Unit tests fail in Fedora 42 with distro's OpenSSL 3.2.4

[dagood]

My dev machine happens to be Fedora, and I noticed that the tests aren't working for me at ca56270. But... I checked all the tags since v2.0.0 and none of them succeeded with the current Fedora OpenSSL version, so this might just be some Fedora build quirk that might not be worth accounting for in the test suite.

To try to avoid env factors, I repro'd with a Dockerfile. Output from podman build . > build.log:

STEP 7/7: RUN go1.24.1 test ./...
Using libcrypto.so.3
OpenSSL version: OpenSSL 3.2.4 11 Feb 2025
FIPS enabled: true
FIPS capable: true
--- FAIL: TestRSAEncryptDecryptPKCS1 (0.00s)
    --- FAIL: TestRSAEncryptDecryptPKCS1/2048 (0.02s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1/3072 (0.14s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
--- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues (0.15s)
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=true,dq=true,qinv=false (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=false,dq=false,qinv=true (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=false,dq=true,qinv=false (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=true,dq=false,qinv=false (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=false,dq=true,qinv=true (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=true,dq=true,qinv=true (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=true,dq=false,qinv=true (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
    --- FAIL: TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues/dp=false,dq=false,qinv=false (0.00s)
        rsa_test.go:33: EncryptPKCS1v15: EVP_PKEY_encrypt
            openssl error(s):
            error:1C8000A5:Provider routines::illegal or unsupported padding mode
            	providers/implementations/asymciphers/rsa_enc.c:166
FAIL
FAIL	github.com/golang-fips/openssl/v2	1.086s
?   	github.com/golang-fips/openssl/v2/bbig	[no test files]
?   	github.com/golang-fips/openssl/v2/cmd/checkheader	[no test files]
?   	github.com/golang-fips/openssl/v2/cmd/genaesmodes	[no test files]
?   	github.com/golang-fips/openssl/v2/cmd/gentestvectors	[no test files]
?   	github.com/golang-fips/openssl/v2/cmd/mkcgo	[no test files]
?   	github.com/golang-fips/openssl/v2/internal/cryptotest	[no test files]
?   	github.com/golang-fips/openssl/v2/internal/mkcgo	[no test files]
FAIL

(The errors emitted also contain many trailing nul characters that I had to remove from the file (build.log) to make copy-paste work. Maybe we aren't converting C string OpenSSL errors to Go strings properly? (Edit: fixed by #265.))

The Dockerfile:

FROM fedora:42

RUN dnf install -y \
        ca-certificates \
        git \
        gcc \
        golang \
    && dnf clean all

ENV PATH="/root/go/bin:${PATH}"

RUN go install golang.org/dl/go1.24.1@latest \
    && go1.24.1 download

ADD . /w
WORKDIR /w

RUN go1.24.1 test ./...

---

A similar Dockerfile based on buildpack-deps:bookworm (debian) seems to work fine.

Working Dockerfile

FROM buildpack-deps:bookworm

RUN apt update && apt install -y \
        ca-certificates \
        git \
        gcc \
        golang \
    && apt clean all

ENV PATH="/root/go/bin:${PATH}"

RUN go install golang.org/dl/go1.24.1@latest \
    && go1.24.1 download

ADD . /w
WORKDIR /w

RUN go1.24.1 test ./...

[bdhill-arista]

Hey @dagood, I was running into this failure when testing against our OpenSSL version 3.2.2. I reproduced the failure at 7d39d27 using the Dockerfiles from your post, other than adding openssl-libs to the Fedora build in order to use OpenSSL 3.2.4.

A similar Dockerfile based on buildpack-deps:bookworm (debian) seems to work fine.

