diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index cf6d4972..e9a7f083 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -71,7 +71,7 @@ def test_new
     assert_not_nil key2.d
   end
 
-  def test_new_exponent
+  def test_new_public_exponent
     # At least 2024-bits RSA key are required in FIPS.
     omit_on_fips
 
@@ -86,13 +86,22 @@ def test_s_generate
     assert_equal 2048, key1.n.num_bits
     assert_equal 65537, key1.e
 
-    # Specify public exponent
     key2 = OpenSSL::PKey::RSA.generate(2048, 65537)
     assert_equal 2048, key2.n.num_bits
     assert_equal 65537, key2.e
     assert_not_nil key2.d
   end
 
+  def test_s_generate_public_exponent
+    # At least 2024-bits RSA key are required in FIPS.
+    omit_on_fips
+
+    # Specify public exponent
+    key = OpenSSL::PKey::RSA.generate(512, 3)
+    assert_equal 512, key.n.num_bits
+    assert_equal 3, key.e
+  end
+
   def test_new_break
     assert_nil(OpenSSL::PKey::RSA.new(2048) { break })
     assert_raise(RuntimeError) do
@@ -101,8 +110,6 @@ def test_new_break
   end
 
   def test_sign_verify
-    # Use 2024-bits RSA key, as OpenSSL 1.1.0 introduced that 512 or 1024-bits
-    # RSA key is insecure.
     rsa = Fixtures.pkey("rsa2048")
     data = "Sign me!"
     signature = rsa.sign("SHA256", data)
@@ -224,8 +231,12 @@ def test_sign_verify_pss
       key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")
 
     # The sign_pss with `salt_length: :max` raises the "invalid salt length"
-    # error on the following part in FIPS. We need to skip the tests in FIPS.
-    # https://github.com/openssl/openssl/blob/d550d2aae531c6fa2e10b1a30d2acdf373663889/providers/implementations/signature/rsa_sig.c#L580-L597
+    # error in FIPS. We need to skip the tests in FIPS.
+    # According to FIPS 186-5 section 5.4, the salt length shall be between zero
+    # and the output block length of the digest function (inclusive).
+    #
+    # FIPS 186-5 section 5.4 PKCS #1
+    # https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
     unless OpenSSL.fips_mode
       signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA1")
       # Should verify on the following salt_length (sLen).
@@ -235,11 +246,11 @@ def test_sign_verify_pss
         key.verify_pss("SHA256", signature, data, salt_length: 222, mgf1_hash: "SHA1")
       assert_equal true,
         key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
-
-      assert_raise(OpenSSL::PKey::RSAError) {
-        key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA1")
-      }
     end
+
+    assert_raise(OpenSSL::PKey::RSAError) {
+      key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA1")
+    }
   end
 
   def test_encrypt_decrypt
@@ -248,8 +259,9 @@ def test_encrypt_decrypt
 
     # Defaults to PKCS #1 v1.5
     raw = "data"
-    # RSA PKCS1 PADDING encrypt is not allowed in FIPS.
-    # https://github.com/openssl/openssl/blob/d550d2aae531c6fa2e10b1a30d2acdf373663889/providers/implementations/asymciphers/rsa_enc.c#L161-L171
+    # According to the NIST SP 800-131A Rev. 2 section 6, PKCS#1 v1.5 padding is
+    # not permitted for key agreement and key transport using RSA in FIPS.
+    # https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
     unless OpenSSL.fips_mode
       enc = rsapub.encrypt(raw)
       assert_equal raw, rsapriv.decrypt(enc)