSS 3.99 release +;+ global: +NSS_CMSRecipient_IsSupported; +;+ local: +;+ *; +;+}; |