From 83bd48df0d1760b2bcda2c555697aa9ca350b3fb Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 14 Sep 2018 10:36:10 -0400 Subject: [PATCH] Fix calculation of ClientHello size socksend_tls_clienthello() does not calculate the length of the ClientHello message in the case of a TLS 1.3 ClientHello, since it does not take into account the inclusion of a 32-byte session id. The length value that is being calculated incorrectly is only used to determine whether to include a padding extension, and if so, how long that extension should be. This fix was previously included as part of PR #1120, since a correct length calculation is needed to avoid a ClientHello length such that length mod 256 = 10, but I removed it from that PR and am making it a separate PR, since it is a bug that should be fixed even if #1120 isn't adopted. --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index d46f4b7..59324d0 100755 --- a/testssl.sh +++ b/testssl.sh @@ -11827,11 +11827,12 @@ socksend_tls_clienthello() { # then add a padding extension (see RFC 7685) len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2)) "$offer_compression" && len_all+=2 + [[ 0x$tls_low_byte -gt 0x03 ]] && len_all+=32 # TLSv1.3 ClientHello includes a 32-byte session id if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]] && [[ ! "$extra_extensions_list" =~ " 0015 " ]]; then - if [[ $len_all -gt 508 ]]; then + if [[ $len_all -ge 508 ]]; then len_padding_extension=1 # Final extension cannot be empty: see PR #792 else - len_padding_extension=$((508 - 0x$len_ciph_suites - 0x2b - 0x$len_extension_hex - 0x2)) + len_padding_extension=$((508 - len_all)) fi len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension) len2twobytes "$len_padding_extension_hex" @@ -11846,7 +11847,6 @@ socksend_tls_clienthello() { all_extensions=" ,$LEN_STR # first the len of all extensions. ,$all_extensions" - fi if [[ 0x$tls_low_byte -gt 0x03 ]]; then