Add label length argument to tls_prf_generic()

This way, it's not required that the label is null-terminated. This allows us to avoid an allocation in mbedtls_ssl_tls12_export_keying_material(). Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
2025-05-12 09:54:38 +08:00 · 2024-10-23 15:47:23 +02:00 · 2024-10-23 15:47:23 +02:00 · f2dda15ce8
commit f2dda15ce8
parent 48150f5dc3
1 changed files with 7 additions and 12 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -6192,7 +6192,7 @@ static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *der
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int tls_prf_generic(mbedtls_md_type_t md_type,
                           const unsigned char *secret, size_t slen,
-                           const char *label,
+                           const char *label, size_t label_len,
                           const unsigned char *random, size_t rlen,
                           unsigned char *dstbuf, size_t dlen)
 {
@ -6232,7 +6232,7 @@ static int tls_prf_generic(mbedtls_md_type_t md_type,
                                      NULL, 0,
                                      random, rlen,
                                      (unsigned char const *) label,
-                                      (size_t) strlen(label),
+                                      label_len,
                                      NULL, 0,
                                      dlen);
    if (status != PSA_SUCCESS) {
@ -6273,7 +6273,7 @@ static int tls_prf_sha256(const unsigned char *secret, size_t slen,
                          unsigned char *dstbuf, size_t dlen)
 {
    return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen,
-                           label, random, rlen, dstbuf, dlen);
+                           label, strlen(label), random, rlen, dstbuf, dlen);
 }
 #endif /* PSA_WANT_ALG_SHA_256*/

@ -6285,7 +6285,7 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen,
                          unsigned char *dstbuf, size_t dlen)
 {
    return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen,
-                           label, random, rlen, dstbuf, dlen);
+                           label, strlen(label), random, rlen, dstbuf, dlen);
 }
 #endif /* PSA_WANT_ALG_SHA_384*/

@ -8944,7 +8944,6 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s
    int ret = 0;
    size_t prf_input_len = use_context ? 64 + 2 + context_len : 64;
    unsigned char *prf_input = NULL;
-    char *label_str = NULL;

    if (use_context && context_len >= (1 << 16)) {
        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@ -8952,15 +8951,11 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s
    }

    prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char));
-    label_str = mbedtls_calloc(label_len + 1, sizeof(char));
-    if (prf_input == NULL || label_str == NULL) {
+    if (prf_input == NULL) {
        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
        goto exit;
    }

-    memcpy(label_str, label, label_len);
-    label_str[label_len] = '\0';
-
    /* The input to the PRF is client_random, then server_random.
     * If a context is provided, this is then followed by the context length
     * as a 16-bit big-endian integer, and then the context itself. */
@ -8971,13 +8966,13 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s
        prf_input[65] = (unsigned char) (context_len & 0xff);
        memcpy(prf_input + 66, context, context_len);
    }
-    ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str,
+    ret = tls_prf_generic(hash_alg, ssl->session->master, 48,
+                          label, label_len,
                          prf_input, prf_input_len,
                          out, key_len);

 exit:
    mbedtls_free(prf_input);
-    mbedtls_free(label_str);
    return ret;
 }
 #endif