From 40a355a42d4a9444dc753c04c6608dade2f06a23 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 03:13:27 +0200
Subject: Adding upstream version 125.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 security/nss/lib/smime/cms.h        |  3 +++
 security/nss/lib/smime/cmsrecinfo.c | 24 ++++++++++++++++++++++++
 security/nss/lib/smime/smime.def    |  6 ++++++
 3 files changed, 33 insertions(+)

(limited to 'security/nss/lib/smime')

diff --git a/security/nss/lib/smime/cms.h b/security/nss/lib/smime/cms.h
index f4a8a39e9e..fb803e1f79 100644
--- a/security/nss/lib/smime/cms.h
+++ b/security/nss/lib/smime/cms.h
@@ -815,6 +815,9 @@ NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd);
  * cmsrecinfo.c - CMS recipientInfo methods
  ************************************************************************/
 
+extern PRBool
+NSS_CMSRecipient_IsSupported(CERTCertificate *cert);
+
 /*
  * NSS_CMSRecipientInfo_Create - create a recipientinfo
  *
diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c
index 20dd698e8f..6cf2c68c31 100644
--- a/security/nss/lib/smime/cmsrecinfo.c
+++ b/security/nss/lib/smime/cmsrecinfo.c
@@ -118,6 +118,8 @@ nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg,
     certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm));
 
     rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
+
+    // This switch must match the switch in NSS_CMSRecipient_IsSupported.
     switch (certalgtag) {
         case SEC_OID_PKCS1_RSA_ENCRYPTION:
             ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans;
@@ -257,6 +259,28 @@ loser:
     return NULL;
 }
 
+/*
+ * NSS_CMSRecipient_IsSupported - checks for a support certificate
+ *
+ * Use this function to confirm that the given certificate will be
+ * accepted by NSS_CMSRecipientInfo_Create, which means that the
+ * certificate can be used with a supported encryption algorithm.
+ */
+PRBool
+NSS_CMSRecipient_IsSupported(CERTCertificate *cert)
+{
+    CERTSubjectPublicKeyInfo *spki = &(cert->subjectPublicKeyInfo);
+    SECOidTag certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm));
+
+    switch (certalgtag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
 /*
  * NSS_CMSRecipientInfo_Create - create a recipientinfo
  *
diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def
index ba9d09d8cb..d5cff92f37 100644
--- a/security/nss/lib/smime/smime.def
+++ b/security/nss/lib/smime/smime.def
@@ -291,3 +291,9 @@ NSS_CMSSignerInfo_GetDigestAlgTag;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.99 {    # NSS 3.99 release
+;+    global:
+NSS_CMSRecipient_IsSupported;
+;+    local:
+;+       *;
+;+};
-- 
cgit v1.2.3