root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

DTLS trace support. 

Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.

Add code to d1_pkt.c to send message headers to the message callback.
This commit is contained in:
Dr. Stephen Henson 2013-03-08 16:45:37 +00:00
parent ca303d333b
commit 890f2f8b92
3 changed files with 62 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/d1_pkt.c
View File

@ -587,6 +587,9 @@ again:
p=s->packet; p=s->packet;
if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
/* Pull apart the header into the DTLS1_RECORD */ /* Pull apart the header into the DTLS1_RECORD */
rr->type= *(p++); rr->type= *(p++);
ssl_major= *(p++); ssl_major= *(p++);
@ -1627,6 +1630,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
pseq+=6; pseq+=6;
s2n(wr->length,pseq); s2n(wr->length,pseq);
if (s->msg_callback)
s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
/* we should now have /* we should now have
* wr->data pointing to the encrypted data, which is * wr->data pointing to the encrypted data, which is
* wr->length long */ * wr->length long */

3
ssl/ssl_locl.h
View File

@ -438,7 +438,8 @@
(c)->algo_strength) (c)->algo_strength)
#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
/* Check if an SSL structure is using DTLS */
#define SSL_IS_DTLS(s) ((s->method->version >> 8) == 0xfe)
/* Mostly for SSLv3 */ /* Mostly for SSLv3 */

58
ssl/t1_trce.c
View File

@ -71,7 +71,6 @@ typedef struct
do_ssl_trace_list(bio, indent, msg, msglen, value, \ do_ssl_trace_list(bio, indent, msg, msglen, value, \
table, sizeof(table)/sizeof(ssl_trace_tbl)) table, sizeof(table)/sizeof(ssl_trace_tbl))
static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl) static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
{ {
size_t i; size_t i;
@ -683,7 +682,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
return 1; return 1;
} }
static int ssl_print_client_hello(BIO *bio, int indent, static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
const unsigned char *msg, size_t msglen) const unsigned char *msg, size_t msglen)
{ {
size_t len; size_t len;
@ -694,6 +693,11 @@ static int ssl_print_client_hello(BIO *bio, int indent,
return 0; return 0;
if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
return 0; return 0;
if (SSL_IS_DTLS(ssl))
{
if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
return 0;
}
if (msglen < 2) if (msglen < 2)
return 0; return 0;
len = (msg[0] << 8) | msg[1]; len = (msg[0] << 8) | msg[1];
@ -738,6 +742,16 @@ static int ssl_print_client_hello(BIO *bio, int indent,
return 1; return 1;
} }
static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
const unsigned char *msg, size_t msglen)
{
if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
return 0;
if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
return 0;
return 1;
}
static int ssl_print_server_hello(BIO *bio, int indent, static int ssl_print_server_hello(BIO *bio, int indent,
const unsigned char *msg, size_t msglen) const unsigned char *msg, size_t msglen)
{ {
@ -1118,6 +1132,7 @@ static int ssl_print_ticket(BIO *bio, int indent,
return 1; return 1;
} }
static int ssl_print_handshake(BIO *bio, SSL *ssl, static int ssl_print_handshake(BIO *bio, SSL *ssl,
const unsigned char *msg, size_t msglen, const unsigned char *msg, size_t msglen,
int indent) int indent)
@ -1134,12 +1149,30 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
(int)hlen); (int)hlen);
msg += 4; msg += 4;
msglen -= 4; msglen -= 4;
if (SSL_IS_DTLS(ssl))
{
if (msglen < 8)
return 0;
BIO_indent(bio, indent, 80);
BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
"fragment_length=%d\n",
(msg[0] << 8) | msg[1],
(msg[2] << 16) | (msg[3] << 8) | msg[4],
(msg[5] << 16) | (msg[6] << 8) | msg[7]);
msg += 8;
msglen -= 8;
}
if (msglen < hlen) if (msglen < hlen)
return 0; return 0;
switch(htype) switch(htype)
{ {
case SSL3_MT_CLIENT_HELLO: case SSL3_MT_CLIENT_HELLO:
if (!ssl_print_client_hello(bio, indent + 2, msg, msglen)) if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
return 0;
break;
case DTLS1_MT_HELLO_VERIFY_REQUEST:
if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
return 0; return 0;
break; break;
@ -1241,9 +1274,26 @@ void SSL_trace(int write_p, int version, int content_type,
BIO_puts(bio, write_p ? "Sent" : "Received"); BIO_puts(bio, write_p ? "Sent" : "Received");
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers); ssl_trace_str(hvers, ssl_version_tbl), hvers);
if (SSL_IS_DTLS(ssl))
{
BIO_printf(bio,
" epoch=%d, sequence_number=%04x%04x%04x\n",
(msg[3] << 8 | msg[4]),
(msg[5] << 8 | msg[6]),
(msg[7] << 8 | msg[8]),
(msg[9] << 8 | msg[10]));
#if 0
/* Just print handshake type so we can see what is
* going on during fragmentation.
*/
BIO_printf(bio, "(%s)\n",
ssl_trace_str(msg[msglen], ssl_handshake_tbl));
#endif
}
BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", BIO_printf(bio, " Content Type = %s (%d)\n Length = %d",
ssl_trace_str(msg[0], ssl_content_tbl), msg[0], ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
msg[3] << 8 | msg[4]); msg[msglen - 2] << 8 | msg[msglen - 1]);
} }
break; break;
case SSL3_RT_HANDSHAKE: case SSL3_RT_HANDSHAKE: