[boringcrypto] crypto/tls/fipsonly: panic runtime error: cgo argument has Go pointer to unpinned Go pointer

[DeeptimanQlik]

Go version

go version go1.21.5 linux/amd64

What operating system and processor architecture are you using (go env)?

GO111MODULE="on"
GOARCH="amd64"
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOAMD64="v1"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"

What did you do?

I am trying to integrate boringcrypto library to my Go application but it panic with runtime error: cgo argument has Go pointer to unpinned Go pointer. For compilation, I am using boringcrypto build variant //go:build boringcrypto to run the internal crypto module tests and to initiate the library.

Application Code

//go:build boringcrypto
// +build boringcrypto

package main

import (
	_ "crypto/tls/fipsonly"
	"log"
     
       ------
       "libraries imports [mongo-go-driver, solace-event-messaging]"
)

func init() { //nolint:gochecknoinits
	log.Println("fips-compliant crypto enforced")
}

func main() {
  // application code runs here
}

Build command

CGO_ENABLED=1 GOEXPERIMENT=boringcrypto go build -o example main.go

As per the recommendation from Google, I am adding additional GOEXPERIMENT=boringcrypto env variable to instantiate the modules and internal linker to BoringSSL.

What did you expect to see?

• The application should boot up properly without showing any runtime errors and MUST show the init() log statement in console.

fips-compliant crypto enforced

What did you see instead?

As soon as application loads, it shows following panic runtime error.

panic: runtime error: cgo argument has Go pointer to unpinned Go pointer
goroutine 1 [running]:
solace.dev/go/messaging/internal/ccsmp.(*SolClientContext).SolClientSessionCreate.func1.1(0x7f78f10cc5b8?, 0x30?, 0xc000640000?, 0xc000aca7e0?)	
/go/src/github.com/example/vendor/solace.dev/go/messaging/internal/ccsmp/ccsmp_core.go:265 +0x51solace.dev
/go/messaging/internal/ccsmp.(*SolClientContext).SolClientSessionCreate.func1()	
/go/src/github.com/example/vendor/solace.dev/go/messaging/internal/ccsmp/ccsmp_core.go:265 +0x25

[seankhliao]

That looks like a problem with your libraries?

[DeeptimanQlik]

I tried to looking at the library implementation which works perfectly without using boringcrypto. And also we don't control the library code flow, as that's a third-party vendor module implementation.

[DeeptimanQlik]

something similar error with an opensource library that resolve by instantiating the object with C.malloc(). Does boringcrypto uses new() or malloc() to instantiate the objects?

PowerDNS/lmdb-go#28

[seankhliao]

It looks more like a library problem than one for boringcrypto https://github.com/SolaceProducts/pubsubplus-go-client/blob/v1.4.0/internal/ccsmp/ccsmp_core.go#L265

[DeeptimanQlik]

The solace library works pretty well and only when we try to integrate boringcrypto it panics with the runtime error because Solace uses CGO_ENABLED internally and that checks for this memory allocations. So, my question is does boringcrypto initializes objects with new() or C.malloc()? And because of this Solace CGO runtime panics.

I checked Solace library code and nowhere it uses new() and only allocate memory with C.malloc(). So, it doesn't have issue with Solace but something needs to looked at in boringcrypto library function calls.

[DeeptimanQlik]

I think both libraries are conflicting because the boringcrypto-> cgo/rewriteCall() returns false to the malloc function names and it ignores all types of malloc allocation calls happens during the CGO runtime execution. And solace didn't like this when CGO_ENABLED in the library.

https://github.com/golang/go/blob/dev.boringcrypto/src/cmd/cgo/gcc.go#L804