Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4156

Details

Module Name
BoringCrypto Android
Standard
FIPS 140-2
Status
Active
Sunset Date
9/21/2026
Overall Level
1
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys.
Security Level Exceptions
  • Physical Security: N/A
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.
Tested Configuration(s)
  • Android 12 running on Google Pixel 3 XL with Qualcomm Snapdragon 845 (SDM845) 32-bit with PAA
  • Android 12 running on Google Pixel 3 XL with Qualcomm Snapdragon 845 (SDM845) 32-bit without PAA
  • Android 12 running on Google Pixel 3 XL with Qualcomm Snapdragon 845 (SDM845) 64-bit with PAA
  • Android 12 running on Google Pixel 3 XL with Qualcomm Snapdragon 845 (SDM845) 64-bit without PAA
  • Android 12 running on Google Pixel 3a XL with Qualcomm Snapdragon 670 (SDM670) 32-bit with PAA
  • Android 12 running on Google Pixel 3a XL with Qualcomm Snapdragon 670 (SDM670) 32-bit without PAA
  • Android 12 running on Google Pixel 3a XL with Qualcomm Snapdragon 670 (SDM670) 64-bit with PAA
  • Android 12 running on Google Pixel 3a XL with Qualcomm Snapdragon 670 (SDM670) 64-bit without PAA
  • Android 12 running on Google Pixel 4 XL with Qualcomm Snapdragon 855 (SDM855) 32-bit with PAA
  • Android 12 running on Google Pixel 4 XL with Qualcomm Snapdragon 855 (SDM855) 32-bit without PAA
  • Android 12 running on Google Pixel 4 XL with Qualcomm Snapdragon 855 (SDM855) 64-bit with PAA
  • Android 12 running on Google Pixel 4 XL with Qualcomm Snapdragon 855 (SDM855) 64-bit without PAA
  • Android 12 running on Google Pixel 4a with Qualcomm Snapdragon 730G (SDM730) 32-bit with PAA
  • Android 12 running on Google Pixel 4a with Qualcomm Snapdragon 730G (SDM730) 32-bit without PAA
  • Android 12 running on Google Pixel 4a with Qualcomm Snapdragon 730G (SDM730) 64-bit with PAA
  • Android 12 running on Google Pixel 4a with Qualcomm Snapdragon 730G (SDM730) 64-bit without PAA
  • Android 12 running on Google Pixel 4a-5G with Qualcomm Snapdragon 765G (SDM765) 32-bit with PAA
  • Android 12 running on Google Pixel 4a-5G with Qualcomm Snapdragon 765G (SDM765) 32-bit without PAA
  • Android 12 running on Google Pixel 4a-5G with Qualcomm Snapdragon 765G (SDM765) 64-bit with PAA
  • Android 12 running on Google Pixel 4a-5G with Qualcomm Snapdragon 765G (SDM765) 64-bit without PAA
  • Android 12 running on Google Pixel 5 with Qualcomm Snapdragon 765G (SDM765) 32-bit with PAA
  • Android 12 running on Google Pixel 5 with Qualcomm Snapdragon 765G (SDM765) 32-bit without PAA
  • Android 12 running on Google Pixel 5 with Qualcomm Snapdragon 765G (SDM765) 64-bit with PAA
  • Android 12 running on Google Pixel 5 with Qualcomm Snapdragon 765G (SDM765) 64-bit without PAA
  • Android 12 running on Google Pixel 6 with Google Tensor/Mali-G78 MP20 32-bit with PAA
  • Android 12 running on Google Pixel 6 with Google Tensor/Mali-G78 MP20 32-bit without PAA (single-user mode)
  • Android 12 running on Google Pixel 6 with Google Tensor/Mali-G78 MP20 64-bit with PAA
  • Android 12 running on Google Pixel 6 with Google Tensor/Mali-G78 MP20 64-bit without PAA
Approved Algorithms
AES Cert. #A1109
CVL Cert. #A1109
DRBG Cert. #A1109
ECDSA Cert. #A1109
HMAC Cert. #A1109
KAS KAS-SSC Cert. #A1109, CVL Cert. #A1109
KAS-SSC Cert. #A1109
KTS AES Cert. #A1109; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #A1109
SHS Cert. #A1109
Triple-DES Cert. #A1109
Allowed Algorithms
MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
dcdc7bbc6e59ac0123407a9dc4d1f43dd0d117cd

Vendor

Google, LLC.
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA

Adam Langley
fips-crypto-officer@google.com

Validation History

Date Type Lab
2/16/2022 Initial ACUMEN SECURITY, LLC