From: Tomas Mraz <tomas@openssl.org>
Date: Sat, 20 Sep 2025 14:52:07 +0000 (+0200)
Subject: sslapitest.c: Skip test_ssl_trace() with FIPS providers older than 3.5
X-Git-Tag: openssl-3.5.4~27
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f5aabeb0cff24d22e554e0f545db33292e855347;p=thirdparty%2Fopenssl.git

sslapitest.c: Skip test_ssl_trace() with FIPS providers older than 3.5

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28627)

(cherry picked from commit bb8bbdcfaa89741321a00dc9a97e9d513eb037ff)
---

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 2c68430f17c..657350bbca4 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -13297,6 +13297,9 @@ static int test_ssl_trace(void)
     char *grouplist = "MLKEM512:MLKEM768:MLKEM1024:X25519MLKEM768:SecP256r1MLKEM768"
         ":SecP384r1MLKEM1024:secp521r1:secp384r1:secp256r1";
 
+    if (!fips_provider_version_ge(libctx, 3, 5, 0))
+        return TEST_skip("FIPS provider does not support MLKEM algorithms");
+
     if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
                                        TLS_client_method(),
                                        TLS1_3_VERSION, TLS1_3_VERSION,