Loading...

Type: Bug
Resolution: Not a Bug
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-8.2.0.z
Component/s: golang
Labels:
None

sprint_count:
1

Pool Team:

sst_pt_llvm_rust_go
Sub-System Group:

ssg_platform_tools

Story Points:
2
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
Sprint 5

Preliminary Testing:
None
Test Coverage:
None

Experience:
Architecture:

s390x

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

Golang internal testcase crypto/x509 TestConstraintCases fails on rhel-8.2.0-z:

[root@s390x-kvm-125 ~]# GOLANG_FIPS=1 go test -v -timeout 50m -count=1 crypto/x509
=== RUN   TestConstraintCases
--- FAIL: TestConstraintCases (0.02s)
panic: runtime error: slice bounds out of range [:304942678016] with capacity 72 [recovered]
	panic: runtime error: slice bounds out of range [:304942678016] with capacity 72

goroutine 7 [running]:
testing.tRunner.func1(0xc0000d2100)
	/usr/lib/golang/src/testing/testing.go:874 +0x41a
panic(0x25bf80, 0xc00011a1a0)
	/usr/lib/golang/src/runtime/panic.go:679 +0x1d4
crypto/internal/boring.SignMarshalECDSA(0xc000134000, 0xc00011a120, 0x20, 0x20, 0x0, 0xc000134000, 0xc00010e100, 0x0, 0xc00010e0b0, 0x2e52a0)
	/usr/lib/golang/src/crypto/internal/boring/ecdsa.go:166 +0x220
crypto/internal/boring.SignECDSA(0xc000134000, 0xc00011a120, 0x20, 0x20, 0x0, 0x24224, 0x0, 0x55b4a, 0x5579c)
	/usr/lib/golang/src/crypto/internal/boring/ecdsa.go:136 +0x4e
crypto/ecdsa.Sign(0x2e0340, 0x2da610, 0xc00010e080, 0xc00011a120, 0x20, 0x20, 0x0, 0x1ce1e8, 0x10, 0x2261e0)
	/usr/lib/golang/src/crypto/ecdsa/ecdsa.go:182 +0x10e
crypto/ecdsa.(*PrivateKey).Sign(0xc00010e080, 0x2e0340, 0x2da610, 0xc00011a120, 0x20, 0x20, 0x2e02a0, 0xc000112360, 0x0, 0x0, ...)
	/usr/lib/golang/src/crypto/ecdsa/ecdsa.go:85 +0x4e
crypto/x509.CreateCertificate(0x2e0340, 0x2da610, 0xc0001295a0, 0xc0001295a0, 0x24c340, 0xc00010e080, 0x257360, 0xc00010e080, 0x0, 0xc00004f5a0, ...)
	/usr/lib/golang/src/crypto/x509/x509.go:2210 +0x594
crypto/x509.makeConstraintsCACert(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000112050, ...)
	/usr/lib/golang/src/crypto/x509/name_constraints_test.go:1644 +0x1f8
crypto/x509.TestConstraintCases(0xc0000d2100)
	/usr/lib/golang/src/crypto/x509/name_constraints_test.go:1902 +0x114
testing.tRunner(0xc0000d2100, 0x2a48f8)
	/usr/lib/golang/src/testing/testing.go:909 +0xd6
created by testing.(*T).Run
	/usr/lib/golang/src/testing/testing.go:960 +0x36c
FAIL	crypto/x509	0.020s
FAIL

Internal testsuite crypto/tls also fails to build when testing 'Boring' testcases:

