def check_tls13_support(dev):
tls = dev.request("GET tls_library")
- if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls and "wolfSSL" not in tls:
- raise HwsimSkip("TLS v1.3 not supported")
+ ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.0', 'run=OpenSSL 3.1',
+ 'run=OpenSSL 3.2', 'wolfSSL']
+ for s in ok:
+ if s in tls:
+ return
+ raise HwsimSkip("TLS v1.3 not supported")
def check_ocsp_multi_support(dev):
tls = dev.request("GET tls_library")
if cipher == "RC4-SHA" and \
("Could not select EAP method" in str(e) or \
"EAP failed" in str(e)):
- if "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls:
+ if "run=OpenSSL" in tls:
logger.info("Allow failure due to missing TLS library support")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
check_tls_ver(dev[2], hapd,
"tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
- if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
+ if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3." in tls:
check_tls_ver(dev[0], hapd,
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
"""FILS SK with PFS (DH group 30)"""
run_fils_sk_pfs(dev, apdev, "30", params)
+def check_ec_group(dev, group):
+ tls = dev.request("GET tls_library")
+ if tls.startswith("wolfSSL"):
+ return
+ if int(group) in [25]:
+ if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
+ raise HwsimSkip("EC group not supported")
+ if int(group) in [27, 28, 29, 30]:
+ if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
+ raise HwsimSkip("Brainpool EC group not supported")
+
def run_fils_sk_pfs(dev, apdev, group, params):
check_fils_sk_pfs_capa(dev[0])
check_erp_capa(dev[0])
-
- tls = dev[0].request("GET tls_library")
- if not tls.startswith("wolfSSL"):
- if int(group) in [25]:
- if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
- raise HwsimSkip("EC group not supported")
- if int(group) in [27, 28, 29, 30]:
- if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
- raise HwsimSkip("Brainpool EC group not supported")
+ check_ec_group(dev[0], group)
start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))
if not tls.startswith("OpenSSL"):
raise HwsimSkip("TLS library not supported for Suite B: " + tls)
supported = False
- for ver in ['1.0.2', '1.1.0', '1.1.1', '3.0']:
+ for ver in ['1.0.2', '1.1.0', '1.1.1', '3.']:
if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
supported = True
break
projects / thirdparty / hostap.git / commitdiff
