Home | History | Annotate | Line # | Download | only in ssl
      1 /*
      2  * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
      3  * Copyright 2005 Nokia. All rights reserved.
      4  *
      5  * Licensed under the Apache License 2.0 (the "License").  You may not use
      6  * this file except in compliance with the License.  You can obtain a copy
      7  * in the file LICENSE in the source distribution or at
      8  * https://www.openssl.org/source/license.html
      9  */
     10 
     11 #include <stdio.h>
     12 #include <openssl/buffer.h>
     13 #include "ssl_local.h"
     14 
     15 #include "internal/comp.h"
     16 
     17 #ifndef OPENSSL_NO_STDIO
     18 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
     19 {
     20     BIO *b;
     21     int ret;
     22 
     23     if ((b = BIO_new(BIO_s_file())) == NULL) {
     24         ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
     25         return 0;
     26     }
     27     BIO_set_fp(b, fp, BIO_NOCLOSE);
     28     ret = SSL_SESSION_print(b, x);
     29     BIO_free(b);
     30     return ret;
     31 }
     32 #endif
     33 
     34 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
     35 {
     36     size_t i;
     37     const char *s;
     38     int istls13;
     39 
     40     if (x == NULL)
     41         goto err;
     42     istls13 = (x->ssl_version == TLS1_3_VERSION);
     43     if (BIO_puts(bp, "SSL-Session:\n") <= 0)
     44         goto err;
     45     s = ssl_protocol_to_string(x->ssl_version);
     46     if (BIO_printf(bp, "    Protocol  : %s\n", s) <= 0)
     47         goto err;
     48 
     49     if (x->cipher == NULL) {
     50         if (((x->cipher_id) & 0xff000000) == 0x02000000) {
     51             if (BIO_printf(bp, "    Cipher    : %06lX\n",
     52                     x->cipher_id & 0xffffff)
     53                 <= 0)
     54                 goto err;
     55         } else {
     56             if (BIO_printf(bp, "    Cipher    : %04lX\n",
     57                     x->cipher_id & 0xffff)
     58                 <= 0)
     59                 goto err;
     60         }
     61     } else {
     62         if (BIO_printf(bp, "    Cipher    : %s\n",
     63                 ((x->cipher->name == NULL) ? "unknown"
     64                                            : x->cipher->name))
     65             <= 0)
     66             goto err;
     67     }
     68     if (BIO_puts(bp, "    Session-ID: ") <= 0)
     69         goto err;
     70     for (i = 0; i < x->session_id_length; i++) {
     71         if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
     72             goto err;
     73     }
     74     if (BIO_puts(bp, "\n    Session-ID-ctx: ") <= 0)
     75         goto err;
     76     for (i = 0; i < x->sid_ctx_length; i++) {
     77         if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
     78             goto err;
     79     }
     80     if (istls13) {
     81         if (BIO_puts(bp, "\n    Resumption PSK: ") <= 0)
     82             goto err;
     83     } else if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
     84         goto err;
     85     for (i = 0; i < x->master_key_length; i++) {
     86         if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
     87             goto err;
     88     }
     89 #ifndef OPENSSL_NO_PSK
     90     if (BIO_puts(bp, "\n    PSK identity: ") <= 0)
     91         goto err;
     92     if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0)
     93         goto err;
     94     if (BIO_puts(bp, "\n    PSK identity hint: ") <= 0)
     95         goto err;
     96     if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
     97         goto err;
     98 #endif
     99 #ifndef OPENSSL_NO_SRP
    100     if (BIO_puts(bp, "\n    SRP username: ") <= 0)
    101         goto err;
    102     if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0)
    103         goto err;
    104 #endif
    105     if (x->ext.tick_lifetime_hint) {
    106         if (BIO_printf(bp,
    107                 "\n    TLS session ticket lifetime hint: %ld (seconds)",
    108                 x->ext.tick_lifetime_hint)
    109             <= 0)
    110             goto err;
    111     }
    112     if (x->ext.tick) {
    113         if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
    114             goto err;
    115         if (BIO_dump_indent(bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4)
    116             <= 0)
    117             goto err;
    118     }
    119 #ifndef OPENSSL_NO_COMP
    120     if (x->compress_meth != 0) {
    121         SSL_COMP *comp = NULL;
    122 
    123         if (!ssl_cipher_get_evp(NULL, x, NULL, NULL, NULL, NULL, &comp, 0))
    124             goto err;
    125         if (comp == NULL) {
    126             if (BIO_printf(bp, "\n    Compression: %d", x->compress_meth) <= 0)
    127                 goto err;
    128         } else {
    129             if (BIO_printf(bp, "\n    Compression: %d (%s)", comp->id,
    130                     comp->name)
    131                 <= 0)
    132                 goto err;
    133         }
    134     }
    135 #endif
    136     if (!ossl_time_is_zero(x->time)) {
    137         if (BIO_printf(bp, "\n    Start Time: %lld",
    138                 (long long)ossl_time_to_time_t(x->time))
    139             <= 0)
    140             goto err;
    141     }
    142     if (!ossl_time_is_zero(x->timeout)) {
    143         if (BIO_printf(bp, "\n    Timeout   : %lld (sec)",
    144                 (long long)ossl_time2seconds(x->timeout))
    145             <= 0)
    146             goto err;
    147     }
    148     if (BIO_puts(bp, "\n") <= 0)
    149         goto err;
    150 
    151     if (BIO_puts(bp, "    Verify return code: ") <= 0)
    152         goto err;
    153     if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
    154             X509_verify_cert_error_string(x->verify_result))
    155         <= 0)
    156         goto err;
    157 
    158     if (BIO_printf(bp, "    Extended master secret: %s\n",
    159             x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no")
    160         <= 0)
    161         goto err;
    162 
    163     if (istls13) {
    164         if (BIO_printf(bp, "    Max Early Data: %u\n",
    165                 (unsigned int)x->ext.max_early_data)
    166             <= 0)
    167             goto err;
    168     }
    169 
    170     return 1;
    171 err:
    172     return 0;
    173 }
    174 
    175 /*
    176  * print session id and master key in NSS keylog format (RSA
    177  * Session-ID:<session id> Master-Key:<master key>)
    178  */
    179 int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
    180 {
    181     size_t i;
    182 
    183     if (x == NULL)
    184         goto err;
    185     if (x->session_id_length == 0 || x->master_key_length == 0)
    186         goto err;
    187 
    188     /*
    189      * the RSA prefix is required by the format's definition although there's
    190      * nothing RSA-specific in the output, therefore, we don't have to check if
    191      * the cipher suite is based on RSA
    192      */
    193     if (BIO_puts(bp, "RSA ") <= 0)
    194         goto err;
    195 
    196     if (BIO_puts(bp, "Session-ID:") <= 0)
    197         goto err;
    198     for (i = 0; i < x->session_id_length; i++) {
    199         if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
    200             goto err;
    201     }
    202     if (BIO_puts(bp, " Master-Key:") <= 0)
    203         goto err;
    204     for (i = 0; i < x->master_key_length; i++) {
    205         if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
    206             goto err;
    207     }
    208     if (BIO_puts(bp, "\n") <= 0)
    209         goto err;
    210 
    211     return 1;
    212 err:
    213     return 0;
    214 }
    215