OpenSSH with wolfCrypt FIPS

Many technology vendors implement OpenSSH with OpenSSL in their embedded system or appliance prior to starting a FIPS 140-2 validation. During the FIPS testing process, the vendor discovers that the FIPS Laboratory must verify the OpenSSH implementation:

1. Uses FIPS Approved cryptographic algorithms (with CAVP certificates)
2. Includes self-tests for the FIPS Approved algorithms
3. Prevents use of non-approved algorithms
4. Enters an error state upon self-test failure

This strategy of implementing OpenSSH with OpenSSL creates additional challenges for the vendor in an already complex and time-consuming FIPS testing process.

wolfSSL Inc.’s wolfCrypt FIPS Module for OpenSSH provides a fast path to a FIPS 140-2 validation by meeting all of the FIPS requirements. Only FIPS Approved algorithms are available to OpenSSH. The self-tests are optimized. And the wolfSSL team will perform the CAVP algorithm testing (including SSH KDF and FIPS 186-4 KeyGen) for you on your target platform.

Streamline and simplify your OpenSSH implementation by using the wolfCrypt FIPS Module for OpenSSH. Please contact fips@wolfSSL.com to receive expert guidance on your FIPS 140-2 project.