Rust finally has a path to FIPS-certifiable crypto

    • Rust’s crypto ecosystem is good. `ring` is fast and well-tested. RustCrypto covers almost everything. rustls has replaced OpenSSL in a lot of stacks.

    None of it is FIPS 140-3 certifiable.

    If you’re shipping to the US federal, healthcare, finance, or defense, that matters. You can write excellent Rust and still get blocked at the compliance step because your crypto library has never been through a NIST validation lab.

    wolfCrypt has. wolfSSL has been doing FIPS-validated crypto for embedded and commercial systems for over a decade. The C library is battle-tested across medical devices, automotive, aerospace, and government deployments.

    Today we’re publishing the Rust wrappers.

    The crates

    | You need | Crate |
|---|---|
| RustCrypto trait compatibility | `wolfcrypt` |
| ring API compatibility | `wolfcrypt-ring-compat` |
| TLS connections | `wolfcrypt-tls` (exported as `wolfssl`) |
| Direct wolfCrypt C API | `wolfcrypt-wrapper` |
| Raw FFI | `wolfcrypt-sys` |

    All code is at [github.com/wolfSSL/wolfssl-rs].

    ring users

    You built on `ring`. Now a customer or compliance audit is asking for FIPS 140-3. `wolfcrypt-ring-compat` is the swap.

    ```toml
# Before
ring = "0.17"

# After
wolfcrypt-ring-compat = { version = "1.16", features = ["ring-sig-verify"] }
```

    Same API. Your `use ring::aead::…` calls stay. The backend is now wolfCrypt.

    Covered: AEADs (AES-GCM, ChaCha20-Poly1305), key agreement (ECDH P-256/P-384, X25519), digests (SHA-1/2 family), HMAC, HKDF, PBKDF2, ECDSA, Ed25519, RSA, and random.

    We run ring’s own test vectors against wolfcrypt-ring-compat, plus Wycheproof and NIST CAVP/SHAVS vectors.

    RustCrypto users

    The `wolfcrypt` crate implements RustCrypto traits on top of wolfCrypt. If your code is written against `digest::Digest`, `aead::Aead`, or `signature::Signer`, you can switch the backend without touching application code.

    ```toml
wolfcrypt = { version = "0.1", features = ["digest", "aead", "signature"] }
```

| Trait | Implementations |
|---|---|
| `digest::Digest` | SHA-1, SHA-224/256/384/512, SHA3-256/384/512 |
| `hmac::Mac` | HMAC-SHA-{1,256,384,512} |
| `cmac::Mac` | AES-{128,256}-CMAC |
| `aead::Aead` | AES-{128,256}-GCM, ChaCha20-Poly1305 |
| `cipher::BlockEncrypt` | AES-{128,256}-{CBC,CTR,CFB} |
| `signature::Signer` | ECDSA (P-256, P-384, P-521), Ed25519, Ed448 |
| `hkdf` | HKDF-SHA-{256,384,512} |

    Plus algorithms without RustCrypto trait coverage: ML-KEM (Kyber), ML-DSA (Dilithium), RSA, DH, ECDH, AES keywrap.

    TLS

    rustls uses ring under the hood, so the same FIPS gap applies. `wolfcrypt-tls` is a TLS client and server backed by wolfSSL.

    ```rust
use wolfssl::{TlsClientConfig, TlsClient, RootCertStore};

let mut roots = RootCertStore::new();
roots.add_pem(include_bytes!("ca.pem"));

let config = TlsClientConfig::builder()
    .with_root_certificates(roots)
    .with_no_client_auth()
    .build()?;

let stream = TcpStream::connect("example.com:443")?;
let mut tls = TlsClient::new(config, "example.com", stream)?;
```

    TLS 1.2 and 1.3. Blocking I/O today; async is on the roadmap.

    Direct API access

    For custom protocol integration, direct struct access, or algorithms not yet wrapped, `wolfcrypt-wrapper` exposes the wolfCrypt C API as safe Rust. It detects at build time which algorithms are compiled into your wolfSSL.

    FIPS

    Every crate supports `features = [“fips”]`. See the [FIPS post](02_fips_140_3.md) for what that actually means — it’s not just a feature flag.

    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now