From: Anatolii Ohorodnyk <anatolii.ohorodnyk@gmail.com>
Date: Wed, 31 Dec 2025 20:40:11 +0000 (+0000)
Subject: test: use runtime FIPS detection instead of compile-time check
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5707fd07531a4bf923a5a20b136691291e08bd57;p=thirdparty%2Fopenssl.git

test: use runtime FIPS detection instead of compile-time check

Replace #ifdef FIPS_MODULE with OSSL_PROVIDER_available() runtime check
in ecdsatest.c. The compile-time check is not meaningful for test cases
as the test binary may be compiled without FIPS_MODULE but run with the
FIPS provider loaded.

Fixes #28255

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29527)
---

diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index aa81e39f0f1..2641603fc6a 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -96,10 +96,8 @@ static int x9_62_tests(int n)
 
     TEST_info("ECDSA KATs for curve %s", OBJ_nid2sn(nid));
 
-#ifdef FIPS_MODULE
-    if (EC_curve_nid2nist(nid) == NULL)
-        return TEST_skip("skip non approved curves");
-#endif /* FIPS_MODULE */
+    if (OSSL_PROVIDER_available(NULL, "fips") && EC_curve_nid2nist(nid) == NULL)
+        return TEST_skip("skip non approved curves in FIPS mode");
 
     if (!TEST_ptr(mctx = EVP_MD_CTX_new())
         /* get the message digest */