1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright 2005 Nokia. All rights reserved.
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10

11
#include <stdio.h>
12
#include "ssl_local.h"
13
#include "internal/ssl_unwrap.h"
14

15
const char *SSL_state_string_long(const SSL *s)
16
{
17
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
18

19
    if (sc == NULL || ossl_statem_in_error(sc))
20
        return "error";
21

22
    switch (SSL_get_state(s)) {
23
    case TLS_ST_CR_CERT_STATUS:
24
        return "SSLv3/TLS read certificate status";
25
    case TLS_ST_CW_NEXT_PROTO:
26
        return "SSLv3/TLS write next proto";
27
    case TLS_ST_SR_NEXT_PROTO:
28
        return "SSLv3/TLS read next proto";
29
    case TLS_ST_SW_CERT_STATUS:
30
        return "SSLv3/TLS write certificate status";
31
    case TLS_ST_BEFORE:
32
        return "before SSL initialization";
33
    case TLS_ST_OK:
34
        return "SSL negotiation finished successfully";
35
    case TLS_ST_CW_CLNT_HELLO:
36
        return "SSLv3/TLS write client hello";
37
    case TLS_ST_CR_SRVR_HELLO:
38
        return "SSLv3/TLS read server hello";
39
    case TLS_ST_CR_CERT:
40
        return "SSLv3/TLS read server certificate";
41
    case TLS_ST_CR_COMP_CERT:
42
        return "TLSv1.3 read server compressed certificate";
43
    case TLS_ST_CR_KEY_EXCH:
44
        return "SSLv3/TLS read server key exchange";
45
    case TLS_ST_CR_CERT_REQ:
46
        return "SSLv3/TLS read server certificate request";
47
    case TLS_ST_CR_SESSION_TICKET:
48
        return "SSLv3/TLS read server session ticket";
49
    case TLS_ST_CR_SRVR_DONE:
50
        return "SSLv3/TLS read server done";
51
    case TLS_ST_CW_CERT:
52
        return "SSLv3/TLS write client certificate";
53
    case TLS_ST_CW_COMP_CERT:
54
        return "TLSv1.3 write client compressed certificate";
55
    case TLS_ST_CW_KEY_EXCH:
56
        return "SSLv3/TLS write client key exchange";
57
    case TLS_ST_CW_CERT_VRFY:
58
        return "SSLv3/TLS write certificate verify";
59
    case TLS_ST_CW_CHANGE:
60
    case TLS_ST_SW_CHANGE:
61
        return "SSLv3/TLS write change cipher spec";
62
    case TLS_ST_CW_FINISHED:
63
    case TLS_ST_SW_FINISHED:
64
        return "SSLv3/TLS write finished";
65
    case TLS_ST_CR_CHANGE:
66
    case TLS_ST_SR_CHANGE:
67
        return "SSLv3/TLS read change cipher spec";
68
    case TLS_ST_CR_FINISHED:
69
    case TLS_ST_SR_FINISHED:
70
        return "SSLv3/TLS read finished";
71
    case TLS_ST_SR_CLNT_HELLO:
72
        return "SSLv3/TLS read client hello";
73
    case TLS_ST_SW_HELLO_REQ:
74
        return "SSLv3/TLS write hello request";
75
    case TLS_ST_SW_SRVR_HELLO:
76
        return "SSLv3/TLS write server hello";
77
    case TLS_ST_SW_CERT:
78
        return "SSLv3/TLS write certificate";
79
    case TLS_ST_SW_COMP_CERT:
80
        return "TLSv1.3 write server compressed certificate";
81
    case TLS_ST_SW_KEY_EXCH:
82
        return "SSLv3/TLS write key exchange";
83
    case TLS_ST_SW_CERT_REQ:
84
        return "SSLv3/TLS write certificate request";
85
    case TLS_ST_SW_SESSION_TICKET:
86
        return "SSLv3/TLS write session ticket";
87
    case TLS_ST_SW_SRVR_DONE:
88
        return "SSLv3/TLS write server done";
89
    case TLS_ST_SR_CERT:
90
        return "SSLv3/TLS read client certificate";
91
    case TLS_ST_SR_COMP_CERT:
92
        return "TLSv1.3 read client compressed certificate";
93
    case TLS_ST_SR_KEY_EXCH:
94
        return "SSLv3/TLS read client key exchange";
95
    case TLS_ST_SR_CERT_VRFY:
96
        return "SSLv3/TLS read certificate verify";
97
    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
98
        return "DTLS1 read hello verify request";
99
    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
100
        return "DTLS1 write hello verify request";
101
    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
102
        return "TLSv1.3 write encrypted extensions";
103
    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
104
        return "TLSv1.3 read encrypted extensions";
105
    case TLS_ST_CR_CERT_VRFY:
106
        return "TLSv1.3 read server certificate verify";
107
    case TLS_ST_SW_CERT_VRFY:
108
        return "TLSv1.3 write server certificate verify";
109
    case TLS_ST_CR_HELLO_REQ:
110
        return "SSLv3/TLS read hello request";
111
    case TLS_ST_SW_KEY_UPDATE:
112
        return "TLSv1.3 write server key update";
113
    case TLS_ST_CW_KEY_UPDATE:
114
        return "TLSv1.3 write client key update";
115
    case TLS_ST_SR_KEY_UPDATE:
116
        return "TLSv1.3 read client key update";
117
    case TLS_ST_CR_KEY_UPDATE:
118
        return "TLSv1.3 read server key update";
119
    case TLS_ST_EARLY_DATA:
120
        return "TLSv1.3 early data";
121
    case TLS_ST_PENDING_EARLY_DATA_END:
122
        return "TLSv1.3 pending early data end";
123
    case TLS_ST_CW_END_OF_EARLY_DATA:
124
        return "TLSv1.3 write end of early data";
125
    case TLS_ST_SR_END_OF_EARLY_DATA:
126
        return "TLSv1.3 read end of early data";
127
    default:
128
        return "unknown state";
129
    }
130
}
131

132
const char *SSL_state_string(const SSL *s)
133
{
134
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
135

136
    if (sc == NULL || ossl_statem_in_error(sc))
137
        return "SSLERR";
138

139
    switch (SSL_get_state(s)) {
140
    case TLS_ST_SR_NEXT_PROTO:
141
        return "TRNP";
142
    case TLS_ST_SW_SESSION_TICKET:
143
        return "TWST";
144
    case TLS_ST_SW_CERT_STATUS:
145
        return "TWCS";
146
    case TLS_ST_CR_CERT_STATUS:
147
        return "TRCS";
148
    case TLS_ST_CR_SESSION_TICKET:
149
        return "TRST";
150
    case TLS_ST_CW_NEXT_PROTO:
151
        return "TWNP";
152
    case TLS_ST_BEFORE:
153
        return "PINIT";
154
    case TLS_ST_OK:
155
        return "SSLOK";
156
    case TLS_ST_CW_CLNT_HELLO:
157
        return "TWCH";
158
    case TLS_ST_CR_SRVR_HELLO:
159
        return "TRSH";
160
    case TLS_ST_CR_CERT:
161
        return "TRSC";
162
    case TLS_ST_CR_COMP_CERT:
163
        return "TRSCC";
164
    case TLS_ST_CR_KEY_EXCH:
165
        return "TRSKE";
166
    case TLS_ST_CR_CERT_REQ:
167
        return "TRCR";
168
    case TLS_ST_CR_SRVR_DONE:
169
        return "TRSD";
170
    case TLS_ST_CW_CERT:
171
        return "TWCC";
172
    case TLS_ST_CW_COMP_CERT:
173
        return "TWCCC";
174
    case TLS_ST_CW_KEY_EXCH:
175
        return "TWCKE";
176
    case TLS_ST_CW_CERT_VRFY:
177
        return "TWCV";
178
    case TLS_ST_SW_CHANGE:
179
    case TLS_ST_CW_CHANGE:
180
        return "TWCCS";
181
    case TLS_ST_SW_FINISHED:
182
    case TLS_ST_CW_FINISHED:
183
        return "TWFIN";
184
    case TLS_ST_SR_CHANGE:
185
    case TLS_ST_CR_CHANGE:
186
        return "TRCCS";
187
    case TLS_ST_SR_FINISHED:
188
    case TLS_ST_CR_FINISHED:
189
        return "TRFIN";
190
    case TLS_ST_SW_HELLO_REQ:
191
        return "TWHR";
192
    case TLS_ST_SR_CLNT_HELLO:
193
        return "TRCH";
194
    case TLS_ST_SW_SRVR_HELLO:
195
        return "TWSH";
196
    case TLS_ST_SW_CERT:
197
        return "TWSC";
198
    case TLS_ST_SW_COMP_CERT:
199
        return "TWSCC";
200
    case TLS_ST_SW_KEY_EXCH:
201
        return "TWSKE";
202
    case TLS_ST_SW_CERT_REQ:
203
        return "TWCR";
204
    case TLS_ST_SW_SRVR_DONE:
205
        return "TWSD";
206
    case TLS_ST_SR_CERT:
207
        return "TRCC";
208
    case TLS_ST_SR_COMP_CERT:
209
        return "TRCCC";
210
    case TLS_ST_SR_KEY_EXCH:
211
        return "TRCKE";
212
    case TLS_ST_SR_CERT_VRFY:
213
        return "TRCV";
214
    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
215
        return "DRCHV";
216
    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
217
        return "DWCHV";
218
    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
219
        return "TWEE";
220
    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
221
        return "TREE";
222
    case TLS_ST_CR_CERT_VRFY:
223
        return "TRSCV";
224
    case TLS_ST_SW_CERT_VRFY:
225
        return "TWSCV";
226
    case TLS_ST_CR_HELLO_REQ:
227
        return "TRHR";
228
    case TLS_ST_SW_KEY_UPDATE:
229
        return "TWSKU";
230
    case TLS_ST_CW_KEY_UPDATE:
231
        return "TWCKU";
232
