summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2023-04-23 18:59:41 +0000
committertb <>2023-04-23 18:59:41 +0000
commit13ba643374d5ff84130d05ec7c88f7fd1e4c2308 (patch)
tree8e2ef0fc4362e087ab7be216976b0cd6db4b81a4
parent7af2fcf80381969850949d04fe5368f75e9f7f03 (diff)
downloadopenbsd-13ba643374d5ff84130d05ec7c88f7fd1e4c2308.tar.gz
openbsd-13ba643374d5ff84130d05ec7c88f7fd1e4c2308.tar.bz2
openbsd-13ba643374d5ff84130d05ec7c88f7fd1e4c2308.zip
Fix the client test and the tlsext test to work with randomized
TLS extensions (this involves unrandomizing the extension order for the tests that rely on golden numbers.
Diffstat (limited to '')
-rw-r--r--src/regress/lib/libssl/client/Makefile4
-rw-r--r--src/regress/lib/libssl/client/clienttest.c9
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c12
3 files changed, 21 insertions, 4 deletions
diff --git a/src/regress/lib/libssl/client/Makefile b/src/regress/lib/libssl/client/Makefile
index 5a54f80914..c8a05690a0 100644
--- a/src/regress/lib/libssl/client/Makefile
+++ b/src/regress/lib/libssl/client/Makefile
@@ -1,7 +1,7 @@
1# $OpenBSD: Makefile,v 1.3 2021/08/30 17:34:01 tb Exp $ 1# $OpenBSD: Makefile,v 1.4 2023/04/23 18:59:41 tb Exp $
2 2
3PROG= clienttest 3PROG= clienttest
4LDADD= -lssl -lcrypto 4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO} 5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes 6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror 7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index b0486d95f0..8ecc54467f 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clienttest.c,v 1.39 2022/07/19 20:16:50 tb Exp $ */ 1/* $OpenBSD: clienttest.c,v 1.40 2023/04/23 18:59:41 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -41,6 +41,8 @@
41 41
42#define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) 42#define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
43 43
44int tlsext_linearize_build_order(SSL *);
45
44static const uint8_t cipher_list_dtls1[] = { 46static const uint8_t cipher_list_dtls1[] = {
45 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 47 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
46 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 48 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
@@ -649,6 +651,11 @@ client_hello_test(int testno, const struct client_hello_test *cht)
649 goto failure; 651 goto failure;
650 } 652 }
651 653
654 if (!tlsext_linearize_build_order(ssl)) {
655 fprintf(stderr, "failed to linearize build order");
656 goto failure;
657 }
658
652 BIO_up_ref(rbio); 659 BIO_up_ref(rbio);
653 BIO_up_ref(wbio); 660 BIO_up_ref(wbio);
654 SSL_set_bio(ssl, rbio, wbio); 661 SSL_set_bio(ssl, rbio, wbio);
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 923c50d5aa..f5241c8f62 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.79 2022/11/26 16:08:57 tb Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.80 2023/04/23 18:59:41 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -36,6 +36,7 @@ struct tls_extension_funcs {
36const struct tls_extension *tls_extension_find(uint16_t, size_t *); 36const struct tls_extension *tls_extension_find(uint16_t, size_t *);
37const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *, 37const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *,
38 int); 38 int);
39int tlsext_linearize_build_order(SSL *);
39 40
40static int 41static int
41tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs, 42tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
@@ -3223,6 +3224,11 @@ test_tlsext_clienthello_build(void)
3223 goto err; 3224 goto err;
3224 } 3225 }
3225 3226
3227 if (!tlsext_linearize_build_order(ssl)) {
3228 FAIL("failed to linearize build order");
3229 goto err;
3230 }
3231
3226 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs, 3232 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3227 &server_funcs)) 3233 &server_funcs))
3228 errx(1, "failed to fetch supported versions funcs"); 3234 errx(1, "failed to fetch supported versions funcs");
@@ -3339,6 +3345,10 @@ test_tlsext_serverhello_build(void)
3339 FAIL("failed to create SSL"); 3345 FAIL("failed to create SSL");
3340 goto err; 3346 goto err;
3341 } 3347 }
3348 if (!tlsext_linearize_build_order(ssl)) {
3349 FAIL("failed to linearize build order");
3350 goto err;
3351 }
3342 if ((ssl->session = SSL_SESSION_new()) == NULL) { 3352 if ((ssl->session = SSL_SESSION_new()) == NULL) {
3343 FAIL("failed to create session"); 3353 FAIL("failed to create session");
3344 goto err; 3354 goto err;