1 /* 2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright 2005 Nokia. All rights reserved. 4 * 5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include <stdio.h> 12 #include <openssl/buffer.h> 13 #include "ssl_local.h" 14 15 #ifndef OPENSSL_NO_STDIO 16 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) 17 { 18 BIO *b; 19 int ret; 20 21 if ((b = BIO_new(BIO_s_file())) == NULL) { 22 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 23 return 0; 24 } 25 BIO_set_fp(b, fp, BIO_NOCLOSE); 26 ret = SSL_SESSION_print(b, x); 27 BIO_free(b); 28 return ret; 29 } 30 #endif 31 32 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) 33 { 34 size_t i; 35 const char *s; 36 int istls13; 37 38 if (x == NULL) 39 goto err; 40 istls13 = (x->ssl_version == TLS1_3_VERSION); 41 if (BIO_puts(bp, "SSL-Session:\n") <= 0) 42 goto err; 43 s = ssl_protocol_to_string(x->ssl_version); 44 if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) 45 goto err; 46 47 if (x->cipher == NULL) { 48 if (((x->cipher_id) & 0xff000000) == 0x02000000) { 49 if (BIO_printf(bp, " Cipher : %06lX\n", 50 x->cipher_id & 0xffffff) <= 0) 51 goto err; 52 } else { 53 if (BIO_printf(bp, " Cipher : %04lX\n", 54 x->cipher_id & 0xffff) <= 0) 55 goto err; 56 } 57 } else { 58 if (BIO_printf(bp, " Cipher : %s\n", 59 ((x->cipher->name == NULL) ? "unknown" 60 : x->cipher->name)) <= 0) 61 goto err; 62 } 63 if (BIO_puts(bp, " Session-ID: ") <= 0) 64 goto err; 65 for (i = 0; i < x->session_id_length; i++) { 66 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) 67 goto err; 68 } 69 if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) 70 goto err; 71 for (i = 0; i < x->sid_ctx_length; i++) { 72 if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) 73 goto err; 74 } 75 if (istls13) { 76 if (BIO_puts(bp, "\n Resumption PSK: ") <= 0) 77 goto err; 78 } else if (BIO_puts(bp, "\n Master-Key: ") <= 0) 79 goto err; 80 for (i = 0; i < x->master_key_length; i++) { 81 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) 82 goto err; 83 } 84 #ifndef OPENSSL_NO_PSK 85 if (BIO_puts(bp, "\n PSK identity: ") <= 0) 86 goto err; 87 if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) 88 goto err; 89 if (BIO_puts(bp, "\n PSK identity hint: ") <= 0) 90 goto err; 91 if (BIO_printf 92 (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) 93 goto err; 94 #endif 95 #ifndef OPENSSL_NO_SRP 96 if (BIO_puts(bp, "\n SRP username: ") <= 0) 97 goto err; 98 if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) 99 goto err; 100 #endif 101 if (x->ext.tick_lifetime_hint) { 102 if (BIO_printf(bp, 103 "\n TLS session ticket lifetime hint: %ld (seconds)", 104 x->ext.tick_lifetime_hint) <= 0) 105 goto err; 106 } 107 if (x->ext.tick) { 108 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) 109 goto err; 110 if (BIO_dump_indent 111 (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) 112 <= 0) 113 goto err; 114 } 115 #ifndef OPENSSL_NO_COMP 116 if (x->compress_meth != 0) { 117 SSL_COMP *comp = NULL; 118 119 if (!ssl_cipher_get_evp(NULL, x, NULL, NULL, NULL, NULL, &comp, 0)) 120 goto err; 121 if (comp == NULL) { 122 if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0) 123 goto err; 124 } else { 125 if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, 126 comp->name) <= 0) 127 goto err; 128 } 129 } 130 #endif 131 if (x->time != 0L) { 132 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) 133 goto err; 134 } 135 if (x->timeout != 0L) { 136 if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0) 137 goto err; 138 } 139 if (BIO_puts(bp, "\n") <= 0) 140 goto err; 141 142 if (BIO_puts(bp, " Verify return code: ") <= 0) 143 goto err; 144 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, 145 X509_verify_cert_error_string(x->verify_result)) <= 0) 146 goto err; 147 148 if (BIO_printf(bp, " Extended master secret: %s\n", 149 x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) 150 goto err; 151 152 if (istls13) { 153 if (BIO_printf(bp, " Max Early Data: %u\n", 154 x->ext.max_early_data) <= 0) 155 goto err; 156 } 157 158 return 1; 159 err: 160 return 0; 161 } 162 163 /* 164 * print session id and master key in NSS keylog format (RSA 165 * Session-ID:<session id> Master-Key:<master key>) 166 */ 167 int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) 168 { 169 size_t i; 170 171 if (x == NULL) 172 goto err; 173 if (x->session_id_length == 0 || x->master_key_length == 0) 174 goto err; 175 176 /* 177 * the RSA prefix is required by the format's definition although there's 178 * nothing RSA-specific in the output, therefore, we don't have to check if 179 * the cipher suite is based on RSA 180 */ 181 if (BIO_puts(bp, "RSA ") <= 0) 182 goto err; 183 184 if (BIO_puts(bp, "Session-ID:") <= 0) 185 goto err; 186 for (i = 0; i < x->session_id_length; i++) { 187 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) 188 goto err; 189 } 190 if (BIO_puts(bp, " Master-Key:") <= 0) 191 goto err; 192 for (i = 0; i < x->master_key_length; i++) { 193 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) 194 goto err; 195 } 196 if (BIO_puts(bp, "\n") <= 0) 197 goto err; 198 199 return 1; 200 err: 201 return 0; 202 } 203