PRODUCTS

wolfProvider is an OpenSSL 3.x provider powered by wolfSSL’s FIPS-validated wolfCrypt cryptography library. It enables applications to use wolfCrypt for all cryptographic operations through the OpenSSL provider framework. No OpenSSL code modifications required.

Designed as a standalone library, wolfProvider links against wolfSSL (libwolfssl) and integrates seamlessly into OpenSSL-based environments. Algorithm support aligns with wolfCrypt's FIPS 140-3 validated certificates (#4718 & #5041).

For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfSSL.com.

• FIPS-backed cryptography via wolfCrypt
• Dynamic and static provider initialization options
• Optional replacement of OpenSSL's default provider
• Environment-variable–based logging
• Debian packaging support
• OS-agnostic integration and flexible build options
• Command-line testing tools for AES, RSA, ECC, Hash, and RSA-PSS
• Comprehensive application interoperability across widely used software, continuously tested in CI with FIPS mode enabled

wolfProvider offers an optional mode that replaces OpenSSL’s default provider, ensuring that all cryptographic operations, ciphers, hashes, key exchange, key derivation, and key generation, are handled by wolfCrypt. This provides a straightforward path to FIPS-validated cryptography without the need to modify existing OpenSSL-based applications.

OpenSSL Version Support

wolfProvider supports all OpenSSL releases that implement the provider framework.

Initialization modes can be used with any provider-capable OpenSSL build. For OpenSSL 1.x., wolfSSL offers wolfEngine, an engine backed by wolfCrypt. If you’re interested in evaluating wolfEngine, please contact facts@wolfssl.com if you’re interested in evaluating the wolfSSL engine.

Application Interoperability & Continuous Testing

wolfProvider is continuously tested in CI against a wide range of applications to ensure seamless interoperability and reliable FIPS-backed operation. Our automated workflows include testing with the FIPS-validated wolfCrypt library, ensuring all supported applications function correctly under FIPS requirements.

Supported applications under continuous CI testing include: BIND9, CJOSE, curl, gRPC, hostap and wpa supplicant, iperf, KRB5, Libcryptsetup, libeac3, libfido2, libhashkit2, libnice, liboauth2, librelp, libssh2, libwebsocketslibtss2, Net-SNMP, Nginx, OpenLDAP, OpenSC, OpenSSH, OpenSSL, OpenVPN, pam-pkcs11, PPP, python3-ntp, Qt5 Network, Rsync, Socat, sscep, SSSD, Stunnel, systemd, tcpdump, tnftp, TPM2 tools, X11vnc, xmlsec

Supported Operating Environments

• Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, PetaLinux, Apache Mynewt, PikeOS, Azure Sphere OS
• If you would like to test wolfSSL in another environment, let us know and we’ll be happy to support you.