)]}' { "log": [ { "commit": "a9ab0ff597ed2e9c1924dbdf2bd104e3400a16d5", "tree": "16bf8103ce9e2c6f35fc6b8e2f835acd051e4efe", "parents": [ "058af966a3ba02ef1321e58a3bf40c1b5266d3c7" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu May 28 07:56:54 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu May 28 07:58:34 2026" }, "message": "[dbsc] Implement TPM signature verification in Rust\n\nImplement cryptographic signature verification for TPM2_Certify\nresponses in Rust using bssl_crypto. This change adds support for\nparsing the TPMT_SIGNATURE structure and verifying both RSA PKCS#1 and\nECDSA P-256 signatures.\n\nBy performing these checks in Rust, we ensure that the processing of\npotentially untrusted hardware responses remains in a memory-safe\nenvironment, fulfilling the \"Rule of 2\" requirements for the Device\nBound Session Credentials (DBSC) implementation. This verification step\nconfirms that the attestation statement was indeed signed by the\nexpected hardware key.\n\nBug: 501306222\nChange-Id: I3c0848a570b3bd36466472aa9bf290c56a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7843193\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1637527}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 2c4702cf572a7961fd20e8267eddb19c3dc614c2\n" }, { "commit": "058af966a3ba02ef1321e58a3bf40c1b5266d3c7", "tree": "c9194f39919e6b60d9a85cfc9a5d6d618cdf7a8e", "parents": [ "754c888afc968f7e8a6fa1f08bb9928fa6ab371f" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Wed May 27 09:55:47 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed May 27 09:57:39 2026" }, "message": "[dbsc] Implement Rust TPM response parser for key certification\n\nThis CL introduces the memory-safe Rust parser for TPM2_Certify\nresponses, specifically validating the TPM2B_ATTEST and TPMT_SIGNATURE\nstructures. The parsed results are securely bounded and returned across\nthe CXX boundary via a CertifyResponse struct.\n\nBug: 501306222\nChange-Id: Iacaf6b6c6325c0969b3939ef2dd782436a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7830199\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nReviewed-by: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1636806}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 962f4cd8c41baab61806dcd5bdf1a8ce3afe793b\n" }, { "commit": "754c888afc968f7e8a6fa1f08bb9928fa6ab371f", "tree": "b7a2f9b8ef135d507756390415f158e2c70bc40e", "parents": [ "a0254471c8932e2fb5cb668503dfd63bbd36662e" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu May 21 08:21:41 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu May 21 08:24:29 2026" }, "message": "[dbsc] Implement Rust TPM parser for certify command construction\n\nImplement a memory-safe parser and builder for TPM 2.0 structures in\nRust, specifically for constructing TPM2_Certify commands. This\naddresses the requirement to move complex serialization of untrusted\ndata into a memory-safe language, adhering to the \"Rule of 2.\"\n\nThe change introduces:\n\n- A Writer abstraction for safe big-endian buffer generation.\n- A Reader abstraction for parsing TPM responses.\n- Support for various signature schemes and hash algorithms.\n- A cxx bridge for interoperability with existing C++ components.\n\nThis ensures that the Device Bound Session Credentials (DBSC) logic can\nsafely interact with the TPM without the memory safety risks associated\nwith manual buffer manipulation in C++.\n\nFixed: 501306595\nChange-Id: I87822f532bc8f4ee2e7c618d48fa370f6a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7828681\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nReviewed-by: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1634109}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e845bc46f9c9c56d2f104371724cc360ccbfe24b\n" }, { "commit": "a0254471c8932e2fb5cb668503dfd63bbd36662e", "tree": "4360911822e6da49b580a4751bf16bb773e47eba", "parents": [ "9b541ab7660d2ed481502c03d63e30b65684b398" ], "author": { "name": "Avi Drissman", "email": "avi@chromium.org", "time": "Tue May 19 16:20:03 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue May 19 16:21:35 2026" }, "message": "Don\u0027t leak a CFString\n\nCFStringCreateCopy returns an object that needs to be released.\nCFArrayAppendValue retains the value passed in, so passing a copy\ndirectly into it will leak that value.\n\nThe value, keychain_access_group_, is created in the constructor of\nFakeKeychainV2, so there\u0027s no need to create a copy of it.\n\nBug: none\nChange-Id: Idb721603be572f26a05f322c16568e526a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7857749\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nCommit-Queue: Avi Drissman \u003cavi@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1632902}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: c2e021d3e55f6a18b56cb770bbea11edf8685a77\n" }, { "commit": "9b541ab7660d2ed481502c03d63e30b65684b398", "tree": "7ca9a2d7f1f309ce0b3a56372ff8c1d1a016e888", "parents": [ "65f51c94e7a4a150717b83546467ae68bd2f11de" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Tue May 19 16:00:14 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue May 19 16:01:42 2026" }, "message": "[dbsc] Implement restricted attestation key support on Windows\n\nAdd support for generating and loading Attestation Identity Keys (AIK)\nusing the Microsoft Platform Crypto Provider. These keys are now\nproperly restricted by setting the `NCRYPT_PCP_IDENTITY_KEY` usage\npolicy during generation. This ensures that the TPM reserves the keys\nfor attestation purposes and prevents them from being used to sign\narbitrary data.\n\nThis change refactors the Windows unexportable key provider to share\nimplementation details between signing and attestation keys:\n\n- Introduces a `WinKeyImpl` template to manage common key properties.\n- Consolidates key creation and loading logic into internal helper\n functions.\n- Implements the `AttestationKeyWin` wrapper class.\n- Updates `DuplicatePlatformKeyHandle` to work with the base\n `UnexportableKey` interface.\n\nThis implementation provides the necessary Windows-specific attestation\nkey infrastructure and ensures keys are generated with the required\nrestricted usage policy for hardware-backed identity.\n\nBug: 501307116, 501305842\nChange-Id: I49a9ad47b176d5d2b068a1d1345ad8e46a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7827868\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1632870}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: d4e5f816d3ae9739abdf0f0f411b756e3df0400d\n" }, { "commit": "65f51c94e7a4a150717b83546467ae68bd2f11de", "tree": "c07df4c410f88c3831f8bcf72af86dd4a5abe759", "parents": [ "2cef556cb279ec43720dd08792f024ceb3c55394" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Tue May 19 08:17:55 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue May 19 08:19:45 2026" }, "message": "[dbsc] Rename MockUnexportableKey to MockUnexportableSigningKey\n\nRename the mock unexportable key class and its associated helper methods\nto explicitly indicate they refer to signing keys. This disambiguation\nis necessary to support the introduction of attestation keys for Device\nBound Session Credentials.