-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-9.7
-
None
-
golang-1.24.3-3.el9
-
No
-
Moderate
-
rhel-pt-go
-
ssg_platform_tools
-
None
-
False
-
False
-
-
None
-
None
-
Pass
-
Automated
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Latest rhel-9.7 golang-1.24.3-2.el9 tries to load openssl even without FIPS mode enabled:
# rpm -qa golang
golang-1.24.3-2.el9.x86_64
# go test crypto -o ./test.bin -count=1
ok crypto 0.320s
# GOLANG_FIPS=0 LD_DEBUG=libs ./test.bin |& grep libcrypto
32463: find library=libcrypto.so.3 [0]; searching
32463: trying file=/lib64/libcrypto.so.3
32463: calling init: /lib64/libcrypto.so.3
32463: /lib64/libcrypto.so.3: error: symbol lookup error: undefined symbol: FIPS_mode (fatal)
32463: find library=libcrypto.so.1.1 [0]; searching
32463: trying file=/lib64/glibc-hwcaps/x86-64-v4/libcrypto.so.1.1
32463: trying file=/lib64/glibc-hwcaps/x86-64-v3/libcrypto.so.1.1
32463: trying file=/lib64/glibc-hwcaps/x86-64-v2/libcrypto.so.1.1
(...)
When openssl is not available, this leads to panic:
# GOLANG_FIPS=0 go test -v crypto panic: opensslcrypto: can't initialize OpenSSL : openssl: can't retrieve OpenSSL version goroutine 1 [running]: crypto/internal/backend.init.0() /usr/lib/golang/src/crypto/internal/backend/openssl.go:50 +0x274 exit status 2
This seems to be a regression of RHEL-45359.
- links to
-
RHSA-2025:150489
golang bug fix and enhancement update