    case TLS_ST_SR_KEY_UPDATE:
233
        return "TRCKU";
234
    case TLS_ST_CR_KEY_UPDATE:
235
        return "TRSKU";
236
    case TLS_ST_EARLY_DATA:
237
        return "TED";
238
    case TLS_ST_PENDING_EARLY_DATA_END:
239
        return "TPEDE";
240
    case TLS_ST_CW_END_OF_EARLY_DATA:
241
        return "TWEOED";
242
    case TLS_ST_SR_END_OF_EARLY_DATA:
243
        return "TWEOED";
244
    default:
245
        return "UNKWN";
246
    }
247
}
248

249
const char *SSL_alert_type_string_long(int value)
250
{
251
    switch (value >> 8) {
252
    case SSL3_AL_WARNING:
253
        return "warning";
254
    case SSL3_AL_FATAL:
255
        return "fatal";
256
    default:
257
        return "unknown";
258
    }
259
}
260

261
const char *SSL_alert_type_string(int value)
262
{
263
    switch (value >> 8) {
264
    case SSL3_AL_WARNING:
265
        return "W";
266
    case SSL3_AL_FATAL:
267
        return "F";
268
    default:
269
        return "U";
270
    }
271
}
272

273
const char *SSL_alert_desc_string(int value)
274
{
275
    switch (value & 0xff) {
276
    case SSL3_AD_CLOSE_NOTIFY:
277
        return "CN";
278
    case SSL3_AD_UNEXPECTED_MESSAGE:
279
        return "UM";
280
    case SSL3_AD_BAD_RECORD_MAC:
281
        return "BM";
282
    case SSL3_AD_DECOMPRESSION_FAILURE:
283
        return "DF";
284
    case SSL3_AD_HANDSHAKE_FAILURE:
285
        return "HF";
286
    case SSL3_AD_NO_CERTIFICATE:
287
        return "NC";
288
    case SSL3_AD_BAD_CERTIFICATE:
289
        return "BC";
290
    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
291
        return "UC";
292
    case SSL3_AD_CERTIFICATE_REVOKED:
293
        return "CR";
294
    case SSL3_AD_CERTIFICATE_EXPIRED:
295
        return "CE";
296
    case SSL3_AD_CERTIFICATE_UNKNOWN:
297
        return "CU";
298
    case SSL3_AD_ILLEGAL_PARAMETER:
299
        return "IP";
300
    case TLS1_AD_DECRYPTION_FAILED:
301
        return "DC";
302
    case TLS1_AD_RECORD_OVERFLOW:
303
        return "RO";
304
    case TLS1_AD_UNKNOWN_CA:
305
        return "CA";
306
    case TLS1_AD_ACCESS_DENIED:
307
        return "AD";
308
    case TLS1_AD_DECODE_ERROR:
309
        return "DE";
310
    case TLS1_AD_DECRYPT_ERROR:
311
        return "CY";
312
    case TLS1_AD_EXPORT_RESTRICTION:
313
        return "ER";
314
    case TLS1_AD_PROTOCOL_VERSION:
315
        return "PV";
316
    case TLS1_AD_INSUFFICIENT_SECURITY:
317
        return "IS";
318
    case TLS1_AD_INTERNAL_ERROR:
319
        return "IE";
320
    case TLS1_AD_USER_CANCELLED:
321
        return "US";
322
    case TLS1_AD_NO_RENEGOTIATION:
323
        return "NR";
324
    case TLS1_AD_UNSUPPORTED_EXTENSION:
325
        return "UE";
326
    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
327
        return "CO";
328
    case TLS1_AD_UNRECOGNIZED_NAME:
329
        return "UN";
330
    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
331
        return "BR";
332
    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
333
        return "BH";
334
    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
335
        return "UP";
336
    default:
337
        return "UK";
338
    }
339
}
340