\n\nThe following renames were performed:\n\n- `MockUnexportableKey` to `MockUnexportableSigningKey`.\n- `AddNextGeneratedKey` to `AddNextGeneratedSigningKey`.\n- `next_generated_keys_` to `next_generated_signing_keys_`.\n\nThese updates ensure type safety and clarity as the crypto component\nexpands to support hardware-backed certification and distinct key roles\nfor attestation and signing.\n\nBug: 501306819, 501306500, 501307389\nChange-Id: I899149cd2ddcc2f0568cd3360b29abe66a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7827656\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Slobodan Pejic \u003cslobodan@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1632692}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 17ddc0a615f7c313a98f5132fc3daf8c86d990d1\n" }, { "commit": "2cef556cb279ec43720dd08792f024ceb3c55394", "tree": "d8a0d1b4234f4832b6292c814e23ab4b068ea6b6", "parents": [ "b4e26c401994738d9755ddf448b33bae5dde16ab" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Tue May 19 08:16:55 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue May 19 08:18:51 2026" }, "message": "[dbsc] Add attestation key interfaces to crypto::UnexportableKey\n\nIntroduce foundational C++ interfaces for Attestation Identity Keys\n(AIK) in the `crypto` component. These interfaces allow Chrome to\nperform hardware-backed certification over signing keys, which is\nrequired for the DBSC-SSO flow to prove that a session key resides in\nthe same physical hardware as an IdP key.\n\nThe following structures and classes are added:\n\n- `AttestationStatement`: Holds the TPM or Secure Enclave statement and\n signature resulting from certification.\n- `UnexportableAttestationKey`: An interface for keys that can certify\n an `UnexportableSigningKey` via a challenge-response mechanism.\n- `UnexportableKeyProvider`: Updated to support the generation and\n import of hardware-backed attestation keys.\n\nThese additions establish the platform-agnostic API boundary needed for\nfuture Windows and macOS implementations. This change also introduces\nmock implementations for the new AIK interfaces.\n\nBug: 501306819, 501306500, 501307389\nChange-Id: Id072f42fcc8e58c8cf519f3f1837b9826a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7822922\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1632691}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 66beec8926297642200581c1948e25149ce45569\n" }, { "commit": "b4e26c401994738d9755ddf448b33bae5dde16ab", "tree": "b0a483c4be70dbf1dd73d3c21337517015c19bf5", "parents": [ "a27aeaadc946c527f028b9ada5abf31071cfb234" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Wed May 13 16:36:22 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed May 13 16:39:08 2026" }, "message": "[dbsc] Move UnexportableKey mocks to crypto\n\nMove MockUnexportableKey, MockUnexportableKeyProvider, and\nScopedMockUnexportableKeyProvider from components/unexportable_keys to\ncrypto. This centralizes testing utilities alongside the interfaces they\nmock and enables their integration into lower-layer components.\n\nRename the moved classes to the crypto namespace and update all include\npaths and call sites.\n\nBug: 501307389, 501306500,501306819\nBypass-Check-License: Rename\nChange-Id: Ib1af837ba8afe25543e2c4ae15c8b98e6a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7827769\nReviewed-by: Slobodan Pejic \u003cslobodan@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Rohit Rao \u003crohitrao@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1630032}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 8d70142aa3311f885be5dc1483c45d5578e92b6f\n" }, { "commit": "a27aeaadc946c527f028b9ada5abf31071cfb234", "tree": "4c5f11db31eee360227c6223488f27155fe03eea", "parents": [ "d93a8507f23b7ccfa8cd2a3b639866b7e5640b7e" ], "author": { "name": "Mark Cogan", "email": "marq@chromium.org", "time": "Thu May 07 07:49:19 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu May 07 07:51:29 2026" }, "message": "Add histograms to track iOS keychain migration\n\nIntroduce UMA histograms to track the success and failure rates of\nkeychain item accessibility migration on iOS. This allows for better\nvisibility into how often items require updates from the legacy\nkSecAttrAccessibleWhenUnlocked attribute to the preferred\nkSecAttrAccessibleAfterFirstUnlock attribute.\n\nKey functional changes include:\n* Define Security.iOS.KeychainMigrationResult histogram and associated\n enums to record migration outcomes (Success, Failure, or Not Needed).\n* Update MigrateKeychainItemAccessibilityIfNeeded in keychain_util.mm\n to record these metrics using KeychainV2.\n* Enhance FakeKeychainV2 to support mockable return codes for\n ItemUpdate, enabling comprehensive testing of failure scenarios.\n* Expand keychain_util_unittest.mm to verify metric recording across\n all migration states.\n\nFakeKyechainV2 is also updated to support cleanly testing these changes:\n* Removed strict DCHECKs that required kSecReturnRef and\n kSecReturnAttributes to be true; this meant non-test code had to\n include these keys even if they weren\u0027t functionally needed.\n* Added the ability to filter items by the kSecAttrAccessible attribute.\n* Improved access group handling: if kSecAttrAccessGroup is missing from\n a query, it now defaults to filtering by the FakeKeychainV2 instance\u0027s\n own access group rather than triggering a DCHECK.\n* Added safety checks to ensure result is non-null before assigning\n matching items.\n* Introduced item_update_result_ to allow tests to simulate specific\n OSStatus failure codes.\n* Expanded supported item classes to include kSecClassGenericPassword\n (previously only kSecClassKey was supported).\n* Enhanced matching logic for updates: it now supports filtering by both\n kSecAttrApplicationLabel and kSecAttrAccount, making it more robust\n for different types of keychain items.\n\nChange-Id: Ia1dae3b21c9d3bd79c5a9b9644a6afd9dd594bfd\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7792920\nReviewed-by: Christian Dullweber \u003cdullweber@chromium.org\u003e\nReviewed-by: Adam Langley \u003cagl@chromium.org\u003e\nReviewed-by: Chris Thompson \u003ccthomp@chromium.org\u003e\nCommit-Queue: Mark Cogan \u003cmarq@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1626773}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: cbc4146c2d47804007c3a2090a862ba1bf2cd346\n" }, { "commit": "d93a8507f23b7ccfa8cd2a3b639866b7e5640b7e", "tree": "bd670034906cd5fa494330419d2b1b0304d4b0af", "parents": [ "57ac2402e8d5eb70c226909cfa2cfb86c31d5165" ], "author": { "name": "Nick Harper", "email": "nharper@chromium.org", "time": "Fri May 01 02:43:42 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri May 01 02:45:47 2026" }, "message": "Add base::Feature for ML-DSA signatures in TLS\n\nBug: 497896140\nChange-Id: Iba306c7cc90d80d10a8d77dcd3516e7bffea6f82\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7805484\nCommit-Queue: Nick Harper \u003cnharper@chromium.org\u003e\nAuto-Submit: Nick Harper \u003cnharper@chromium.org\u003e\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1623681}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: a2638b6eeba78d30a00a5b182d09c33ad29d350b\n" }, { "commit": "57ac2402e8d5eb70c226909cfa2cfb86c31d5165", "tree": "3532c9f7c0cfdb2848b49db9deafa460bfc57ca8", "parents": [ "274e6abafd61b0e3d51a1e075bfe967551308340" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Tue Apr 28 21:32:28 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Apr 28 21:34:36 2026" }, "message": "crypto/hpke: add AES-128-GCM and Base mode support\n\nThese are needed to support components/signin.