root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352

This commit is contained in:
Martin Kaiser 2014-05-24 00:02:24 +01:00 committed by Matt Caswell
parent dd36fce023
commit 189ae368d9
7 changed files with 46 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -4,6 +4,10 @@
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
*) New output format NSS in the sess_id command line tool. This allows
exporting the session id and the master key in NSS keylog format.
[Martin Kaiser <martin@kaiser.cx>]
*) Harmonize version and its documentation. -f flag is used to display *) Harmonize version and its documentation. -f flag is used to display
compilation flags. compilation flags.
[mancha <mancha1@zoho.com>] [mancha <mancha1@zoho.com>]

2
apps/apps.c
View File

@ -263,6 +263,8 @@ int str2fmt(char *s)
return(FORMAT_ASN1); return(FORMAT_ASN1);
else if ((*s == 'T') || (*s == 't')) else if ((*s == 'T') || (*s == 't'))
return(FORMAT_TEXT); return(FORMAT_TEXT);
else if ((strcmp(s,"NSS") == 0) || (strcmp(s,"nss") == 0))
return(FORMAT_NSS);
else if ((*s == 'N') || (*s == 'n')) else if ((*s == 'N') || (*s == 'n'))
return(FORMAT_NETSCAPE); return(FORMAT_NETSCAPE);
else if ((*s == 'S') || (*s == 's')) else if ((*s == 'S') || (*s == 's'))

1
apps/apps.h
View File

@ -363,6 +363,7 @@ void store_setup_crl_download(X509_STORE *st);
#define FORMAT_MSBLOB 11 /* MS Key blob format */ #define FORMAT_MSBLOB 11 /* MS Key blob format */
#define FORMAT_PVK 12 /* MS PVK file format */ #define FORMAT_PVK 12 /* MS PVK file format */
#define FORMAT_HTTP 13 /* Download using HTTP */ #define FORMAT_HTTP 13 /* Download using HTTP */
#define FORMAT_NSS 14 /* NSS keylog format */
#define EXT_COPY_NONE 0 #define EXT_COPY_NONE 0
#define EXT_COPY_ADD 1 #define EXT_COPY_ADD 1

4
apps/sess_id.c
View File

@ -73,7 +73,7 @@ static const char *sess_id_usage[]={
"usage: sess_id args\n", "usage: sess_id args\n",
"\n", "\n",
" -inform arg - input format - default PEM (DER or PEM)\n", " -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n", " -outform arg - output format - default PEM (PEM, DER or NSS)\n",
" -in arg - input file - default stdin\n", " -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n", " -out arg - output file - default stdout\n",
" -text - print ssl session id details\n", " -text - print ssl session id details\n",
@ -246,6 +246,8 @@ bad:
i=i2d_SSL_SESSION_bio(out,x); i=i2d_SSL_SESSION_bio(out,x);
else if (outformat == FORMAT_PEM) else if (outformat == FORMAT_PEM)
i=PEM_write_bio_SSL_SESSION(out,x); i=PEM_write_bio_SSL_SESSION(out,x);
else if (outformat == FORMAT_NSS)
i=SSL_SESSION_print_keylog(out,x);
else { else {
BIO_printf(bio_err,"bad output format specified for outfile\n"); BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end; goto end;

9
doc/apps/sess_id.pod
View File

@ -9,7 +9,7 @@ sess_id - SSL/TLS session handling utility
B<openssl> B<sess_id> B<openssl> B<sess_id>
[B<-inform PEM|DER>] [B<-inform PEM|DER>]
[B<-outform PEM|DER>] [B<-outform PEM|DER|NSS>]
[B<-in filename>] [B<-in filename>]
[B<-out filename>] [B<-out filename>]
[B<-text>] [B<-text>]
@ -33,10 +33,11 @@ format containing session details. The precise format can vary from one version
to the next. The B<PEM> form is the default format: it consists of the B<DER> to the next. The B<PEM> form is the default format: it consists of the B<DER>
format base64 encoded with additional header and footer lines. format base64 encoded with additional header and footer lines.
=item B<-outform DER|PEM> =item B<-outform DER|PEM|NSS>
This specifies the output format, the options have the same meaning as the This specifies the output format. The B<PEM> and B<DER> options have the same meaning
B<-inform> option. as the B<-inform> option. The B<NSS> option outputs the session id and the master key
in NSS keylog format.
=item B<-in filename> =item B<-in filename>

1
ssl/ssl.h
View File

@ -2235,6 +2235,7 @@ int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
#endif #endif
#ifndef OPENSSL_NO_BIO #ifndef OPENSSL_NO_BIO
int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
#endif #endif
void SSL_SESSION_free(SSL_SESSION *ses); void SSL_SESSION_free(SSL_SESSION *ses);
int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);

30
ssl/ssl_txt.c
View File

@ -248,3 +248,33 @@ err:
return(0); return(0);
} }
/* print session id and master key in NSS keylog format
(RSA Session-ID:<session id> Master-Key:<master key>) */
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
{
unsigned int i;
if (x == NULL) goto err;
if (x->session_id_length==0 || x->master_key_length==0) goto err;
/* the RSA prefix is required by the format's definition although there's
nothing RSA-specifc in the output, therefore, we don't have to check
if the cipher suite is based on RSA */
if (BIO_puts(bp,"RSA ") <= 0) goto err;
if (BIO_puts(bp,"Session-ID:") <= 0) goto err;
for (i=0; i<x->session_id_length; i++)
{
if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
}
if (BIO_puts(bp," Master-Key:") <= 0) goto err;
for (i=0; i<(unsigned int)x->master_key_length; i++)
{
if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
}
if (BIO_puts(bp,"\n") <= 0) goto err;
return(1);
err:
return(0);
}