wolfSSL Inc., a globally renowned leader in cryptography and
network security solutions, is thrilled to announce the world's
first SP800 140Br1 compliant FIPS 140-3 Validation Certificate
#4718 for wolfSSL's wolfCrypt module.
EDMONDS,
Wash., July 16, 2024 /PRNewswire-PRWeb/ --
wolfSSL, INC., has partnered with AEGISOLVE, INC., on this
unprecedented automated pilot program. Aegisolve is accredited by
the National Voluntary Laboratory Accreditation Program (NVLAP Lab
Code: 200802-0) for Cryptographic and Security Testing to assess
and validate cryptographic based security systems and
telecommunications infrastructure.
wolfSSL's wolfCrypt module is the world's
first SP800 140Br1 compliant FIPS 140-3 Validation Certificate
#4718
"As we move forward, wolfSSL remains focused on enhancing our
technologies and expanding our capabilities. We are dedicated to
continuous innovation in security. The advancements in our FIPS
140-3 module highlight our commitment to delivering
state-of-the-art cryptographic solutions that meet the rigorous
demands of today's cybersecurity landscape." Stated wolfSSL's CTO,
Todd Ouska. "Our collaboration with
AEGISOLVE is just the beginning of a new era in cryptographic
security, paving the way for future innovations and industry
standards."
"As a first of its kind, this is a tremendous achievement and a
huge step forward for the next generation of FIPS 140-3 Validated
Cryptographic Modules." Reported Travis Spann, Founder and
President of AEGISOLVE (NVLAP Lab Code: 200802-0). "AEGISOLVE is
proud to have collaborated with the high-caliber wolfSSL team in
the NIST SP800-140Br1 Pilot Project to achieve this groundbreaking
milestone and we are eager to assist others to achieve the same
goal."
FIPS 140-3 validation testing is a rigorous and extensive
process including detailed source code reviews, design reviews,
documentation reviews, finite state machine verifications, CVE
threat analysis, error injection, port sniffing, configuration
management verifications, operational testing and test evidence
auditing to the applicable requirements of the FIPS 140-3 Derived
Test Requirements and FIPS 140-3 Implementation Guidance.
The National Institute of Standards and Technology (NIST) under
the Cryptographic Module Validation Program (CMVP) issues the 140
Publication Series to coordinate the requirements and standards for
cryptographic modules for use by departments and agencies of
the United States federal
government.
Highlights: Under wolfCrypt FIPS 140-2, power on times in
standard and embedded targets could be slower due to power on self
test requirements of the module. With the wolfCrypt FIPS 140-3
module self-tests are now only required the first time an algorithm
is used or when the application decides is an ideal time to run the
test during a slower event cycle and ahead of first algorithm use.
This means much faster boot times and optimal power and resource
consumption with careful planning!**
Differences between wolfCrypt FIPS 140-2 and wolfCrypt FIPS
140-3:
- 3DES removed from the module, 3DES no longer available
+ CAST (conditional algo self tests)
+ KDF-TLS, TLS v1.2 KDF and TLSv1.3 KDF
+ SSH KDF
+ AES-OFB mode
+ RSA 3072, 4096 and PSS
+ New Degraded mode of operation, which means that in the event
of a CAST failure other algorithm services will remain
available.
* FIPS 140-3: Federal Information Processing Standard
Publication 140-3. For more about what FIPS is please checkout
these blogs:
https://www.wolfssl.com/fips-long-version/
https://www.wolfssl.com/fips-short-version/
https://www.wolfssl.com/live-webinar-everything-you-need-to-know-about-fips-140-3/
** For information on transitioning from 140-2 to 140-3 please
checkout our blog: What is the difference between FIPS 140-2 and
FIPS 140-3?
Contact us at: fips@wolfssl.com
About wolfSSL
wolfSSL focuses on providing lightweight and embedded security
solutions with an emphasis on speed, size, portability, features,
and standards compliance. With its SSL/TLS products and
crypto library, wolfSSL is supporting high security
designs in government, automotive, avionics and other industries.
For government consumers, wolfSSL has a strong history in FIPS
140-2/3, with Common Criteria support. In avionics, wolfSSL has
support for complete RTCA DO-178C level A certification. In
automotive, it supports MISRA-C capabilities. wolfSSL supports
industry standards up to the current TLS 1.3 and DTLS 1.3, is up to
20 times smaller than OpenSSL, offers a simple API, an OpenSSL
compatibility layer, is backed by the robust wolfCrypt cryptography
library, and much more. Our products are open source, giving
customers the freedom to look under the hood. wolfSSL has a mean
time to release a fix for vulnerabilities of less than 36 hours,
offers commercial support up to 24/7, and has the best tested
cryptography and the largest team of software engineers dedicated
to crypto in the market today.
Media Contact
Christin Casperson, wolfSSL, 1
425-245-8247, fips@wolfssl.com, https://www.wolfssl.com/
Twitter, LinkedIn
View original content to download
multimedia:https://www.prweb.com/releases/wolfssl-secures-the-worlds-first-sp800-140br1-compliant-fips-140-3-validation-certificate-302197768.html
SOURCE wolfSSL