FIPS 140-3 Kernel Crypto: libwolfssl.ko delivers a FIPS 140-3 compliant cryptographic stack for the Linux kernel, using the same validated wolfCrypt implementations as the user-space library.

**[wolfGuard](https://www.wolfssl.com/products/wolfguard/):** WolfGuard is a FIPS 140-3 implementation of WireGuard which replaces WireGuard’s non-FIPS algorithms with wolfCrypt’s FIPS based AES-GCM, ECDH, SHA-256 HMAC, and HASH-DRBG. WolfGuard-Go is the Go implementation of WireGuard-Go that enables FIPS 140-3 encryption outside of Kernel for Windows and macOS consumers that need FIPS 140-3.

**Transparent System-Wide Integration:** When configured to register with the Linux Kernel Crypto API (KCAPI), wolfCrypt’s FIPS-validated algorithms are automatically used by new kernel cryptographic operations, including disk encryption, VPN, and all other security services.

**FIPS-Compliant Entropy and DRBG:** The module replaces native kernel entropy mechanisms, transforming /dev/random, /dev/urandom, and getrandom() into NIST SP 800-90B compliant DRBG sources.

**Built-In FIPS Security Features:** Includes mandatory self-tests, integrity verification, private key access controls, continual DRBG health checks, on-demand self-checks at runtime, and extensive automated kernel and interoperability testing.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now