diff options
Diffstat (limited to 'package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch')
-rw-r--r-- | package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch index 9e9e88c1eb..148c268f9c 100644 --- a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch +++ b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch @@ -727,7 +727,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> def check_ec_support(dev): tls = dev.request("GET tls_library") -@@ -1625,7 +1668,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma +@@ -1595,7 +1638,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma eap_connect(dev[0], hapd, "TTLS", "pap user", anonymous_identity="ttls", password="password", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", @@ -736,7 +736,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> altsubject_match="EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/") eap_reauth(dev[0], "TTLS") -@@ -2860,6 +2903,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc +@@ -2830,6 +2873,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev): """WPA2-Enterprise negative test - subject mismatch""" @@ -744,7 +744,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hostapd.add_ap(apdev[0], params) dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", -@@ -2920,6 +2964,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat +@@ -2890,6 +2934,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev): """WPA2-Enterprise negative test - altsubject mismatch""" @@ -752,7 +752,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hostapd.add_ap(apdev[0], params) -@@ -3460,7 +3505,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde +@@ -3430,7 +3475,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde dev[0].request("REMOVE_NETWORK all") tls = dev[0].request("GET tls_library") @@ -761,7 +761,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> tests = [(1, "os_get_random;dh_init")] else: tests = [(1, "crypto_dh_init;dh_init")] -@@ -4774,7 +4819,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -4744,7 +4789,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca params["private_key"] = "auth_serv/iCA-server/server.key" hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -770,7 +770,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -4840,6 +4885,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -4810,6 +4855,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1") def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md): @@ -778,7 +778,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> params = int_eap_server_params() params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" params["server_cert"] = "auth_serv/iCA-server/server.pem" -@@ -4849,7 +4895,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ +@@ -4819,7 +4865,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ try: hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -787,7 +787,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -4885,7 +4931,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ +@@ -4855,7 +4901,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ try: hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -796,7 +796,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -4935,7 +4981,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -4905,7 +4951,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca try: hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -805,7 +805,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -5002,7 +5048,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -4972,7 +5018,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -814,7 +814,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -5260,6 +5306,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek +@@ -5230,6 +5276,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev): """WPA2-Enterprise using EAP-TTLS and server PKCS#12 file""" @@ -822,7 +822,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> skip_with_fips(dev[0]) params = int_eap_server_params() del params["server_cert"] -@@ -5272,6 +5319,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12( +@@ -5242,6 +5289,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12( def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev): """EAP-TTLS and server PKCS#12 file with extra certs""" @@ -830,7 +830,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> skip_with_fips(dev[0]) params = int_eap_server_params() del params["server_cert"] -@@ -5294,6 +5342,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv +@@ -5264,6 +5312,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev): """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)""" @@ -838,7 +838,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> params = int_eap_server_params() params["dh_file"] = "auth_serv/dsaparam.pem" hapd = hostapd.add_ap(apdev[0], params) -@@ -5605,8 +5654,8 @@ def test_ap_wpa2_eap_non_ascii_identity2 +@@ -5575,8 +5624,8 @@ def test_ap_wpa2_eap_non_ascii_identity2 def test_openssl_cipher_suite_config_wpas(dev, apdev): """OpenSSL cipher suite configuration on wpa_supplicant""" tls = dev[0].request("GET tls_library") @@ -849,7 +849,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hapd = hostapd.add_ap(apdev[0], params) eap_connect(dev[0], hapd, "TTLS", "pap user", -@@ -5632,14 +5681,14 @@ def test_openssl_cipher_suite_config_wpa +@@ -5602,14 +5651,14 @@ def test_openssl_cipher_suite_config_wpa def test_openssl_cipher_suite_config_hapd(dev, apdev): """OpenSSL cipher suite configuration on hostapd""" tls = dev[0].request("GET tls_library") @@ -868,7 +868,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> eap_connect(dev[0], hapd, "TTLS", "pap user", anonymous_identity="ttls", password="password", ca_cert="auth_serv/ca.pem", phase2="auth=PAP") -@@ -6081,13 +6130,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a +@@ -6051,13 +6100,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a check_tls_ver(dev[0], hapd, "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", "TLSv1.2") @@ -891,7 +891,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls: check_tls_ver(dev[0], hapd, "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3") -@@ -6109,6 +6162,11 @@ def test_ap_wpa2_eap_tls_versions_server +@@ -6079,6 +6132,11 @@ def test_ap_wpa2_eap_tls_versions_server tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"), ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"), ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")] @@ -903,7 +903,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> for exp, flags in tests: hapd.disable() hapd.set("tls_flags", flags) -@@ -7145,6 +7203,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde +@@ -7115,6 +7173,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde def test_eap_tls_ext_cert_check(dev, apdev): """EAP-TLS and external server certification validation""" # With internal server certificate chain validation @@ -911,7 +911,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", identity="tls user", ca_cert="auth_serv/ca.pem", -@@ -7157,6 +7216,7 @@ def test_eap_tls_ext_cert_check(dev, apd +@@ -7127,6 +7186,7 @@ def test_eap_tls_ext_cert_check(dev, apd def test_eap_ttls_ext_cert_check(dev, apdev): """EAP-TTLS and external server certification validation""" # Without internal server certificate chain validation @@ -919,7 +919,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="pap user", anonymous_identity="ttls", password="password", phase2="auth=PAP", -@@ -7167,6 +7227,7 @@ def test_eap_ttls_ext_cert_check(dev, ap +@@ -7137,6 +7197,7 @@ def test_eap_ttls_ext_cert_check(dev, ap def test_eap_peap_ext_cert_check(dev, apdev): """EAP-PEAP and external server certification validation""" # With internal server certificate chain validation @@ -927,7 +927,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP", identity="user", anonymous_identity="peap", ca_cert="auth_serv/ca.pem", -@@ -7177,6 +7238,7 @@ def test_eap_peap_ext_cert_check(dev, ap +@@ -7147,6 +7208,7 @@ def test_eap_peap_ext_cert_check(dev, ap def test_eap_fast_ext_cert_check(dev, apdev): """EAP-FAST and external server certification validation""" @@ -935,7 +935,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> check_eap_capa(dev[0], "FAST") # With internal server certificate chain validation dev[0].request("SET blob fast_pac_auth_ext ") -@@ -7191,10 +7253,6 @@ def test_eap_fast_ext_cert_check(dev, ap +@@ -7161,10 +7223,6 @@ def test_eap_fast_ext_cert_check(dev, ap run_ext_cert_check(dev, apdev, id) def run_ext_cert_check(dev, apdev, net_id): @@ -948,7 +948,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py -@@ -2347,11 +2347,11 @@ def test_ap_ft_ap_oom5(dev, apdev): +@@ -2471,11 +2471,11 @@ def test_ap_ft_ap_oom5(dev, apdev): # This will fail to roam dev[0].roam(bssid1, check_bssid=False) @@ -992,7 +992,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls) capa = dev.request("GET_CAPABILITY dpp") ver = 1 -@@ -3621,6 +3622,9 @@ def test_dpp_proto_auth_req_no_i_proto_k +@@ -3892,6 +3893,9 @@ def test_dpp_proto_auth_req_no_i_proto_k def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev): """DPP protocol testing - invalid I-proto key in Auth Req""" @@ -1002,7 +1002,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key") def test_dpp_proto_auth_req_no_i_nonce(dev, apdev): -@@ -3716,7 +3720,12 @@ def test_dpp_proto_auth_resp_no_r_proto_ +@@ -3987,7 +3991,12 @@ def test_dpp_proto_auth_resp_no_r_proto_ def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev): """DPP protocol testing - invalid R-Proto Key in Auth