Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 59392c360d3f8b4e6621e5b67c7d8b152b11fa25^! / .
commit59392c360d3f8b4e6621e5b67c7d8b152b11fa25[log] [tgz]
authorAdam Langley <agl@google.com>Wed Jul 19 18:26:06 2017 -0700
committerDavid Benjamin <davidben@google.com>Thu Jul 20 03:32:08 2017 +0000
tree8c0987a1f8e55a73b1ad233b40bf5847a28e8303
parentcfc11c23209f91eb92fba223d23a7fc0eb3b7bd4 [diff]
Update FIPS documentation with pointer to the cert and security policy.

At this point, the security policy document will be maintained in the
BoringSSL repo for change control.

Change-Id: I9ece51a0e9a506267e2f3b5215fb0d516d0d834b
Reviewed-on: https://boringssl-review.googlesource.com/18184
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/crypto/fipsmodule/FIPS.md b/crypto/fipsmodule/FIPS.md
index 30c4487..8378f1b 100644
--- a/crypto/fipsmodule/FIPS.md
+++ b/crypto/fipsmodule/FIPS.md

@@ -1,6 +1,14 @@
 # FIPS 140-2
 
-BoringSSL as a whole is not FIPS validated. However, there is a core library (called BoringCrypto) that is undergoing validation at time of writing. This document contains some notes about the design of the FIPS module and some documentation on performing FIPS-related tasks. This is not a substitute for reading the offical Security Policy (which, at the time of writing, has not yet been published).
+BoringSSL as a whole is not FIPS validated. However, there is a core library (called BoringCrypto) that has been FIPS validated. This document contains some notes about the design of the FIPS module and some documentation on performing FIPS-related tasks. This is not a substitute for reading the offical Security Policy.
+
+Please note that we cannot answer questions about FIPS, nor about using BoringSSL in a FIPS-compliant manner. Please consult with an [accredited CMVP lab](http://csrc.nist.gov/groups/STM/testing_labs/) on these subjects.
+
+## Validations
+
+BoringCrypto has undergone the following validations:
+
+1. 2017-06-15: certificate [#2964](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2017.htm#2964), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20170615.docx) (in docx format).
 
 ## Running CAVP tests
 

diff --git a/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20170615.docx b/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20170615.docx
new file mode 100644
index 0000000..272713b
--- /dev/null
+++ b/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20170615.docx
Binary files differ