Because ct_locl.h is used between modules, move it to internal headers

Rename it to ct_int.h

Reviewed-by: Rich Salz <rsalz@openssl.org>

1 files changed, 244 insertions, 0 deletions

diff --git a/crypto/include/internal/ct_int.h b/crypto/include/internal/ct_int.h
new file mode 100644
index 0000000000..2d8e045cdf
--- /dev/null
+++ b/crypto/include/internal/ct_int.h
@@ -0,0 +1,244 @@
+/* crypto/ct/ct_locl.h */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2015.
+ */
+/* ====================================================================
+ * Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#ifndef HEADER_CT_LOCL_H
+# define HEADER_CT_LOCL_H
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_CT
+
+/* All hashes are currently SHA256 */
+#  define SCT_V1_HASHLEN  32
+/* Minimum RSA key size, from RFC6962 */
+#  define SCT_MIN_RSA_BITS 2048
+
+/*
+ * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT
+ * sct_list <1..2^16-1>; } SignedCertificateTimestampList;
+ */
+
+#  define MAX_SCT_SIZE            65535
+#  define MAX_SCT_LIST_SIZE       MAX_SCT_SIZE
+
+typedef enum {
+    UNSET_ENTRY = -1,
+    X509_ENTRY = 0,
+    PRECERT_ENTRY = 1
+} log_entry_type_t;
+
+typedef enum {
+    UNSET_VERSION = -1,
+    SCT_V1 = 0
+} sct_version_t;
+
+typedef struct {
+    sct_version_t version;
+    /* If version is not SCT_V1 this contains the encoded SCT */
+    unsigned char *sct;
+    size_t sct_len;
+    /*
+     * If version is SCT_V1, fields below contain components of the SCT.
+     * "log_id", "ext" and "sig" point to buffers allocated with
+     * OPENSSL_malloc().
+     */
+    unsigned char *log_id;
+    size_t log_id_len;
+
+    /*
+     * Note, we cannot distinguish between an unset timestamp, and one
+     * that is set to 0.  However since CT didn't exist in 1970, no real
+     * SCT should ever be set as such.
+     */
+    uint64_t timestamp;
+    unsigned char *ext;
+    size_t ext_len;
+    unsigned char hash_alg;
+    unsigned char sig_alg;
+    unsigned char *sig;
+    size_t sig_len;
+    /* Log entry type */
+    log_entry_type_t entry_type;
+} SCT;
+
+DECLARE_STACK_OF(SCT)
+
+/*
+ * Allocate new SCT.
+ * Caller is responsible for calling SCT_free when done.
+ */
+SCT *SCT_new(void);
+
+/*
+ * Free SCT and underlying datastructures.
+ */
+void SCT_free(SCT *sct);
+
+/*
+ * Set the version of an SCT.
+ * Returns 1 on success, 0 if the version is unrecognized.
+ */
+int SCT_set_version(SCT *sct, sct_version_t version);
+
+/*
+ * Set the log entry type of an SCT.
+ * Returns 1 on success.
+ */
+int SCT_set_log_entry_type(SCT *sct, log_entry_type_t entry_type);
+
+/*
+ * Set the log id of an SCT to point directly to the *log_id specified.
+ * The SCT takes ownership of the specified pointer.
+ * Returns 1 on success.
+ */
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+
+/*
+ * Set the timestamp of an SCT.
+ */
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+/*
+ * Set the signature type of an SCT
+ * Currently NID_sha256WithRSAEncryption or NID_ecdsa_with_SHA256.
+ * Returns 1 on success.
+ */
+int SCT_set_signature_nid(SCT *sct, int nid);
+
+/*
+ * Set the extensions of an SCT to point directly to the *ext specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+
+/*
+ * Set the signature of an SCT to point directly to the *sig specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+
+/*
+ * Returns the version of the SCT.
+ */
+sct_version_t SCT_get_version(const SCT *sct);
+
+/*
+ * Returns the log entry type of the SCT.
+ */
+log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+
+/*
+ * Set *log_id to point to the log id for the SCT. log_id must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+
+/*
+ * Returns the timestamp for the SCT.
+ */
+uint64_t SCT_get_timestamp(const SCT *sct);
+
+/*
+ * Return the nid for the signature used by the SCT.
+ * Currently NID_sha256WithRSAEncryption or NID_ecdsa_with_SHA256
+ * (or NID_undef).
+ */
+int SCT_get_signature_nid(const SCT *sct);
+
+/*
+ * Set *ext to point to the extension data for the SCT. ext must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+
+/*
+ * Set *sig to point to the signature for the SCT. sig must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+
+
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CT_strings(void);
+
+/* Error codes for the CT functions. */
+
+/* Function codes. */
+# define CT_F_SCT_NEW                                     100
+# define CT_F_SCT_SET0_LOG_ID                             101
+# define CT_F_SCT_SET_LOG_ENTRY_TYPE                      102
+# define CT_F_SCT_SET_SIGNATURE_NID                       103
+# define CT_F_SCT_SET_VERSION                             104
+
+/* Reason codes. */
+# define CT_R_INVALID_LOG_ID_LENGTH                       100
+# define CT_R_UNRECOGNIZED_SIGNATURE_NID                  101
+# define CT_R_UNSUPPORTED_ENTRY_TYPE                      102
+# define CT_R_UNSUPPORTED_VERSION                         103
+
+#ifdef  __cplusplus
+}
+#endif
+#endif