diff options
Diffstat (limited to 'security/nss/lib/smime/cmsrecinfo.c')
| -rw-r--r-- | security/nss/lib/smime/cmsrecinfo.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index 20dd698e8f..6cf2c68c31 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -118,6 +118,8 @@ nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg, certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier; + + // This switch must match the switch in NSS_CMSRecipient_IsSupported. switch (certalgtag) { case SEC_OID_PKCS1_RSA_ENCRYPTION: ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans; @@ -258,6 +260,28 @@ loser: } /* + * NSS_CMSRecipient_IsSupported - checks for a support certificate + * + * Use this function to confirm that the given certificate will be + * accepted by NSS_CMSRecipientInfo_Create, which means that the + * certificate can be used with a supported encryption algorithm. + */ +PRBool +NSS_CMSRecipient_IsSupported(CERTCertificate *cert) +{ + CERTSubjectPublicKeyInfo *spki = &(cert->subjectPublicKeyInfo); + SECOidTag certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); + + switch (certalgtag) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */ + return PR_TRUE; + default: + return PR_FALSE; + } +} + +/* * NSS_CMSRecipientInfo_Create - create a recipientinfo * * we currently do not create KeyAgreement recipientinfos with multiple |