diff options
| author | Martin Kaiser <lists@kaiser.cx> | 2014-05-24 00:02:24 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2014-05-24 00:02:24 +0100 |
| commit | 189ae368d91d2c9de5ed1fa21e993f5c83fc4445 (patch) | |
| tree | 63daed6505f8df3c1baef63a7c92e0d96fa3a9f2 | |
| parent | dd36fce023a64d90058b8fefbd95dadaca98f9ca (diff) | |
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | apps/apps.c | 2 | ||||
| -rw-r--r-- | apps/apps.h | 1 | ||||
| -rw-r--r-- | apps/sess_id.c | 4 | ||||
| -rw-r--r-- | doc/apps/sess_id.pod | 9 | ||||
| -rw-r--r-- | ssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_txt.c | 30 |
7 files changed, 46 insertions, 5 deletions
@@ -4,6 +4,10 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) New output format NSS in the sess_id command line tool. This allows + exporting the session id and the master key in NSS keylog format. + [Martin Kaiser <martin@kaiser.cx>] + *) Harmonize version and its documentation. -f flag is used to display compilation flags. [mancha <mancha1@zoho.com>] diff --git a/apps/apps.c b/apps/apps.c index b82882aa0c..946884860f 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -263,6 +263,8 @@ int str2fmt(char *s) return(FORMAT_ASN1); else if ((*s == 'T') || (*s == 't')) return(FORMAT_TEXT); + else if ((strcmp(s,"NSS") == 0) || (strcmp(s,"nss") == 0)) + return(FORMAT_NSS); else if ((*s == 'N') || (*s == 'n')) return(FORMAT_NETSCAPE); else if ((*s == 'S') || (*s == 's')) diff --git a/apps/apps.h b/apps/apps.h index 5f083d4097..b4a9b49ce7 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -363,6 +363,7 @@ void store_setup_crl_download(X509_STORE *st); #define FORMAT_MSBLOB 11 /* MS Key blob format */ #define FORMAT_PVK 12 /* MS PVK file format */ #define FORMAT_HTTP 13 /* Download using HTTP */ +#define FORMAT_NSS 14 /* NSS keylog format */ #define EXT_COPY_NONE 0 #define EXT_COPY_ADD 1 diff --git a/apps/sess_id.c b/apps/sess_id.c index b16686c26d..d4bf1afe2d 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -73,7 +73,7 @@ static const char *sess_id_usage[]={ "usage: sess_id args\n", "\n", " -inform arg - input format - default PEM (DER or PEM)\n", -" -outform arg - output format - default PEM\n", +" -outform arg - output format - default PEM (PEM, DER or NSS)\n", " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", " -text - print ssl session id details\n", @@ -246,6 +246,8 @@ bad: i=i2d_SSL_SESSION_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_SSL_SESSION(out,x); + else if (outformat == FORMAT_NSS) + i=SSL_SESSION_print_keylog(out,x); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod index 9988d2cd3d..fb5ce12962 100644 --- a/doc/apps/sess_id.pod +++ b/doc/apps/sess_id.pod @@ -9,7 +9,7 @@ sess_id - SSL/TLS session handling utility B<openssl> B<sess_id> [B<-inform PEM|DER>] -[B<-outform PEM|DER>] +[B<-outform PEM|DER|NSS>] [B<-in filename>] [B<-out filename>] [B<-text>] @@ -33,10 +33,11 @@ format containing session details. The precise format can vary from one version to the next. The B<PEM> form is the default format: it consists of the B<DER> format base64 encoded with additional header and footer lines. -=item B<-outform DER|PEM> +=item B<-outform DER|PEM|NSS> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format. The B<PEM> and B<DER> options have the same meaning +as the B<-inform> option. The B<NSS> option outputs the session id and the master key +in NSS keylog format. =item B<-in filename> @@ -2235,6 +2235,7 @@ int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #endif #ifndef OPENSSL_NO_BIO int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); #endif void SSL_SESSION_free(SSL_SESSION *ses); int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 20b95a2829..0ffdcb0ea2 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -248,3 +248,33 @@ err: return(0); } +/* print session id and master key in NSS keylog format + (RSA Session-ID:<session id> Master-Key:<master key>) */ +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) + { + unsigned int i; + + if (x == NULL) goto err; + if (x->session_id_length==0 || x->master_key_length==0) goto err; + + /* the RSA prefix is required by the format's definition although there's + nothing RSA-specifc in the output, therefore, we don't have to check + if the cipher suite is based on RSA */ + if (BIO_puts(bp,"RSA ") <= 0) goto err; + + if (BIO_puts(bp,"Session-ID:") <= 0) goto err; + for (i=0; i<x->session_id_length; i++) + { + if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; + } + if (BIO_puts(bp," Master-Key:") <= 0) goto err; + for (i=0; i<(unsigned int)x->master_key_length; i++) + { + if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; + } + if (BIO_puts(bp,"\n") <= 0) goto err; + + return(1); +err: + return(0); + } |