Ubuntu FIPS 140-2 Modules FAQ

Ubuntu FIPS 140-2 Modules FAQ

Can I use livepatch to update or patch Ubuntu’s FIPS kernel?

No, livepatch does not support patching the FIPS kernel. They should not be enabled on the same system.

Are the FIPS modules a drop in replacement?

Yes, the FIPS 140-2 certified modules should be a drop in replacement.

However, note that FIPS 140-2 does not allow particular algorithms, thus they will not be available in FIPS mode. Applications trying to access these algorithms from FIPS crypto modules such as libcrypto or kernel cryptoapi, may experience segfaults or other unknown behaviours. Please consult the Security Policy for the various FIPS modules to see what is and isn’t allowed.

Can I use openvpn on my FIPS 140-2 enabled system?

Openvpn prior to version 2.4 uses MD5 for its internal hash algorithm and for the TLS PRF. FIPS 140-2 permits MD5 for PRF. However, openvpn must convey to FIPS openssl module that MD5 is ok for PRF, and currently it doesn’t.

Canonical has provided a fix such that openvpn conveys to FIPS openssl module to use MD5 for PRF since current FIPS 140-2 allows this. The openvpn package on xenial must be updated to 2.3.10-1ubuntu2.2 to acquire this fix.

How do I get debug packages for FIPS?

Please open a ticket with Canonical Support to obtain the FIPS Debug Symbols packages.

How do I get the source?

In the “/etc/apt/sources.list.d/” directory, you will have:

  • “ubuntu-fips-updates.list” after successfully running ua enable fips-updates on the system
  • “ubuntu-fips.list” after successfully running ua enable fips on the system

In that file or those files, as applicable, ensure that the line starting with “deb-src” is uncommented by removing the "# " characters before “deb-src” in the line. For example, an uncommented line in /etc/apt/sources.list.d/ubuntu-fips.list for Bionic will appear like:

deb-src https://esm.ubuntu.com/fips/ubuntu bionic main

After those files are updated as applicable, run,

sudo apt update && sudo apt install dpkg-dev

Finally, download the source using the sudo apt-get source <package> command. Let’s say you want to get the source of the “openssl” package:

sudo apt source openssl

Note: sudo is necessary in the last command – unlike most apt source commands – because it needs to read the permissioned repository key in /etc/apt/auth.conf.d/.

How do I see a changelog?

For the FIPS packages the changelogs are installed locally. For example, the libssl1.0.0 (openssl) package changelog is installed in /usr/share/doc/libss1.0.0 directory.

What applications are known to work?

What applications are known to not work?

  • OpenVPN prior to version 2.3.10-1ubuntu2.2 on xenial crashes. Update to 2.3.10-1ubuntu2.2 or later to acquire a fix.

What applications are known to not be FIPS Compliant?

These may work, but also won’t get the benefits from FIPS packages

  • Firefox
  • Cups
  • Wget

Is FIPS applicable to both desktop and server?

Yes, with some caveats.

  • We have not certified any specific desktop hardware
  • Some applications do not use the system openssl so they will not get any benefits from a FIPS openssl (Firefox is the most obvious example)
  • Other items in the desktop may use cryptography that has not been FIPS evaluated.

Can I use full disk encryption on a FIPS-enabled system?

On Bionic: Yes, full disk encryption will work on a FIPS-enabled system. The libgcrypt20 package provides FIPS-certified full-disk encryption on a system that is running a FIPS-certified kernel. Both of these packages can be installed from the ubuntu-fips metapackage in the FIPS PPA.

On Xenial: Yes, but updates to libgcrypt and cryptsetup are needed to successfully use full disk encryption on a FIPS-enabled xenial system.

  • cryptsetup version 2:1.6.6-5ubuntu2.1 or later
  • libgcrypt version 1.6.5-2ubuntu0.4 or later

How do I tell if FIPS is enabled on my system?

cat /proc/sys/crypto/fips_enabled

If the content is a 1, then FIPS is enabled on the local system. Any FIPS modules will run in FIPS-mode on the system.

If the content is a 0, then FIPS is not enabled on the local system. Any FIPS modules on the system will not run in FIPS-mode.

How can I tell if FIPS packages are installed on my system?

dpkg -l | grep fips

How do you come up with the FIPS versions? Do they include CVEs?

The Ubuntu FIPS packages are forks of those in the Ubuntu archives with FIPS changes on top. Ubuntu CVE tracker https://people.canonical.com/~ubuntu-security/cve/ shows the CVEs addressed by release for an archive source package. By using the base version of a FIPS package, the CVEs addressed in a FIPS package can be deduced.

  • FIPS kernel
    Look into the changelog file, “/usr/share/doc/linux-headers-$(uname -r)/changelog.Debian.gz”, and find the archive package version used to fork. It will be in square brackets.
linux-fips (4.4.0-1005.5) xenial; urgency=medium

* CVE-2017-5715 (Spectre v2 retpoline)
- [Config] disable retpoline checks for first upload

[ Ubuntu: 4.4.0-116.140 ]

All CVEs fixed in 4.4.0-116.140 or earlier are available in the FIPS version.The cve status by releases for the Ubuntu kernel package is at, https://people.canonical.com/~ubuntu-security/cve/pkg/linux.html

  • FIPS userspace modules
    FIPS userspace modules are versioned, *.fips.x.y, here x is the ubuntu version of the debian package, from which the fork occurred. The y indicates the number of iterations of the FIPS package.
    For example, openssl, 1.0.2g-1ubuntu4.fips.4.15.1 is a fork of 1.0.2g-1ubuntu4.15. The fips package has only one iteration which is the set of fips patches applied after the fork from the archive. All CVEs fixed in 1.0.2g-1ubuntu4.15 or earlier will be available in the FIPS version.
    You can check the ubuntu-cve-tracker to see all the cves tracked against OpenSSL, https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html
    You can also search on the status of a single CVE on this page, https://people.canonical.com/~ubuntu-security/cve/

Why did TLS connections stop working with Focal (20.04 LTS)'s FIPS OpenSSL?

Recent changes to the FIPS certification process have required we comply with NIST’s SP800-56A revision 3’s new policies for TLS connections. One of these is changes in Diffie-Hellman (DH) group negotiation. Because the TLS protocol doesn’t support conveying the additional information required by NIST to verify the integrity of DH groups, we must limit connections to using existing pre-approved groups.

This means that any TLS server configured with custom DH group information (typically via a dhparam file) will not work.

There are two ways around this:

  1. Do not provide DH param files when configuring the server and/or do not use DH-based TLS cipher suites.
  2. Use an existing, well-known DH parameter instead (such as the one included below). The approved DH groups are from RFC 7919. Note that these groups must be encoded properly to be read by OpenSSL. The method described in one is generally preferred for all applications.

Note that this only affects DH and does not affect any of the ECDH(E) (Elliptic-Curve Diffie Hellman) cipher suites. In general, the industry has shifted towards preferring ECDHE over DH and it is strongly suggested to move systems to ECDHE when possible.

For simplicity, the RFC 7919 8192-bit DH Parameter (in PEM format for use with OpenSSL) is reproduced below. Please verify this file against known values from the RFC before using: