Support trace for QUIC datagrams

Extend SSL_trace so that it knows how to dump information about the
receipt of a QUIC datagram.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)

5 files changed, 58 insertions, 5 deletions

diff --git a/ssl/quic/build.info b/ssl/quic/build.info
index 2d930a29a2..3a9e2d55af 100644
--- a/ssl/quic/build.info
+++ b/ssl/quic/build.info
@@ -13,3 +13,4 @@ SOURCE[$LIBSSL]=quic_channel.c
 SOURCE[$LIBSSL]=quic_tserver.c
 SOURCE[$LIBSSL]=quic_tls.c
 SOURCE[$LIBSSL]=quic_thread_assist.c
+SOURCE[$LIBSSL]=quic_trace.c
diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h
index 9cedc947b2..d4088d4b69 100644
--- a/ssl/quic/quic_local.h
+++ b/ssl/quic/quic_local.h
@@ -218,6 +218,9 @@ void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc,
 void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
                                          OSSL_QUIC_FRAME_CONN_CLOSE *f);
 
+int ossl_quic_trace(int write_p, int version, int content_type,
+                    const void *buf, size_t msglen, SSL *ssl, void *arg);
+
 #  define OSSL_QUIC_ANY_VERSION 0xFFFFF
 
 #  define QUIC_CONNECTION_FROM_SSL_int(ssl, c)   \
diff --git a/ssl/quic/quic_record_rx.c b/ssl/quic/quic_record_rx.c
index 7171896b1d..394050afe6 100644
--- a/ssl/quic/quic_record_rx.c
+++ b/ssl/quic/quic_record_rx.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/ssl.h>
 #include "internal/quic_record_rx.h"
 #include "quic_record_shared.h"
 #include "internal/common.h"
@@ -233,6 +234,10 @@ void ossl_qrx_inject_urxe(OSSL_QRX *qrx, QUIC_URXE *urxe)
     urxe->hpr_removed   = 0;
     urxe->deferred      = 0;
     ossl_list_urxe_insert_tail(&qrx->urx_pending, urxe);
+
+    if (qrx->msg_callback != NULL)
+        qrx->msg_callback(0, OSSL_QUIC1_VERSION, SSL3_RT_QUIC_DATAGRAM, urxe + 1,
+                          urxe->data_len, qrx->msg_callback_s, qrx->msg_callback_arg);
 }
 
 static void qrx_on_rx(QUIC_URXE *urxe, void *arg)
@@ -988,10 +993,6 @@ static int qrx_process_datagram(OSSL_QRX *qrx, QUIC_URXE *e,
     if (!PACKET_buf_init(&pkt, data, data_len))
         return 0;
 
-    if (qrx->msg_callback != NULL)
-        qrx->msg_callback(0, OSSL_QUIC1_VERSION, SSL3_RT_QUIC_DATAGRAM, data,
-                          data_len, qrx->msg_callback_s, qrx->msg_callback_arg);
-
     for (; PACKET_remaining(&pkt) > 0; ++pkt_idx) {
         /*
          * A packet smallest than the minimum possible QUIC packet size is not
diff --git a/ssl/quic/quic_trace.c b/ssl/quic/quic_trace.c
new file mode 100644
index 0000000000..614167f2cb
--- /dev/null
+++ b/ssl/quic/quic_trace.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+#include "../ssl_local.h"
+
+int ossl_quic_trace(int write_p, int version, int content_type,
+                    const void *buf, size_t msglen, SSL *ssl, void *arg)
+{
+    BIO *bio = arg;
+
+    switch (content_type) {
+    case SSL3_RT_QUIC_DATAGRAM:
+        BIO_puts(bio, write_p ? "Sent" : "Received");
+        /*
+         * Unfortunately there is no way of receiving auxilliary information
+         * about the datagram through the msg_callback API such as the peer
+         * address
+         */
+        BIO_printf(bio, " Datagram\n  Length: %zu\n", msglen);
+        break;
+
+    default:
+        /* Unrecognised content_type. We defer to SSL_trace */
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 8d66bf51dd..7776a0bea1 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1702,6 +1702,19 @@ void SSL_trace(int write_p, int version, int content_type,
     const unsigned char *msg = buf;
     BIO *bio = arg;
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
+#ifndef OPENSSL_NO_QUIC
+    QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl);
+
+    if (qc != NULL) {
+        if (ossl_quic_trace(write_p, version, content_type, buf, msglen, ssl,
+                            arg))
+            return;
+        /*
+         * Otherwise ossl_quic_trace didn't handle this content_type so we
+         * fallback to standard TLS handling
+         */
+    }
+#endif
 
     if (sc == NULL)
         return;
@@ -1720,7 +1733,7 @@ void SSL_trace(int write_p, int version, int content_type,
             }
             hvers = msg[1] << 8 | msg[2];
             BIO_puts(bio, write_p ? "Sent" : "Received");
-            BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
+            BIO_printf(bio, " TLS Record\nHeader:\n  Version = %s (0x%x)\n",
                        ssl_trace_str(hvers, ssl_version_tbl), hvers);
             if (SSL_CONNECTION_IS_DTLS(sc)) {
                 BIO_printf(bio,