The SafeLogic Blog

SafeLogic is excited to announce the launch of its CryptoComply OpenSSL 3 FIPS Provider for iOS Early Access Program (EAP). With this EAP, SafeLogic is making a FIPS 140 validated cryptographic module for IOS devices, compatible with the OpenSSL 3 architecture, available for testing. As a result, iOS applications can now use important features in OpenSSL 3, such as TLS 1.3, while meeting strict government requirements for strong cryptography with a FIPS 140 validated cryptographic module. 

Further, organizations can leverage SafeLogic’s RapidCert to get a FIPS 140 certificate in their name from NIST in as little as two months.   Then, with SafeLogic’s MaintainCert, SafeLogic customers receive white glove maintenance and support covering software and NIST certification. CryptoComply, RapidCert, and MaintainCert are all made available as part of SafeLogic’s FIPS 140 Validation-as-a-Service offering.

Previously to this EAP, few options existed for iOS application developers needing to implement FIPS 140 validated cryptography compatible with the OpenSSL 3 architecture. The options looked even worse if these developers wanted to achieve FIPS 140 validation status and receive their own FIPS 140 certificate from NIST.

The reason for this was rooted in a significant technical challenge. While OpenSSL 3 adopts a Provider architecture where its FIPS provider is loaded into memory dynamically, Apple requires static linking of third-party libraries, which is also required for distribution via the App Store. Therein lies the challenge. With this EAP, SafeLogic now offers an iOS-compatible static library that supports the OpenSSL 3 architecture and TLS 1.3, all using SafeLogic’s FIPS 140 validated module for cryptographic operations.

Maintaining FIPS 140 validation is a continuous process and challenge as adversaries are not standing still. Consequently, NIST must continuously evolve FIPS 140 requirements for cryptographic algorithm use and implementation to ensure they stay ahead of cryptanalysis developments.

One significant change in the FIPS industry is the transition from FIPS 140-2 to FIPS 140-3. With SafeLogic’s MaintainCert, customers can rest assured that SafeLogic will enable a smooth migration to FIPS 140-3. As with SafeLogic’s other CryptoComply software modules, when the time comes, customers who are using CryptoComply OpenSSL 3 FIPS Provider for iOS will be migrated to leverage a FIPS 140-3 validated cryptographic module. That transition will be smooth and, in most cases, will not require any heavy lifting.

“SafeLogic had always focused on helping organizations adopt strong cryptography seamlessly across their entire infrastructure and development stack,” said Evgeny Gervis, SafeLogic CEO. “Mobile platforms are an integral part of the ecosystem, and SafeLogic is excited to offer iOS application developers a straightforward way to adopt strong, OpenSSL 3 and TLS 1.3 compatible FIPS 140 validated cryptography as an easy-to-adopt, drop-in replacement”.

With this EAP, SafeLogic is adding another vital capability to its family of CryptoComply FIPS 140 validated cryptographic software modules. SafeLogic already provides drop-in replacement coverage within that family for Android application developers, another key mobility platform. Other modules are also available to cover multiple operating environments and programming languages as drop-in replacements compatible with OpenSSL 3, OpenSSL 1.0.2, Java Cryptography Extension (JCE), and other popular cryptographic providers.

SafeLogic already has several customers participating in the EAP and is inviting more companies to join. Depending on the EAP results, the company plans to offer this new product as General Availability (GA) in the first quarter of 2024.

If you are interested in participating in this EAP, fill out the form at the bottom of this page.