I noticed a few differences between the Debian and Fedora builds. The Fedora build is running the tests in FIPS mode with OpenSSL 3.2.4, while the Debian Bookworm build is running in non-FIPS mode with OpenSSL 3.0.15:

Fedora (from your build.log):

STEP 7/7: RUN go1.24.1 test ./...
Using libcrypto.so.3
OpenSSL version: OpenSSL 3.2.4 11 Feb 2025
FIPS enabled: true
FIPS capable: true

Debian (from my build):

#10 [6/6] RUN go1.24.1 test -v ./...
#10 21.59 Using libcrypto.so.3
#10 21.59 OpenSSL version: OpenSSL 3.0.15 3 Sep 2024
#10 21.59 FIPS enabled: false
#10 21.59 FIPS capable: false

FWIU, FIPS 140-3 standards prohibit RSA with PKCS1v15 padding for encryption operations (though it's still allowed for signatures) because it's vulnerable to padding oracle attacks. OpenSSL 3.2.4 in FIPS mode correctly enforces this restriction.

I checked all the tags since v2.0.0 and none of them succeeded with the current Fedora OpenSSL version

The tests in the prior v2.0.0 release was passing because TestRSAEncryptDecryptPKCS1 and TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues weren't included in the test suite yet:

• https://github.com/golang-fips/openssl/blob/v2.0.0/rsa_test.go

so this might just be some Fedora build quirk that might not be worth accounting for in the test suite

Doesn't look like this is the case, as this failure is expected behavior for a FIPS-compliant implementation.

What do you think about skipping these tests when FIPS mode is detected (unsure if this should be sensitive to the OpenSSL version)? And use RSA-OAEP padding instead for encryption operations in FIPS environments, since OAEP tests are already passing.

The crypto/rsa PKCS1 encryption/decryption tests would probably need to be skipped in the crypto backend patches for https://github.com/microsoft/go as well. Please let me know if I am overlooking / misunderstanding something.

I could contribute here as well.

Thanks! :)

[dagood]

Thanks for digging deeper!

I checked all the tags since v2.0.0 and none of them succeeded with the current Fedora OpenSSL version

The tests in the prior v2.0.0 release was passing because TestRSAEncryptDecryptPKCS1 and TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues weren't included in the test suite yet:

• https://github.com/golang-fips/openssl/blob/v2.0.0/rsa_test.go

Sorry, my wording wasn't clear--v2.0.0 also failed for me. That was simply the oldest version I attempted, not one that worked. 😄The failures are in TestRSAKeyGeneration/2048 and TestRSAKeyGeneration/3072 with the same EncryptPKCS1v15: EVP_PKEY_encrypt failed 1C8000A5:Provider routines::illegal or unsupported padding mode messages. But yeah, there are fewer failures, just the two.

What do you think about skipping these tests when FIPS mode is detected (unsure if this should be sensitive to the OpenSSL version)? And use RSA-OAEP padding instead for encryption operations in FIPS environments, since OAEP tests are already passing.

IMO, it's more justified to fix this now because:

• It's not just me
• It represents an intended, good behavior of the underlying OpenSSL library

@qmuntal would be the most affected by changes in this area and may have more context/opinions. 🙂 Skipping/avoiding this particular operation sounds right to me, but I don't have thoughts beyond that off the top of my head.

The crypto/rsa PKCS1 encryption/decryption tests would probably need to be skipped in the crypto backend patches for https://github.com/microsoft/go as well. Please let me know if I am overlooking / misunderstanding something.

It's possible that this already works fine in microsoft/go (maybe upstream accounts for this FIPS behavior already or we already patched it), but it would be good to check.

FWIW, golang-fips/openssl tests being more fragile wouldn't surprise me: they're (generally) only a developer resource while working on this library to exercise things, but the Go stdlib tests are more directly making sure that actual Go apps will work properly.

[bdhill-arista]

Hey, thanks for your replies :)

It's possible that this already works fine in microsoft/go (maybe upstream accounts for this FIPS behavior already or we already patched it), but it would be good to check.

I got around to investigating this. When running the tests in FIPS mode, a lot of tests fail for similar reasons, mainly RSA key sizes being too small. I created a best effort analysis with a table of test failures + outputs + causes. I'm not 100% certain on all of the causes, but mainly looks like test vectors that would need to be updated, or tests that can just be skipped.

