From 5dd76576fb058d12a64ee795fce7219ff6118219 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Thu, 2 Oct 2025 16:38:23 +0200
Subject: [PATCH] S/MIME EC fix

---
 app/src/main/java/eu/faircode/email/FragmentCompose.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/src/main/java/eu/faircode/email/FragmentCompose.java b/app/src/main/java/eu/faircode/email/FragmentCompose.java
index 3201b14229..9d6dfc16c7 100644
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@@ -4727,7 +4727,8 @@ public class FragmentCompose extends FragmentBase {
                             chain[0].getPublicKey(),
                             CMSAlgorithm.AES128_WRAP);
                     for (X509Certificate cert : certs)
-                        gen.addRecipient(cert);
+                        if (SmimeHelper.match(privkey, cert))
+                            gen.addRecipient(cert);
                     cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen);
                     // https://security.stackexchange.com/a/53960
                     // https://stackoverflow.com/questions/7073319/
@@ -4763,6 +4764,7 @@ public class FragmentCompose extends FragmentBase {
                 Log.i("S/MIME selected encryption algo=" + encryptAlgorithm + " OID=" + encryptionOID);
 
                 OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(encryptionOID)
+                        .setEnableSha256HKdf(true)
                         .build();
                 CMSEnvelopedData cmsEnvelopedData = cmsEnvelopedDataGenerator
                         .generate(msg, encryptor);