aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch')
-rw-r--r--package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch78
1 files changed, 39 insertions, 39 deletions
diff --git a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
index 9e9e88c1eb..148c268f9c 100644
--- a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
+++ b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
@@ -727,7 +727,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
def check_ec_support(dev):
tls = dev.request("GET tls_library")
-@@ -1625,7 +1668,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
+@@ -1595,7 +1638,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
eap_connect(dev[0], hapd, "TTLS", "pap user",
anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
@@ -736,7 +736,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
altsubject_match="EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/")
eap_reauth(dev[0], "TTLS")
-@@ -2860,6 +2903,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
+@@ -2830,6 +2873,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev):
"""WPA2-Enterprise negative test - subject mismatch"""
@@ -744,7 +744,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0], params)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-@@ -2920,6 +2964,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
+@@ -2890,6 +2934,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev):
"""WPA2-Enterprise negative test - altsubject mismatch"""
@@ -752,7 +752,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0], params)
-@@ -3460,7 +3505,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
+@@ -3430,7 +3475,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
dev[0].request("REMOVE_NETWORK all")
tls = dev[0].request("GET tls_library")
@@ -761,7 +761,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
tests = [(1, "os_get_random;dh_init")]
else:
tests = [(1, "crypto_dh_init;dh_init")]
-@@ -4774,7 +4819,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4744,7 +4789,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
params["private_key"] = "auth_serv/iCA-server/server.key"
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -770,7 +770,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -4840,6 +4885,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4810,6 +4855,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1")
def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
@@ -778,7 +778,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = int_eap_server_params()
params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
params["server_cert"] = "auth_serv/iCA-server/server.pem"
-@@ -4849,7 +4895,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -4819,7 +4865,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
try:
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -787,7 +787,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -4885,7 +4931,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -4855,7 +4901,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
try:
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -796,7 +796,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -4935,7 +4981,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4905,7 +4951,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
try:
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -805,7 +805,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -5002,7 +5048,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4972,7 +5018,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -814,7 +814,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -5260,6 +5306,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
+@@ -5230,6 +5276,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and server PKCS#12 file"""
@@ -822,7 +822,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
skip_with_fips(dev[0])
params = int_eap_server_params()
del params["server_cert"]
-@@ -5272,6 +5319,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
+@@ -5242,6 +5289,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev):
"""EAP-TTLS and server PKCS#12 file with extra certs"""
@@ -830,7 +830,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
skip_with_fips(dev[0])
params = int_eap_server_params()
del params["server_cert"]
-@@ -5294,6 +5342,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
+@@ -5264,6 +5312,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
@@ -838,7 +838,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = int_eap_server_params()
