1 /* 2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright 2005 Nokia. All rights reserved. 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include <stdio.h> 12 #include <openssl/buffer.h> 13 #include "ssl_local.h" 14 15 #ifndef OPENSSL_NO_STDIO 16 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) 17 { 18 BIO *b; 19 int ret; 20 21 if ((b = BIO_new(BIO_s_file())) == NULL) { 22 SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); 23 return 0; 24 } 25 BIO_set_fp(b, fp, BIO_NOCLOSE); 26 ret = SSL_SESSION_print(b, x); 27 BIO_free(b); 28 return ret; 29 } 30 #endif 31 32 int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) 33 { 34 size_t i; 35 const char *s; 36 int istls13; 37 38 if (x == NULL) 39 goto err; 40 istls13 = (x->ssl_version == TLS1_3_VERSION); 41 if (BIO_puts(bp, "SSL-Session:\n") <= 0) 42 goto err; 43 s = ssl_protocol_to_string(x->ssl_version); 44 if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) 45 goto err; 46 47 if (x->cipher == NULL) { 48 if (((x->cipher_id) & 0xff000000) == 0x02000000) { 49 if (BIO_printf(bp, " Cipher : %06lX\n", 50 x->cipher_id & 0xffffff) <= 0) 51 goto err; 52 } else { 53 if (BIO_printf(bp, " Cipher : %04lX\n", 54 x->cipher_id & 0xffff) <= 0) 55 goto err; 56 } 57 } else { 58 if (BIO_printf(bp, " Cipher : %s\n", 59 ((x->cipher->name == NULL) ? "unknown" 60 : x->cipher->name)) <= 0) 61 goto err; 62 } 63 if (BIO_puts(bp, " Session-ID: ") <= 0) 64 goto err; 65 for (i = 0; i < x->session_id_length; i++) { 66 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) 67 goto err; 68 } 69 if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) 70 goto err; 71 for (i = 0; i < x->sid_ctx_length; i++) { 72 if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) 73 goto err; 74 } 75 if (istls13) { 76 if (BIO_puts(bp, "\n Resumption PSK: ") <= 0) 77 goto err; 78 } else if (BIO_puts(bp, "\n Master-Key: ") <= 0) 79 goto err; 80 for (i = 0; i < x->master_key_length; i++) { 81 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) 82 goto err; 83 } 84 #ifndef OPENSSL_NO_PSK 85 if (BIO_puts(bp, "\n PSK identity: ") <= 0) 86 goto err; 87 if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) 88 goto err; 89 if (BIO_puts(bp, "\n PSK identity hint: ") <= 0) 90 goto err; 91 if (BIO_printf 92 (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) 93 goto err; 94 #endif 95 #ifndef OPENSSL_NO_SRP 96 if (BIO_puts(bp, "\n SRP username: ") <= 0) 97 goto err; 98 if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) 99 goto err; 100 #endif 101 if (x->ext.tick_lifetime_hint) { 102 if (BIO_printf(bp, 103 "\n TLS session ticket lifetime hint: %ld (seconds)", 104 x->ext.tick_lifetime_hint) <= 0) 105 goto err; 106 } 107 if (x->ext.tick) { 108 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) 109 goto err; 110 /* TODO(size_t): Convert this call */ 111 if (BIO_dump_indent 112 (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) 113 <= 0) 114 goto err; 115 } 116 #ifndef OPENSSL_NO_COMP 117 if (x->compress_meth != 0) { 118 SSL_COMP *comp = NULL; 119 120 if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0)) 121 goto err; 122 if (comp == NULL) { 123 if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0) 124 goto err; 125 } else { 126 if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, 127 comp->name) <= 0) 128 goto err; 129 } 130 } 131 #endif 132 if (x->time != 0L) { 133 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) 134 goto err; 135 } 136 if (x->timeout != 0L) { 137 if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0) 138 goto err; 139 } 140 if (BIO_puts(bp, "\n") <= 0) 141 goto err; 142 143 if (BIO_puts(bp, " Verify return code: ") <= 0) 144 goto err; 145 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, 146 X509_verify_cert_error_string(x->verify_result)) <= 0) 147 goto err; 148 149 if (BIO_printf(bp, " Extended master secret: %s\n", 150 x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) 151 goto err; 152 153 if (istls13) { 154 if (BIO_printf(bp, " Max Early Data: %u\n", 155 x->ext.max_early_data) <= 0) 156 goto err; 157 } 158 159 return 1; 160 err: 161 return 0; 162 } 163 164 /* 165 * print session id and master key in NSS keylog format (RSA 166 * Session-ID:<session id> Master-Key:<master key>) 167 */ 168 int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) 169 { 170 size_t i; 171 172 if (x == NULL) 173 goto err; 174 if (x->session_id_length == 0 || x->master_key_length == 0) 175 goto err; 176 177 /* 178 * the RSA prefix is required by the format's definition although there's 179 * nothing RSA-specific in the output, therefore, we don't have to check if 180 * the cipher suite is based on RSA 181 */ 182 if (BIO_puts(bp, "RSA ") <= 0) 183 goto err; 184 185 if (BIO_puts(bp, "Session-ID:") <= 0) 186 goto err; 187 for (i = 0; i < x->session_id_length; i++) { 188 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) 189 goto err; 190 } 191 if (BIO_puts(bp, " Master-Key:") <= 0) 192 goto err; 193 for (i = 0; i < x->master_key_length; i++) { 194 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) 195 goto err; 196 } 197 if (BIO_puts(bp, "\n") <= 0) 198 goto err; 199 200 return 1; 201 err: 202 return 0; 203 } 204