-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
rhel-9.5
-
None
-
1
-
sst_pt_llvm_rust_go
-
ssg_platform_tools
-
None
-
False
-
-
None
-
Sprint 6
-
None
-
None
-
-
All
-
None
Latest rhel-9.5 golang-1.22.4-1.el9 fails to run 'go get' when executing on FIPS mode:
[root@vm-10-0-186-151 tmp]# go mod init test
go: creating new go.mod: module test
[root@vm-10-0-186-151 tmp]# go get -v golang.org/x/net
go: downloading golang.org/x/net v0.26.0
go: added golang.org/x/net v0.26.0
[root@vm-10-0-186-151 tmp]# GOLANG_FIPS=1 go get -v golang.org/x/net
panic: tls: HKDF-Expand-Label invocation failed unexpectedly
goroutine 31 [running]:
crypto/tls.(*cipherSuiteTLS13).expandLabel(0xf54880, {0xc000030a00, 0x20, 0x20}, {0xaccde0?, 0x7?}, {0xc000030a20, 0x20, 0x20}, 0x20)
crypto/tls/key_schedule.go:66 +0x565
crypto/tls.(*cipherSuiteTLS13).deriveSecret(0xf54880, {0xc000030a00, 0x20, 0x20}, {0xaccde0, 0x7}, {0x0?, 0x0?})
crypto/tls/key_schedule.go:86 +0xd2
crypto/tls.(*clientHandshakeStateTLS13).establishHandshakeKeys(0xc000067bd0)
crypto/tls/handshake_client_tls13.go:392 +0x109
crypto/tls.(*clientHandshakeStateTLS13).handshake(0xc000067bd0)
crypto/tls/handshake_client_tls13.go:90 +0x2bb
crypto/tls.(*Conn).clientHandshake(0xc000178388, {0xbe5c00, 0xc000080ff0})
crypto/tls/handshake_client.go:265 +0x594
crypto/tls.(*Conn).handshakeContext(0xc000178388, {0xbe5b90, 0xfff0e0})
crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
crypto/tls/conn.go:1493
net/http.(*persistConn).addTLS.func2()
net/http/transport.go:1573 +0x6e
created by net/http.(*persistConn).addTLS in goroutine 16
net/http/transport.go:1569 +0x309
[root@vm-10-0-186-151 tmp]# rpm -qa golang openssl
openssl-3.2.2-1.el9.x86_64
golang-1.22.4-1.el9.x86_64
TestBoringCertAlgs from crypto/tls testsuite also panics:
[root@vm-10-0-186-151 tmp]# GOLANG_FIPS=1 go test -v -timeout 50m -count=1 -run TestBoringCertAlgs crypto/tls
=== RUN TestBoringCertAlgs
--- FAIL: TestBoringCertAlgs (1.08s)
panic: tls: HKDF-Expand-Label invocation failed unexpectedly [recovered]
panic: tls: HKDF-Expand-Label invocation failed unexpectedly
goroutine 7 [running]:
testing.tRunner.func1.2({0x730a00, 0x834df0})
/usr/lib/golang/src/testing/testing.go:1631 +0x24a
testing.tRunner.func1()
/usr/lib/golang/src/testing/testing.go:1634 +0x377
panic({0x730a00?, 0x834df0?})
/usr/lib/golang/src/runtime/panic.go:770 +0x132
crypto/tls.(*cipherSuiteTLS13).expandLabel(0xa1ce40, {0xc000022e40, 0x20, 0x20}, {0x796bf3?, 0x7?}, {0xc000022e60, 0x20, 0x20}, 0x20)
/usr/lib/golang/src/crypto/tls/key_schedule.go:66 +0x565
crypto/tls.(*cipherSuiteTLS13).deriveSecret(0xa1ce40, {0xc000022e40, 0x20, 0x20}, {0x796bf3, 0x7}, {0x0?, 0x0?})
/usr/lib/golang/src/crypto/tls/key_schedule.go:86 +0xd2
crypto/tls.(*serverHandshakeStateTLS13).sendServerParameters(0xc00002d7f0)
/usr/lib/golang/src/crypto/tls/handshake_server_tls13.go:615 +0x17b
crypto/tls.(*serverHandshakeStateTLS13).handshake(0xc00002d7f0)
/usr/lib/golang/src/crypto/tls/handshake_server_tls13.go:59 +0x72
crypto/tls.(*Conn).serverHandshake(0xc000004e08, {0x838790, 0xc0000703c0})
/usr/lib/golang/src/crypto/tls/handshake_server.go:53 +0x16a
crypto/tls.(*Conn).handshakeContext(0xc000004e08, {0x838640, 0xabcdc0})
/usr/lib/golang/src/crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
/usr/lib/golang/src/crypto/tls/conn.go:1493
crypto/tls.(*Conn).Handshake(...)
/usr/lib/golang/src/crypto/tls/conn.go:1477
crypto/tls.boringHandshake(0xc0000a8680?, 0xc0000a81a0, 0xc0000a8680)
/usr/lib/golang/src/crypto/tls/boring_test.go:202 +0x21f
crypto/tls.TestBoringCertAlgs.func1(0xc0000a8b60, {0x7965ab, 0x5}, 0xc000362e40, {0x76fa40, 0xc0000b4800}, {0xc000362ed0, 0x2, 0x2}, 0x0)
/usr/lib/golang/src/crypto/tls/boring_test.go:380 +0x1fe
crypto/tls.TestBoringCertAlgs(0xc0000a8b60)
/usr/lib/golang/src/crypto/tls/boring_test.go:438 +0x5bb
testing.tRunner(0xc0000a8b60, 0x7d7cd0)
/usr/lib/golang/src/testing/testing.go:1689 +0xfb
created by testing.(*T).Run in goroutine 1
/usr/lib/golang/src/testing/testing.go:1742 +0x390
FAIL crypto/tls 1.120s
FAIL
