[fips140][configtls.TestTPM_tpmCertificate_errors] Skip test if GODEBUG=fips140=only is set (open-telemetry#14255)

ycombinator · Syedowais312 · commit 4b374615a142 · 2026-01-15T03:32:32.000+05:30
#### Description In open-telemetry#14225, we skipped the `configtls.TestTPM_loadCertificate` unit test if the tests were run with `GODEBUG=fips140=only`. Otherwise, the unit test failed with a `panic: crypto/cipher: use of CFB is not allowed in FIPS 140-only mode` error. Turns out there was a second unit test in the same package that needed skipping for the same reason: `configtls.TestTPM_tpmCertificate_errors`. This PR skips it too.  #### Link to tracking issue Follow up to open-telemetry#14225
diff --git a/config/configtls/tpm_test.go b/config/configtls/tpm_test.go
@@ -101,6 +101,7 @@ func TestTPM_loadCertificate_error(t *testing.T) {
 }
 
 func TestTPM_tpmCertificate_errors(t *testing.T) {
+	testutil.SkipIfFIPSOnly(t, "use of CFB is not allowed in FIPS 140-only mode")
 	tpm, err := simulator.OpenSimulator()
 	require.NoError(t, err)
 	defer tpm.Close()

Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,7 @@ func TestTPM_loadCertificate_error(t *testing.T) {`
`101`	`101`	`}`
`102`	`102`
`103`	`103`	`func TestTPM_tpmCertificate_errors(t *testing.T) {`
	`104`	`+ testutil.SkipIfFIPSOnly(t, "use of CFB is not allowed in FIPS 140-only mode")`
`104`	`105`	`tpm, err := simulator.OpenSimulator()`
`105`	`106`	`require.NoError(t, err)`
`106`	`107`	`defer tpm.Close()`