DTLS trace support.

Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.

Add code to d1_pkt.c to send message headers to the message callback.

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index e81be2bc4ad3fd5be33b192cfcee24afbe62fb63..b7ff9a8705f1c1cb092d2030ed390c0bad4352a9 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -587,6 +587,9 @@ again:
 
                p=s->packet;
 
+               if (s->msg_callback)
+                       s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
                /* Pull apart the header into the DTLS1_RECORD */
                rr->type= *(p++);
                ssl_major= *(p++);
@@ -1627,6 +1630,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
        pseq+=6;
        s2n(wr->length,pseq);
 
+       if (s->msg_callback)
+               s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
        /* we should now have
         * wr->data pointing to the encrypted data, which is
         * wr->length long */

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 134198e91b52566ecfbc97574d69024463067cee..67239755e03fd6e49e84a9205741f4aca68d9df1 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -438,7 +438,8 @@
                                (c)->algo_strength)
 #define SSL_C_EXPORT_PKEYLENGTH(c)     SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
 
-
+/* Check if an SSL structure is using DTLS */
+#define SSL_IS_DTLS(s) ((s->method->version >> 8) == 0xfe)
 
 
 /* Mostly for SSLv3 */

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index c603134821973d24b03c86b5d80fd60386fe2d93..e766095a631ccabea707468b7213e8f09c34ad7d 100644 (file)
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -71,7 +71,6 @@ typedef struct
        do_ssl_trace_list(bio, indent, msg, msglen, value, \
         table, sizeof(table)/sizeof(ssl_trace_tbl))
  
-
 static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
        {
        size_t i;
@@ -683,7 +682,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
        return 1;
        }
 
-static int ssl_print_client_hello(BIO *bio, int indent,
+static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
                                const unsigned char *msg, size_t msglen)
        {
        size_t len;
@@ -694,6 +693,11 @@ static int ssl_print_client_hello(BIO *bio, int indent,
                return 0;
        if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
                return 0;
+       if (SSL_IS_DTLS(ssl))
+               {
+               if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+                       return 0;
+               }
        if (msglen < 2)
                return 0;
        len = (msg[0] << 8) | msg[1];
@@ -738,6 +742,16 @@ static int ssl_print_client_hello(BIO *bio, int indent,
        return 1;
        }
 
+static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
+                               const unsigned char *msg, size_t msglen)
+       {
+       if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+               return 0;
+       if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+               return 0;
+       return 1;
+       }
+
 static int ssl_print_server_hello(BIO *bio, int indent,
                                const unsigned char *msg, size_t msglen)
        {
@@ -1118,6 +1132,7 @@ static int ssl_print_ticket(BIO *bio, int indent,
        return 1;
        }
 
+
 static int ssl_print_handshake(BIO *bio, SSL *ssl,
                                const unsigned char *msg, size_t msglen,
                                int indent)
@@ -1134,12 +1149,30 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
                                (int)hlen);
        msg += 4;
        msglen -= 4;
+       if (SSL_IS_DTLS(ssl))
+               {
+               if (msglen < 8)
+                       return 0;
+               BIO_indent(bio, indent, 80);
+               BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
+                               "fragment_length=%d\n",
+                               (msg[0] << 8) | msg[1],
+                               (msg[2] << 16) | (msg[3] << 8) | msg[4],
+                               (msg[5] << 16) | (msg[6] << 8) | msg[7]);
+               msg += 8;
+               msglen -= 8;
+               }
        if (msglen < hlen)
                return 0;
        switch(htype)
                {
        case SSL3_MT_CLIENT_HELLO:
-               if (!ssl_print_client_hello(bio, indent + 2, msg, msglen))
+               if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
+                       return 0;
+               break;
+
+       case DTLS1_MT_HELLO_VERIFY_REQUEST:
+               if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
                        return 0;
                break;
 
@@ -1241,9 +1274,26 @@ void SSL_trace(int write_p, int version, int content_type,
                BIO_puts(bio, write_p ? "Sent" : "Received");
                BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
                                ssl_trace_str(hvers, ssl_version_tbl), hvers);
+               if (SSL_IS_DTLS(ssl))
+                       {
+                       BIO_printf(bio,
+                               "  epoch=%d, sequence_number=%04x%04x%04x\n",
+                                       (msg[3] << 8 | msg[4]),
+                                       (msg[5] << 8 | msg[6]),
+                                       (msg[7] << 8 | msg[8]),
+                                       (msg[9] << 8 | msg[10]));
+#if 0
+                       /* Just print handshake type so we can see what is
+                        * going on during fragmentation.
+                        */
+                       BIO_printf(bio, "(%s)\n",
+                               ssl_trace_str(msg[msglen], ssl_handshake_tbl));
+#endif
+                       }
+
                BIO_printf(bio, "  Content Type = %s (%d)\n  Length = %d",
                                ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
-                               msg[3] << 8 | msg[4]);
+                               msg[msglen - 2] << 8 | msg[msglen - 1]);
                }
                break;
        case SSL3_RT_HANDSHAKE: