DTLS trace support.

Add DTLS record header parsing, different client hello format and add HelloVerifyRequest message type. Add code to d1_pkt.c to send message headers to the message callback. (cherry picked from commit 890f2f8b92b385ef3898cdb4a15a071ffcf8107f) Conflicts: ssl/ssl_locl.h
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-08 16:45:37 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-18 13:46:03 +0100
commit: 6e1987ca1da37dcfc7d11495e0139c34a0c8c8bb (patch)
tree: 89f44dd9d2c715256053b5e0b1c0656ee96818aa /ssl
parent: d3071769317911c2a68c81007c657695d3988258 (diff)
2 files changed, 60 insertions, 4 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 009a434943..1e45c42f92 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -589,6 +589,9 @@ again:
 
 		p=s->packet;
 
+		if (s->msg_callback)
+			s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
 		/* Pull apart the header into the DTLS1_RECORD */
 		rr->type= *(p++);
 		ssl_major= *(p++);
@@ -1651,6 +1654,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 	pseq+=6;
 	s2n(wr->length,pseq);
 
+	if (s->msg_callback)
+		s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
 	/* we should now have
 	 * wr->data pointing to the encrypted data, which is
 	 * wr->length long */
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 80d7f49c9b..4e03acd089 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -71,7 +71,6 @@ typedef struct
 	do_ssl_trace_list(bio, indent, msg, msglen, value, \
 	 table, sizeof(table)/sizeof(ssl_trace_tbl))
  
-
 static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
 	{
 	size_t i;
@@ -684,7 +683,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
 	return 1;
 	}
 
-static int ssl_print_client_hello(BIO *bio, int indent,
+static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
 				const unsigned char *msg, size_t msglen)
 	{
 	size_t len;
@@ -695,6 +694,11 @@ static int ssl_print_client_hello(BIO *bio, int indent,
 		return 0;
 	if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
 		return 0;
+	if (SSL_IS_DTLS(ssl))
+		{
+		if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+			return 0;
+		}
 	if (msglen < 2)
 		return 0;
 	len = (msg[0] << 8) | msg[1];
@@ -739,6 +743,16 @@ static int ssl_print_client_hello(BIO *bio, int indent,
 	return 1;
 	}
 
+static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
+				const unsigned char *msg, size_t msglen)
+	{
+	if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+		return 0;
+	if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+		return 0;
+	return 1;
+	}
+
 static int ssl_print_server_hello(BIO *bio, int indent,
 				const unsigned char *msg, size_t msglen)
 	{
@@ -1119,6 +1133,7 @@ static int ssl_print_ticket(BIO *bio, int indent,
 	return 1;
 	}
 
+
 static int ssl_print_handshake(BIO *bio, SSL *ssl,
 				const unsigned char *msg, size_t msglen,
 				int indent)
@@ -1135,12 +1150,30 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
 				(int)hlen);
 	msg += 4;
 	msglen -= 4;
+	if (SSL_IS_DTLS(ssl))
+		{
+		if (msglen < 8)
+			return 0;
+		BIO_indent(bio, indent, 80);
+		BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
+				"fragment_length=%d\n",
+				(msg[0] << 8) | msg[1],
+				(msg[2] << 16) | (msg[3] << 8) | msg[4],
+				(msg[5] << 16) | (msg[6] << 8) | msg[7]);
+		msg += 8;
+		msglen -= 8;
+		}
 	if (msglen < hlen)
 		return 0;
 	switch(htype)
 		{
 	case SSL3_MT_CLIENT_HELLO:
-		if (!ssl_print_client_hello(bio, indent + 2, msg, msglen))
+		if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
+			return 0;
+		break;
+
+	case DTLS1_MT_HELLO_VERIFY_REQUEST:
+		if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
 			return 0;
 		break;
 
@@ -1242,9 +1275,26 @@ void SSL_trace(int write_p, int version, int content_type,
 		BIO_puts(bio, write_p ? "Sent" : "Received");
 		BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
 				ssl_trace_str(hvers, ssl_version_tbl), hvers);
+		if (SSL_IS_DTLS(ssl))
+			{
+			BIO_printf(bio,
+				"  epoch=%d, sequence_number=%04x%04x%04x\n",
+					(msg[3] << 8 | msg[4]),
+					(msg[5] << 8 | msg[6]),
+					(msg[7] << 8 | msg[8]),
+					(msg[9] << 8 | msg[10]));
+#if 0
+			/* Just print handshake type so we can see what is
+			 * going on during fragmentation.
+			 */
+			BIO_printf(bio, "(%s)\n",
+				ssl_trace_str(msg[msglen], ssl_handshake_tbl));
+#endif
+			}
+
 		BIO_printf(bio, "  Content Type = %s (%d)\n  Length = %d",
 				ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
-				msg[3] << 8 | msg[4]);
+				msg[msglen - 2] << 8 | msg[msglen - 1]);
 		}
 		break;
 	case SSL3_RT_HANDSHAKE:
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-08 16:45:37 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-18 13:46:03 +0100
commit	6e1987ca1da37dcfc7d11495e0139c34a0c8c8bb (patch)
tree	89f44dd9d2c715256053b5e0b1c0656ee96818aa /ssl
parent	d3071769317911c2a68c81007c657695d3988258 (diff)