\n\nAI-Model: antigravity\nBug: 505830922\nChange-Id: If34d31b98008c3447665cd0b4d25def630ee0e0c\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7800536\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nAuto-Submit: Elly \u003cellyjones@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1622041}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 4f920611bc602e06d377db5fefcb8a8fdd0a8020\n" }, { "commit": "274e6abafd61b0e3d51a1e075bfe967551308340", "tree": "db50bfe2d2e2fcd052c255bb86cf71b02eb4f65a", "parents": [ "63f1587036250c86df5137fbebe98d9db28d6507" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Tue Apr 28 02:45:17 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Apr 28 02:47:28 2026" }, "message": "crypto: add one-shot auth HPKE api\n\nThis handles only the config used by components/sync currently:\n* One-shot Auth mode\n* KEM \u003d DHKEM(X25519, HKDF-SHA256)\n* KDF \u003d HKDF-SHA256\n* AEAD \u003d ChaCha20-Poly1305\n\nOther configs will come later if there are users of them.\n\nAI-Model: antigravity\nBug: 505830922\nChange-Id: I1efb3b04503b32bfb9194b08fea47c8f40cd9863\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7790154\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1621503}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e31dbbcc5c7769bbd6485c7730c163041c60fbb5\n" }, { "commit": "63f1587036250c86df5137fbebe98d9db28d6507", "tree": "20e896f40e06e4f404ed63f12738341fd19a9474", "parents": [ "c4d176c18135b9680cfb8748ffd394037d979577" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Mon Apr 27 22:56:26 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Apr 27 22:59:06 2026" }, "message": "crypto: fix UNSAFE_TODO in aead_unittest.cc\n\nVia memcmp -\u003e span comparison. Trivial.\n\nBug: None\nChange-Id: I72ac758b076bfadd5e437c63e3dcb6d0541c8736\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7796070\nCommit-Queue: Matt Mueller \u003cmattm@chromium.org\u003e\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nAuto-Submit: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1621376}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 21669c4ec77b2a82a8463587f5d59412226372bb\n" }, { "commit": "c4d176c18135b9680cfb8748ffd394037d979577", "tree": "3163d33838fa369ad492e2b48e6901796f9ef2c8", "parents": [ "2462dd422833c0b083d8a4fb6d33abe53b186d20" ], "author": { "name": "Anatoli Hancharou", "email": "antoli@google.com", "time": "Mon Apr 27 21:17:38 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Apr 27 21:20:08 2026" }, "message": "[crypto] Skip Secure Enclave availability check on iOS\n\nThe call to `GetTokenIDs()` triggers a synchronous initialization of\n`TKTokenWatcher`, which has been observed to cause hangs and crashes on\niOS when called in certain contexts.\n\nThis CL disables both the Secure Enclave presence check and the\nentitlement check on iOS since Secure Enclave has been available on iOS\nsince the A7 chip (iPhone 5s), making this check redundant for all\nsupported iOS versions.\n\nBug: 506057158\nChange-Id: Idb07b9b0162fbcf119361953372fd64d6d0ec4b3\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7795958\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nCommit-Queue: Anatoli Hancharou \u003cantoli@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1621315}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: cec6c7f0495e2ffc626475207c961c36cd6e62c4\n" }, { "commit": "2462dd422833c0b083d8a4fb6d33abe53b186d20", "tree": "78e5ab779c7c1b8a32b3d8b65a7c0b96dc6e5a7a", "parents": [ "151ae8fbdf7287d9ed26b5cbb53a2374c0114f54" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Mon Apr 27 18:08:08 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Apr 27 18:09:51 2026" }, "message": "[dbsc] Generalize unexportable key deletion APIs\n\nRenames unexportable key deletion methods to be purpose-agnostic,\ntransitioning from signing-key specific naming to a more general\nnomenclature. This allows the APIs to support the deletion of both\nsigning and attestation keys as part of the Device Bound Session\nCredentials (DBSC) effort.\n\nSpecifically, this change:\n- Renames DeleteSigningKeysSlowly to DeleteKeysSlowly across the\n crypto layer and the unexportable keys component.\n- Updates DeleteAllSigningKeysSlowly to DeleteAllKeysSlowly.\n- Refactors UnexportableKeyTaskManager and DeleteKeysTask to operate\n on the RefCountedUnexportableKey base class.\n- Updates associated mocks and unit tests to reflect the new API.\n\nBug: 501306323\nChange-Id: Ic137f919ef841667a18d14afbca3bd846a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7784699\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Sylvain Defresne \u003csdefresne@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1621187}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 2763d6c4e3cfc966c486e4de13413c80a53466c6\n" }, { "commit": "151ae8fbdf7287d9ed26b5cbb53a2374c0114f54", "tree": "f30b54a87e2e9268b54e52e6455f84d64a6bd328", "parents": [ "9f97c6981647402b23d7eb4f3040ef45086f56ac" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Mon Apr 27 16:33:57 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Apr 27 16:36:06 2026" }, "message": "[dbsc] Introduce UnexportableKey as a base class for hardware keys\n\nIntroduce the UnexportableKey base class to the crypto library to serve\nas a common interface for hardware-backed keys. This change is part of\nan effort to extend the key hierarchy to support new types of hardware\nkeys, such as attestation keys for the Device Bound Session Credentials\n(DBSC) protocol.\n\nThe refactoring splits the existing UnexportableSigningKey class into a\nbase class and a specialized subclass. Shared hardware-bound properties,\nincluding the signature algorithm, subject public key info, and wrapped\nkey data, are moved to the new base class. Methods specific to signing\nremain in the UnexportableSigningKey subclass.\n\nThis restructuring also improves the library\u0027s architecture by laying\nthe groundwork to move stateful behaviors into mixins, thereby avoiding\ndiamond inheritance issues. These changes facilitate the future\nimplementation of Attestation Identity Keys (AIK) required to secure\nsingle sign-on flows.