Skip to content

Commit 977aff0

Browse files
author
Andrea Sessa
committed
Extensions and ec points fixes
1 parent c3df1ed commit 977aff0

File tree

1 file changed

+24
-8
lines changed

1 file changed

+24
-8
lines changed

nginx-ja3/src/ngx_ssl_ja3.c

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,8 @@ ngx_ssl_ja3_detail_print(ngx_pool_t *pool, ngx_ssl_ja3_t *ja3)
184184
void
185185
ngx_ssl_ja3_fp(ngx_pool_t *pool, ngx_ssl_ja3_t *ja3, ngx_str_t *out)
186186
{
187-
size_t len = 0, cur = 0;
187+
size_t len = 0, cur = 0, added = 0;
188+
unsigned short us = 0;
188189

189190
if (pool == NULL || ja3 == NULL || out == NULL) {
190191
return;
@@ -256,13 +257,21 @@ ngx_ssl_ja3_fp(ngx_pool_t *pool, ngx_ssl_ja3_t *ja3, ngx_str_t *out)
256257
ngx_snprintf(out->data + (cur++), 1, ",");
257258

258259
if (ja3->curves_sz) {
260+
added = 0;
259261
for (size_t i = 0; i < ja3->curves_sz; i++) {
260-
if (i > 0) {
261-
ngx_snprintf(out->data + (cur++), 1, "-");
262+
us = ntohs(ja3->curves[i]);
263+
if (!ngx_ssl_ja3_is_ext_greased(us)) {
264+
if (added > 0) {
265+
ngx_snprintf(out->data + (cur++), 1, "-");
266+
}
267+
len = ngx_ssj_ja3_num_digits(ja3->curves[i]);
268+
ngx_snprintf(out->data + cur, len, "%d", ja3->curves[i]);
269+
cur += len;
270+
271+
if (added == 0) {
272+
added = 1;
273+
}
262274
}
263-
len = ngx_ssj_ja3_num_digits(ja3->curves[i]);
264-
ngx_snprintf(out->data + cur, len, "%d", ja3->curves[i]);
265-
cur += len;
266275
}
267276
}
268277
ngx_snprintf(out->data + (cur++), 1, ",");
@@ -299,6 +308,7 @@ ngx_ssl_ja3(ngx_connection_t *c, ngx_pool_t *pool, ngx_ssl_ja3_t *ja3) {
299308
SSL *ssl;
300309
size_t len = 0;
301310
unsigned short us = 0;
311+
unsigned short alternate = 1;
302312

303313
if (! c->ssl) {
304314
return NGX_DECLINED;
@@ -344,15 +354,21 @@ ngx_ssl_ja3(ngx_connection_t *c, ngx_pool_t *pool, ngx_ssl_ja3_t *ja3) {
344354
ja3->extensions = NULL;
345355
ja3->extensions_sz = 0;
346356
if (c->ssl->extensions_size && c->ssl->extensions) {
347-
len = c->ssl->extensions_size * sizeof(int);
357+
len = c->ssl->extensions_size * sizeof(int) * 2;
348358
ja3->extensions = ngx_pnalloc(pool, len);
349359
if (ja3->extensions == NULL) {
350360
return NGX_DECLINED;
351361
}
352362
for (size_t i = 0; i < c->ssl->extensions_size; ++i) {
353-
if (! ngx_ssl_ja3_is_ext_greased(c->ssl->extensions[i])) {
363+
if (! ngx_ssl_ja3_is_ext_greased(c->ssl->extensions[i]) && alternate) {
354364
ja3->extensions[ja3->extensions_sz++] = c->ssl->extensions[i];
355365
}
366+
367+
if (alternate) {
368+
alternate = 0;
369+
} else {
370+
alternate = 1;
371+
}
356372
}
357373
}
358374

0 commit comments

Comments
 (0)