From a61ee84d0c6ac31bef979bffa9aabb18e15234d1 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 1 May 2018 12:10:07 +0300
Subject: [PATCH] tests: Fix ap_wpa2_eap_fast_cipher_suites with OpenSSL 1.1.1
RC4-SHA cipher case ended up allowing the handshake to be started just
to fail with "no ciphers available" when trying to generate ClientHello.
Fix this by handling an EAP failure case for the RC4-SHA test step with
OpenSSL 1.1.*.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
tests/hwsim/test_ap_eap.py | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index c7633fcb9..edd33c7d0 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -124,7 +124,7 @@ def read_pem(fname):
def eap_connect(dev, hapd, method, identity,
sha256=False, expect_failure=False, local_error_report=False,
- maybe_local_error=False, **kwargs):
+ maybe_local_error=False, report_failure=False, **kwargs):
id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
eap=method, identity=identity,
wait_connect=False, scan_freq="2412", ieee80211w="1",
@@ -132,7 +132,8 @@ def eap_connect(dev, hapd, method, identity,
eap_check_auth(dev, method, True, sha256=sha256,
expect_failure=expect_failure,
local_error_report=local_error_report,
- maybe_local_error=maybe_local_error)
+ maybe_local_error=maybe_local_error,
+ report_failure=report_failure)
if expect_failure:
return id
ev = hapd.wait_event([ "AP-STA-CONNECTED" ], timeout=5)
@@ -142,7 +143,7 @@ def eap_connect(dev, hapd, method, identity,
def eap_check_auth(dev, method, initial, rsn=True, sha256=False,
expect_failure=False, local_error_report=False,
- maybe_local_error=False):
+ maybe_local_error=False, report_failure=False):
ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=16)
if ev is None:
raise Exception("Association and EAP start timed out")
@@ -167,9 +168,17 @@ def eap_check_auth(dev, method, initial, rsn=True, sha256=False,
if "reason=23" not in ev:
raise Exception("Proper reason code for disconnection not reported")
return
- ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
- if ev is None:
- raise Exception("EAP success timed out")
+ if report_failure:
+ ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS",
+ "CTRL-EVENT-EAP-FAILURE"], timeout=10)
+ if ev is None:
+ raise Exception("EAP success timed out")
+ if "CTRL-EVENT-EAP-SUCCESS" not in ev:
+ raise Exception("EAP failed")
+ else:
+ ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
+ if ev is None:
+ raise Exception("EAP success timed out")
if initial:
ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
@@ -3658,10 +3667,12 @@ def test_ap_wpa2_eap_fast_cipher_suites(dev, apdev):
openssl_ciphers=cipher,
anonymous_identity="FAST", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
- pac_file="blob://fast_pac_ciphers")
+ pac_file="blob://fast_pac_ciphers",
+ report_failure=True)
except Exception, e:
- if "Could not select EAP method" in str(e) and cipher == "RC4-SHA":
- tls = dev[0].request("GET tls_library")
+ if cipher == "RC4-SHA" and \
+ ("Could not select EAP method" in str(e) or \
+ "EAP failed" in str(e)):
if "run=OpenSSL 1.1" in tls:
logger.info("Allow failure due to missing TLS library support")
dev[0].request("REMOVE_NETWORK all")