1 /* 2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright 2005 Nokia. All rights reserved. 4 * 5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include <stdio.h> 12 #include <openssl/buffer.h> 13 #include "ssl_local.h" 14 15 #include "internal/comp.h" 16 17 #ifndef OPENSSL_NO_STDIO 18 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) 19 { 20 BIO *b; 21 int ret; 22 23 if ((b = BIO_new(BIO_s_file())) == NULL) { 24 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 25 return 0; 26 } 27 BIO_set_fp(b, fp, BIO_NOCLOSE); 28 ret = SSL_SESSION_print(b, x); 29 BIO_free(b); 30 return ret; 31 } 32 #endif 33 34 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) 35 { 36 size_t i; 37 const char *s; 38 int istls13; 39 40 if (x == NULL) 41 goto err; 42 istls13 = (x->ssl_version == TLS1_3_VERSION); 43 if (BIO_puts(bp, "SSL-Session:\n") <= 0) 44 goto err; 45 s = ssl_protocol_to_string(x->ssl_version); 46 if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) 47 goto err; 48 49 if (x->cipher == NULL) { 50 if (((x->cipher_id) & 0xff000000) == 0x02000000) { 51 if (BIO_printf(bp, " Cipher : %06lX\n", 52 x->cipher_id & 0xffffff) <= 0) 53 goto err; 54 } else { 55 if (BIO_printf(bp, " Cipher : %04lX\n", 56 x->cipher_id & 0xffff) <= 0) 57 goto err; 58 } 59 } else { 60 if (BIO_printf(bp, " Cipher : %s\n", 61 ((x->cipher->name == NULL) ? "unknown" 62 : x->cipher->name)) <= 0) 63 goto err; 64 } 65 if (BIO_puts(bp, " Session-ID: ") <= 0) 66 goto err; 67 for (i = 0; i < x->session_id_length; i++) { 68 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) 69 goto err; 70 } 71 if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) 72 goto err; 73 for (i = 0; i < x->sid_ctx_length; i++) { 74 if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) 75 goto err; 76 } 77 if (istls13) { 78 if (BIO_puts(bp, "\n Resumption PSK: ") <= 0) 79 goto err; 80 } else if (BIO_puts(bp, "\n Master-Key: ") <= 0) 81 goto err; 82 for (i = 0; i < x->master_key_length; i++) { 83 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) 84 goto err; 85 } 86 #ifndef OPENSSL_NO_PSK 87 if (BIO_puts(bp, "\n PSK identity: ") <= 0) 88 goto err; 89 if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) 90 goto err; 91 if (BIO_puts(bp, "\n PSK identity hint: ") <= 0) 92 goto err; 93 if (BIO_printf 94 (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) 95 goto err; 96 #endif 97 #ifndef OPENSSL_NO_SRP 98 if (BIO_puts(bp, "\n SRP username: ") <= 0) 99 goto err; 100 if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) 101 goto err; 102 #endif 103 if (x->ext.tick_lifetime_hint) { 104 if (BIO_printf(bp, 105 "\n TLS session ticket lifetime hint: %ld (seconds)", 106 x->ext.tick_lifetime_hint) <= 0) 107 goto err; 108 } 109 if (x->ext.tick) { 110 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) 111 goto err; 112 if (BIO_dump_indent 113 (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) 114 <= 0) 115 goto err; 116 } 117 #ifndef OPENSSL_NO_COMP 118 if (x->compress_meth != 0) { 119 SSL_COMP *comp = NULL; 120 121 if (!ssl_cipher_get_evp(NULL, x, NULL, NULL, NULL, NULL, &comp, 0)) 122 goto err; 123 if (comp == NULL) { 124 if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0) 125 goto err; 126 } else { 127 if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, 128 comp->name) <= 0) 129 goto err; 130 } 131 } 132 #endif 133 if (!ossl_time_is_zero(x->time)) { 134 if (BIO_printf(bp, "\n Start Time: %lld", 135 (long long)ossl_time_to_time_t(x->time)) <= 0) 136 goto err; 137 } 138 if (!ossl_time_is_zero(x->timeout)) { 139 if (BIO_printf(bp, "\n Timeout : %lld (sec)", 140 (long long)ossl_time2seconds(x->timeout)) <= 0) 141 goto err; 142 } 143 if (BIO_puts(bp, "\n") <= 0) 144 goto err; 145 146 if (BIO_puts(bp, " Verify return code: ") <= 0) 147 goto err; 148 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, 149 X509_verify_cert_error_string(x->verify_result)) <= 0) 150 goto err; 151 152 if (BIO_printf(bp, " Extended master secret: %s\n", 153 x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) 154 goto err; 155 156 if (istls13) { 157 if (BIO_printf(bp, " Max Early Data: %u\n", 158 (unsigned int)x->ext.max_early_data) <= 0) 159 goto err; 160 } 161 162 return 1; 163 err: 164 return 0; 165 } 166 167 /* 168 * print session id and master key in NSS keylog format (RSA 169 * Session-ID:<session id> Master-Key:<master key>) 170 */ 171 int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) 172 { 173 size_t i; 174 175 if (x == NULL) 176 goto err; 177 if (x->session_id_length == 0 || x->master_key_length == 0) 178 goto err; 179 180 /* 181 * the RSA prefix is required by the format's definition although there's 182 * nothing RSA-specific in the output, therefore, we don't have to check if 183 * the cipher suite is based on RSA 184 */ 185 if (BIO_puts(bp, "RSA ") <= 0) 186 goto err; 187 188 if (BIO_puts(bp, "Session-ID:") <= 0) 189 goto err; 190 for (i = 0; i < x->session_id_length; i++) { 191 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) 192 goto err; 193 } 194 if (BIO_puts(bp, " Master-Key:") <= 0) 195 goto err; 196 for (i = 0; i < x->master_key_length; i++) { 197 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) 198 goto err; 199 } 200 if (BIO_puts(bp, "\n") <= 0) 201 goto err; 202 203 return 1; 204 err: 205 return 0; 206 } 207