[root@s390x-kvm-125 ~]# GOLANG_FIPS=1 go test -v -timeout 50m -count=1 -run 'Boring' crypto/tls
=== RUN   TestBoringServerProtocolVersion
=== RUN   TestBoringServerProtocolVersion/VersionSSL30
=== RUN   TestBoringServerProtocolVersion/VersionTLS10
=== RUN   TestBoringServerProtocolVersion/VersionTLS11
=== RUN   TestBoringServerProtocolVersion/VersionTLS12
=== RUN   TestBoringServerProtocolVersion/VersionTLS13
--- PASS: TestBoringServerProtocolVersion (0.00s)
    --- PASS: TestBoringServerProtocolVersion/VersionSSL30 (0.00s)
    --- PASS: TestBoringServerProtocolVersion/VersionTLS10 (0.00s)
    --- PASS: TestBoringServerProtocolVersion/VersionTLS11 (0.00s)
    --- PASS: TestBoringServerProtocolVersion/VersionTLS12 (0.00s)
    --- PASS: TestBoringServerProtocolVersion/VersionTLS13 (0.00s)
=== RUN   TestBoringServerCipherSuites
=== RUN   TestBoringServerCipherSuites/suite=0xcca8
=== RUN   TestBoringServerCipherSuites/suite=0xcca8/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xcca9
=== RUN   TestBoringServerCipherSuites/suite=0xcca9/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc02f
=== RUN   TestBoringServerCipherSuites/suite=0xc02f/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc02b
=== RUN   TestBoringServerCipherSuites/suite=0xc02b/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc030
=== RUN   TestBoringServerCipherSuites/suite=0xc030/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc02c
=== RUN   TestBoringServerCipherSuites/suite=0xc02c/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc027
=== RUN   TestBoringServerCipherSuites/suite=0xc027/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc013
=== RUN   TestBoringServerCipherSuites/suite=0xc013/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc023
=== RUN   TestBoringServerCipherSuites/suite=0xc023/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc009
=== RUN   TestBoringServerCipherSuites/suite=0xc009/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc014
=== RUN   TestBoringServerCipherSuites/suite=0xc014/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc00a
=== RUN   TestBoringServerCipherSuites/suite=0xc00a/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0x9c
=== RUN   TestBoringServerCipherSuites/suite=0x9c/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0x9d
=== RUN   TestBoringServerCipherSuites/suite=0x9d/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0x3c
=== RUN   TestBoringServerCipherSuites/suite=0x3c/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0x2f
=== RUN   TestBoringServerCipherSuites/suite=0x2f/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0x35
=== RUN   TestBoringServerCipherSuites/suite=0x35/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc012
=== RUN   TestBoringServerCipherSuites/suite=0xc012/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xa
=== RUN   TestBoringServerCipherSuites/suite=0xa/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0x5
=== RUN   TestBoringServerCipherSuites/suite=0x5/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc011
=== RUN   TestBoringServerCipherSuites/suite=0xc011/fipstls
=== RUN   TestBoringServerCipherSuites/suite=0xc007
=== RUN   TestBoringServerCipherSuites/suite=0xc007/fipstls
--- PASS: TestBoringServerCipherSuites (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xcca8 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xcca8/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xcca9 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xcca9/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc02f (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc02f/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc02b (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc02b/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc030 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc030/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc02c (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc02c/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc027 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc027/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc013 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc013/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc023 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc023/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc009 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc009/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc014 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc014/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc00a (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc00a/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0x9c (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0x9c/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0x9d (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0x9d/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0x3c (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0x3c/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0x2f (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0x2f/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0x35 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0x35/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc012 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc012/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xa (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xa/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0x5 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0x5/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc011 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc011/fipstls (0.00s)
    --- PASS: TestBoringServerCipherSuites/suite=0xc007 (0.00s)
        --- PASS: TestBoringServerCipherSuites/suite=0xc007/fipstls (0.00s)
=== RUN   TestBoringServerCurves
=== RUN   TestBoringServerCurves/curve=29
=== RUN   TestBoringServerCurves/curve=29/fipstls
=== RUN   TestBoringServerCurves/curve=23
=== RUN   TestBoringServerCurves/curve=23/fipstls
=== RUN   TestBoringServerCurves/curve=24
=== RUN   TestBoringServerCurves/curve=24/fipstls
=== RUN   TestBoringServerCurves/curve=25
=== RUN   TestBoringServerCurves/curve=25/fipstls
--- PASS: TestBoringServerCurves (0.00s)
    --- PASS: TestBoringServerCurves/curve=29 (0.00s)
        --- PASS: TestBoringServerCurves/curve=29/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=23 (0.00s)
        --- PASS: TestBoringServerCurves/curve=23/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=24 (0.00s)
        --- PASS: TestBoringServerCurves/curve=24/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=25 (0.00s)
        --- PASS: TestBoringServerCurves/curve=25/fipstls (0.00s)
=== RUN   TestBoringServerSignatureAndHash
=== RUN   TestBoringServerSignatureAndHash/0x804
=== RUN   TestBoringServerSignatureAndHash/0x804/fipstls
=== RUN   TestBoringServerSignatureAndHash/0x403
panic: runtime error: slice bounds out of range [:597000454144] with capacity 141 [recovered]
	panic: runtime error: slice bounds out of range [:597000454144] with capacity 141