\n\nBug: 501306323\nChange-Id: I3d7c9cac6c94aeb40f28260ac10d79226a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7790328\nAuto-Submit: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1621155}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 65a9d85001c37f5861a71cd79067c128dd9b43b5\n" }, { "commit": "9f97c6981647402b23d7eb4f3040ef45086f56ac", "tree": "bda381a5245f1e346064f799340ab2b9cd44d6b6", "parents": [ "5840bad0d51a6ed7a5dbd06463f69572db874ef9" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Mon Apr 27 10:05:07 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Apr 27 10:07:14 2026" }, "message": "[dbsc] Introduce standalone StatefulKey mixin\n\nRefactor the unexportable key hierarchy to use a standalone StatefulKey\ninterface instead of the combined StatefulUnexportableSigningKey. This\nchange addresses potential diamond inheritance issues as the system\nexpands to support new key types, such as attestation keys.\n\nPreviously, the hierarchy relied on a combined interface that coupled\nsigning capabilities with platform state. By separating statefulness\ninto a standalone mixin, the architecture becomes more modular and\nallows for better type safety across hardware-backed key categories.\n\nKey modifications:\n\n- Define crypto::StatefulKey as a standalone mixin for keys backed by\n permanent platform state, such as the macOS keychain.\n- Replace AsStatefulUnexportableSigningKey() with AsStatefulKey() in the\n base UnexportableKey interface to allow for generic state discovery.\n- Update the Apple and Mock implementations to inherit from both the\n signing key interface and the new stateful mixin.\n- Generalize DeleteSigningKeysSlowly to accept standard unexportable\n signing keys, internally verifying statefulness before deletion.\n\nThis architectural change simplifies the class hierarchy and ensures\nconsistency as the DBSC implementation evolves.\n\nBug: 501306323\nChange-Id: If17c75ecd721761519b7488a7c7efd126a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7786119\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nAuto-Submit: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1620975}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e94b66b2c5a6cb69d6cbcad99597b0467e6cd0da\n" }, { "commit": "5840bad0d51a6ed7a5dbd06463f69572db874ef9", "tree": "808a0bc1fb1850d48fb88bf023cd5988c10ecdfe", "parents": [ "0d9ddbc9c6a370931b71a491f98deece29f373f3" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu Apr 23 08:20:23 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Apr 23 08:23:52 2026" }, "message": "[dbsc] Rename unexportable key garbage collection methods\n\nRename GetAllSigningKeysForGarbageCollectionSlowlyAsync and its\nassociated callbacks to GetAllKeysForGarbageCollectionSlowlyAsync.\n\nThis change is part of a broader refactor to improve type safety by\ndistinguishing between hardware-backed key roles, such as signing and\nattestation keys. Since the garbage collection process retrieves all\nmanaged keys regardless of their specific role, removing the \"Signing\"\nqualifier provides a more accurate description of the method\u0027s purpose.\n\nThe update spans the UnexportableKeyService interface, its\nimplementations, Mojo definitions, and various consumer classes across\nthe signin and networking components. It also renames the underlying\nStatefulUnexportableKeyProvider::GetAllKeysSlowly method in the crypto\nlayer.\n\nBug: 501307307\nChange-Id: Ia0c758a0541b3ef4b14313ef2767edb36a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7780666\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1619372}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 234b233d62f70f874949a79d1e8f68c83f88f111\n" }, { "commit": "0d9ddbc9c6a370931b71a491f98deece29f373f3", "tree": "3f707e2eb98fdc20e6cb6f54d3701599d716f024", "parents": [ "343cc61d1abfc5d355425c71435836a7f587454c" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Wed Apr 22 17:49:37 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Apr 22 17:52:51 2026" }, "message": "crypto: add pubkey encryption API\n\nThis change:\n* Adds crypto::encrypt::Encrypt and crypto::encrypt::Decrypt, with\n initial support for RSA-OAEP-SHA1 only (others to follow)\n* Adds a couple of utility functions in crypto::encrypt\n* Adds test coverage for the new functions\n\nPatchset 1 of this CL shows a sample migration of a potential client.\n\nAI-Model: antigravity\nBug: 504697287\nChange-Id: I2ca5f990c5ff0932e3c38f42a96c7a10ee6b5bfb\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7782633\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1618958}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 34f8ea3ff0a5d17c6405e8e4a10283aa5ab71ea3\n" }, { "commit": "343cc61d1abfc5d355425c71435836a7f587454c", "tree": "7b90fb357d7512aac7813a769cfcc4143b3bd0f3", "parents": [ "989c54bf68d8b95e6ca405c3d859ddb81d7c4d84" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Tue Apr 21 22:18:39 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Apr 21 22:20:14 2026" }, "message": "crypto: use //crypto APIs in software unexportable key\n\nMigrate from BoringSSL to //crypto APIs (crypto::keypair and\ncrypto::sign). The new implementation is shorter and functionally\nequivalent.\n\nAI-Model: gemini-3.1-flash\nBug: 372283556\nChange-Id: Ib5001944b0a993330f779d6604b40017578b084c\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7777111\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1618489}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 6e4157d8f78b18c87e994094cbc6a537bb60bb74\n" }, { "commit": "989c54bf68d8b95e6ca405c3d859ddb81d7c4d84", "tree": "49c34620f640ca86fec1ee00798c1c83d26ec366", "parents": [ "855d68180460f6342534db6bf45bfd19625e02ba" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Mon Apr 20 16:43:42 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Apr 20 16:46:00 2026" }, "message": "net-ssl: add net::CryptoPrivateKey\n\nBy analogy with net::OpenSSLPrivateKey, but backed by a\ncrypto::keypair::PrivateKey instead of a BoringSSL EVP_PKEY, and using\ncrypto::sign for signatures instead of BoringSSL APIs. This required\nadding support for a few more signature schemes to crypto::sign as well.\n\nThis will allow migrating all clients of net::OpenSSLPrivateKey to\nnet::CryptoPrivateKey, then ultimately deleting net::OpenSSLPrivateKey.\n\nSince net::CryptoPrivateKey supports Ed25519, this change also adds an\nEd25519 certificate to the test set for use in its unit tests.\n\nAI-Model: gemini-3.1-flash\nBug: 372283556\nChange-Id: Ib7d020ca9b9bcfc20386dfe06cbfa368d7c00151\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7765985\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1617557}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: d0a78a5b1fd9d0230a227b59673986a217396d90\n" }, { "commit": "855d68180460f6342534db6bf45bfd19625e02ba", "tree": "c9ca498052696d501dfa1a3448eff0576b7d5e16", "parents": [ "e58daa300453ac4e1d04188f0fa715380d3afa8c" ], "author": { "name": "Tom Anderson", "email": "thomasanderson@chromium.org", "time": "Fri Apr 17 21:59:41 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Apr 17 22:02:39 2026" }, "message": "[OSCrypt] Remove usage of legacy sync backend\n\nThe sync backend is no longer used since the async backend is now used\neverywhere.