I've included the Dockerfile, scripts, and json output below:

Dockerfile

# ================================================
# == Fetch Go-FIPS Toolchain Build Dependencies ==
# ================================================
FROM fedora:42 AS bootstrap

# Install cgo-related dependencies
RUN set -eux; \
    # Update all packages
    dnf -y update; \
    # Install required packages
    dnf -y install \
    ca-certificates \
    crypto-policies \
    crypto-policies-scripts \
    gcc-c++ \
    gcc \
    git \
    glibc-devel \
    golang \
    jq \
    make \
    openssl \
    openssl-libs \
    pkgconf \
    sudo \
    ; \
    # Clean up cache to reduce image size
    dnf clean all

# For bootstrapping go build
ENV PATH="/root/go/bin:${PATH}"
RUN go install golang.org/dl/go1.24.1@latest \
    && go1.24.1 download

# Build Microsoft tooling
WORKDIR /go/src/msft-builder
RUN <<EOF
git clone --no-checkout https://github.com/microsoft/go .
git sparse-checkout init
git sparse-checkout set eng/_util
git checkout microsoft/release-branch.go1.24
cd eng/_util
go1.24.1 build -o /usr/local/bin/msft-builder ./cmd/build
EOF

# Fetch openssl shim for testing
WORKDIR /go/src/msft-openssl
RUN git clone --single-branch --branch v2 https://github.com/golang-fips/openssl .

# Download patched sources
WORKDIR /tmp
RUN <<EOF
set -e
curl -L -o go1.24.1.tar.gz \
https://github.com/microsoft/go/releases/download/v1.24.1-6/go1.24.1-20250312.2.src.tar.gz
mkdir -p /build
tar -xvf go1.24.1.tar.gz -C /build
EOF

# ==========================================
# == Verify OpenSSL/v2 Shim Compatibility ==
# ==========================================
FROM bootstrap AS smoketests
COPY --from=bootstrap /go/src/msft-openssl /go/src/msft-openssl
WORKDIR /go/src/msft-openssl
# Catch any openssl and FIPS mode compatibility errors before continuing
# Skipping PKCS1 encryption tests, see:
# https://github.com/golang-fips/openssl/issues/266
RUN CGO_ENABLED=1 go1.24.1 test \
    -skip="TestRSAEncryptDecryptPKCS1_MissingPrecomputedValues|TestRSAEncryptDecryptPKCS1" -v ./...

# =============================================
# == Build the Go-FIPS Toolchain for Testing ==
# =============================================
FROM bootstrap AS buildgo
ARG GOEXPERIMENT
ARG GODEBUG

WORKDIR /build
ENV GOARCH=amd64
ENV GOOS=linux
ENV GOROOT_BOOTSTRAP=/root/sdk/go1.24.1
ENV GO_BUILDER_NAME="${GOOS}-${GOARCH}"
ENV CGO_ENABLED=1
RUN msft-builder -experiment opensslcrypto

# Configure OpenSSL to use FIPS provider
RUN cat > /etc/pki/tls/openssl_fips.cnf <<EOF
.include /etc/ssl/openssl.cnf

[openssl_init]
providers = provider_sect
alg_section = algorithm_sect

[provider_sect]
fips = fips_sect

[fips_sect]
activate = 1

[algorithm_sect]
default_properties = fips=yes
EOF

# Verify FIPS provider is available and loaded
ENV OPENSSL_CONF=/etc/pki/tls/openssl_fips.cnf
RUN openssl list -providers && openssl md5 /etc/hosts || echo "MD5 disabled as expected in FIPS mode"

# HACK: Replace Microsoft's env toggle with Fedora's env toggle
WORKDIR /build/go/src/cmd/go
RUN sed -i 's/OPENSSL_FORCE_FIPS_MODE/OPENSSL_CONF/g' script_test.go

# =====================================================
# == Get Failed Go-FIPS Toolchain Tests in FIPS mode ==
# =====================================================
FROM buildgo AS testfailures
WORKDIR /build
ENV GOEXPERIMENT=opensslcrypto,allowcryptofallback
ENV GODEBUG=fips140=on

