Hello, Could you please provide a link to the methods where the BoringSSL cryptography library is invoked in the implementation of WebCrypto in Chromium? Thanks
четверг, 21 октября 2021 г. в 02:41:29 UTC+4, Adam Langley: > On Wednesday, October 20, 2021 at 3:07:40 PM UTC-7 Jackson Wonderly wrote: > >> I understand from the Chromium Web Crypto README >> <https://chromium.googlesource.com/chromium/src/+/refs/heads/main/components/webcrypto/README.md> >> >> that BoringSSL is used for cryptography. I also understand that BoringSSL >> uses a library BoringCrypto >> <https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md> >> . >> >> My question is: *for the algorithms made available through Chromium's >> Web Crypto API, are some/all of them using BoringCrypto under the hood?* >> >> I ask because there is a version of BoringCrypto that is FIPS validated >> <https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3678>, >> >> which is relevant to what I am currently working on. I understand that the >> version of BoringCrypto included in a given version of Chromium may not be >> FIPS validated. >> > > WebCrypto in Chromium is primarily implemented atop of BoringSSL. For any > specific algorithm, one would have to chase the function calls to confirm, > however. > > Note that BoringSSL in Chromium is not built in FIPS mode and, of the > platforms that Chromium supports, only Android has seen a BoringCrypto > validation. (A list of which can be found here > <https://boringssl.googlesource.com/boringssl/+/refs/heads/master/crypto/fipsmodule/FIPS.md#validations> > .) > > Also, the security policy of the module may require specific functions to > be called to enforce FIPS requirements and Chromium may not be calling > those versions of the functions. > > > Cheers > > AGL > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/716adb99-0beb-4e4e-944e-7158c0b87571n%40chromium.org.