\n\n- Removed OSCryptMocker and related legacy OSCrypt references from tests\n and the rest of the codebase.\n- Updated documentation and histograms to reflect the removal.\n\nOBSOLETE_HISTOGRAMS\u003dRemoved in 2026 as OSCrypt Async replaces OSCrypt Sync and fallbacks are no longer possible.\n\nBug: 447372315\nChange-Id: I60f30ad8443b38727369253cb114001f6acb3979\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7759877\nReviewed-by: Alex Gough \u003cajgo@chromium.org\u003e\nReviewed-by: Nico Weber \u003cthakis@chromium.org\u003e\nOwners-Override: Alex Gough \u003cajgo@chromium.org\u003e\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nReviewed-by: Chris Thompson \u003ccthomp@chromium.org\u003e\nReviewed-by: Rohit Rao \u003crohitrao@chromium.org\u003e\nReviewed-by: Peter Kvitek \u003ckvitekp@chromium.org\u003e\nReviewed-by: Bo Liu \u003cboliu@chromium.org\u003e\nReviewed-by: Lei Zhang \u003cthestig@chromium.org\u003e\nReviewed-by: Reilly Grant \u003creillyg@chromium.org\u003e\nCommit-Queue: Thomas Anderson \u003cthomasanderson@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1616878}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 21b80f4fd64669a95201f9d192258355a264dfbb\n" }, { "commit": "e58daa300453ac4e1d04188f0fa715380d3afa8c", "tree": "a4f00f3ceb37eac29dba04c0453f0b1bb847ff15", "parents": [ "71374fccd82377bf12063800b2e1082e07239aa5" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Thu Apr 16 00:46:30 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Apr 16 00:48:24 2026" }, "message": "[crypto] add P-256 ECPrivateKey support\n\nAdd new methods to crypto::keypair::PrivateKey to deal with RFC 5915\nformat ECPrivateKey structures for P-256, in the style of the current\nones. Add unit tests for both round-tripping and known answers.\n\nThis is needed to support a couple of users of\nEC_KEY_parse_private_key(), all of whom are using P-256 keys.\n\nAI-Model: gemini-3.1-flash\nBug: 372283556\nChange-Id: Iaed63977f67de0a650934e7b2e068475c11d1bd8\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7763407\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1615526}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 6769bc849ce4f04fb837cb34d98aa1628f698a1a\n" }, { "commit": "71374fccd82377bf12063800b2e1082e07239aa5", "tree": "f55a8f70a1122fa7b06b0eca7d0bab09ff83ffc1", "parents": [ "88155fb23df680af6932641c340858b74953bbcb" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Wed Apr 15 15:19:48 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Apr 15 15:23:17 2026" }, "message": "[webauthn] use //crypto APIs instead of BoringSSL\n\nRewrite uses of BoringSSL APIs in chrome/browser/webauthn to use the\nnewer wrappers in //crypto. Also clean up unused BoringSSL includes\nand helper functions in the android sub-directory.\n\nAI-Model: gemini-3.1-flash\nBug: 372283556\nChange-Id: I191facb34700967a74358754d1f904927a6ecf64\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7762927\nReviewed-by: Ken Buchanan \u003ckenrb@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1615187}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 311709eb71789a4da9749358a62382e3dc59ce0d\n" }, { "commit": "88155fb23df680af6932641c340858b74953bbcb", "tree": "cb6d89bf5651ff275a7ecdef92ab2b133203efbe", "parents": [ "b7f5d8c2b2fe8cd6886ed112ce75d54f1e9b03a8" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Tue Apr 14 00:28:41 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Apr 14 00:30:36 2026" }, "message": "[crypto] implement RSAPrivateKey import/export\n\nThis change adds FromRSAPrivateKey() and ToRSAPrivateKey() to the\ncrypto::keypair::PrivateKey class, allowing for the import and export of\nRFC 8017-encoded RSA private keys (PKCS#1 format).\n\nIt also adds unit tests to verify both round-trip correctness and the\nparsing of a hardcoded RSA private key.\n\nAI-Model: gemini-3.1-flash\nBug: 372283556\nChange-Id: I935788386d9cd9933ce9760d626431b594ac2a65\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7758329\nReviewed-by: Adam Langley \u003cagl@chromium.org\u003e\nCommit-Queue: Elly \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1614092}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 8cd2f77c4da5bbf95cfe2615fdf63cfeaf9563ed\n" }, { "commit": "b7f5d8c2b2fe8cd6886ed112ce75d54f1e9b03a8", "tree": "25338b3a99546ab5704bd7897b3cd7b89ff69ce8", "parents": [ "7ca0f0cad8118278ec0757d722eb093b4b78fe15" ], "author": { "name": "Nina Satragno", "email": "nsatragno@chromium.org", "time": "Mon Apr 13 15:53:06 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Apr 13 15:55:44 2026" }, "message": "[webauthn] Enable creating PINs when UV disabled\n\nEnable WebAuthnCreatePinWhenSystemUvDisabled by default. I verified it\nworks on a Windows box.\n\nAlso, stop caching user verifying key availability on Windows. UV key\navailability may change (e.g. if the user disables Windows Hello) while\nChrome is running, making the result stale (and somewhat defeating the\npoint of the code that we are enabling).\n\nFixed: 469125044\nChange-Id: Ibd2931e7c4ca87bb2ad0d6f7dc0b0e682d76cde4\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7747079\nReviewed-by: Elly \u003cellyjones@chromium.org\u003e\nReviewed-by: Ken Buchanan \u003ckenrb@chromium.org\u003e\nCommit-Queue: Nina Satragno \u003cnsatragno@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1613757}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: d29e714b4135ab23f6353ab616b6775dbe33507c\n" }, { "commit": "7ca0f0cad8118278ec0757d722eb093b4b78fe15", "tree": "7b28142c2c707cdfd3c5028ce90d667f91df2a58", "parents": [ "d179c73a63332e80d2ba9028ebc89f98a5aff71d" ], "author": { "name": "Arthur Sonzogni", "email": "arthursonzogni@chromium.org", "time": "Tue Apr 07 08:48:52 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Apr 07 08:51:03 2026" }, "message": "[crypto] Convert to UNSAFE_TODO\n\nWe are migrating from coarse-grained file-level suppression (#pragma\nallow_unsafe_buffers) to granular, expression-level markers\n(UNSAFE_TODO()). The pragma disables safety checks for an entire file,\nwhereas UNSAFE_TODO() isolates specific potentially unsafe operations,\nallowing the rest of the file to be enforced as safe.\n\nDoc: https://docs.google.com/document/d/1ORQGBNn2R-CEvNbDTjRd-GrOBOFlCxIHdcvSUA_EhR4/edit?usp\u003dsharing\nAX-Relnotes: N/A\nCleanup: This is an mechanical #cleanup.