From 40a355a42d4a9444dc753c04c6608dade2f06a23 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:13:27 +0200 Subject: Adding upstream version 125.0.1. Signed-off-by: Daniel Baumann --- security/nss/lib/smime/cmsrecinfo.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'security/nss/lib/smime/cmsrecinfo.c') diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index 20dd698e8f..6cf2c68c31 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -118,6 +118,8 @@ nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg, certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier; + + // This switch must match the switch in NSS_CMSRecipient_IsSupported. switch (certalgtag) { case SEC_OID_PKCS1_RSA_ENCRYPTION: ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans; @@ -257,6 +259,28 @@ loser: return NULL; } +/* + * NSS_CMSRecipient_IsSupported - checks for a support certificate + * + * Use this function to confirm that the given certificate will be + * accepted by NSS_CMSRecipientInfo_Create, which means that the + * certificate can be used with a supported encryption algorithm. + */ +PRBool +NSS_CMSRecipient_IsSupported(CERTCertificate *cert) +{ + CERTSubjectPublicKeyInfo *spki = &(cert->subjectPublicKeyInfo); + SECOidTag certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); + + switch (certalgtag) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */ + return PR_TRUE; + default: + return PR_FALSE; + } +} + /* * NSS_CMSRecipientInfo_Create - create a recipientinfo * -- cgit v1.2.3