# If this fails, that means that we will not be able to run tests in FIPS mode
RUN sudo --preserve-env /build/go/bin/go tool dist test \
    -run "crypto/internal/backend/internal/opensslsetup.*"
# Get all failed tests
RUN sudo --preserve-env /build/go/bin/go tool dist test -json \
    | jq -r 'select(.Action == "fail" and .Test != null)' > /tmp/failed.json
# Generate test regex string
COPY scripts/jq-filter-tests.sh scripts/jq-filter-tests.sh
RUN ./scripts/jq-filter-tests.sh | tee /tmp/skip-test-regex.txt

FROM scratch AS outputfailures
COPY --from=testfailures /tmp/failed-tests.json /
COPY --from=testfailures /tmp/skip-test-regex.txt /

jq-filter-tests.sh

#!/usr/bin/env bash

TMP_DIR="${TMP_DIR:-/tmp}"

# Filter extraneous fields and sort
jq -s 'map(del(.Time, .Elapsed)) | sort | group_by(.Package) | map({(.[0].Package): map(.Test)}) | add' "$TMP_DIR/failed.json" >"$TMP_DIR/failed-tests.json"

# Output generated test regex
TESTS=$(jq -r 'to_entries | map(select(.key)) | map(.key) | join("|")' "$TMP_DIR/failed-tests.json")
echo "!$TESTS"

failed-tests.json

{
  "crypto/rsa": [
    "TestDecryptPKCS1v15",
    "TestEncryptDecryptOAEP",
    "TestEncryptPKCS1v15",
    "TestEncryptPKCS1v15DecrypterSessionKey",
    "TestEncryptPKCS1v15SessionKey",
    "TestEverything",
    "TestEverything/1024",
    "TestEverything/2048",
    "TestKeyGeneration",
    "TestKeyGeneration/512",
    "TestPSS513",
    "TestPSSGolden",
    "TestPSSOpenSSL",
    "TestPSSSigning",
    "TestShortSessionKey",
    "TestSignPKCS1v15",
    "TestUnpaddedSignature",
    "TestVerifyPKCS1v15"
  ],
  "crypto/tls": [
    "TestCrossVersionResume",
    "TestCrossVersionResume/TLSv12",
    "TestCrossVersionResume/TLSv13",
    "TestFIPSCertAlgs",
    "TestFIPSServerProtocolVersion",
    "TestFIPSServerProtocolVersion/no-fips140tls",
    "TestFIPSServerProtocolVersion/no-fips140tls/VersionTLS10",
    "TestFIPSServerProtocolVersion/no-fips140tls/VersionTLS11",
    "TestFIPSServerSignatureAndHash",
    "TestFIPSServerSignatureAndHash/PKCS1WithSHA1",
    "TestFIPSServerSignatureAndHash/PKCS1WithSHA1/no-fips140tls",
    "TestKeysFromPreMasterSecret",
    "TestSCTHandshake",
    "TestSCTHandshake/TLSv12",
    "TestSCTHandshake/TLSv13",
    "TestTLS13OnlyClientHelloCipherSuite",
    "TestTLS13OnlyClientHelloCipherSuite/empty",
    "TestTLS13OnlyClientHelloCipherSuite/nil",
    "TestTLS13OnlyClientHelloCipherSuite/some_TLS_1.2_and_1.3_ciphers",
    "TestTLS13OnlyClientHelloCipherSuite/some_TLS_1.2_cipher",
    "TestTLS13OnlyClientHelloCipherSuite/some_TLS_1.3_cipher",
    "TestVersion"
  ],
  "crypto/x509": [
    "TestCRLCreation",
    "TestCertificateOIDPoliciesGODEBUG",
    "TestCertificatePolicies",
    "TestCertificateRequestOverrides",
    "TestCertificateRequestRoundtripFields",
    "TestCreateCertificateRequest",
    "TestCreateSelfSignedCertificate",
    "TestDisableSHA1ForCertOnly",
    "TestEmptySerialNumber",
    "TestEmptySubject",
    "TestMaxPathLen",
    "TestMaxPathLenNotCA",
    "TestNoAuthorityKeyIdInSelfSignedCert",
    "TestNoSubjectKeyIdInCert",
    "TestRejectCriticalAIA",
    "TestRejectCriticalAKI",
    "TestRejectCriticalSKI"
  ]
}

Note: I did not use the powershell script but did use the build command from https://github.com/microsoft/go for building the toolchain, and carefully replicated the behavior of run-builder for running the toolchain tests in FIPS mode.

