tests: Update capability checks to include OpenSSL 3.1 and 3.2

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2023-12-02 11:22:24 +02:00
parent 033634019d
commit a7fdd58039
3 changed files with 21 additions and 14 deletions

View file

@ -99,8 +99,12 @@ def check_pkcs5_v15_support(dev):
def check_tls13_support(dev):
tls = dev.request("GET tls_library")
if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls and "wolfSSL" not in tls:
raise HwsimSkip("TLS v1.3 not supported")
ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.0', 'run=OpenSSL 3.1',
'run=OpenSSL 3.2', 'wolfSSL']
for s in ok:
if s in tls:
return
raise HwsimSkip("TLS v1.3 not supported")
def check_ocsp_multi_support(dev):
tls = dev.request("GET tls_library")
@ -4312,7 +4316,7 @@ def test_ap_wpa2_eap_fast_cipher_suites(dev, apdev):
if cipher == "RC4-SHA" and \
("Could not select EAP method" in str(e) or \
"EAP failed" in str(e)):
if "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls:
if "run=OpenSSL" in tls:
logger.info("Allow failure due to missing TLS library support")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
@ -6184,7 +6188,7 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev):
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
check_tls_ver(dev[2], hapd,
"tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3." in tls:
check_tls_ver(dev[0], hapd,
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")

View file

@ -1417,18 +1417,21 @@ def test_fils_sk_pfs_30(dev, apdev, params):
"""FILS SK with PFS (DH group 30)"""
run_fils_sk_pfs(dev, apdev, "30", params)
def check_ec_group(dev, group):
tls = dev.request("GET tls_library")
if tls.startswith("wolfSSL"):
return
if int(group) in [25]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
raise HwsimSkip("EC group not supported")
if int(group) in [27, 28, 29, 30]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
raise HwsimSkip("Brainpool EC group not supported")
def run_fils_sk_pfs(dev, apdev, group, params):
check_fils_sk_pfs_capa(dev[0])
check_erp_capa(dev[0])
tls = dev[0].request("GET tls_library")
if not tls.startswith("wolfSSL"):
if int(group) in [25]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
raise HwsimSkip("EC group not supported")
if int(group) in [27, 28, 29, 30]:
if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
raise HwsimSkip("Brainpool EC group not supported")
check_ec_group(dev[0], group)
start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))

View file

@ -30,7 +30,7 @@ def check_suite_b_tls_lib(dev, dhe=False, level128=False):
if not tls.startswith("OpenSSL"):
raise HwsimSkip("TLS library not supported for Suite B: " + tls)
supported = False
for ver in ['1.0.2', '1.1.0', '1.1.1', '3.0']:
for ver in ['1.0.2', '1.1.0', '1.1.1', '3.']:
if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
supported = True
break