Ubuntu FIPS 140-2 Modules FAQ

Ubuntu FIPS 140-2 Modules FAQ

Can I use livepatch to update or patch Ubuntu’s FIPS kernel?

No, livepatch does not support patching the FIPS kernel. They should not be enabled on the same system.

Are the FIPS modules a drop in replacement?

Yes, the FIPS 140-2 certified modules should be a drop in replacement.

However, note that FIPS 140-2 does not allow particular algorithms, thus they will not be available in FIPS mode. Applications trying to access these algorithms from FIPS crypto modules such as libcrypto or kernel cryptoapi, may experience segfaults or other unknown behaviours. Please consult the Security Policy for the various FIPS modules to see what is and isn’t allowed.

Can I use openvpn on my FIPS 140-2 enabled system?

Openvpn prior to version 2.4 uses MD5 for its internal hash algorithm and for the TLS PRF. FIPS 140-2 permits MD5 for PRF. However, openvpn must convey to FIPS openssl module that MD5 is ok for PRF, and currently it doesn’t.

Canonical has provided a fix such that openvpn conveys to FIPS openssl module to use MD5 for PRF since current FIPS 140-2 allows this. The openvpn package on xenial must be updated to 2.3.10-1ubuntu2.2 to acquire this fix.

How do I get debug packages for FIPS?

Please open a ticket with Canonical Support to obtain the FIPS Debug Symbols packages.

How do I get the source?

In the “/etc/apt/sources.list.d/” directory, you will have:

  • “ubuntu-fips-updates.list” after successfully running ua enable fips-updates on the system
  • “ubuntu-fips.list” after successfully running ua enable fips on the system

In that file or those files, as applicable, ensure that the line starting with “deb-src” is uncommented by removing the "# " characters before “deb-src” in the line. For example, an uncommented line in /etc/apt/sources.list.d/ubuntu-fips.list for Bionic will appear like:

deb-src https://esm.ubuntu.com/fips/ubuntu bionic main

After those files are updated as applicable, run,

sudo apt update && sudo apt install dpkg-dev

Finally, download the source using the sudo apt-get source <package> command. Let’s say you want to get the source of the “openssl” package:

sudo apt source openssl

Note: sudo is necessary in the last command – unlike most apt source commands – because it needs to read the permissioned repository key in /etc/apt/auth.conf.d/.

How do I see a changelog?

For the FIPS packages the changelogs are installed locally. For example, the libssl1.0.0 (openssl) package changelog is installed in /usr/share/doc/libss1.0.0 directory.

What applications are known to work?

What applications are known to not work?

  • OpenVPN prior to version 2.3.10-1ubuntu2.2 on xenial crashes. Update to 2.3.10-1ubuntu2.2 or later to acquire a fix.

What applications are known to not be FIPS Compliant?

These may work, but also won’t get the benefits from FIPS packages

  • Firefox
  • Cups
  • Wget

Is FIPS applicable to both desktop and server?

Yes, with some caveats.

  • We have not certified any specific desktop hardware
  • Some applications do not use the system openssl so they will not get any benefits from a FIPS openssl (Firefox is the most obvious example)
  • Other items in the desktop may use cryptography that has not been FIPS evaluated.

Can I use full disk encryption on a FIPS-enabled system?

On Bionic: Yes, full disk encryption will work on a FIPS-enabled system. The libgcrypt20 package provides FIPS-certified full-disk encryption on a system that is running a FIPS-certified kernel. Both of these packages can be installed from the ubuntu-fips metapackage in the FIPS PPA.

On Xenial: Yes, but updates to libgcrypt and cryptsetup are needed to successfully use full disk encryption on a FIPS-enabled xenial system.

  • cryptsetup version 2:1.6.6-5ubuntu2.1 or later
  • libgcrypt version 1.6.5-2ubuntu0.4 or later

How do I tell if FIPS is enabled on my system?

cat /proc/sys/crypto/fips_enabled

If the content is a 1, then FIPS is enabled on the local system. Any FIPS modules will run in FIPS-mode on the system.

If the content is a 0, then FIPS is not enabled on the local system. Any FIPS modules on the system will not run in FIPS-mode.

How can I tell if FIPS packages are installed on my system?

dpkg -l | grep fips

How do you come up with the FIPS versions? Do they include CVEs?

The Ubuntu FIPS packages are forks of those in the Ubuntu archives with FIPS changes on top. Ubuntu CVE tracker https://people.canonical.com/~ubuntu-security/cve/ shows the CVEs addressed by release for an archive source package. By using the base version of a FIPS package, the CVEs addressed in a FIPS package can be deduced.

  • FIPS kernel
    Look into the changelog file, “/usr/share/doc/linux-headers-$(uname -r)/changelog.Debian.gz”, and find the archive package version used to fork. It will be in square brackets.
linux-fips (4.4.0-1005.5) xenial; urgency=medium

* CVE-2017-5715 (Spectre v2 retpoline)
- [Config] disable retpoline checks for first upload

[ Ubuntu: 4.4.0-116.140 ]

All CVEs fixed in 4.4.0-116.140 or earlier are available in the FIPS version.The cve status by releases for the Ubuntu kernel package is at, https://people.canonical.com/~ubuntu-security/cve/pkg/linux.html

  • FIPS userspace modules
    FIPS userspace modules are versioned, *.fips.x.y, here x is the ubuntu version of the debian package, from which the fork occurred. The y indicates the number of iterations of the FIPS package.
    For example, openssl, 1.0.2g-1ubuntu4.fips.4.15.1 is a fork of 1.0.2g-1ubuntu4.15. The fips package has only one iteration which is the set of fips patches applied after the fork from the archive. All CVEs fixed in 1.0.2g-1ubuntu4.15 or earlier will be available in the FIPS version.
    You can check the ubuntu-cve-tracker to see all the cves tracked against OpenSSL, https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html
    You can also search on the status of a single CVE on this page, https://people.canonical.com/~ubuntu-security/cve/

Why did TLS connections stop working with Focal (20.04 LTS)'s FIPS OpenSSL?

Recent changes to the FIPS certification process have required we comply with NIST’s SP800-56A revision 3’s new policies for TLS connections. One of these is changes in Diffie-Hellman (DH) group negotiation. Because the TLS protocol doesn’t support conveying the additional information required by NIST to verify the integrity of DH groups, we must limit connections to using existing pre-approved groups.

This means that any TLS server configured with custom DH group information (typically via a dhparam file) will not work.

There are two ways around this:

  1. Do not provide DH param files when configuring the server and/or do not use DH-based TLS cipher suites.
  2. Use an existing, well-known DH parameter instead (such as the one included below). The approved DH groups are from RFC 7919. Note that these groups must be encoded properly to be read by OpenSSL. The method described in one is generally preferred for all applications.

Note that this only affects DH and does not affect any of the ECDH(E) (Elliptic-Curve Diffie Hellman) cipher suites. In general, the industry has shifted towards preferring ECDHE over DH and it is strongly suggested to move systems to ECDHE when possible.

For simplicity, the RFC 7919 8192-bit DH Parameter (in PEM format for use with OpenSSL) is reproduced below. Please verify this file against known values from the RFC before using:

-----BEGIN DH PARAMETERS-----
MIIEDAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq
OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE
HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj
w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8
vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70
A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq
qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI
KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C
UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh
e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm
bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh
TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAgICAZA=
-----END DH PARAMETERS-----