Fedora FIPS Mode Test Failures

@qmuntal Please let me know your thoughts. I can triage these failures further and help patch / skip these tests as well. :)

Test	Error Output	Failure Cause
crypto/rsa.TestDecryptPKCS1v15	pkcs1v15_test.go:73: #0 error decrypting: crypto/rsa: decryption error pkcs1v15_test.go:73: #1 error decrypting: crypto/rsa: decryption error pkcs1v15_test.go:73: #2 error decrypting: crypto/rsa: decryption error pkcs1v15_test.go:73: #3 error decrypting: crypto/rsa: decryption error pkcs1v15_test.go:73: #0 error decrypting: crypto/rsa: decryption error pkcs1v15_test.go:73: #1 error decrypting: crypto/rsa: decryption error pkcs1v15_test.go:73: #2 error decrypting: crypto/rsa: decryption error pkcs1v15_test.go:73: #3 error decrypting: crypto/rsa: decryption error	Test uses test512Key (512-bit key) which is below FIPS minimum key length requirement
crypto/rsa.TestEncryptDecryptOAEP	openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit key from cryptography_vectors which is below FIPS minimum key length requirement
crypto/rsa.TestEncryptPKCS1v15	pkcs1v15_test.go:94: error encrypting: EVP_PKEY_encrypt_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 512-bit key which is below FIPS minimum key length requirement
crypto/rsa.TestEncryptPKCS1v15DecrypterSessionKey	pkcs1v15_test.go:164: #0: error decrypting: crypto/rsa: decryption error	Test uses 512-bit key which is below FIPS minimum key length requirement
crypto/rsa.TestEncryptPKCS1v15SessionKey	pkcs1v15_test.go:150: #0 error decrypting pkcs1v15_test.go:150: #1 error decrypting pkcs1v15_test.go:150: #2 error decrypting pkcs1v15_test.go:150: #3 error decrypting	Test uses 512-bit key which is below FIPS minimum key length requirement
crypto/rsa.TestEverything/1024	openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key which is below FIPS minimum key length requirement
crypto/rsa.TestEverything/2048	openssl error(s): error:1C8000A8:Provider routines::invalid padding mode	PKCS1 encryption with 2048-bit key not FIPS-approved (invalid padding mode)
crypto/rsa.TestKeyGeneration/512	openssl error(s): error:1C800069:Provider routines::invalid key length	Test attempts to generate 512-bit RSA key which is below FIPS minimum key length requirement
crypto/rsa.TestPSS513	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 513-bit RSA key which is below FIPS minimum key length requirement
crypto/rsa.TestPSSGolden	pss_test.go:112: crypto/rsa: verification	Test uses pss-vect.txt.bz2, which might contain test vectors which are below FIPS minimum key length requirement
crypto/rsa.TestPSSOpenSSL	pss_test.go:142: crypto/rsa: verification error	Test attempts to verify signature with 512-bit key which is below FIPS minimum key length requirement
crypto/rsa.TestPSSSigning	pss_test.go:184: #0: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #1: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #2: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #3: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #4: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #5: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #6: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #7: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #8: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #9: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length pss_test.go:184: #10: error while signing: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test attempts signing with 1024-bit key which is below FIPS minimum key length requirement
crypto/rsa.TestShortSessionKey	openssl error(s): error:1C800069:Provider routines::invalid key length	Test attempts encryption/decryption with 1024-bit RSA key which is below FIPS minimum key length requirement
crypto/rsa.TestSignPKCS1v15	openssl error(s): error:1C800069:Provider routines::invalid key length	Test attempts signing with 512-bit key which is below FIPS minimum key length requirement
crypto/rsa.TestUnpaddedSignature	openssl error(s): error:1C800069:Provider routines::invalid key length	Test attempts signing with 512-bit key which is below FIPS minimum key length requirement
crypto/rsa.TestVerifyPKCS1v15	pkcs1v15_test.go:233: #0 crypto/rsa: verification error	Test attempts verification with 512-bit key which is below FIPS minimum key length requirement
