Fix the client test and the tlsext test to work with randomized

TLS extensions (this involves unrandomizing the extension order
for the tests that rely on golden numbers.

3 files changed, 21 insertions, 4 deletions

diff --git a/src/regress/lib/libssl/client/Makefile b/src/regress/lib/libssl/client/Makefile
index 5a54f80914..c8a05690a0 100644
--- a/src/regress/lib/libssl/client/Makefile
+++ b/src/regress/lib/libssl/client/Makefile
@@ -1,7 +1,7 @@
-#       $OpenBSD: Makefile,v 1.3 2021/08/30 17:34:01 tb Exp $
+#       $OpenBSD: Makefile,v 1.4 2023/04/23 18:59:41 tb Exp $
 
 PROG=   clienttest
-LDADD=  -lssl -lcrypto
+LDADD=  ${SSL_INT} -lcrypto
 DPADD=  ${LIBSSL} ${LIBCRYPTO}
 WARNINGS=       Yes
 CFLAGS+=        -DLIBRESSL_INTERNAL -Werror
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index b0486d95f0..8ecc54467f 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: clienttest.c,v 1.39 2022/07/19 20:16:50 tb Exp $ */
+/*      $OpenBSD: clienttest.c,v 1.40 2023/04/23 18:59:41 tb Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -41,6 +41,8 @@
 
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
 
+int tlsext_linearize_build_order(SSL *);
+
 static const uint8_t cipher_list_dtls1[] = {
         0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
         0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
@@ -649,6 +651,11 @@ client_hello_test(int testno, const struct client_hello_test *cht)
                 goto failure;
         }
 
+        if (!tlsext_linearize_build_order(ssl)) {
+                fprintf(stderr, "failed to linearize build order");
+                goto failure;
+        }
+
         BIO_up_ref(rbio);
         BIO_up_ref(wbio);
         SSL_set_bio(ssl, rbio, wbio);
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 923c50d5aa..f5241c8f62 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.79 2022/11/26 16:08:57 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.80 2023/04/23 18:59:41 tb Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -36,6 +36,7 @@ struct tls_extension_funcs {
 const struct tls_extension *tls_extension_find(uint16_t, size_t *);
 const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *,
     int);
+int tlsext_linearize_build_order(SSL *);
 
 static int
 tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
@@ -3223,6 +3224,11 @@ test_tlsext_clienthello_build(void)
                 goto err;
         }
 
+        if (!tlsext_linearize_build_order(ssl)) {
+                FAIL("failed to linearize build order");
+                goto err;
+        }
+
         if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
             &server_funcs))
                 errx(1, "failed to fetch supported versions funcs");
@@ -3339,6 +3345,10 @@ test_tlsext_serverhello_build(void)
                 FAIL("failed to create SSL");
                 goto err;
         }
+        if (!tlsext_linearize_build_order(ssl)) {
+                FAIL("failed to linearize build order");
+                goto err;
+        }
         if ((ssl->session = SSL_SESSION_new()) == NULL) {
                 FAIL("failed to create session");
                 goto err;