\nBug: 409340989\nChange-Id: Id15903e9cdbdfa28aac3edb4e03356ddf0d747d3\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7726026\nAuto-Submit: Arthur Sonzogni \u003carthursonzogni@chromium.org\u003e\nCommit-Queue: Arthur Sonzogni \u003carthursonzogni@chromium.org\u003e\nReviewed-by: Emily Stark \u003cestark@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1610617}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: dee668f3a2bf520325e35136ec3aa9fdb9aceac0\n" }, { "commit": "d179c73a63332e80d2ba9028ebc89f98a5aff71d", "tree": "d42722fc122e3dce8ad8581423b43d0f70a06deb", "parents": [ "dad838c98a5998eba8357a4c7f3e6d4d848d9986" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Tue Mar 17 23:14:05 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Mar 17 23:16:38 2026" }, "message": "crypto/kdf: rename PBKDF2 and Scrypt\n\nTo match the others:\n\n* DeriveKeyPbkdf2HmacSha1 -\u003e Pbkdf2HmacSha1\n* DeriveKeyScrypt -\u003e Scrypt\n\nand all clients are changed as well.\n\nAI-Model: Gemini 3 Flash\nFixed: 430635195\nChange-Id: Ifda8165bcf9985265fd4d738a05ba80097e2d387\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7674112\nReviewed-by: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nOwners-Override: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1600858}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 640d483f00a40ea99f9b5949ae395ac93566e050\n" }, { "commit": "dad838c98a5998eba8357a4c7f3e6d4d848d9986", "tree": "29fde9f6cd56a2b97a1bb01ca95b8f6a6423b601", "parents": [ "0c13552a963b95f952dbe4acbebbd675eb449111" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Tue Mar 17 17:22:33 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Mar 17 17:24:30 2026" }, "message": "crypto: add X25519 support\n\nSpecifically:\n* Add an X25519 type to crypto/keypair\n* Add an X25519 function to crypto/kex that uses those keypair types\n\nAI-Model: gemini-3-flash\nFixed: 432219825\nChange-Id: If759020816a2aa924ed1747bdff5b44f27434748\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7664322\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1600637}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e5ebc0b41d03235956040a56a5897c38477f0031\n" }, { "commit": "0c13552a963b95f952dbe4acbebbd675eb449111", "tree": "ebf1fcb2364a28f0867ba1ad2c62127665e48c66", "parents": [ "1d454884468e302e5a6a3f08fb662779b4aa7743" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Wed Mar 11 16:05:16 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Mar 11 16:08:23 2026" }, "message": "[crypto] Log keychain error when wrapped key lookup fails\n\nUpdate the Apple implementation of unexportable keys to explicitly log\nan `errSecItemNotFound` error when a wrapped key cannot be found in the\nkeychain. Previously, the code would return null without recording the\nmissing key in the `WrappedKeyExport` metrics.\n\nThis change improves error observability for DBSC on macOS by ensuring\nthat failed key retrievals are properly tracked.\n\nBug: b:455539044, 491743366\nChange-Id: Ib386611eb469be58f905934fa462f9bb6a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7653944\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nAuto-Submit: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1597794}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 62d74b98e98242464e93fd74562ed019a9d8f63d\n" }, { "commit": "1d454884468e302e5a6a3f08fb662779b4aa7743", "tree": "df3b9a2102a9f3d1dee865cc55e7436dddd1e630", "parents": [ "d801022e56e6ee80cb74d7996985b87786510141" ], "author": { "name": "Anatoli Hancharou", "email": "antoli@google.com", "time": "Wed Mar 04 10:52:51 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Mar 04 10:55:38 2026" }, "message": "[crypto] Extract SecKeyFromPKCS8 to test helper\n\nMoves the `SecKeyFromPKCS8` helper function from individual test files\ninto `crypto/apple/keychain_util` to make it available as a shared\nutility. This method will be used by upcoming integration tests for\nclient certificate authentication on iOS.\n\nChange-Id: I5316ae837e0cd994531e2ff1e246b471cdbae390\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7617527\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nCommit-Queue: Anatoli Hancharou \u003cantoli@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1593819}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: b7347a36de9c31acb21e02b1b77b0256eb53435e\n" }, { "commit": "d801022e56e6ee80cb74d7996985b87786510141", "tree": "58c60fd4b060fce26e37e82ff7407fae0de6689f", "parents": [ "c45feedb9c45d01cbe70682fd7f76a09141fcf2a" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Thu Feb 26 17:39:22 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Feb 26 17:43:40 2026" }, "message": "crypto/aead: add one-shot API\n\nMost clients just do one-shot AEADs so this will be a bit more ergonomic\nfor them. They just call the stateful implementation internally.\n\nBug: 487755328\nChange-Id: I04bf7d06636229e774c46df3d9cb01d26026a2b8\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7609413\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1590902}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 9ad1480c061c33e11c11de7197bc3c0e7fe74cae\n" }, { "commit": "c45feedb9c45d01cbe70682fd7f76a09141fcf2a", "tree": "9bc003047bd53b445ef08844459b355d6287e278", "parents": [ "0d6fdec6a7d6c0b91e9ee87123d5e6dcd9542b23" ], "author": { "name": "David Benjamin", "email": "davidben@chromium.org", "time": "Wed Feb 25 02:12:03 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Feb 25 02:14:31 2026" }, "message": "Unwind wincrypt_shim.h\n\nReplace it with includes of \u003cwincrypt.h\u003e and \u003cwindows.h\u003e. clang-format\nnow understands how to order these includes, so let clang-format figure\nout how to organize them. (This results in some \u003cwindows.h\u003e includes\nmoving to slightly earlier than before.)\n\nFixed: 483973077\nChange-Id: I5d1b25799e0fa529b473aaf7331dc8c41bdb44d5\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7601334\nReviewed-by: Colin Blundell \u003cblundell@chromium.org\u003e\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nReviewed-by: Lei Zhang \u003cthestig@chromium.org\u003e\nReviewed-by: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1589834}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 44a2896769d516a2dea9b59c99c24743a23ef87d\n" }, { "commit": "0d6fdec6a7d6c0b91e9ee87123d5e6dcd9542b23", "tree": "68c120f87dadfcd7c4316f3bc0a515091cdaa696", "parents": [ "cd0cd74231854ee6c56ae566ffd4d32bf994b8cc" ], "author": { "name": "Maya Warren", "email": "mayawarren@google.com", "time": "Thu Feb 12 16:11:52 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Feb 12 16:14:52 2026" }, "message": "Cleanup Keychain V1\n\nThis CL completes the macOS Keychain Unification effort by\ndeleting the legacy Keychain V1 implementation. With all dependent\nAPIs migrated to KeychainV2, these files are no longer required.\n\nKey Changes:\n- Deletes the legacy AppleKeychain wrapper\n (`crypto/apple/keychain.h/cc`).\n- Removes the associated SecItem and Mock Keychain utilities\n (`keychain_secitem.h`, `mock_keychain.h`).\n- Cleans up the final remaining references in `components/wifi` and\n `components/os_crypt`.