The SafeLogic Blog

SafeLogic is excited to announce CryptoComply OpenSSL 3 FIPS Provider for iOS is now generally available (GA) for production use. As we said when we announced the Early Access Program (EAP), this FIPS 140 validated cryptographic module for iOS devices is compatible with the OpenSSL 3.x architecture. As a result, iOS applications can now use important features in OpenSSL 3.x, such as TLS 1.3, while meeting strict government requirements for strong cryptography with a FIPS 140 validated cryptographic module. 

Further, organizations can leverage SafeLogic’s RapidCert program to get a FIPS 140 certificate in their name from NIST in as little as two months.   Then, with SafeLogic’s MaintainCert service, SafeLogic customers receive white glove maintenance and support covering software and NIST certification. CryptoComply, RapidCert, and MaintainCert are all made available as part of SafeLogic’s FIPS 140 Validation-as-a-Service offering.

Previously to this module, few options existed for iOS application developers needing to implement FIPS 140 validated cryptography compatible with the OpenSSL 3.x architecture. The options looked even worse if these developers wanted to achieve FIPS 140 validation status and receive their own FIPS 140 certificate from NIST.

The reason for this was rooted in a significant technical challenge. While OpenSSL 3.x adopts a Provider architecture where its FIPS provider is loaded into memory dynamically, Apple requires static linking of third-party libraries, which is also required for distribution via the App Store. Therein lies the challenge. With this module, SafeLogic now offers an iOS-compatible static library that supports the OpenSSL 3.x architecture and TLS 1.3, all using SafeLogic’s FIPS 140 validated module for cryptographic operations.

Maintaining FIPS 140 validation is a continuous process and challenge as adversaries are not standing still. Consequently, NIST must continuously evolve FIPS 140 requirements for cryptographic algorithm use and implementation to ensure they stay ahead of cryptanalysis developments.

One significant change in the FIPS industry is the transition from FIPS 140-2 to FIPS 140-3. With SafeLogic’s MaintainCert, customers can rest assured that SafeLogic will enable a smooth migration to FIPS 140-3. As with SafeLogic’s other CryptoComply software modules, when the time comes, customers who are using CryptoComply OpenSSL 3 FIPS Provider for iOS will be migrated to leverage a FIPS 140-3 validated cryptographic module. That transition will be smooth and, in most cases, will not require any heavy lifting.

With this module, SafeLogic is adding another vital capability to its family of CryptoComply FIPS 140 validated cryptographic software modules. SafeLogic already provides drop-in replacement coverage within that family for Android application developers, another key mobility platform. Other modules are also available to cover multiple operating environments and programming languages as drop-in replacements compatible with OpenSSL 3, OpenSSL 1.0.2, Java Cryptography Extension (JCE), and other popular cryptographic providers.

To find out more about CryptoComply OpenSSL 3.0 FIPS Provider for iOS, please contact sales@safelogic.com.