goroutine 91 [running]:
testing.tRunner.func1(0xc000210400)
	/usr/lib/golang/src/testing/testing.go:874 +0x41a
panic(0x3e09e0, 0xc000272200)
	/usr/lib/golang/src/runtime/panic.go:679 +0x1d4
crypto/internal/boring.SignMarshalECDSA(0xc00045c148, 0xc0002721e0, 0x20, 0x20, 0x0, 0xc00045c148, 0xc00012e640, 0x0, 0xc00006e2f0, 0x4a18e0)
	/usr/lib/golang/src/crypto/internal/boring/ecdsa.go:166 +0x220
crypto/internal/boring.SignECDSA(0xc00045c148, 0xc0002721e0, 0x20, 0x20, 0x0, 0x2c500, 0x194e2a, 0xc0002721e0, 0x0)
	/usr/lib/golang/src/crypto/internal/boring/ecdsa.go:136 +0x4e
crypto/ecdsa.Sign(0x498540, 0x716cd0, 0xc00006e2c0, 0xc0002721e0, 0x20, 0x20, 0x0, 0x28276a, 0x8, 0x387760)
	/usr/lib/golang/src/crypto/ecdsa/ecdsa.go:182 +0x10e
crypto/ecdsa.(*PrivateKey).Sign(0xc00006e2c0, 0x498540, 0x716cd0, 0xc0002721e0, 0x20, 0x20, 0x4983a0, 0xc000239458, 0x20, 0x403e30000000213, ...)
	/usr/lib/golang/src/crypto/ecdsa/ecdsa.go:85 +0x4e
crypto/tls.(*ecdheKeyAgreement).generateServerKeyExchange(0xc00012e600, 0xc000294000, 0xc0001d5920, 0xc00021f400, 0xc000142fc0, 0x20e, 0x0, 0x0)
	/usr/lib/golang/src/crypto/tls/key_agreement.go:202 +0x522
crypto/tls.(*serverHandshakeState).doFullHandshake(0xc000137bf8, 0x0, 0x0)
	/usr/lib/golang/src/crypto/tls/handshake_server.go:448 +0x364
crypto/tls.(*serverHandshakeState).handshake(0xc000137bf8, 0xc00021f400, 0x0)
	/usr/lib/golang/src/crypto/tls/handshake_server.go:105 +0x348
crypto/tls.(*Conn).serverHandshake(0xc000251180, 0x10, 0xa1)
	/usr/lib/golang/src/crypto/tls/handshake_server.go:60 +0xf8
crypto/tls.(*Conn).Handshake(0xc000251180, 0x0, 0x0)
	/usr/lib/golang/src/crypto/tls/conn.go:1364 +0x2a0
crypto/tls.boringHandshake(0xc000210400, 0xc000001b00, 0xc000294000, 0xc0001d5920, 0x568e10, 0x6aa220, 0x260bf2)
	/usr/lib/golang/src/crypto/tls/boring_test.go:194 +0x180
crypto/tls.TestBoringServerSignatureAndHash.func2(0xc000210400)
	/usr/lib/golang/src/crypto/tls/boring_test.go:234 +0x1ba
testing.tRunner(0xc000210400, 0xc0001ea6b0)
	/usr/lib/golang/src/testing/testing.go:909 +0xd6
created by testing.(*T).Run
	/usr/lib/golang/src/testing/testing.go:960 +0x36c
FAIL	crypto/tls	0.042s
FAIL

These failures are not reproducible on other supported architectures, nor with newer versions of golang.

Please provide the package NVR for which bug is seen:

go-toolset:rhel8:8020020240326115300:02f7cb7a
golang-1.13.15-6.module+el8.2.0+21603+6686a4cb.s390x
openssl-1.1.1c-21.el8_2.s390x
RHEL-8.2.0-20240326.n.24

How reproducible:

100%

Steps to reproduce

GOLANG_FIPS=1 go test -v -timeout 50m -count=1 crypto/x509
GOLANG_FIPS=1 go test -v -timeout 50m -count=1 -run 'Boring' crypto/tls

is related to

RHEL-40571 on s390x and FIPS mode print error msg that this arch is not supported and exit

Planning

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Attachments

Issue Links

Activity

People

Dates