\n\nBug: 441317288\nChange-Id: I57040464ce9b3ed991fbe1bb18003424017d8f4c\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7540447\nCommit-Queue: Maya Warren \u003cmayawarren@google.com\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Lei Zhang \u003cthestig@chromium.org\u003e\nReviewed-by: Kenichi Ishibashi \u003cbashi@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1584003}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e338af7ea7714ad378bbd09a5ca1472f89ae8ac1\n" }, { "commit": "cd0cd74231854ee6c56ae566ffd4d32bf994b8cc", "tree": "e9646809c9319a0c7e8eb3012a6ed1ecf3e9e471", "parents": [ "c7fc4cc4e045f0aa7ad02f89b454ec8fa4ad9ee8" ], "author": { "name": "jj", "email": "jj@imput.net", "time": "Tue Feb 10 01:46:18 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Feb 10 01:50:08 2026" }, "message": "Use XDG_DATA_HOME for nssdb path\n\nCurrently, the NSS database is always stored in ~/.pki/nssdb, which does\nnot adhere to the XDG Base Directory specification and clutters the\nuser\u0027s home directory.\n\nThis change updates the path resolution logic for the NSS database to\nsupport XDG paths while maintaining backwards compatibility. The new\ndirectory lookup order is:\n\n1. Use ~/.pki/nssdb if the directory already exists.\n2. Use $XDG_DATA_HOME/pki/nssdb if the environment variable is set.\n3. Otherwise, default to ~/.local/share/pki/nssdb.\n\nFixed: 40666379\nChange-Id: Id0f847e165ec33f3c7602797bb2d47061ef922eb\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7551836\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nAuto-Submit: jj \u003cjj@chromium.org\u003e\nCommit-Queue: jj \u003cjj@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1582175}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 555b21b0cdf458599e81cdfeb41ed86c405a3e23\n" }, { "commit": "c7fc4cc4e045f0aa7ad02f89b454ec8fa4ad9ee8", "tree": "77f5c87036af04eed3a2c811af472dc8fe690ea1", "parents": [ "e4311c1953d5e3b091c80251b42190d54cd6e5b9" ], "author": { "name": "Maya Warren", "email": "mayawarren@google.com", "time": "Fri Feb 06 19:08:53 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Feb 06 19:10:38 2026" }, "message": "Unify MacOS Keychains\n\nThis CL is part of the macOS Keychain Unification effort. It migrates\nseveral dependent components—including Keychain Password, OSCrypt, and\nthe Keychain Key Provider—away from the legacy Keychain wrapper\n(KeychainV1) to the modern crypto::apple::KeychainV2 API.\n\nKey Changes:\n- Replaces usages of the legacy AppleKeychain wrapper with KeychainV2 in:\n - components/os_crypt/sync (OSCrypt)\n - components/os_crypt/common (KeychainPassword)\n - components/os_crypt/async (KeychainKeyProvider)\n- Removes redundant KeychainV1-related code from these dependent APIs.\n- Updates associated unit tests to use the modern KeychainV2 fakes/mocks.\n\nThis change is strictly an API-level refactor. The underlying storage\nfor remains entirely unchanged. All data continues to be stored in the\ntraditional file-based keychain.\n\nBug: 441317288\nBypass-Check-License: Files renamed, no license changes.\nChange-Id: I33dc65c8e6932f5e8ad1e1cadf6f2c287efec2f2\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7535754\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Lei Zhang \u003cthestig@chromium.org\u003e\nCommit-Queue: Maya Warren \u003cmayawarren@google.com\u003e\nReviewed-by: Avi Drissman \u003cavi@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1580996}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 158a2d2a5432e8b49c3ab60f4665e26742955a23\n" }, { "commit": "e4311c1953d5e3b091c80251b42190d54cd6e5b9", "tree": "bc4e482588b38378f1364464d966fa511459eebf", "parents": [ "8b9ec7ae9989c426937e5d49f64950230efc85dd" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Wed Feb 04 22:07:31 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Feb 04 22:10:39 2026" }, "message": "aead: tolerate invalid-length keys\n\nBefore r1569902, Aead::Init() would fail a DCHECK if given a key of\ninvalid length, then Seal() and Open() would fail later - some variants\nof Seal() / Open() would CHECK, some would return false / nullopt.\n\nAfter r1569902, the behavior became uniform: Aead::Init() would fail a\nCHECK if given a key of invalid length.\n\nThis introduced field crashes in client code that was passing\ninvalid-length keys, then handling Seal() / Open() failures caused by\nthat later down the line.\n\nThis change makes Aead behave like so:\n* Init() stores whether or not initialization succeeded\n* Seal() and Open() always return their failure values if initialization\n failed\n\nBug: 478966624\nChange-Id: I24507d9e2bec630f661f0d47a717881306283b72\nValidate-Test-Flakiness: skip\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7538703\nReviewed-by: Will Harris \u003cwfh@chromium.org\u003e\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nAuto-Submit: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1579703}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 4cc2c8fc663b30fcc35c6b3eda2dd3d020157df9\n" }, { "commit": "8b9ec7ae9989c426937e5d49f64950230efc85dd", "tree": "0f3af174a56a5c03466c167e185bde19f58d9d04", "parents": [ "02daaa35b7131b9d8b68614a3a298657572c1d72" ], "author": { "name": "Sebastien Lalancette", "email": "seblalancette@chromium.org", "time": "Wed Feb 04 18:51:57 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Feb 04 18:53:44 2026" }, "message": "Verify RSA-PSS Signature for TLS 1.3 Compatibility\n\nGenerate and verify an RSA-PSS signature to catch TPMs that are\nincompatible with TLS 1.3 (due to having a fixed salt length) and\nprevent the provisioning of client certificates with those TPMs.\n\nThis CL builds on top of this previous one:\ncrrev.com/c/7521786\n\nBug: 478227256\nChange-Id: I9a22bd4dbbb5c5b063de18efb87405991b599571\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7540941\nCommit-Queue: Sébastien Lalancette \u003cseblalancette@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1579608}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e14870b35cacd05c600a7cb0025b28e8d16eeead\n" }, { "commit": "02daaa35b7131b9d8b68614a3a298657572c1d72", "tree": "bca46d6dc45ccc523afe2f7197588698b08c5812", "parents": [ "ebeec233d94df2e256dce02b755167b5339e6c23" ], "author": { "name": "Will Harris", "email": "wfh@chromium.org", "time": "Mon Feb 02 18:53:49 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Feb 02 18:56:52 2026" }, "message": "Treat ERROR_NO_SYSTEM_RESOURCES as OOM in ProcessBoundString\n\nThis error can be returned from CryptUnprotectMemory and there isn\u0027t\nanything we can do about it other than crash with an OOM.\n\nThis CL updates the handling to cater for this issue.\n\nBUG\u003d375332157\n\nChange-Id: I2ff2d2211bced3b97c4228732190478e89e4e1e6\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7530749\nCommit-Queue: Will Harris \u003cwfh@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1578248}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 1cf4f74102fb773f49a06c52a2b5177634d472f7\n" }, { "commit": "ebeec233d94df2e256dce02b755167b5339e6c23", "tree": "df01371a57e423faab966bdcf70abdabd76bdcd8", "parents": [ "f8d64cee5a2cb7c36c7740a47d945c42f567e298" ], "author": { "name": "Sebastien Lalancette", "email": "seblalancette@chromium.org", "time": "Thu Jan 29 16:11:38 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Jan 29 16:14:59 2026" }, "message": "Prevent the usage of RSA TPM keys that are incompatible with TLS 1.3\n\nWhen provisioning client certificates managed by Chrome, make sure to\ntest RSA keys created via a TPM on Windows to verify that they support\ngenerating RSA-PSS signatures with equal salt and digest lengths. This\nwould otherwise lead to have client certificates that would fail mTLS\nconnections by failing to sign a TLS 1.3 payload.