[rest]: Disable TLS session tickets to avoid AES-CTR panic under FIPS#163
Open
Griffin-micas wants to merge 1 commit into
Open
[rest]: Disable TLS session tickets to avoid AES-CTR panic under FIPS#163Griffin-micas wants to merge 1 commit into
Griffin-micas wants to merge 1 commit into
Conversation
Under sonic_fips=1 the symcrypt OpenSSL provider has no AES-CTR, which crypto/tls uses only for session tickets; the golang- fips backend panics on every TLS handshake, so rest_server resets all connections. Disabling session tickets removes the only AES- CTR call path and restores RESTCONF. Signed-off-by: Griffin Gao <griffin@micasnetworks.com>
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Hi, there are workflow run(s) waiting for approval, you may be first-time contributor. I will notify maintainers to help approve once PR is approved. Thanks! ---Powered by SONiC BuildBot
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Under sonic_fips=1 the symcrypt OpenSSL provider has no AES-CTR, which crypto/tls uses only for session tickets; the golang- fips backend panics on every TLS handshake, so rest_server resets all connections. Disabling session tickets removes the only AES- CTR call path and restores RESTCONF.
Why I did it
On a FIPS image (
sonic_fips=1), every RESTCONF request fails: the TLS handshake completes but the server resets the connection before any HTTP response, socurlreportsSSL_read: Connection reset by peer. It reproduces for 100% of requests, any method/path, with or without credentials, even fromlocalhost.Root cause is a panic in
crypto/tls:crypto/tlsuses AES-CTR in exactly one place — encrypting TLS session tickets (ticket.go). The server sends aNewSessionTicketat the end of every TLS 1.3 handshake, so every connection hits it. Under FIPS the golang-fips OpenSSL backend fetches ciphers with an implicitfips=yesproperty, and the symcrypt provider does not implement AES-CTR (it has ECB/CBC/CFB/GCM/CCM/XTS only — upstreammicrosoft/SymCrypt-OpenSSLhas nop_scossl_aes_ctr.c). The fetch returns NULL andnewCipherCtxpanics.net/httprecovers the panic and drops the connection, sorest_servernever exits — it looks healthy (high uptime, no supervisord restart) yet serves nothing.AES-CTR is a FIPS-approved mode (NIST SP 800-38A) and SymCrypt implements it internally; only the OpenSSL provider shim lacks it. The proper long-term fix is to add AES-CTR to SCOSSL — tracked in issue #. This PR is the mitigation on the rest_server side.
How I did it
crypto/tlsonly needs AES-CTR to encrypt/decrypt session tickets, andshouldSendSessionTickets()/checkForResumption()both short-circuit onConfig.SessionTicketsDisabled. Setting it removes the only code path that steps outside the algorithms symcrypt provides.rest/main/main.go:The only functional effect is loss of TLS session resumption. For a request/response REST/HTTP2 server this is negligible, and disabling session tickets is itself a common hardening step (ticket keys are a forward-secrecy weak point), so it does not weaken security. Applied unconditionally to keep the code simple; it is a no-op-cost change on non-FIPS images.
How to verify it
On a
sonic_fips=1image (grep sonic_fips=1 /proc/cmdline):Before:
After: the request returns a normal RESTCONF response (200/401/404) and there are no new
unsupported cipherpanics in syslog.Confirming the underlying gap (symcrypt has no AES-CTR), in the mgmt-framework container:
In-process reproduction of the FIPS fetch (fails only for CTR; CBC/GCM/EC-P256/X25519 all succeed):