Page 1 of 1

FIPS mode for Cef

PostPosted: Mon Aug 19, 2019 12:24 am
by Gk47
Hi,

I am in search of checking if Cef uses any crypto algorithms that are not FIPS complaint.
I am actually using CefSharp control for my WPF application. When I searched in CefSharp, there was no algorithms which were used, but the underlying framework might be using it. So wanted to get the required information, since I did not find any links discussing on this topic. I thought its good to post it.

As per this link which I got - https://bugs.chromium.org/p/chromium/is ... l?id=31087

My understanding is that Cef does not enable FIPS mode i.e. there might be algorithms that are not FIPS complaint or may not be.
So can any one tell me whether,

1. Cef enables FIPS mode or not? (if my understanding from above link is wrong)
2. Does Cef implements any Crypto algorithms that are not FIPS complaint.

Any help is highly appreciated.

Thank you
Gk

Re: FIPS mode for Cef

PostPosted: Mon Aug 19, 2019 10:24 am
by magreenblatt
CEF is based on Chromium and implements no crypto algorithms independent of Chromium. If Chromium does not support FIPS then neither will CEF.

Re: FIPS mode for Cef

PostPosted: Wed Nov 29, 2023 11:12 am
by JulienIsorce
Hi,

In fact chromium/src/third_party/boringssl implements FIPS mode already. But currently this FIPS mode can only be enabled when building boringssl with CMake.
More details on https://bugs.chromium.org/p/chromium/is ... id=1499816.
So at Netskope we ported the FIPS build from CMake to GN so that the FIPS mode can be enabled when building chromium: https://chromium-review.googlesource.co ... /+/5071615

For now the boringssl owner in chromium is not interested but things might change in the future.
Therefore, at Netskope we are wondering if you would be interested to carry this patch in CEF for the time being ?

Thank you,
Julien

Re: FIPS mode for Cef

PostPosted: Wed Nov 29, 2023 12:01 pm
by magreenblatt
I appreciate your effort here, but I think this is something that needs to be accepted in Chromium first.