From: Pauli <ppzgs1@gmail.com>
Date: Tue, 11 Feb 2025 23:14:08 +0000 (+1100)
Subject: sslapitest: include hybrid KEM tests with FIPS
X-Git-Tag: openssl-3.5.0-alpha1~497
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9fef9b194c2cf95fe9c825f8550fd86dca784e49;p=thirdparty%2Fopenssl.git

sslapitest: include hybrid KEM tests with FIPS

Co-Authored-By: Tomas Mraz <tomas@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26714)
---

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 26b87fcbf3c..22d1523d00c 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -5064,19 +5064,11 @@ static int test_key_exchange(int idx)
             kexch_name0 = "MLKEM512";
             break;
         case 13:
-            if (is_fips) {
-                testresult = 1;
-                goto end;
-            };
             kexch_groups = NULL;
             kexch_name0 = "MLKEM512";
             kexch_names = kexch_name0;
             break;
         case 14:
-            if (is_fips) {
-                testresult = 1;
-                goto end;
-            };
             kexch_groups = NULL;
             kexch_name0 = "MLKEM768";
             kexch_names = kexch_name0;
@@ -5111,11 +5103,9 @@ static int test_key_exchange(int idx)
             return 1;
     }
 
-    /* ML-KEM not yet supported in the FIPS module */
-    if (is_fips && idx >= 12 && idx <= 19) {
-        testresult = 1;
-        goto end;
-    };
+    if (is_fips && fips_provider_version_lt(libctx, 3, 5, 0)
+            && idx >= 12 && idx <= 19)
+        return TEST_skip("ML-KEM not supported in this version of fips provider");
 
     if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
                                        TLS_client_method(), TLS1_VERSION,