Fix the client test and the tlsext test to work with randomized

TLS extensions (this involves unrandomizing the extension order for the tests that rely on golden numbers.
2025-01-10 06:47:55 -08:00 · 2023-04-23 18:59:41 +00:00 · 2023-04-23 18:59:41 +00:00 · dc5a472f91
commit dc5a472f91
parent f45f5ef68b
3 changed files with 21 additions and 4 deletions
--- a/regress/lib/libssl/client/Makefile
+++ b/regress/lib/libssl/client/Makefile
@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile,v 1.3 2021/08/30 17:34:01 tb Exp $
+#	$OpenBSD: Makefile,v 1.4 2023/04/23 18:59:41 tb Exp $

 PROG=	clienttest
-LDADD=	-lssl -lcrypto
+LDADD=	${SSL_INT} -lcrypto
 DPADD=	${LIBSSL} ${LIBCRYPTO}
 WARNINGS=	Yes
 CFLAGS+=	-DLIBRESSL_INTERNAL -Werror
--- a/regress/lib/libssl/client/clienttest.c
+++ b/regress/lib/libssl/client/clienttest.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: clienttest.c,v 1.39 2022/07/19 20:16:50 tb Exp $ */
+/*	$OpenBSD: clienttest.c,v 1.40 2023/04/23 18:59:41 tb Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 *
@ -41,6 +41,8 @@

 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)

+int tlsext_linearize_build_order(SSL *);
+
 static const uint8_t cipher_list_dtls1[] = {
 	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
 	0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
@ -649,6 +651,11 @@ client_hello_test(int testno, const struct client_hello_test *cht)
 		goto failure;
 	}

+	if (!tlsext_linearize_build_order(ssl)) {
+		fprintf(stderr, "failed to linearize build order");
+		goto failure;
+	}
+
 	BIO_up_ref(rbio);
 	BIO_up_ref(wbio);
 	SSL_set_bio(ssl, rbio, wbio);
--- a/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/regress/lib/libssl/tlsext/tlsexttest.c
@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.79 2022/11/26 16:08:57 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.80 2023/04/23 18:59:41 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@ -36,6 +36,7 @@ struct tls_extension_funcs {
 const struct tls_extension *tls_extension_find(uint16_t, size_t *);
 const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *,
    int);
+int tlsext_linearize_build_order(SSL *);

 static int
 tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
@ -3223,6 +3224,11 @@ test_tlsext_clienthello_build(void)
 		goto err;
 	}

+	if (!tlsext_linearize_build_order(ssl)) {
+		FAIL("failed to linearize build order");
+		goto err;
+	}
+
 	if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
 	    &server_funcs))
 		errx(1, "failed to fetch supported versions funcs");
@ -3339,6 +3345,10 @@ test_tlsext_serverhello_build(void)
 		FAIL("failed to create SSL");
 		goto err;
 	}
+	if (!tlsext_linearize_build_order(ssl)) {
+		FAIL("failed to linearize build order");
+		goto err;
+	}
 	if ((ssl->session = SSL_SESSION_new()) == NULL) {
 		FAIL("failed to create session");
 		goto err;