Skip to content

Commit

Permalink
tls: use OpenSSL constant for client random size
Browse files Browse the repository at this point in the history
Avoid magic numbers in the code and use an OpenSSL constant instead.

PR-URL: #44305
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
  • Loading branch information
tniessen authored and targos committed Sep 16, 2022
1 parent ba4f0e4 commit 2b34b5e
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions src/crypto/crypto_common.cc
Original file line number Diff line number Diff line change
Expand Up @@ -68,16 +68,19 @@ void LogSecret(
const unsigned char* secret,
size_t secretlen) {
auto keylog_cb = SSL_CTX_get_keylog_callback(SSL_get_SSL_CTX(ssl.get()));
unsigned char crandom[32];
// All supported versions of TLS/SSL fix the client random to the same size.
constexpr size_t kTlsClientRandomSize = SSL3_RANDOM_SIZE;
unsigned char crandom[kTlsClientRandomSize];

if (keylog_cb == nullptr ||
SSL_get_client_random(ssl.get(), crandom, 32) != 32) {
SSL_get_client_random(ssl.get(), crandom, kTlsClientRandomSize) !=
kTlsClientRandomSize) {
return;
}

std::string line = name;
line += " " + StringBytes::hex_encode(
reinterpret_cast<const char*>(crandom), 32);
line += " " + StringBytes::hex_encode(reinterpret_cast<const char*>(crandom),
kTlsClientRandomSize);
line += " " + StringBytes::hex_encode(
reinterpret_cast<const char*>(secret), secretlen);
keylog_cb(ssl.get(), line.c_str());
Expand Down

0 comments on commit 2b34b5e

Please sign in to comment.