1 files changed, 3 insertions, 33 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 4adf27421d..32bad7ebc8 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.93 2025/04/30 13:44:54 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -4542,12 +4542,10 @@ test_tlsext_valid_hostnames(void)
 #define N_TLSEXT_RANDOMIZATION_TESTS 1000
 static int
-test_tlsext_check_extension_order(SSL *ssl)
+test_tlsext_check_psk_is_last_extension(SSL *ssl)
 {
        const struct tls_extension *ext;
        uint16_t type;
-        size_t alpn_idx, sni_idx;
-        size_t i;
        if (ssl->tlsext_build_order_len == 0) {
                FAIL("Unexpected zero build order length");
@@ -4560,34 +4558,6 @@ test_tlsext_check_extension_order(SSL *ssl)
                return 1;
        }
-        if (ssl->server)
-                return 0;
-        alpn_idx = sni_idx = ssl->tlsext_build_order_len;
-        for (i = 0; i < ssl->tlsext_build_order_len; i++) {
-                ext = ssl->tlsext_build_order[i];
-                if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
-                        alpn_idx = i;
-                if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
-                        sni_idx = i;
-        }
-        if (alpn_idx == ssl->tlsext_build_order_len) {
-                FAIL("could not find alpn extension\n");
-                return 1;
-        }
-        if (sni_idx == ssl->tlsext_build_order_len) {
-                FAIL("could not find alpn extension\n");
-                return 1;
-        }
-        if (sni_idx >= alpn_idx) {
-                FAIL("sni does not precede alpn: %zu >= %zu\n",
-                    sni_idx, alpn_idx);
-                return 1;
-        }
        return 0;
 }
@@ -4600,7 +4570,7 @@ test_tlsext_randomized_extensions(SSL *ssl)
        for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
                if (!tlsext_randomize_build_order(ssl))
                        errx(1, "failed to randomize extensions");
-                failed |= test_tlsext_check_extension_order(ssl);
+                failed |= test_tlsext_check_psk_is_last_extension(ssl);
        }
        return failed;

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 4adf27421d..32bad7ebc8 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.93 2025/04/30 13:44:54 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -4542,12 +4542,10 @@ test_tlsext_valid_hostnames(void)
4542	#define N_TLSEXT_RANDOMIZATION_TESTS 1000	4542	#define N_TLSEXT_RANDOMIZATION_TESTS 1000
4543		4543
4544	static int	4544	static int
4545	test_tlsext_check_extension_order(SSL *ssl)	4545	test_tlsext_check_psk_is_last_extension(SSL *ssl)
4546	{	4546	{
4547	const struct tls_extension *ext;	4547	const struct tls_extension *ext;
4548	uint16_t type;	4548	uint16_t type;
4549	size_t alpn_idx, sni_idx;
4550	size_t i;
4551		4549
4552	if (ssl->tlsext_build_order_len == 0) {	4550	if (ssl->tlsext_build_order_len == 0) {
4553	FAIL("Unexpected zero build order length");	4551	FAIL("Unexpected zero build order length");
@@ -4560,34 +4558,6 @@ test_tlsext_check_extension_order(SSL *ssl)
4560	return 1;	4558	return 1;
4561	}	4559	}
4562		4560
4563	if (ssl->server)
4564	return 0;
4565
4566	alpn_idx = sni_idx = ssl->tlsext_build_order_len;
4567	for (i = 0; i < ssl->tlsext_build_order_len; i++) {
4568	ext = ssl->tlsext_build_order[i];
4569	if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
4570	alpn_idx = i;
4571	if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
4572	sni_idx = i;
4573	}
4574
4575	if (alpn_idx == ssl->tlsext_build_order_len) {
4576	FAIL("could not find alpn extension\n");
4577	return 1;
4578	}
4579
4580	if (sni_idx == ssl->tlsext_build_order_len) {
4581	FAIL("could not find alpn extension\n");
4582	return 1;
4583	}
4584
4585	if (sni_idx >= alpn_idx) {
4586	FAIL("sni does not precede alpn: %zu >= %zu\n",
4587	sni_idx, alpn_idx);
4588	return 1;
4589	}
4590
4591	return 0;	4561	return 0;
4592	}	4562	}
4593		4563
@@ -4600,7 +4570,7 @@ test_tlsext_randomized_extensions(SSL *ssl)
4600	for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {	4570	for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
4601	if (!tlsext_randomize_build_order(ssl))	4571	if (!tlsext_randomize_build_order(ssl))
4602	errx(1, "failed to randomize extensions");	4572	errx(1, "failed to randomize extensions");
4603	failed \|= test_tlsext_check_extension_order(ssl);	4573	failed \|= test_tlsext_check_psk_is_last_extension(ssl);
4604	}	4574	}
4605		4575
4606	return failed;	4576	return failed;