Bug 1478698, preserve leading zeros when computing TLS 1.3 DHE key sh…

…are, r=mt

--HG--
extra : amend_source : 72e3dcedc874b9e0cc98288e08331fd854a11871

lib/ssl/tls13con.c

@@ -528,6 +528,7 @@ tls13_HandleKeyShare(sslSocket *ss,
     CK_MECHANISM_TYPE mechanism;
     PRErrorCode errorCode;
     SECStatus rv;
+    int keySize = 0;
 
     PORT_InitCheapArena(&arena, DER_DEFAULT_CHUNKSIZE);
     peerKey = PORT_ArenaZNew(&arena.arena, SECKEYPublicKey);
@@ -552,6 +553,7 @@ tls13_HandleKeyShare(sslSocket *ss,
                                          entry->key_exchange.len,
                                          keyPair->pubKey);
             mechanism = CKM_DH_PKCS_DERIVE;
+            keySize = peerKey->u.dh.publicValue.len;
             break;
         default:
             PORT_Assert(0);
@@ -563,7 +565,7 @@ tls13_HandleKeyShare(sslSocket *ss,
 
     ss->ssl3.hs.dheSecret = PK11_PubDeriveWithKDF(
         keyPair->privKey, peerKey, PR_FALSE, NULL, NULL, mechanism,
-        tls13_GetHkdfMechanism(ss), CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
+        tls13_GetHkdfMechanism(ss), CKA_DERIVE, keySize, CKD_NULL, NULL, NULL);
     if (!ss->ssl3.hs.dheSecret) {
         ssl_MapLowLevelError(SSL_ERROR_KEY_EXCHANGE_FAILURE);
         goto loser;

tests/tlsfuzzer/config.json.in

@@ -23,6 +23,14 @@
                     "-p", "@PORT@", "-t", "1"
                 ]
             },
+            {
+                "name" : "test-tls13-dhe-shared-secret-padding.py",
+                "comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1305243",
+                "arguments": [
+                    "-p", "@PORT@",
+                    "-e", "TLS 1.3 with x448"
+                ]
+            },
             {
                 "name" : "test-tls13-empty-alert.py",
                 "arguments": [
@@ -31,6 +39,12 @@
                 "comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1471656",
                 "exp_pass": false
             },
+            {
+                "name" : "test-tls13-ffdhe-sanity.py",
+                "arguments": [
+                    "-p", "@PORT@"
+                ]
+            },
             {
                 "name" : "test-tls13-finished.py",
                 "arguments": [
@@ -115,6 +129,12 @@
                 "comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1482386",
                 "exp_pass": false
             },
+            {
+                "name" : "test-tls13-unrecognised-groups.py",
+                "arguments": [
+                    "-p", "@PORT@", "--cookie"
+                ]
+            },
             {
                 "name" : "test-tls13-version-negotiation.py",
                 "comment": "the disabled test timeouts because of https://github.com/tomato42/tlsfuzzer/issues/452",
@@ -128,6 +148,18 @@
                 "arguments": [
                     "-p", "@PORT@"
                 ]
+            },
+            {
+                "name" : "test-dhe-no-shared-secret-padding.py",
+                "comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1494221 and SSLv3 cannot be enabled in server",
+                "arguments": [
+                    "-p", "@PORT@",
+                    "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
+                    "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
+                    "-e", "Protocol (3, 2) in SSLv2 compatible ClientHello",
+                    "-e", "Protocol (3, 3) in SSLv2 compatible ClientHello",
+                    "-e", "Protocol (3, 0)"
+                ]
             }
         ]
     }

tests/tlsfuzzer/tlsfuzzer.sh

@@ -44,7 +44,7 @@ tlsfuzzer_init()
   if [ ! -d "$TLSFUZZER" ]; then
     # Can't use git-copy.sh here, as tlsfuzzer doesn't have any tags
     git clone -q https://github.com/tomato42/tlsfuzzer/ "$TLSFUZZER"
-    git -C "$TLSFUZZER" checkout fc8fd0128643d6b2bcba344e276ba5f902445913
+    git -C "$TLSFUZZER" checkout a40ce4085052a4da9a05f9149b835a76c194a0c6
 
     # We could use tlslite-ng from pip, but the pip command installed
     # on TC is too old to support --pre