Avoid unnecessary '0a' characters in ClientHello

As noted in #1130, the current implementation of socksend_tls_clienthello() results in packets being fragmented wherever a '0a' character appears in the message. This cannot be avoided, but there are a few places where a '0a' character appears in which the character could easily be replaced:

* In the session_id for a TLSv1.3 ClientHello.
* In the 32-byte client random value
* In any public key sent in the key_share extension

This PR removes those uses of the '0a' character. While this does not do much to address the problem, it does result in a slight reduction in the amount of fragmentation of messages.
This commit is contained in:
David Cooper 2018-09-21 17:05:08 -04:00 committed by GitHub
parent 96a1002f84
commit 41c7e74823
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -11881,7 +11881,7 @@ socksend_tls_clienthello() {
if [[ 0x$tls_low_byte -gt 0x03 ]]; then if [[ 0x$tls_low_byte -gt 0x03 ]]; then
# TLSv1.3 calls for sending a random 32-byte session id in middlebox compatibility mode. # TLSv1.3 calls for sending a random 32-byte session id in middlebox compatibility mode.
session_id="20,44,b8,92,56,af,74,52,9e,d8,cf,52,14,c8,af,d8,34,0a,e7,7f,eb,86,01,84,50,5d,e4,a1,6a,09,3b,bf,6e" session_id="20,44,b8,92,56,af,74,52,9e,d8,cf,52,14,c8,af,d8,34,0b,e7,7f,eb,86,01,84,50,5d,e4,a1,6a,09,3b,bf,6e"
len_session_id=32 len_session_id=32
else else
session_id="00" session_id="00"
@ -11934,7 +11934,7 @@ socksend_tls_clienthello() {
,54, 51, 1e, 7a # Unix time since see www.moserware.com/2009/06/first-few-milliseconds-of-https.html ,54, 51, 1e, 7a # Unix time since see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
,de, ad, be, ef # Random 28 bytes ,de, ad, be, ef # Random 28 bytes
,31, 33, 07, 00, 00, 00, 00, 00 ,31, 33, 07, 00, 00, 00, 00, 00
,cf, bd, 39, 04, cc, 16, 0a, 85 ,cf, bd, 39, 04, cc, 16, 0b, 85
,03, 90, 9f, 77, 04, 33, d4, de ,03, 90, 9f, 77, 04, 33, d4, de
,$session_id ,$session_id
,$len_ciph_suites_word # Cipher suites length ,$len_ciph_suites_word # Cipher suites length
@ -12530,7 +12530,7 @@ run_ccs_injection(){
# Random (32 byte) # Random (32 byte)
x53, x43, x5b, x90, x9d, x9b, x72, x0b, x53, x43, x5b, x90, x9d, x9b, x72, x0b,
xbc, x0c, xbc, x2b, x92, xa8, x48, x97, xbc, x0c, xbc, x2b, x92, xa8, x48, x97,
xcf, xbd, x39, x04, xcc, x16, x0a, x85, xcf, xbd, x39, x04, xcc, x16, x0b, x85,
x03, x90, x9f, x77, x04, x33, xd4, xde, x03, x90, x9f, x77, x04, x33, xd4, xde,
x00, # session ID length x00, # session ID length
x00, x68, # cipher suites length x00, x68, # cipher suites length
@ -12771,7 +12771,7 @@ run_ticketbleed() {
# Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html # Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
xee, xee, x5b, x90, x9d, x9b, x72, x0b, xee, xee, x5b, x90, x9d, x9b, x72, x0b,
xbc, x0c, xbc, x2b, x92, xa8, x48, x97, xbc, x0c, xbc, x2b, x92, xa8, x48, x97,
xcf, xbd, x39, x04, xcc, x16, x0a, x85, xcf, xbd, x39, x04, xcc, x16, x0b, x85,
x03, x90, x9f, x77, x04, x33, xff, xff, x03, x90, x9f, x77, x04, x33, xff, xff,
$xlen_sid, # Session ID length $xlen_sid, # Session ID length
$sid $sid