wolfCrypt Is Quantum-Safe and has a FIPS 140-3 CAVP cert!

We’re proud to announce that wolfCrypt Post Quantum has officially received CAVP validation from NIST, listed under certificate #A8437. This validation covers the CNSA 2.0 compatible algorithm library contained within the wolfSSL TLS bundle (v7.0.0), and is a critical milestone on the path to a full FIPS 140-3 module validation for our post-quantum module.

Certificate #A8437 covers implementations of the NIST post-quantum algorithms and other requirements:

• Post-quantum lattice-based KEM: ML-KEM (FIPS 203)
• Post-quantum lattice-based signatures: ML-DSA (FIPS 204)
• Stateless hash-based signatures: SLH-DSA (FIPS 205)
• Stateful hash-based signatures: LMS (SP 800-208)
• Hash functions: SHS (SHA2, SHA3) all variants
• Extendable-output functions: SHAKE (FIPS 202)
• Message authentication: HMAC (all variants)
• Random bit generation: SHA2-512 Hash DRBG

This certificate is the foundation for wolfSSL’s near-term FIPS 140-3 module submission. For those building toward CNSA 2.0 compliance, this CAVP cert provides assurances that the wolfCrypt PQC implementations are ready to begin the validation process!

To learn more about wolfSSL’s post-quantum and FIPS efforts, check out these resources:

• wolfCrypt FIPS 140-3 with Post-Quantum Cryptography Available Now
• wolfCrypt Post Quantum product page
• What is FIPS? (Short version)
• CAVP Certificate #A8437

For questions or integration support for FIPS and post-quantum cryptography, contact us at fips@wolfssl.com.

P.S. – For the cryptographers
A few details behind cert A8437 that integrators will care about:

• ML-DSA & SLH-DSA signing – both modes, both interfaces. We validated deterministic and hedged signing, as well as pure and preHash interfaces. Have a constrained device without a strong RNG? Use deterministic. Need side-channel and fault resilience? Use hedged. Signing a large message or a pre-computed digest? preHash has you covered!
• ML-DSA external µ – validated both ways. Internal and external mu interfaces are both covered, so you can compute the message representative outside the module using another module for pre-hash, HSM, or distributed-signing architectures without a redesign. wolfCrypt FIPS can process from a SCIF L2/L3 module to the flight line wolfCrypt module for example!
• LMS is verify-only by design. Stateful hash-based signing is dangerous in software – a single one-time-key reuse is catastrophic. We validated LMS/LMOTS signature verification (Level 1 software) for on-device firmware checks, leaving signing where it belongs: higher-assurance, Level 3-style signers.
• XMSS too! XMSS is the same story as LMS – verify-only by design – and we’re vendor-affirming it today. The moment CAVP offers testing for it, we’ll validate it.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now