params["dh_file"] = "auth_serv/dsaparam.pem"
hapd = hostapd.add_ap(apdev[0], params)
-@@ -5605,8 +5654,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
+@@ -5575,8 +5624,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
def test_openssl_cipher_suite_config_wpas(dev, apdev):
"""OpenSSL cipher suite configuration on wpa_supplicant"""
tls = dev[0].request("GET tls_library")
@@ -849,7 +849,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "TTLS", "pap user",
-@@ -5632,14 +5681,14 @@ def test_openssl_cipher_suite_config_wpa
+@@ -5602,14 +5651,14 @@ def test_openssl_cipher_suite_config_wpa
def test_openssl_cipher_suite_config_hapd(dev, apdev):
"""OpenSSL cipher suite configuration on hostapd"""
tls = dev[0].request("GET tls_library")
@@ -868,7 +868,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
eap_connect(dev[0], hapd, "TTLS", "pap user",
anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-@@ -6081,13 +6130,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
+@@ -6051,13 +6100,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
check_tls_ver(dev[0], hapd,
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1",
"TLSv1.2")
@@ -891,7 +891,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
check_tls_ver(dev[0], hapd,
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
-@@ -6109,6 +6162,11 @@ def test_ap_wpa2_eap_tls_versions_server
+@@ -6079,6 +6132,11 @@ def test_ap_wpa2_eap_tls_versions_server
tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
@@ -903,7 +903,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
for exp, flags in tests:
hapd.disable()
hapd.set("tls_flags", flags)
-@@ -7145,6 +7203,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
+@@ -7115,6 +7173,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
def test_eap_tls_ext_cert_check(dev, apdev):
"""EAP-TLS and external server certification validation"""
# With internal server certificate chain validation
@@ -911,7 +911,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
identity="tls user",
ca_cert="auth_serv/ca.pem",
-@@ -7157,6 +7216,7 @@ def test_eap_tls_ext_cert_check(dev, apd
+@@ -7127,6 +7186,7 @@ def test_eap_tls_ext_cert_check(dev, apd
def test_eap_ttls_ext_cert_check(dev, apdev):
"""EAP-TTLS and external server certification validation"""
# Without internal server certificate chain validation
@@ -919,7 +919,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="pap user", anonymous_identity="ttls",
password="password", phase2="auth=PAP",
-@@ -7167,6 +7227,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
+@@ -7137,6 +7197,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
def test_eap_peap_ext_cert_check(dev, apdev):
"""EAP-PEAP and external server certification validation"""
# With internal server certificate chain validation
@@ -927,7 +927,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
identity="user", anonymous_identity="peap",
ca_cert="auth_serv/ca.pem",
-@@ -7177,6 +7238,7 @@ def test_eap_peap_ext_cert_check(dev, ap
+@@ -7147,6 +7208,7 @@ def test_eap_peap_ext_cert_check(dev, ap
def test_eap_fast_ext_cert_check(dev, apdev):
"""EAP-FAST and external server certification validation"""
@@ -935,7 +935,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
check_eap_capa(dev[0], "FAST")
# With internal server certificate chain validation
dev[0].request("SET blob fast_pac_auth_ext ")
-@@ -7191,10 +7253,6 @@ def test_eap_fast_ext_cert_check(dev, ap
+@@ -7161,10 +7223,6 @@ def test_eap_fast_ext_cert_check(dev, ap
run_ext_cert_check(dev, apdev, id)
def run_ext_cert_check(dev, apdev, net_id):
@@ -948,7 +948,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
-@@ -2347,11 +2347,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
+@@ -2471,11 +2471,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
# This will fail to roam
dev[0].roam(bssid1, check_bssid=False)
@@ -992,7 +992,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
capa = dev.request("GET_CAPABILITY dpp")
ver = 1
-@@ -3621,6 +3622,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
+@@ -3892,6 +3893,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
"""DPP protocol testing - invalid I-proto key in Auth Req"""
@@ -1002,7 +1002,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
-@@ -3716,7 +3720,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
+@@ -3987,7 +3991,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
"""DPP protocol testing - invalid R-Proto Key in Auth Resp"""
@@ -1016,7 +1016,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
"""DPP protocol testing - no R-nonce in Auth Resp"""
