From: tb <tb@openbsd.org>
Date: Sun, 23 Apr 2023 18:59:41 +0000 (+0000)
Subject: Fix the client test and the tlsext test to work with randomized
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=dc5a472f910c36a316d3b5f162f55e9d32189f69;p=openbsd

Fix the client test and the tlsext test to work with randomized
TLS extensions (this involves unrandomizing the extension order
for the tests that rely on golden numbers.
---

diff --git a/regress/lib/libssl/client/Makefile b/regress/lib/libssl/client/Makefile
index 5a54f809147..c8a05690a0a 100644
--- a/regress/lib/libssl/client/Makefile
+++ b/regress/lib/libssl/client/Makefile
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile,v 1.3 2021/08/30 17:34:01 tb Exp $
+#	$OpenBSD: Makefile,v 1.4 2023/04/23 18:59:41 tb Exp $
 
 PROG=	clienttest
-LDADD=	-lssl -lcrypto
+LDADD=	${SSL_INT} -lcrypto
 DPADD=	${LIBSSL} ${LIBCRYPTO}
 WARNINGS=	Yes
 CFLAGS+=	-DLIBRESSL_INTERNAL -Werror
diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c
index b0486d95f0b..8ecc54467f2 100644
--- a/regress/lib/libssl/client/clienttest.c
+++ b/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: clienttest.c,v 1.39 2022/07/19 20:16:50 tb Exp $ */
+/*	$OpenBSD: clienttest.c,v 1.40 2023/04/23 18:59:41 tb Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -41,6 +41,8 @@
 
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
 
+int tlsext_linearize_build_order(SSL *);
+
 static const uint8_t cipher_list_dtls1[] = {
 	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
 	0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
@@ -649,6 +651,11 @@ client_hello_test(int testno, const struct client_hello_test *cht)
 		goto failure;
 	}
 
+	if (!tlsext_linearize_build_order(ssl)) {
+		fprintf(stderr, "failed to linearize build order");
+		goto failure;
+	}
+
 	BIO_up_ref(rbio);
 	BIO_up_ref(wbio);
 	SSL_set_bio(ssl, rbio, wbio);
diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c
index 923c50d5aaf..f5241c8f626 100644
--- a/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.79 2022/11/26 16:08:57 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.80 2023/04/23 18:59:41 tb Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -36,6 +36,7 @@ struct tls_extension_funcs {
 const struct tls_extension *tls_extension_find(uint16_t, size_t *);
 const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *,
     int);
+int tlsext_linearize_build_order(SSL *);
 
 static int
 tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
@@ -3223,6 +3224,11 @@ test_tlsext_clienthello_build(void)
 		goto err;
 	}
 
+	if (!tlsext_linearize_build_order(ssl)) {
+		FAIL("failed to linearize build order");
+		goto err;
+	}
+
 	if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
 	    &server_funcs))
 		errx(1, "failed to fetch supported versions funcs");
@@ -3339,6 +3345,10 @@ test_tlsext_serverhello_build(void)
 		FAIL("failed to create SSL");
 		goto err;
 	}
+	if (!tlsext_linearize_build_order(ssl)) {
+		FAIL("failed to linearize build order");
+		goto err;
+	}
 	if ((ssl->session = SSL_SESSION_new()) == NULL) {
 		FAIL("failed to create session");
 		goto err;