341
const char *SSL_alert_desc_string_long(int value)
342
{
343
    switch (value & 0xff) {
344
    case SSL3_AD_CLOSE_NOTIFY:
345
        return "close notify";
346
    case SSL3_AD_UNEXPECTED_MESSAGE:
347
        return "unexpected message";
348
    case SSL3_AD_BAD_RECORD_MAC:
349
        return "bad record mac";
350
    case SSL3_AD_DECOMPRESSION_FAILURE:
351
        return "decompression failure";
352
    case SSL3_AD_HANDSHAKE_FAILURE:
353
        return "handshake failure";
354
    case SSL3_AD_NO_CERTIFICATE:
355
        return "no certificate";
356
    case SSL3_AD_BAD_CERTIFICATE:
357
        return "bad certificate";
358
    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
359
        return "unsupported certificate";
360
    case SSL3_AD_CERTIFICATE_REVOKED:
361
        return "certificate revoked";
362
    case SSL3_AD_CERTIFICATE_EXPIRED:
363
        return "certificate expired";
364
    case SSL3_AD_CERTIFICATE_UNKNOWN:
365
        return "certificate unknown";
366
    case SSL3_AD_ILLEGAL_PARAMETER:
367
        return "illegal parameter";
368
    case TLS1_AD_DECRYPTION_FAILED:
369
        return "decryption failed";
370
    case TLS1_AD_RECORD_OVERFLOW:
371
        return "record overflow";
372
    case TLS1_AD_UNKNOWN_CA:
373
        return "unknown CA";
374
    case TLS1_AD_ACCESS_DENIED:
375
        return "access denied";
376
    case TLS1_AD_DECODE_ERROR:
377
        return "decode error";
378
    case TLS1_AD_DECRYPT_ERROR:
379
        return "decrypt error";
380
    case TLS1_AD_EXPORT_RESTRICTION:
381
        return "export restriction";
382
    case TLS1_AD_PROTOCOL_VERSION:
383
        return "protocol version";
384
    case TLS1_AD_INSUFFICIENT_SECURITY:
385
        return "insufficient security";
386
    case TLS1_AD_INTERNAL_ERROR:
387
        return "internal error";
388
    case TLS1_AD_USER_CANCELLED:
389
        return "user canceled";
390
    case TLS1_AD_NO_RENEGOTIATION:
391
        return "no renegotiation";
392
    case TLS1_AD_UNSUPPORTED_EXTENSION:
393
        return "unsupported extension";
394
    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
395
        return "certificate unobtainable";
396
    case TLS1_AD_UNRECOGNIZED_NAME:
397
        return "unrecognized name";
398
    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
399
        return "bad certificate status response";
400
    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
401
        return "bad certificate hash value";
402
    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
403
        return "unknown PSK identity";
404
    case TLS1_AD_NO_APPLICATION_PROTOCOL:
405
        return "no application protocol";
406
    default:
407
        return "unknown";
408
    }
409
}
410

411