xref: /freebsd/crypto/openssl/ssl/ssl_txt.c (revision 18054d0220cfc8df9c9568c437bd6fbb59d53c3c)
1 /*
2  * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright 2005 Nokia. All rights reserved.
4  *
5  * Licensed under the OpenSSL license (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10 
11 #include <stdio.h>
12 #include <openssl/buffer.h>
13 #include "ssl_local.h"
14 
15 #ifndef OPENSSL_NO_STDIO
16 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
17 {
18     BIO *b;
19     int ret;
20 
21     if ((b = BIO_new(BIO_s_file())) == NULL) {
22         SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
23         return 0;
24     }
25     BIO_set_fp(b, fp, BIO_NOCLOSE);
26     ret = SSL_SESSION_print(b, x);
27     BIO_free(b);
28     return ret;
29 }
30 #endif
31 
32 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
33 {
34     size_t i;
35     const char *s;
36     int istls13;
37 
38     if (x == NULL)
39         goto err;
40     istls13 = (x->ssl_version == TLS1_3_VERSION);
41     if (BIO_puts(bp, "SSL-Session:\n") <= 0)
42         goto err;
43     s = ssl_protocol_to_string(x->ssl_version);
44     if (BIO_printf(bp, "    Protocol  : %s\n", s) <= 0)
45         goto err;
46 
47     if (x->cipher == NULL) {
48         if (((x->cipher_id) & 0xff000000) == 0x02000000) {
49             if (BIO_printf(bp, "    Cipher    : %06lX\n",
50                            x->cipher_id & 0xffffff) <= 0)
51                 goto err;
52         } else {
53             if (BIO_printf(bp, "    Cipher    : %04lX\n",
54                            x->cipher_id & 0xffff) <= 0)
55                 goto err;
56         }
57     } else {
58         if (BIO_printf(bp, "    Cipher    : %s\n",
59                        ((x->cipher->name == NULL) ? "unknown"
60                                                   : x->cipher->name)) <= 0)
61             goto err;
62     }
63     if (BIO_puts(bp, "    Session-ID: ") <= 0)
64         goto err;
65     for (i = 0; i < x->session_id_length; i++) {
66         if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
67             goto err;
68     }
69     if (BIO_puts(bp, "\n    Session-ID-ctx: ") <= 0)
70         goto err;
71     for (i = 0; i < x->sid_ctx_length; i++) {
72         if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
73             goto err;
74     }
75     if (istls13) {
76         if (BIO_puts(bp, "\n    Resumption PSK: ") <= 0)
77             goto err;
78     } else if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
79         goto err;
80     for (i = 0; i < x->master_key_length; i++) {
81         if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
82             goto err;
83     }
84 #ifndef OPENSSL_NO_PSK
85     if (BIO_puts(bp, "\n    PSK identity: ") <= 0)
86         goto err;
87     if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0)
88         goto err;
89     if (BIO_puts(bp, "\n    PSK identity hint: ") <= 0)
90         goto err;
91     if (BIO_printf
92         (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
93         goto err;
94 #endif
95 #ifndef OPENSSL_NO_SRP
96     if (BIO_puts(bp, "\n    SRP username: ") <= 0)
97         goto err;
98     if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0)
99         goto err;
100 #endif
101     if (x->ext.tick_lifetime_hint) {
102         if (BIO_printf(bp,
103                        "\n    TLS session ticket lifetime hint: %ld (seconds)",
104                        x->ext.tick_lifetime_hint) <= 0)
105             goto err;
106     }
107     if (x->ext.tick) {
108         if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
109             goto err;
110         /* TODO(size_t): Convert this call */
111         if (BIO_dump_indent
112             (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4)
113             <= 0)
114             goto err;
115     }
116 #ifndef OPENSSL_NO_COMP
117     if (x->compress_meth != 0) {
118         SSL_COMP *comp = NULL;
119 
120         if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
121             goto err;
122         if (comp == NULL) {
123             if (BIO_printf(bp, "\n    Compression: %d", x->compress_meth) <= 0)
124                 goto err;
125         } else {
126             if (BIO_printf(bp, "\n    Compression: %d (%s)", comp->id,
127                            comp->name) <= 0)
128                 goto err;
129         }
130     }
131 #endif
132     if (x->time != 0L) {
133         if (BIO_printf(bp, "\n    Start Time: %lld", (long long)x->time) <= 0)
134             goto err;
135     }
136     if (x->timeout != 0L) {
137         if (BIO_printf(bp, "\n    Timeout   : %lld (sec)", (long long)x->timeout) <= 0)
138             goto err;
139     }
140     if (BIO_puts(bp, "\n") <= 0)
141         goto err;
142 
143     if (BIO_puts(bp, "    Verify return code: ") <= 0)
144         goto err;
145     if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
146                    X509_verify_cert_error_string(x->verify_result)) <= 0)
147         goto err;
148 
149     if (BIO_printf(bp, "    Extended master secret: %s\n",
150                    x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
151         goto err;
152 
153     if (istls13) {
154         if (BIO_printf(bp, "    Max Early Data: %u\n",
155                        x->ext.max_early_data) <= 0)
156             goto err;
157     }
158 
159     return 1;
160  err:
161     return 0;
162 }
163 
164 /*
165  * print session id and master key in NSS keylog format (RSA
166  * Session-ID:<session id> Master-Key:<master key>)
167  */
168 int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
169 {
170     size_t i;
171 
172     if (x == NULL)
173         goto err;
174     if (x->session_id_length == 0 || x->master_key_length == 0)
175         goto err;
176 
177     /*
178      * the RSA prefix is required by the format's definition although there's
179      * nothing RSA-specific in the output, therefore, we don't have to check if
180      * the cipher suite is based on RSA
181      */
182     if (BIO_puts(bp, "RSA ") <= 0)
183         goto err;
184 
185     if (BIO_puts(bp, "Session-ID:") <= 0)
186         goto err;
187     for (i = 0; i < x->session_id_length; i++) {
188         if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
189             goto err;
190     }
191     if (BIO_puts(bp, " Master-Key:") <= 0)
192         goto err;
193     for (i = 0; i < x->master_key_length; i++) {
194         if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
195             goto err;
196     }
197     if (BIO_puts(bp, "\n") <= 0)
198         goto err;
199 
200     return 1;
201  err:
202     return 0;
203 }
204