fix: no padding if raw clienthello is too short (#263)

* Add a function `AlwaysPadToLen` to generate padding styles according to the raw clienthello. * Add an extra step in `FromRaw` after parsing the extension list to update the padding style.
2025-04-04 12:37:35 +03:00 · 2023-12-10 19:25:46 -07:00 · 2023-12-10 19:25:46 -07:00 · feb5a95fc8
commit feb5a95fc8
parent d39ed1bc7d
2 changed files with 26 additions and 0 deletions
--- a/u_tls_extensions.go
+++ b/u_tls_extensions.go
@ -1062,6 +1062,23 @@ func BoringPaddingStyle(unpaddedLen int) (int, bool) {
 	return 0, false
 }

+// AlwaysPadToLen could be used for parsed ClientHello, since some fingerprints
+// might not use BoringSSL padding style and we want to pad to a the same length.
+func AlwaysPadToLen(padToLen int) func(int) (int, bool) {
+	return func(unpaddedLen int) (int, bool) {
+		if unpaddedLen < padToLen {
+			paddingLen := padToLen - unpaddedLen
+			if paddingLen >= 4+1 {
+				paddingLen -= 4
+			} else {
+				paddingLen = 1
+			}
+			return paddingLen, true
+		}
+		return 0, false
+	}
+}
+
 // UtlsCompressCertExtension implements compress_certificate (27) and is only implemented client-side
 // for server certificates. Alternate certificate message formats
 // (https://datatracker.ietf.org/doc/html/rfc7250) are not supported.