sslapitest.c: With fips skip tests depending on X25519 and X448

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24347)

(cherry picked from commit f6e469808501f52c7e8f8679d6c3290cf1c258b3)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index f622d25130560a96b8ed74e38cbc295586f3f76d..cbbe70cc9ada661b98f6063dc9b41b1eacc25988 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4914,10 +4914,14 @@ static int test_key_exchange(int idx)
             kexch_name0 = "secp521r1";
             break;
         case 4:
+            if (is_fips)
+                return TEST_skip("X25519 might not be supported by fips provider.");
             kexch_alg = NID_X25519;
             kexch_name0 = "x25519";
             break;
         case 5:
+            if (is_fips)
+                return TEST_skip("X448 might not be supported by fips provider.");
             kexch_alg = NID_X448;
             kexch_name0 = "x448";
             break;
@@ -5132,6 +5136,9 @@ static int test_negotiated_group(int idx)
     else
         expectednid = kexch_alg;
 
+    if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448))
+        return TEST_skip("X25519 and X448 might not be available in fips provider.");
+
     if (!istls13)
         max_version = TLS1_2_VERSION;