Getting FIPS-validated cryptography onto an embedded Linux platform typically involves stitching together kernel modules, userspace libraries, and building system configurations by hand. Now, the meta-wolfssl layer provides a turnkey Yocto build environment that produces a fully integrated wolfSSL FIPS image, from kernel crypto to OpenSSL, GnuTLS, and libgcrypt. You can try it yourself with our […]
Read MoreMore TagCategory: wolfCrypt FIPS
FIPS 140-3 in Rust: what it takes
Your product needs FIPS 140-3. Your stack is Rust. Until now those two facts were in tension. The pure-Rust crypto libraries are not FIPS 140-3 validated. wolfSSL’s Rust crates are different. wolfCrypt has been through FIPS 140-3 validation. The path from Rust to a validated build exists. Here’s what it actually takes. The `fips` feature […]
Read MoreMore TagRust finally has a path to FIPS-certifiable crypto
Rust’s crypto ecosystem is good. `ring` is fast and well-tested. RustCrypto covers almost everything. rustls has replaced OpenSSL in a lot of stacks. None of it is FIPS 140-3 certifiable. If you’re shipping to the US federal, healthcare, finance, or defense, that matters. You can write excellent Rust and still get blocked at the compliance […]
Read MoreMore TagHow to Leverage FIPS to Meet Common Criteria Requirements
Does your project require meeting Common Criteria standards? Using wolfSSL’s FIPS-validated module (or FIPS-ready which is tailored towards FIPS requirements) helps a lot with meeting CC (Common Criteria) because it gives strong, reusable evidence for the crypto portion through independent validation of crypto algorithms and validation evidence with ACVP workflows. Having the ACVP tests and […]
Read MoreMore TagFIPS 140-3 Encryption for Connected Medical Devices
Medical devices need encryption, but government and healthcare buyers often require FIPS 140-3 validated cryptography to meet compliance standards. wolfCrypt FIPS 140-3 provides validated encryption for embedded medical devices with lower memory and processing requirements than standard crypto libraries. It protects stored data and data in transit. wolfSSL FIPS extends this validation to TLS connections […]
Read MoreMore TagFIPS 140-3 Validated OpenZFS Encryption: Is There Demand?
We’re looking at building a wolfCrypt backend for OpenZFS native encryption. Before we commit, we want to know who needs it. If you’re running encrypted ZFS datasets, you’re running unvalidated crypto that no FIPS module can currently help with. Nobody offers FIPS-validated ZFS encryption. Anywhere. The engineering is straightforward. We have already spec’d and prototyped […]
Read MoreMore TagFIPS 140-3 Validated Proxmox VE: Is There Demand?
We’re looking at bringing FIPS 140-3 validated cryptography to Proxmox VE. Before we commit, we want to know if the market actually wants it. Here’s the situation. Broadcom’s VMware licensing changes are pushing a lot of enterprise customers toward Proxmox. Proxmox is solid (Debian-based, KVM, mature, production-proven) and the migration makes technical sense. But organizations […]
Read MoreMore Tagwolfssl-wolfcrypt Rust Crate Version 1.1.0 Released with FIPS Support
We are excited to announce the immediate availability of version 1.1.0 of the wolfssl-wolfcrypt Rust crate! This update is a big milestone, bringing official support for wolfSSL FIPS-enabled cryptography to the Rust ecosystem. Getting started with wolfSSL? Download the latest libraries here and start exploring. Key Highlights The new version focuses on providing robust, validated […]
Read MoreMore TagFIPS 140-3 for CMMC 2.0
In a previous blog post, we defined CMMC 2.0 in terms of NIST 800-171, DIB entities, CUI, FCI and the FIPS 140-3 program. You can find what the acronym stands for here. The bottom line is that FIPS 140-3 is the security certification foundation of CMMC 2.0. Getting started with wolfSSL? Download the latest libraries […]
Read MoreMore TagGuidance for FIPS Customers: Auditing Direct Calls to wc_ecc_verify_hash()
The fix for CVE-2026-5194 is available in wolfSSL 5.9.1. Upgrading to the new version resolves the issue for TLS, DTLS, and X.509 users. FIPS customers need to take a closer look. FIPS users who call wc_ecc_verify_hash() or wc_ecc_verify_hash_ex() directly may remain exposed until they add a small check at their call sites. The required check […]
Read MoreMore Tag