crypto/tls.TestCrossVersionResume/TLSv12	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestCrossVersionResume/TLSv13	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestFIPSCertAlgs	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA keys in certificate chain which are below FIPS minimum key length requirement
crypto/tls.TestFIPSServerProtocolVersion/no-fips140tls/VersionTLS10	fips_test.go:62: got error: server: tls: failed to sign ECDHE parameters: EVP_PKEY_sign_init failed openssl error(s): error:0308010C:digital envelope routines::unsupported error:0308010C:digital envelope routines::unsupported error:03000086:digital envelope routines::initialization error error:1C800069:Provider routines::invalid key length client: remote error: tls: handshake failure, expected success	Test uses SHA1 digest in signing which is not FIPS-approved
crypto/tls.TestFIPSServerProtocolVersion/no-fips140tls/VersionTLS11	fips_test.go:62: got error: server: tls: failed to sign ECDHE parameters: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: handshake failure, expected success	Test uses SHA1 digest in signing which is not FIPS-approved
crypto/tls.TestFIPSServerSignatureAndHash/PKCS1WithSHA1/no-fips140tls	fips_test.go:265: expected handshake with 0x504b4353315769746853484131 to succeed; client error: remote error: tls: handshake failure; server error: tls: failed to sign ECDHE parameters: EVP_PKEY_CTX_ctrl failed openssl error(s): error:1C8000AE:Provider routines::digest not allowed	Test uses SHA1 digest in signing which is not FIPS-approved ("digest not allowed")
crypto/tls.TestSCTHandshake/TLSv12	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: handshake failure	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestSCTHandshake/TLSv13	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestTLS13OnlyClientHelloCipherSuite/empty	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestTLS13OnlyClientHelloCipherSuite/nil	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestTLS13OnlyClientHelloCipherSuite/some_TLS_1.2_and_1.3_ciphers	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestTLS13OnlyClientHelloCipherSuite/some_TLS_1.2_cipher	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestTLS13OnlyClientHelloCipherSuite/some_TLS_1.3_cipher	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/tls.TestVersion	openssl error(s): error:1C800069:Provider routines::invalid key length client: remote error: tls: internal error	Test uses testRSAPrivateKey (1024-bit) which is below FIPS minimum key length requirement
crypto/x509.TestCRLCreation	x509_test.go:1383: RSA CA: error creating CRL: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestCertificateOIDPoliciesGODEBUG	x509_test.go:4051: CreateCertificate() unexpected error: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestCertificatePolicies	x509_test.go:4085: CreateCertificate() unexpected error: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestCertificateRequestOverrides	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestCertificateRequestRoundtripFields	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestCreateCertificateRequest	openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestCreateSelfSignedCertificate	openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestDisableSHA1ForCertOnly	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestEmptySerialNumber	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestEmptySubject	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestMaxPathLen	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestMaxPathLenNotCA	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestNoAuthorityKeyIdInSelfSignedCert	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestNoSubjectKeyIdInCert	openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestRejectCriticalAIA	x509_test.go:4166: CreateCertificate() unexpected error: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestRejectCriticalAKI	x509_test.go:4141: CreateCertificate() unexpected error: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement
crypto/x509.TestRejectCriticalSKI	x509_test.go:4191: CreateCertificate() unexpected error: EVP_PKEY_sign_init failed openssl error(s): error:1C800069:Provider routines::invalid key length	Test uses 1024-bit RSA key (pemPrivateKey) which is below FIPS minimum key length requirement