New functions to add and free up application defined signature OIDs.

CHANGES

@@ -4,6 +4,11 @@
 
  Changes between 0.9.8b and 0.9.9  [xx XXX xxxx]
 
+  *) New function OBJ_add_sigid() to allow application defined signature OIDs
+     to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+     to free up any added signature OIDs.
+     [Steve Henson]
+
   *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
      EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
      digest and cipher tables. New options added to openssl utility:

crypto/evp/names.c

@@ -132,6 +132,7 @@ void EVP_cleanup(void)
 		obj_cleanup_defer = 0;
 		OBJ_cleanup();
 		}
+	OBJ_sigid_free();
 	}
 
 struct doall_cipher

crypto/objects/obj_xref.c

@@ -59,11 +59,18 @@
 #include <openssl/objects.h>
 #include "obj_xref.h"
 
+STACK *sig_app, *sigx_app;
+
 static int cmp_sig(const nid_triple *a, const nid_triple *b)
 	{
 	return **a - **b;
 	}
 
+static int cmp_sig_sk(const nid_triple **a, const nid_triple **b)
+	{
+	return ***a - ***b;
+	}
+
 static int cmp_sigx(const nid_triple **a, const nid_triple **b)
 	{
 	int ret;
@@ -76,14 +83,26 @@ static int cmp_sigx(const nid_triple **a, const nid_triple **b)
 
 int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
 	{
-	nid_triple tmp, *rv;
+	nid_triple tmp, *rv = NULL;
 	tmp[0] = signid;
 
+	if (sig_app)
+		{
+		int idx = sk_find(sig_app, (char *)&tmp);
+		if (idx >= 0)
+			rv = (nid_triple *)sk_value(sig_app, idx);
+		}
+
+#ifndef OBJ_XREF_TEST2
+	if (rv == NULL)
+		{
 		rv = (nid_triple *)OBJ_bsearch((char *)&tmp,
 				(char *)sigoid_srt,
 				sizeof(sigoid_srt) / sizeof(nid_triple),
 				sizeof(nid_triple),
 				(int (*)(const void *, const void *))cmp_sig);
+		}
+#endif
 	if (rv == NULL)
 		return 0;
 	*pdig_nid = (*rv)[1];
@@ -93,21 +112,88 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
 
 int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
 	{
-	nid_triple tmp, *t=&tmp, **rv;
+	nid_triple tmp, *t=&tmp, **rv = NULL;
 	tmp[1] = dig_nid;
 	tmp[2] = pkey_nid;
 
+	if (sigx_app)
+		{
+		int idx = sk_find(sigx_app, (char *)&tmp);
+		if (idx >= 0)
+			{
+			t = (nid_triple *)sk_value(sigx_app, idx);
+			rv = &t;
+			}
+		}
+
+#ifndef OBJ_XREF_TEST2
 	rv = (nid_triple **)OBJ_bsearch((char *)&t,
 				(char *)sigoid_srt_xref,
 				sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
 				sizeof(nid_triple *),
 				(int (*)(const void *, const void *))cmp_sigx);
+#endif
 	if (rv == NULL)
 		return 0;
 	*psignid = (**rv)[0];
 	return 1;
 	}
 
+typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
+
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
+	{
+	nid_triple *ntr;
+	if (!sig_app)
+		sig_app = sk_new((sk_cmp_fn_type *)cmp_sig_sk);
+	if (!sig_app)
+		return 0;
+	if (!sigx_app)
+		sigx_app = sk_new((sk_cmp_fn_type *)cmp_sigx);
+	if (!sigx_app)
+		return 0;
+	ntr = OPENSSL_malloc(sizeof(int) * 3);
+	if (!ntr)
+		return 0;
+	(*ntr)[0] = signid;
+	(*ntr)[1] = dig_id;
+	(*ntr)[2] = pkey_id;
+
+	if (!sk_push(sig_app, (char *)ntr))
+		{
+		OPENSSL_free(ntr);
+		return 0;
+		}
+
+	if (!sk_push(sigx_app, (char *)ntr))
+		return 0;
+
+	sk_sort(sig_app);
+	sk_sort(sigx_app);
+
+	return 1;
+	}
+
+static void sid_free(void *x)
+	{
+	nid_triple *tt = (nid_triple *)x;
+	OPENSSL_free(tt);
+	}
+
+void OBJ_sigid_free(void)
+	{
+	if (sig_app)
+		{
+		sk_pop_free(sig_app, sid_free);
+		sig_app = NULL;
+		}
+	if (sigx_app)
+		{
+		sk_free(sigx_app);
+		sigx_app = NULL;
+		}
+	}
+		
 #ifdef OBJ_XREF_TEST
 
 main()
@@ -115,6 +201,13 @@ main()
 	int n1, n2, n3;
 
 	int i, rv;
+#ifdef OBJ_XREF_TEST2
+	for (i = 0; i <	sizeof(sigoid_srt) / sizeof(nid_triple); i++)
+		{
+		OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1],
+				sigoid_srt[i][2]);
+		}
+#endif
 
 	for (i = 0; i <	sizeof(sigoid_srt) / sizeof(nid_triple); i++)
 		{

crypto/objects/objects.h

@@ -1024,6 +1024,8 @@ int		OBJ_create_objects(BIO *in);
 
 int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
 int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
+void OBJ_sigid_free(void);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes

doc/apps/pkeyutl.pod

@@ -152,11 +152,11 @@ specified.
 
 =item B<rsa_pss_saltlen:len>
 
-For B<pss> mode only this option specifies the salt length. Two special
+For B<pss> mode only this option specifies the salt length. Two special values
-values are supported: -1 sets the salt length to the digest length. When
+are supported: -1 sets the salt length to the digest length. When signing -2
-signing -2 sets the salt length to the maximum permissible value. When
+sets the salt length to the maximum permissible value. When verifying -2 causes
-verifying -2 causes the salt length to be automatically determined based
+the salt length to be automatically determined based on the B<PSS> block
-on the B<PSS> block structure.
+structure.
 
 =back