From a7fdd580398c706201c11501e57243c3adb7235e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 2 Dec 2023 11:22:24 +0200
Subject: [PATCH] tests: Update capability checks to include OpenSSL 3.1 and
 3.2

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/test_ap_eap.py  | 12 ++++++++----
 tests/hwsim/test_fils.py    | 21 ++++++++++++---------
 tests/hwsim/test_suite_b.py |  2 +-
 3 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 66911de0a..0ddaa07d5 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -99,8 +99,12 @@ def check_pkcs5_v15_support(dev):
 
 def check_tls13_support(dev):
     tls = dev.request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls and "wolfSSL" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
+    ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.0', 'run=OpenSSL 3.1',
+          'run=OpenSSL 3.2', 'wolfSSL']
+    for s in ok:
+        if s in tls:
+            return
+    raise HwsimSkip("TLS v1.3 not supported")
 
 def check_ocsp_multi_support(dev):
     tls = dev.request("GET tls_library")
@@ -4312,7 +4316,7 @@ def test_ap_wpa2_eap_fast_cipher_suites(dev, apdev):
             if cipher == "RC4-SHA" and \
                ("Could not select EAP method" in str(e) or \
                 "EAP failed" in str(e)):
-                if "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls:
+                if "run=OpenSSL" in tls:
                     logger.info("Allow failure due to missing TLS library support")
                     dev[0].request("REMOVE_NETWORK all")
                     dev[0].wait_disconnected()
@@ -6184,7 +6188,7 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev):
                   "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
     check_tls_ver(dev[2], hapd,
                   "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
-    if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
+    if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3." in tls:
         check_tls_ver(dev[0], hapd,
                       "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
 
diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py
index f7daf1907..662ed8c5a 100644
--- a/tests/hwsim/test_fils.py
+++ b/tests/hwsim/test_fils.py
@@ -1417,18 +1417,21 @@ def test_fils_sk_pfs_30(dev, apdev, params):
     """FILS SK with PFS (DH group 30)"""
     run_fils_sk_pfs(dev, apdev, "30", params)
 
+def check_ec_group(dev, group):
+    tls = dev.request("GET tls_library")
+    if tls.startswith("wolfSSL"):
+        return
+    if int(group) in [25]:
+        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
+            raise HwsimSkip("EC group not supported")
+    if int(group) in [27, 28, 29, 30]:
+        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
+                raise HwsimSkip("Brainpool EC group not supported")
+
 def run_fils_sk_pfs(dev, apdev, group, params):
     check_fils_sk_pfs_capa(dev[0])
     check_erp_capa(dev[0])
-
-    tls = dev[0].request("GET tls_library")
-    if not tls.startswith("wolfSSL"):
-        if int(group) in [25]:
-            if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
-                raise HwsimSkip("EC group not supported")
-        if int(group) in [27, 28, 29, 30]:
-            if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
-                raise HwsimSkip("Brainpool EC group not supported")
+    check_ec_group(dev[0], group)
 
     start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
 
diff --git a/tests/hwsim/test_suite_b.py b/tests/hwsim/test_suite_b.py
index 6bbe22464..d03a39dee 100644
--- a/tests/hwsim/test_suite_b.py
+++ b/tests/hwsim/test_suite_b.py
@@ -30,7 +30,7 @@ def check_suite_b_tls_lib(dev, dhe=False, level128=False):
     if not tls.startswith("OpenSSL"):
         raise HwsimSkip("TLS library not supported for Suite B: " + tls)
     supported = False
-    for ver in ['1.0.2', '1.1.0', '1.1.1', '3.0']:
+    for ver in ['1.0.2', '1.1.0', '1.1.1', '3.']:
         if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
             supported = True
             break