11-12 March 2025

London ExCeL

wolfSSL Secures the World’s First SP800-140Br1 Compliant FIPS 140-3 Validation Certificate

wolfSSL Secures the World’s First SP800-140Br1 Compliant FIPS 140-3 Validation Certificate

19th November 2024

wolfSSL Inc., a globally renowned leader in cryptography and network security solutions, is thrilled to announce the world’s first SP800 140Br1 compliant FIPS 140-3 Validation Certificate #4718 for wolfSSL’s wolfCrypt module.

wolfSSL partnered with ÆGISOLVE, INC., on this unprecedented automated pilot program. Aegisolve is accredited by the National Voluntary Laboratory Accreditation Program (NVLAP Lab Code: 200802-0) for Cryptographic and Security Testing to assess and validate cryptographic based security systems and telecommunications infrastructure.

“As we move forward, wolfSSL remains focused on enhancing our technologies and expanding our capabilities. We are dedicated to continuous innovation in security. The advancements in our FIPS 140-3 module highlight our commitment to delivering state-of-the-art cryptographic solutions that meet the rigorous demands of today’s cybersecurity landscape.” Stated wolfSSL CTO, Todd Ouska. “Our collaboration with ÆGISOLVE is just the beginning of a new era in cryptographic security, paving the way for future innovations and industry standards.”

“As a first of its kind, this is a tremendous achievement and a huge step forward for the next generation of FIPS 140-3 Validated Cryptographic Modules.” Reported Travis Spann, Founder and President of AEGISOLVE (NVLAP Lab Code: 200802-0). “AEGISOLVE is proud to have collaborated with the high-caliber wolfSSL team in the NIST SP800-140Br1 Pilot Project to achieve this groundbreaking milestone and we are eager to assist others to achieve the same goal.”

FIPS 140-3 validation testing is a rigorous and extensive process including detailed source code reviews, design reviews, documentation reviews, finite state machine verifications, CVE threat analysis, error injection, port sniffing, configuration management verifications, operational testing and test evidence auditing to the applicable requirements of the FIPS 140-3 Derived Test Requirements and FIPS 140-3 Implementation Guidance.

The National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) issues the 140 Publication Series to coordinate the requirements and standards for cryptographic modules for use by departments and agencies of the United States federal government.

Highlights: Under wolfCrypt FIPS 140-2, power on times in standard and embedded targets could be slower due to power on self test requirements of the module. With the wolfCrypt FIPS 140-3 module self-tests are now only required the first time an algorithm is used or when the application decides is an ideal time to run the test during a slower event cycle and ahead of first algorithm use. This means much faster boot times and optimal power and resource consumption with careful planning!**

 

Differences between wolfCrypt FIPS 140-2 and wolfCrypt FIPS 140-3:

  • 3DES removed from the module, 3DES no longer available
  • CAST (conditional algo self tests)
  • KDF-TLS, TLS v1.2 KDF and TLSv1.3 KDF
  • SSH KDF
  • AES-OFB mode
  • RSA 3072, 4096 and PSS
  • New Degraded mode of operation, which means that in the event of a CAST failure other algorithm services will remain available.

* FIPS 140-3: Federal Information Processing Standard Publication 140-3. For more about what FIPS is please checkout these blogs:
https://www.wolfssl.com/fips-long-version/
https://www.wolfssl.com/fips-short-version/
https://www.wolfssl.com/live-webinar-everything-you-need-to-know-about-fips-140-3

 

Contact us at: fips@wolfssl.com

About wolfSSL
wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL/TLS products and crypto library, wolfSSL is supporting high security designs in government, automotive, avionics and other industries. For government consumers, wolfSSL has a strong history in FIPS 140-2/3, with Common Criteria support. In avionics, wolfSSL has support for complete RTCA DO-178C level A certification. In automotive, it supports MISRA-C capabilities. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, and much more. Our products are open source, giving customers the freedom to look under the hood. wolfSSL has a mean time to release a fix for vulnerabilities of less than 36 hours, offers commercial support up to 24/7, and has the best tested cryptography and the largest team of software engineers dedicated to crypto in the market today.

Back to content
REGISTER FREE