From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 9 May 2024 08:48:56 +0000 (+0200)
Subject: sslapitest.c: With fips skip tests depending on X25519 and X448
X-Git-Tag: openssl-3.0.14~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d80296df203ed3f311556f15a591164ec38a5820;p=thirdparty%2Fopenssl.git

sslapitest.c: With fips skip tests depending on X25519 and X448

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24347)

(cherry picked from commit f6e469808501f52c7e8f8679d6c3290cf1c258b3)
---

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 376d5ddc4db..28bc94d672f 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4907,10 +4907,14 @@ static int test_key_exchange(int idx)
             kexch_name0 = "secp521r1";
             break;
         case 4:
+            if (is_fips)
+                return TEST_skip("X25519 might not be supported by fips provider.");
             kexch_alg = NID_X25519;
             kexch_name0 = "x25519";
             break;
         case 5:
+            if (is_fips)
+                return TEST_skip("X448 might not be supported by fips provider.");
             kexch_alg = NID_X448;
             kexch_name0 = "x448";
             break;
@@ -5125,6 +5129,9 @@ static int test_negotiated_group(int idx)
     else
         expectednid = kexch_alg;
 
+    if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448))
+        return TEST_skip("X25519 and X448 might not be available in fips provider.");
+
     if (!istls13)
         max_version = TLS1_2_VERSION;