x/crypto/wycheproof: TestHkdf cgo errors with boringcrypto

[heschi]

2022-08-18T18:07:23-bc19a97-a5370d0/linux-amd64-boringcrypto
2022-08-18T17:36:52-bc19a97-6dc7b06/linux-amd64-boringcrypto
2022-08-18T17:09:37-bc19a97-c82bbc0/linux-amd64-boringcrypto
2022-08-18T17:01:12-bc19a97-03e1870/linux-amd64-boringcrypto
2022-08-18T16:16:13-bc19a97-b614922/linux-amd64-boringcrypto
2022-08-18T14:53:01-bc19a97-741ab7e/linux-amd64-boringcrypto
2022-08-18T14:52:30-bc19a97-e64c871/linux-amd64-boringcrypto
2022-08-18T13:16:21-bc19a97-38edd9b/linux-amd64-boringcrypto
2022-08-17T18:47:33-04dced1-57d0551/linux-amd64-boringcrypto
2022-08-17T18:37:53-04dced1-ebda5a7/linux-amd64-boringcrypto
2022-08-17T17:47:37-630584e-bc80579/linux-amd64-boringcrypto
2022-08-17T17:47:28-630584e-7e7ecf5/linux-amd64-boringcrypto
2022-08-17T17:40:14-630584e-5e20f2e/linux-amd64-boringcrypto
2022-08-17T17:19:38-630584e-edfeea0/linux-amd64-boringcrypto
2022-08-17T16:48:18-630584e-b11b4b4/linux-amd64-boringcrypto
2022-08-17T16:26:24-630584e-014f0e8/linux-amd64-boringcrypto
2022-08-17T04:10:17-630584e-2c46cc8/linux-amd64-boringcrypto
2022-08-17T04:02:17-630584e-c411886/linux-amd64-boringcrypto
2022-08-17T03:29:36-630584e-c04977f/linux-amd64-boringcrypto
2022-08-17T03:24:24-630584e-c6be710/linux-amd64-boringcrypto
2022-08-17T03:15:44-630584e-e1b62ef/linux-amd64-boringcrypto

--- FAIL: TestHkdf (0.00s)
panic: runtime error: cgo argument has Go pointer to Go pointer [recovered]
	panic: runtime error: cgo argument has Go pointer to Go pointer

goroutine 747 [running]:
testing.tRunner.func1.2({0x74cc80, 0xc0003372a0})
	/workdir/go/src/testing/testing.go:1396 +0x24e
testing.tRunner.func1()
	/workdir/go/src/testing/testing.go:1399 +0x39f
panic({0x74cc80, 0xc0003372a0})
	/workdir/go/src/runtime/panic.go:884 +0x212
crypto/internal/boring.(*boringHMAC).Reset.func1(0xc0002be6c0)
	/workdir/go/src/crypto/internal/boring/hmac.go:106 +0x57
crypto/internal/boring.(*boringHMAC).Reset(0xc0002be6c0)
	/workdir/go/src/crypto/internal/boring/hmac.go:106 +0x94
crypto/internal/boring.NewHMAC(0xc0001c9b88?, {0xc00022a320, 0x28, 0x0?})
	/workdir/go/src/crypto/internal/boring/hmac.go:78 +0x125
crypto/hmac.New(0xc0001c9cd8, {0xc00022a320, 0x28, 0x50})
	/workdir/go/src/crypto/hmac/hmac.go:131 +0x31
golang.org/x/crypto/hkdf.Extract(0xc0002bc4e0?, {0xc0002fcb80, 0x20, 0x40}, {0xc00022a320?, 0xc0001c9e68?, 0x30?})
	/workdir/gopath/src/golang.org/x/crypto/hkdf/hkdf.go:30 +0x85
golang.org/x/crypto/hkdf.New(0x15?, {0xc0002fcb80?, 0x20?, 0x836a88?}, {0xc00022a320?, 0xc000118ca0?, 0x5cee79?}, {0xc0002bc4e0, 0x14, 0x30})
	/workdir/gopath/src/golang.org/x/crypto/hkdf/hkdf.go:91 +0x2b
golang.org/x/crypto/internal/wycheproof.TestHkdf(0xc0003941a0)
	/workdir/gopath/src/golang.org/x/crypto/internal/wycheproof/hkdf_test.go:95 +0x450
testing.tRunner(0xc0003941a0, 0x7a03a8)
	/workdir/go/src/testing/testing.go:1446 +0x10b
created by testing.(*T).Run
	/workdir/go/src/testing/testing.go:1493 +0x35f
FAIL	golang.org/x/crypto/internal/wycheproof	3.246s

cc @golang/security

[rolandshoemaker]

Related to #54558.

[mknyszek]

I think I know the problem here. The cgo check code is checking the heap bits of the referenced object, but I'm pretty sure the span is noscan. In this new heap bitmap world, we don't clear heap bits any more. I think we need to have checks to make sure we don't look at the heap bits if the span is noscan (but I will double check all this). Either that, or clear the heap bitmap for noscan.

[gopherbot]

Change https://go.dev/cl/425175 mentions this issue: runtime: check that a span is noscan before scanning memory

[gopherbot]

Change https://go.dev/cl/425194 mentions this issue: runtime: initialize pointer bits of noscan spans