wolfCrypt and FIPS 140-3

wolfCrypt has been listed on the CMVP IUT List for FIPS 140-3! We are currently working with our testing lab to get validated as quickly as possible with the new FIPS standard from the NIST. wolfSSL is the first software library on the FIPS 140-3 IUT list for embedded development.

FIPS 140-3 involves a few significant changes, and wolfSSL is prepared to deliver the first and best implementation of FIPS 140-3.

FIPS 140-3 is the replacement for FIPS 140-2, so it is always a good idea to switch over to it as soon as possible. You will also want wolfSSL’s FIPS 140-3 Certificate for reasons including:

– Conditional Algorithm Self-Testing (CAST): Testing Streamlined – only test algorithms when they will be first used, or at will
– Addition of TLS v1.2 KDF (RFC7627) and v1.3 KDF (RFC8446)
– Addition of SSH KDF
– Addition of explicit testing of 3072-bit and 4096-bit RSA
– Addition of RSA-PSS
– Addition of HMAC with SHA-3
– Addition of AES-OFB mode
– Addition of external seeding source callback function for Hash_DRBG
– Removal of insecure algorithms: 3DES and MD5

For more information, please visit our FIPS page here.

If you want an up to date cryptography library and TLS stack that is ready for FIPS 140-3, contact us at fips@wolfssl.com.
Love it? Star wolfSSL on GitHub!