DTLS trace support.
Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.
Add code to d1_pkt.c to send message headers to the message callback.
(cherry picked from commit 890f2f8b92)
Conflicts:
ssl/ssl_locl.h
This commit is contained in:
Dr. Stephen Henson
@@ -589,6 +589,9 @@ again:
|
|||||||
|
|
||||||
p=s->packet;
|
p=s->packet;
|
||||||
|
|
||||||
|
if (s->msg_callback)
|
||||||
|
s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
|
||||||
|
|
||||||
/* Pull apart the header into the DTLS1_RECORD */
|
/* Pull apart the header into the DTLS1_RECORD */
|
||||||
rr->type= *(p++);
|
rr->type= *(p++);
|
||||||
ssl_major= *(p++);
|
ssl_major= *(p++);
|
||||||
@@ -1651,6 +1654,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
|
|||||||
pseq+=6;
|
pseq+=6;
|
||||||
s2n(wr->length,pseq);
|
s2n(wr->length,pseq);
|
||||||
|
|
||||||
|
if (s->msg_callback)
|
||||||
|
s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
|
||||||
|
|
||||||
/* we should now have
|
/* we should now have
|
||||||
* wr->data pointing to the encrypted data, which is
|
* wr->data pointing to the encrypted data, which is
|
||||||
* wr->length long */
|
* wr->length long */
|
||||||
|
|||||||
@@ -71,7 +71,6 @@ typedef struct
|
|||||||
do_ssl_trace_list(bio, indent, msg, msglen, value, \
|
do_ssl_trace_list(bio, indent, msg, msglen, value, \
|
||||||
table, sizeof(table)/sizeof(ssl_trace_tbl))
|
table, sizeof(table)/sizeof(ssl_trace_tbl))
|
||||||
|
|
||||||
|
|
||||||
static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
|
static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
@@ -684,7 +683,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ssl_print_client_hello(BIO *bio, int indent,
|
static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
|
||||||
const unsigned char *msg, size_t msglen)
|
const unsigned char *msg, size_t msglen)
|
||||||
{
|
{
|
||||||
size_t len;
|
size_t len;
|
||||||
@@ -695,6 +694,11 @@ static int ssl_print_client_hello(BIO *bio, int indent,
|
|||||||
return 0;
|
return 0;
|
||||||
if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
|
if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
|
||||||
return 0;
|
return 0;
|
||||||
|
if (SSL_IS_DTLS(ssl))
|
||||||
|
{
|
||||||
|
if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
if (msglen < 2)
|
if (msglen < 2)
|
||||||
return 0;
|
return 0;
|
||||||
len = (msg[0] << 8) | msg[1];
|
len = (msg[0] << 8) | msg[1];
|
||||||
@@ -739,6 +743,16 @@ static int ssl_print_client_hello(BIO *bio, int indent,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
|
||||||
|
const unsigned char *msg, size_t msglen)
|
||||||
|
{
|
||||||
|
if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
|
||||||
|
return 0;
|
||||||
|
if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
static int ssl_print_server_hello(BIO *bio, int indent,
|
static int ssl_print_server_hello(BIO *bio, int indent,
|
||||||
const unsigned char *msg, size_t msglen)
|
const unsigned char *msg, size_t msglen)
|
||||||
{
|
{
|
||||||
@@ -1119,6 +1133,7 @@ static int ssl_print_ticket(BIO *bio, int indent,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int ssl_print_handshake(BIO *bio, SSL *ssl,
|
static int ssl_print_handshake(BIO *bio, SSL *ssl,
|
||||||
const unsigned char *msg, size_t msglen,
|
const unsigned char *msg, size_t msglen,
|
||||||
int indent)
|
int indent)
|
||||||
@@ -1135,12 +1150,30 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
|
|||||||
(int)hlen);
|
(int)hlen);
|
||||||
msg += 4;
|
msg += 4;
|
||||||
msglen -= 4;
|
msglen -= 4;
|
||||||
|
if (SSL_IS_DTLS(ssl))
|
||||||
|
{
|
||||||
|
if (msglen < 8)
|
||||||
|
return 0;
|
||||||
|
BIO_indent(bio, indent, 80);
|
||||||
|
BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
|
||||||
|
"fragment_length=%d\n",
|
||||||
|
(msg[0] << 8) | msg[1],
|
||||||
|
(msg[2] << 16) | (msg[3] << 8) | msg[4],
|
||||||
|
(msg[5] << 16) | (msg[6] << 8) | msg[7]);
|
||||||
|
msg += 8;
|
||||||
|
msglen -= 8;
|
||||||
|
}
|
||||||
if (msglen < hlen)
|
if (msglen < hlen)
|
||||||
return 0;
|
return 0;
|
||||||
switch(htype)
|
switch(htype)
|
||||||
{
|
{
|
||||||
case SSL3_MT_CLIENT_HELLO:
|
case SSL3_MT_CLIENT_HELLO:
|
||||||
if (!ssl_print_client_hello(bio, indent + 2, msg, msglen))
|
if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
|
||||||
|
return 0;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case DTLS1_MT_HELLO_VERIFY_REQUEST:
|
||||||
|
if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
|
||||||
return 0;
|
return 0;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -1242,9 +1275,26 @@ void SSL_trace(int write_p, int version, int content_type,
|
|||||||
BIO_puts(bio, write_p ? "Sent" : "Received");
|
BIO_puts(bio, write_p ? "Sent" : "Received");
|
||||||
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
|
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
|
||||||
ssl_trace_str(hvers, ssl_version_tbl), hvers);
|
ssl_trace_str(hvers, ssl_version_tbl), hvers);
|
||||||
|
if (SSL_IS_DTLS(ssl))
|
||||||
|
{
|
||||||
|
BIO_printf(bio,
|
||||||
|
" epoch=%d, sequence_number=%04x%04x%04x\n",
|
||||||
|
(msg[3] << 8 | msg[4]),
|
||||||
|
(msg[5] << 8 | msg[6]),
|
||||||
|
(msg[7] << 8 | msg[8]),
|
||||||
|
(msg[9] << 8 | msg[10]));
|
||||||
|
#if 0
|
||||||
|
/* Just print handshake type so we can see what is
|
||||||
|
* going on during fragmentation.
|
||||||
|
*/
|
||||||
|
BIO_printf(bio, "(%s)\n",
|
||||||
|
ssl_trace_str(msg[msglen], ssl_handshake_tbl));
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
BIO_printf(bio, " Content Type = %s (%d)\n Length = %d",
|
BIO_printf(bio, " Content Type = %s (%d)\n Length = %d",
|
||||||
ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
|
ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
|
||||||
msg[3] << 8 | msg[4]);
|
msg[msglen - 2] << 8 | msg[msglen - 1]);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case SSL3_RT_HANDSHAKE:
|
case SSL3_RT_HANDSHAKE:
|
||||||
|
|||||||
Reference in New Issue
Block a user