commit f2dda15ce8260fbb2a458694d37dc35afec2f956
author Max Fillinger <maximilian.fillinger@foxcrypto.com> Wed Oct 23 15:47:23 2024 +0200
committer Max Fillinger <maximilian.fillinger@foxcrypto.com> Fri Mar 28 16:53:58 2025 +0100
tree 6676838cecbea2f36395a76ce23a0826cd217047
parent 48150f5dc3641204dc6c7d262a1281e9c55be087

Add label length argument to tls_prf_generic()

This way, it's not required that the label is null-terminated. This
allows us to avoid an allocation in
mbedtls_ssl_tls12_export_keying_material().

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 38b6980..a62d4e1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6192,7 +6192,7 @@
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int tls_prf_generic(mbedtls_md_type_t md_type,
                            const unsigned char *secret, size_t slen,
-                           const char *label,
+                           const char *label, size_t label_len,
                            const unsigned char *random, size_t rlen,
                            unsigned char *dstbuf, size_t dlen)
 {
@@ -6232,7 +6232,7 @@
                                       NULL, 0,
                                       random, rlen,
                                       (unsigned char const *) label,
-                                      (size_t) strlen(label),
+                                      label_len,
                                       NULL, 0,
                                       dlen);
     if (status != PSA_SUCCESS) {
@@ -6273,7 +6273,7 @@
                           unsigned char *dstbuf, size_t dlen)
 {
     return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen,
-                           label, random, rlen, dstbuf, dlen);
+                           label, strlen(label), random, rlen, dstbuf, dlen);
 }
 #endif /* PSA_WANT_ALG_SHA_256*/
 
@@ -6285,7 +6285,7 @@
                           unsigned char *dstbuf, size_t dlen)
 {
     return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen,
-                           label, random, rlen, dstbuf, dlen);
+                           label, strlen(label), random, rlen, dstbuf, dlen);
 }
 #endif /* PSA_WANT_ALG_SHA_384*/
 
@@ -8944,7 +8944,6 @@
     int ret = 0;
     size_t prf_input_len = use_context ? 64 + 2 + context_len : 64;
     unsigned char *prf_input = NULL;
-    char *label_str = NULL;
 
     if (use_context && context_len >= (1 << 16)) {
         ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -8952,15 +8951,11 @@
     }
 
     prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char));
-    label_str = mbedtls_calloc(label_len + 1, sizeof(char));
-    if (prf_input == NULL || label_str == NULL) {
+    if (prf_input == NULL) {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto exit;
     }
 
-    memcpy(label_str, label, label_len);
-    label_str[label_len] = '\0';
-
     /* The input to the PRF is client_random, then server_random.
      * If a context is provided, this is then followed by the context length
      * as a 16-bit big-endian integer, and then the context itself. */
@@ -8971,13 +8966,13 @@
         prf_input[65] = (unsigned char) (context_len & 0xff);
         memcpy(prf_input + 66, context, context_len);
     }
-    ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str,
+    ret = tls_prf_generic(hash_alg, ssl->session->master, 48,
+                          label, label_len,
                           prf_input, prf_input_len,
                           out, key_len);
 
 exit:
     mbedtls_free(prf_input);
-    mbedtls_free(label_str);
     return ret;
 }
 #endif