Question about Web Crypto API and BoringSSL usage

172 views
Skip to first unread message

Jackson Wonderly

unread,
Oct 20, 2021, 6:07:40 PM10/20/21
to blink-dev
Hello,

I understand from the Chromium Web Crypto README that BoringSSL is used for cryptography. I also understand that BoringSSL uses a library BoringCrypto.

My question is: for the algorithms made available through Chromium's Web Crypto API, are some/all of them using BoringCrypto under the hood?

I ask because there is a version of BoringCrypto that is FIPS validated, which is relevant to what I am currently working on. I understand that the version of BoringCrypto included in a given version of Chromium may not be FIPS validated.

Thank you

Adam Langley

unread,
Oct 20, 2021, 6:41:29 PM10/20/21
to blink-dev, Jackson Wonderly
WebCrypto in Chromium is primarily implemented atop of BoringSSL. For any specific algorithm, one would have to chase the function calls to confirm, however.

Note that BoringSSL in Chromium is not built in FIPS mode and, of the platforms that Chromium supports, only Android has seen a BoringCrypto validation. (A list of which can be found here.)

Also, the security policy of the module may require specific functions to be called to enforce FIPS requirements and Chromium may not be calling those versions of the functions.


Cheers

AGL

Jackson Wonderly

unread,
Oct 21, 2021, 8:50:10 PM10/21/21
to blink-dev, a...@chromium.org, Jackson Wonderly
Thanks for the quick response! This information is very helpful.

I did try to trace the function calls and could see that at least the algorithms I looked at were using BoringSSL, but it was not clear to me what portions of the code are actually part of BoringCrypto specifically. But given the information you have shared, it is not relevant to me anymore.

Иван Кобзарь

unread,
Jul 20, 2023, 9:05:32 AM7/20/23
to blink-dev, Adam Langley, Jackson Wonderly
Hello, Could you please provide a link to the methods where the BoringSSL cryptography library is invoked in the implementation of WebCrypto in Chromium?
Thanks

четверг, 21 октября 2021 г. в 02:41:29 UTC+4, Adam Langley:

K. Moon

unread,
Jul 20, 2023, 12:04:16 PM7/20/23
to Иван Кобзарь, blink-dev, Adam Langley, Jackson Wonderly
Code Search (source.chromium.org) can answer this question for you.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/716adb99-0beb-4e4e-944e-7158c0b87571n%40chromium.org.
Reply all
Reply to author
Forward
0 new messages