Bug 1977914

Summary: TestBoringServerCurves from crypto/tls fails when executed separately [rhel-9]
Product: Red Hat Enterprise Linux 9 Reporter: Edjunior Barbosa Machado <emachado>
Component: golangAssignee: David Benoit <dbenoit>
Status: CLOSED CURRENTRELEASE QA Contact: Edjunior Barbosa Machado <emachado>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: asm, dbenoit, emachado, tschelle, tstellar
Target Milestone: betaKeywords: Bugfix, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: go-toolset-1.16.6-1.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1975830 Environment:
Last Closed: 2021-12-07 21:20:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1975830    
Bug Blocks: 1976168, 2077782, 2079073    

Description Edjunior Barbosa Machado 2021-06-30 17:20:10 UTC 
This is also reproducible with go-toolset-1.16.4-1.el9 and golang-1.16.4-3.el9 on RHEL-9.0.0-20210621.3.

[root@sweetpig-17 ~]# rpm -qa golang go-toolset
golang-1.16.4-3.el9.x86_64
go-toolset-1.16.4-1.el9.x86_64
[root@sweetpig-17 ~]# uname -a
Linux sweetpig-17.4a2m.lab.eng.bos.redhat.com 5.13.0-0.rc4.33.el9.x86_64 #1 SMP Wed Jun 2 19:15:08 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@sweetpig-17 ~]# OPENSSL_CONF=/openssl-boring.cnf GOLANG_FIPS=1 go test crypto/tls -timeout 50m -count=1 -v -v -v -run ^TestBoringServerCurves$
=== RUN   TestBoringServerCurves
=== RUN   TestBoringServerCurves/curve=29
    handshake_server_test.go:57: Got error: tls: no cipher suite supported by both client and server; expected to succeed
=== RUN   TestBoringServerCurves/curve=29/fipstls
=== RUN   TestBoringServerCurves/curve=23
=== RUN   TestBoringServerCurves/curve=23/fipstls
=== RUN   TestBoringServerCurves/curve=24
=== RUN   TestBoringServerCurves/curve=24/fipstls
=== RUN   TestBoringServerCurves/curve=25
=== RUN   TestBoringServerCurves/curve=25/fipstls
--- FAIL: TestBoringServerCurves (0.00s)
    --- FAIL: TestBoringServerCurves/curve=29 (0.00s)
        --- PASS: TestBoringServerCurves/curve=29/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=23 (0.00s)
        --- PASS: TestBoringServerCurves/curve=23/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=24 (0.00s)
        --- PASS: TestBoringServerCurves/curve=24/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=25 (0.00s)
        --- PASS: TestBoringServerCurves/curve=25/fipstls (0.00s)
FAIL
FAIL	crypto/tls	0.060s
FAIL


+++ This bug was initially created as a clone of Bug #1975830 +++

Description of problem:
TestBoringServerCurves from crypto/tls golang internal testsuite fails when executed separately from the other tests:

[root@sheep-2 ~]# GOLANG_FIPS=1 scl enable go-toolset-1.15 -- go test crypto/tls -timeout 50m -count=1 -v -v -v -run ^TestBoringServerCurves$
=== RUN   TestBoringServerCurves
=== RUN   TestBoringServerCurves/curve=29
    handshake_server_test.go:55: Got error: tls: no cipher suite supported by both client and server; expected to succeed
=== RUN   TestBoringServerCurves/curve=29/fipstls
=== RUN   TestBoringServerCurves/curve=23
=== RUN   TestBoringServerCurves/curve=23/fipstls
=== RUN   TestBoringServerCurves/curve=24
=== RUN   TestBoringServerCurves/curve=24/fipstls
=== RUN   TestBoringServerCurves/curve=25
=== RUN   TestBoringServerCurves/curve=25/fipstls
--- FAIL: TestBoringServerCurves (0.00s)
    --- FAIL: TestBoringServerCurves/curve=29 (0.00s)
        --- PASS: TestBoringServerCurves/curve=29/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=23 (0.00s)
        --- PASS: TestBoringServerCurves/curve=23/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=24 (0.00s)
        --- PASS: TestBoringServerCurves/curve=24/fipstls (0.00s)
    --- PASS: TestBoringServerCurves/curve=25 (0.00s)
        --- PASS: TestBoringServerCurves/curve=25/fipstls (0.00s)
FAIL
FAIL	crypto/tls	0.046s
FAIL
[root@sheep-2 ~]# 

The failure is not reproducible when run with other crypto/tls Boring tests (GOLANG_FIPS=1 scl enable go-toolset-1.15 -- go test crypto/tls -timeout 50m -count=1 -v -v -v -run Boring) or with FIPS disabled (GOLANG_FIPS=0).

Version-Release number of selected component (if applicable):
go-toolset-1.15-1.15.13-1.el7_9
go-toolset-1.15-golang-1.15.13-1.el7_9.x86_64
RHEL-7.9-updates-20210608.0

Steps to Reproduce:
1. GOLANG_FIPS=1 scl enable go-toolset-1.15 -- go test crypto/tls -timeout 50m -count=1 -v -v -v -run ^TestBoringServerCurves$

--- Additional comment from Edjunior Barbosa Machado on 2021-06-24 15:02:53 UTC ---

FWIW, this is also reproducible with previous go-toolset-1.15-golang-1.15.11-1.el7_9 released on devtools-2021.2.

--- Additional comment from Edjunior Barbosa Machado on 2021-06-25 09:14:45 UTC ---

Also reproducible with devtools-2021.4 go-toolset-1.16-golang-1.16.4-2.el7_9.