From 6e1987ca1da37dcfc7d11495e0139c34a0c8c8bb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 8 Mar 2013 16:45:37 +0000 Subject: [PATCH] DTLS trace support. Add DTLS record header parsing, different client hello format and add HelloVerifyRequest message type. Add code to d1_pkt.c to send message headers to the message callback. (cherry picked from commit 890f2f8b92b385ef3898cdb4a15a071ffcf8107f) Conflicts: ssl/ssl_locl.h --- ssl/d1_pkt.c | 6 ++++++ ssl/t1_trce.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 60 insertions(+), 4 deletions(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 009a434943..1e45c42f92 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -589,6 +589,9 @@ again: p=s->packet; + if (s->msg_callback) + s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + /* Pull apart the header into the DTLS1_RECORD */ rr->type= *(p++); ssl_major= *(p++); @@ -1651,6 +1654,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, pseq+=6; s2n(wr->length,pseq); + if (s->msg_callback) + s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + /* we should now have * wr->data pointing to the encrypted data, which is * wr->length long */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 80d7f49c9b..4e03acd089 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -71,7 +71,6 @@ typedef struct do_ssl_trace_list(bio, indent, msg, msglen, value, \ table, sizeof(table)/sizeof(ssl_trace_tbl)) - static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl) { size_t i; @@ -684,7 +683,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, return 1; } -static int ssl_print_client_hello(BIO *bio, int indent, +static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent, const unsigned char *msg, size_t msglen) { size_t len; @@ -695,6 +694,11 @@ static int ssl_print_client_hello(BIO *bio, int indent, return 0; if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) return 0; + if (SSL_IS_DTLS(ssl)) + { + if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) + return 0; + } if (msglen < 2) return 0; len = (msg[0] << 8) | msg[1]; @@ -739,6 +743,16 @@ static int ssl_print_client_hello(BIO *bio, int indent, return 1; } +static int dtls_print_hello_vfyrequest(BIO *bio, int indent, + const unsigned char *msg, size_t msglen) + { + if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen)) + return 0; + if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) + return 0; + return 1; + } + static int ssl_print_server_hello(BIO *bio, int indent, const unsigned char *msg, size_t msglen) { @@ -1119,6 +1133,7 @@ static int ssl_print_ticket(BIO *bio, int indent, return 1; } + static int ssl_print_handshake(BIO *bio, SSL *ssl, const unsigned char *msg, size_t msglen, int indent) @@ -1135,12 +1150,30 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, (int)hlen); msg += 4; msglen -= 4; + if (SSL_IS_DTLS(ssl)) + { + if (msglen < 8) + return 0; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " + "fragment_length=%d\n", + (msg[0] << 8) | msg[1], + (msg[2] << 16) | (msg[3] << 8) | msg[4], + (msg[5] << 16) | (msg[6] << 8) | msg[7]); + msg += 8; + msglen -= 8; + } if (msglen < hlen) return 0; switch(htype) { case SSL3_MT_CLIENT_HELLO: - if (!ssl_print_client_hello(bio, indent + 2, msg, msglen)) + if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen)) + return 0; + break; + + case DTLS1_MT_HELLO_VERIFY_REQUEST: + if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen)) return 0; break; @@ -1242,9 +1275,26 @@ void SSL_trace(int write_p, int version, int content_type, BIO_puts(bio, write_p ? "Sent" : "Received"); BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", ssl_trace_str(hvers, ssl_version_tbl), hvers); + if (SSL_IS_DTLS(ssl)) + { + BIO_printf(bio, + " epoch=%d, sequence_number=%04x%04x%04x\n", + (msg[3] << 8 | msg[4]), + (msg[5] << 8 | msg[6]), + (msg[7] << 8 | msg[8]), + (msg[9] << 8 | msg[10])); +#if 0 + /* Just print handshake type so we can see what is + * going on during fragmentation. + */ + BIO_printf(bio, "(%s)\n", + ssl_trace_str(msg[msglen], ssl_handshake_tbl)); +#endif + } + BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", ssl_trace_str(msg[0], ssl_content_tbl), msg[0], - msg[3] << 8 | msg[4]); + msg[msglen - 2] << 8 | msg[msglen - 1]); } break; case SSL3_RT_HANDSHAKE: -- 2.25.1