Resp""" @@ -1016,7 +1016,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev): """DPP protocol testing - no R-nonce in Auth Resp""" -@@ -4078,11 +4087,17 @@ def test_dpp_proto_pkex_exchange_resp_in +@@ -4349,11 +4358,17 @@ def test_dpp_proto_pkex_exchange_resp_in def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev): """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request""" @@ -1106,7 +1106,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> raise HwsimSkip("EC group not supported") --- a/tests/hwsim/test_pmksa_cache.py +++ b/tests/hwsim/test_pmksa_cache.py -@@ -954,7 +954,7 @@ def test_pmksa_cache_preauth_wpas_oom(de +@@ -955,7 +955,7 @@ def test_pmksa_cache_preauth_wpas_oom(de eap_connect(dev[0], hapd, "PAX", "pax.user@example.com", password_hex="0123456789abcdef0123456789abcdef", bssid=apdev[0]['bssid']) @@ -1115,7 +1115,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> with alloc_fail(dev[0], i, "rsn_preauth_init"): res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip() logger.info("Iteration %d - PREAUTH command results: %s" % (i, res)) -@@ -962,7 +962,7 @@ def test_pmksa_cache_preauth_wpas_oom(de +@@ -963,7 +963,7 @@ def test_pmksa_cache_preauth_wpas_oom(de state = dev[0].request('GET_ALLOC_FAIL') if state.startswith('0:'): break @@ -1138,7 +1138,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> heavy_groups = [14, 15, 16] suitable_groups = [15, 16, 17, 18, 19, 20, 21] groups = [str(g) for g in sae_groups] -@@ -2122,6 +2127,8 @@ def run_sae_pwe_group(dev, apdev, group) +@@ -2188,6 +2193,8 @@ def run_sae_pwe_group(dev, apdev, group) logger.info("Add Brainpool EC groups since OpenSSL is new enough") elif tls.startswith("wolfSSL"): logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL") @@ -1149,7 +1149,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> start_sae_pwe_ap(apdev[0], group, 2) --- a/tests/hwsim/test_suite_b.py +++ b/tests/hwsim/test_suite_b.py -@@ -26,6 +26,8 @@ def check_suite_b_tls_lib(dev, dhe=False +@@ -27,6 +27,8 @@ def check_suite_b_tls_lib(dev, dhe=False return if tls.startswith("wolfSSL"): return @@ -1158,7 +1158,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> if not tls.startswith("OpenSSL"): raise HwsimSkip("TLS library not supported for Suite B: " + tls) supported = False -@@ -499,6 +501,7 @@ def test_suite_b_192_rsa_insufficient_dh +@@ -520,6 +522,7 @@ def test_suite_b_192_rsa_insufficient_dh dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192", ieee80211w="2", @@ -1168,7 +1168,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ca_cert="auth_serv/rsa3072-ca.pem", --- a/tests/hwsim/test_wpas_ctrl.py +++ b/tests/hwsim/test_wpas_ctrl.py -@@ -1834,7 +1834,7 @@ def _test_wpas_ctrl_oom(dev): +@@ -1842,7 +1842,7 @@ def _test_wpas_ctrl_oom(dev): tls = dev[0].request("GET tls_library") if not tls.startswith("internal"): tests.append(('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', 'FAIL', @@ -1179,7 +1179,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> res = dev[0].request(cmd) --- a/tests/hwsim/utils.py +++ b/tests/hwsim/utils.py -@@ -135,7 +135,13 @@ def check_fils_sk_pfs_capa(dev): +@@ -141,7 +141,13 @@ def check_imsi_privacy_support(dev): def check_tls_tod(dev): tls = dev.request("GET tls_library") @@ -1308,7 +1308,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> if (need_more_data) { --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -1108,6 +1108,7 @@ CFLAGS += -DCONFIG_TLSV12 +@@ -1122,6 +1122,7 @@ CFLAGS += -DCONFIG_TLSV12 endif ifeq ($(CONFIG_TLS), wolfssl) @@ -1316,7 +1316,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ifdef TLS_FUNCS CFLAGS += -DWOLFSSL_DER_LOAD OBJS += ../src/crypto/tls_wolfssl.o -@@ -1123,6 +1124,7 @@ LIBS_p += -lwolfssl -lm +@@ -1137,6 +1138,7 @@ LIBS_p += -lwolfssl -lm endif ifeq ($(CONFIG_TLS), openssl) @@ -1324,7 +1324,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> CFLAGS += -DCRYPTO_RSA_OAEP_SHA256 ifdef TLS_FUNCS CFLAGS += -DEAP_TLS_OPENSSL -@@ -1150,6 +1152,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF +@@ -1164,6 +1166,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF endif ifeq ($(CONFIG_TLS), mbedtls) @@ -1332,7 +1332,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ifndef CONFIG_CRYPTO CONFIG_CRYPTO=mbedtls endif -@@ -1169,6 +1172,7 @@ endif +@@ -1183,6 +1186,7 @@ endif endif ifeq ($(CONFIG_TLS), gnutls) @@ -1340,7 +1340,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ifndef CONFIG_CRYPTO # default to libgcrypt CONFIG_CRYPTO=gnutls -@@ -1199,6 +1203,7 @@ endif +@@ -1213,6 +1217,7 @@ endif endif ifeq ($(CONFIG_TLS), internal) @@ -1348,7 +1348,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> ifndef CONFIG_CRYPTO CONFIG_CRYPTO=internal endif -@@ -1279,6 +1284,7 @@ endif +@@ -1293,6 +1298,7 @@ endif endif ifeq ($(CONFIG_TLS), linux) |