tests: Update capability checks to include OpenSSL 3.0

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 269500a93a692e95dc9de47596b812eef7e9c713..a9715eec1f046bd163802e70610cbcbd6b27320c 100644 (file)
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -97,6 +97,11 @@ def check_pkcs5_v15_support(dev):
     if "BoringSSL" in tls or "GnuTLS" in tls:
         raise HwsimSkip("PKCS#5 v1.5 not supported with this TLS library: " + tls)
 
+def check_tls13_support(dev):
+    tls = dev.request("GET tls_library")
+    if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls:
+        raise HwsimSkip("TLS v1.3 not supported")
+
 def check_ocsp_multi_support(dev):
     tls = dev.request("GET tls_library")
     if not tls.startswith("internal"):
@@ -3971,7 +3976,7 @@ def test_ap_wpa2_eap_fast_cipher_suites(dev, apdev):
             if cipher == "RC4-SHA" and \
                ("Could not select EAP method" in str(e) or \
                 "EAP failed" in str(e)):
-                if "run=OpenSSL 1.1" in tls:
+                if "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls:
                     logger.info("Allow failure due to missing TLS library support")
                     dev[0].request("REMOVE_NETWORK all")
                     dev[0].wait_disconnected()
@@ -5905,7 +5910,7 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev):
                   "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
     check_tls_ver(dev[2], hapd,
                   "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
-    if "run=OpenSSL 1.1.1" in tls:
+    if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
         check_tls_ver(dev[0], hapd,
                       "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
 
@@ -5937,9 +5942,7 @@ def test_ap_wpa2_eap_tls_13(dev, apdev):
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0], params)
 
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
+    check_tls13_support(dev[0])
     id = eap_connect(dev[0], hapd, "TLS", "tls user",
                      ca_cert="auth_serv/ca.pem",
                      client_cert="auth_serv/user.pem",
@@ -5961,9 +5964,7 @@ def test_ap_wpa2_eap_ttls_13(dev, apdev):
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0], params)
 
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
+    check_tls13_support(dev[0])
     id = eap_connect(dev[0], hapd, "TTLS", "pap user",
                      anonymous_identity="ttls", password="password",
                      ca_cert="auth_serv/ca.pem",
@@ -5986,9 +5987,7 @@ def test_ap_wpa2_eap_peap_13(dev, apdev):
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0], params)
 
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
+    check_tls13_support(dev[0])
     id = eap_connect(dev[0], hapd, "PEAP", "user",
                      anonymous_identity="peap", password="password",
                      ca_cert="auth_serv/ca.pem",
@@ -6019,13 +6018,9 @@ def test_ap_wpa2_eap_tls_13_ec(dev, apdev):
               "private_key": "auth_serv/ec-server.key",
               "tls_flags": "[ENABLE-TLSv1.3]"}
     hapd = hostapd.add_ap(apdev[0], params)
-    tls = hapd.request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
+    check_tls13_support(hapd)
 
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("TLS v1.3 not supported")
+    check_tls13_support(dev[0])
     id = eap_connect(dev[0], hapd, "TLS", "tls user",
                      ca_cert="auth_serv/ec-ca.pem",
                      client_cert="auth_serv/ec-user.pem",

diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py
index 6ca1259ab1a1eb02f04c13b0347dce06b2436c36..50cec8dc6d93100041a5b50e63bcfc66d928311c 100644 (file)
--- a/tests/hwsim/test_erp.py
+++ b/tests/hwsim/test_erp.py
@@ -12,7 +12,7 @@ import time
 
 import hostapd
 from utils import *
-from test_ap_eap import int_eap_server_params
+from test_ap_eap import int_eap_server_params, check_tls13_support
 from test_ap_psk import find_wpas_process, read_process_memory, verify_not_present, get_key_locations
 
 def test_erp_initiate_reauth_start(dev, apdev):
@@ -329,9 +329,7 @@ def test_erp_radius_eap_methods(dev, apdev):
 def test_erp_radius_eap_tls_v13(dev, apdev):
     """ERP enabled on RADIUS server and peer using EAP-TLS v1.3"""
     check_erp_capa(dev[0])
-    tls = dev[0].request("GET tls_library")
-    if "run=OpenSSL 1.1.1" not in tls:
-        raise HwsimSkip("No TLS v1.3 support in TLS library")
+    check_tls13_support(dev[0])
 
     eap_methods = dev[0].get_capability("eap")
     start_erp_as(tls13=True)

diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py
index 4d4ddc39a837203b60605e6220b6c53770ca8817..4dcbcf6bee5198880c86fb027d16e75337f7f824 100644 (file)
--- a/tests/hwsim/test_fils.py
+++ b/tests/hwsim/test_fils.py
@@ -1420,10 +1420,10 @@ def run_fils_sk_pfs(dev, apdev, group, params):
 
     tls = dev[0].request("GET tls_library")
     if int(group) in [25]:
-        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls)):
+        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
             raise HwsimSkip("EC group not supported")
     if int(group) in [27, 28, 29, 30]:
-        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls)):
+        if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
             raise HwsimSkip("Brainpool EC group not supported")
 
     start_erp_as(msk_dump=os.path.join(params['logdir'], "msk.lst"))

diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py
index f5cde1ac35d59c554ca20c13dc88622a54feffed..926a35da1539636643fcdcae1f461f38cbdf2f31 100644 (file)
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@@ -2116,7 +2116,7 @@ def run_sae_pwe_group(dev, apdev, group):
     check_sae_capab(dev[0])
     tls = dev[0].request("GET tls_library")
     if group in [27, 28, 29, 30]:
-        if tls.startswith("OpenSSL") and "run=OpenSSL 1." in tls:
+        if tls.startswith("OpenSSL") and ("run=OpenSSL 1." in tls or "run=OpenSSL 3." in tls):
             logger.info("Add Brainpool EC groups since OpenSSL is new enough")
         else:
             raise HwsimSkip("Brainpool curve not supported")

diff --git a/tests/hwsim/test_suite_b.py b/tests/hwsim/test_suite_b.py
index 7065b18bd65fb00b7490b5cb1d960791c4fa724a..2b3c30fc19804c3a75c14e038c382212a72e357e 100644 (file)
--- a/tests/hwsim/test_suite_b.py
+++ b/tests/hwsim/test_suite_b.py
@@ -27,7 +27,7 @@ def check_suite_b_tls_lib(dev, dhe=False, level128=False):
     if not tls.startswith("OpenSSL"):
         raise HwsimSkip("TLS library not supported for Suite B: " + tls)
     supported = False
-    for ver in ['1.0.2', '1.1.0', '1.1.1']:
+    for ver in ['1.0.2', '1.1.0', '1.1.1', '3.0']:
         if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
             supported = True
             break