wolfCrypt Receives FIPS 140-2 Certificate #2425

The Cryptographic Module Validation Program (CMVP) has issued FIPS 140-2 Certificate #2425 (most up-to-date certificate: #3389) for the wolfCrypt Module developed by wolfSSL Inc. The CMVP was established by the National Institute of Standards and Technology (NIST) to validate FIPS 140-2 cryptographic modules and oversee the independent laboratories performing the cryptographic module testing.

FIPS 140-2 requires the use of validated cryptography in the security systems implemented by federal agencies to protect sensitive information.

The wolfCrypt Module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency. The wolfCrypt Module was initially tested on Linux, iOS, and Android platforms. FreeRTOS and Windows platforms (including Windows Kernel) will soon be included on the FIPS 140-2 certificate.

“The wolfCrypt Module successfully completed the rigorous FIPS 140-2 Level 1 validation process. This process includes verification of proper documentation, configuration management review, algorithm testing, source code review, operational testing, and coordination with the CMVP,” said Marc Ireland, FIPS Program Manager at InfoGard Laboratories.

“wolfSSL customers are using our software FIPS cryptographic module in small embedded devices, network appliances, and large server systems,” said Larry Stefonic, Founder and CEO of wolfSSL Inc. “We are committed to adding new platforms and performing custom FIPS validations to offload the certification testing burden from our customers.”

Important differentiators in the wolfCrypt Module include the implementation of a Default Entry Point and DRBG Health Testing.

wolfCrypt implements a Default Entry Point to meet FIPS 140-2 Implementation Guidance 9.10. Many other software FIPS modules require the calling application to initiate the power-on self-tests. Those previously validated modules do not meet current guidance from the CMVP and unnecessary risk is being forced on the users of those modules.

In May 2015, the CMVP provided strict guidance to all of the Testing Laboratories that Health Testing is required for FIPS Approved DRBGs. During the wolfCrypt FIPS validation process, InfoGard Laboratories verified through source code review and operational testing that the DRBG Health Testing (described in SP800-90A Section 11.3) was implemented to the requirements.

Please contact wolfSSL Inc. (fips@wolfssl.com) to accelerate your FIPS 140-2 project.