-@@ -4078,11 +4087,17 @@ def test_dpp_proto_pkex_exchange_resp_in
+@@ -4349,11 +4358,17 @@ def test_dpp_proto_pkex_exchange_resp_in
def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
"""DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
@@ -1106,7 +1106,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
raise HwsimSkip("EC group not supported")
--- a/tests/hwsim/test_pmksa_cache.py
+++ b/tests/hwsim/test_pmksa_cache.py
-@@ -954,7 +954,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -955,7 +955,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
password_hex="0123456789abcdef0123456789abcdef",
bssid=apdev[0]['bssid'])
@@ -1115,7 +1115,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
with alloc_fail(dev[0], i, "rsn_preauth_init"):
res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip()
logger.info("Iteration %d - PREAUTH command results: %s" % (i, res))
-@@ -962,7 +962,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -963,7 +963,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
state = dev[0].request('GET_ALLOC_FAIL')
if state.startswith('0:'):
break
@@ -1138,7 +1138,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
heavy_groups = [14, 15, 16]
suitable_groups = [15, 16, 17, 18, 19, 20, 21]
groups = [str(g) for g in sae_groups]
-@@ -2122,6 +2127,8 @@ def run_sae_pwe_group(dev, apdev, group)
+@@ -2188,6 +2193,8 @@ def run_sae_pwe_group(dev, apdev, group)
logger.info("Add Brainpool EC groups since OpenSSL is new enough")
elif tls.startswith("wolfSSL"):
logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL")
@@ -1149,7 +1149,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
start_sae_pwe_ap(apdev[0], group, 2)
--- a/tests/hwsim/test_suite_b.py
+++ b/tests/hwsim/test_suite_b.py
-@@ -26,6 +26,8 @@ def check_suite_b_tls_lib(dev, dhe=False
+@@ -27,6 +27,8 @@ def check_suite_b_tls_lib(dev, dhe=False
return
if tls.startswith("wolfSSL"):
return
@@ -1158,7 +1158,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
if not tls.startswith("OpenSSL"):
raise HwsimSkip("TLS library not supported for Suite B: " + tls)
supported = False
-@@ -499,6 +501,7 @@ def test_suite_b_192_rsa_insufficient_dh
+@@ -520,6 +522,7 @@ def test_suite_b_192_rsa_insufficient_dh
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
@@ -1168,7 +1168,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert="auth_serv/rsa3072-ca.pem",
--- a/tests/hwsim/test_wpas_ctrl.py
+++ b/tests/hwsim/test_wpas_ctrl.py
-@@ -1834,7 +1834,7 @@ def _test_wpas_ctrl_oom(dev):
+@@ -1842,7 +1842,7 @@ def _test_wpas_ctrl_oom(dev):
tls = dev[0].request("GET tls_library")
if not tls.startswith("internal"):
tests.append(('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', 'FAIL',
@@ -1179,7 +1179,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
res = dev[0].request(cmd)
--- a/tests/hwsim/utils.py
+++ b/tests/hwsim/utils.py
-@@ -135,7 +135,13 @@ def check_fils_sk_pfs_capa(dev):
+@@ -141,7 +141,13 @@ def check_imsi_privacy_support(dev):
def check_tls_tod(dev):
tls = dev.request("GET tls_library")
@@ -1308,7 +1308,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
if (need_more_data) {
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1108,6 +1108,7 @@ CFLAGS += -DCONFIG_TLSV12
+@@ -1122,6 +1122,7 @@ CFLAGS += -DCONFIG_TLSV12
endif
ifeq ($(CONFIG_TLS), wolfssl)
@@ -1316,7 +1316,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef TLS_FUNCS
CFLAGS += -DWOLFSSL_DER_LOAD
OBJS += ../src/crypto/tls_wolfssl.o
-@@ -1123,6 +1124,7 @@ LIBS_p += -lwolfssl -lm
+@@ -1137,6 +1138,7 @@ LIBS_p += -lwolfssl -lm
endif
ifeq ($(CONFIG_TLS), openssl)
@@ -1324,7 +1324,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
ifdef TLS_FUNCS
CFLAGS += -DEAP_TLS_OPENSSL
-@@ -1150,6 +1152,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
+@@ -1164,6 +1166,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
endif
ifeq ($(CONFIG_TLS), mbedtls)
@@ -1332,7 +1332,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=mbedtls
endif
-@@ -1169,6 +1172,7 @@ endif
+@@ -1183,6 +1186,7 @@ endif
endif
ifeq ($(CONFIG_TLS), gnutls)
@@ -1340,7 +1340,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifndef CONFIG_CRYPTO
# default to libgcrypt
CONFIG_CRYPTO=gnutls
-@@ -1199,6 +1203,7 @@ endif
+@@ -1213,6 +1217,7 @@ endif
endif
ifeq ($(CONFIG_TLS), internal)
@@ -1348,7 +1348,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=internal
endif
-@@ -1279,6 +1284,7 @@ endif
+@@ -1293,6 +1298,7 @@ endif
endif
ifeq ($(CONFIG_TLS), linux)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 10:10:41 +0000