sslapitest.c: With fips skip tests depending on X25519 and X448

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24347)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 21027a9db4d8dfac41f728034c1409e465fc6929..31ba451117981d6a16a96e744d944799784726d4 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4980,10 +4980,14 @@ static int test_key_exchange(int idx)
             break;
 #  ifndef OPENSSL_NO_ECX
         case 4:
+            if (is_fips)
+                return TEST_skip("X25519 might not be supported by fips provider.");
             kexch_alg = NID_X25519;
             kexch_name0 = "x25519";
             break;
         case 5:
+            if (is_fips)
+                return TEST_skip("X448 might not be supported by fips provider.");
             kexch_alg = NID_X448;
             kexch_name0 = "x448";
             break;
@@ -5202,6 +5206,9 @@ static int test_negotiated_group(int idx)
     else
         expectednid = kexch_alg;
 
+    if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448))
+        return TEST_skip("X25519 and X448 might not be available in fips provider.");
+
     if (!istls13)
         max_version = TLS1_2_VERSION;