\n\nThe new check is added during both key creation and key loading times.\nThe latter allows failing to load a previously-created invalid key,\neffectively forcing the provisioning service to provision a new identity\n(with a compatible key). This will help get users back on tracks, as\nbrowsers with \"broken\" certs will simply fix themselves upon restart.\n\nBug: 478227256\nChange-Id: Ifa3495edffc739474fbc110f857dc1adf0a7ec76\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7521786\nAuto-Submit: Sébastien Lalancette \u003cseblalancette@chromium.org\u003e\nReviewed-by: Monica Salama \u003cmsalama@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1576605}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 8c31d03a91d76ccc71d068e2b08d175d473911a1\n" }, { "commit": "f8d64cee5a2cb7c36c7740a47d945c42f567e298", "tree": "a494933ff07d64c0adce8146137a983596d984a1", "parents": [ "7515ada4c7b901b63c6c926ac59adf7b1f40c3b3" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu Jan 22 18:56:09 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Jan 22 18:58:47 2026" }, "message": "[dbsc] Refactor unexportable key deletion to use signing key objects\n\nRefactor the StatefulUnexportableKeyProvider interface to support\ndeleting keys using their signing key objects instead of just their\nwrapped representations.\n\nSpecifically, this change:\n- Renames the old DeleteSigningKeysSlowly (taking wrapped keys) to\n DeleteWrappedKeysSlowly.\n- Introduces a new DeleteSigningKeysSlowly that accepts a span of\n StatefulUnexportableSigningKey objects.\n- Updates UnexportableKeyServiceImpl and UnexportableKeyTaskManager\n to leverage the new method, passing the full key context.\n\nThis refactoring allows for more precise key deletion on Apple\nplatforms. On macOS, the keychain lookup now uses both the application\nlabel (from the wrapped key) and the application tag (from the signing\nkey metadata) to ensure the correct key is removed. This addresses an\nissue where multiple keys might share the same wrapped representation\nbut have different tags.\n\nBug: 476925548\nChange-Id: I187e9f8a23f5365750a95e59f44d22866a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7502476\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Daniel Rubery \u003cdrubery@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Slobodan Pejic \u003cslobodan@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1573179}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 421a039d18e7b03f0134937d9320b267604a080f\n" }, { "commit": "7515ada4c7b901b63c6c926ac59adf7b1f40c3b3", "tree": "2f7397a5f98563d4e508c0a00e920e60552f1ed6", "parents": [ "b75d1cc545eecddba323f5dcac959fcbc2e6667a" ], "author": { "name": "Julie Jeongeun Kim", "email": "jkim@igalia.com", "time": "Thu Jan 22 04:46:26 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Jan 22 04:48:33 2026" }, "message": "[tvos] Fix the build breaks in //crypto on tvOS\n\nThis excludes LocalAuthentication.framework when building the content\nshell on tvOS, as it is not available on that platform.\n\nBug: 432304211\nChange-Id: Idfb813cb5beff608516a3fec727d11124222ab5e\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7501775\nReviewed-by: Dave Tapuska \u003cdtapuska@chromium.org\u003e\nReviewed-by: Tom Sepez \u003ctsepez@chromium.org\u003e\nCommit-Queue: Julie Jeongeun Kim \u003cjkim@igalia.com\u003e\nCr-Commit-Position: refs/heads/main@{#1572741}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 09e1cd4ac8b23bd405c39aae91c3336b2323d1f8\n" }, { "commit": "b75d1cc545eecddba323f5dcac959fcbc2e6667a", "tree": "427f1f22fde9262e3c62d1a2872e09d118337ce9", "parents": [ "0e93b55ed7f9a6eecd60795080990a8dabaae2be" ], "author": { "name": "Gyuyoung Kim", "email": "gyuyoung@igalia.com", "time": "Sat Jan 17 05:36:56 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Sat Jan 17 05:39:25 2026" }, "message": "[iOS Blink][tvOS] Fix build break by adding crypto:test_support dependency\n\nAfter https://crrev.com/c/7414587 enabled\ncrypto/apple/unexportable_key_mac.mm on iOS,\nauthenticator_impl_unittest.cc requires headers from\n//crypto:test_support. This dependency was missing, causing build\nfailures on iOS Blink and tvOS. Also, unexportable_key_apple.mm uses\nLAContext, which is not available on tvOS. Thus, this CL disables the\nfiles on tvOS.\n\nBug: 432304211\nChange-Id: Id22d270c61c9007c4998fd7435fa8072bdf78ca8\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7487613\nReviewed-by: Tom Sepez \u003ctsepez@chromium.org\u003e\nReviewed-by: Dave Tapuska \u003cdtapuska@chromium.org\u003e\nCommit-Queue: Gyuyoung Kim \u003cgyuyoung@igalia.com\u003e\nCr-Commit-Position: refs/heads/main@{#1570746}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 7a77fe52e7fbc676291a32292e11f9204086588b\n" }, { "commit": "0e93b55ed7f9a6eecd60795080990a8dabaae2be", "tree": "46e0faf6c08f3ee041dba0a0ba82b59876fd2786", "parents": [ "79deeb9ecf123b2b04c36fee441b948d2a7dc36b" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Thu Jan 15 19:11:40 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Jan 15 19:13:32 2026" }, "message": "crypto/aead: store AEAD context for reuse\n\nThis is more efficient (we don\u0027t rerun the AES key schedule every\nSeal/Open op) and means that we don\u0027t need to store a raw_ptr to a\ncaller-owned key, which simplifies this class\u0027s lifetime invariants.\n\nThis change also adds a two-arg constructor:\n\n Aead(kind, key)\n\nwhich removes the need to call Aead::Init() separately with a key, and\nmarks the one-arg Aead constructor and Init() as deprecated, since\nthere\u0027s never a reason to construct an Aead instance before its key is\navailable.\n\nBug: 475891208\nChange-Id: I3159643f27b36ebc99f39075837517c6898cf4b6\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7477298\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1569902}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 9989ab0140a33ecc7ccd8ec0d7dcd0605c212e82\n" }, { "commit": "79deeb9ecf123b2b04c36fee441b948d2a7dc36b", "tree": "117b7f7fe02b0d296f72c47cd1a8d02b1092412c", "parents": [ "dfc9e3ae1ce6d381b589d4c015bdc0d4ff5c22c6" ], "author": { "name": "Anatoli Hancharou", "email": "antoli@google.com", "time": "Thu Jan 15 18:10:24 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Jan 15 18:12:42 2026" }, "message": "Enable support of crypto/apple/unexportable_key_mac.mm on iOS\n\nThis patch enables the compilation of `unexportable_key_mac` on iOS,\nallowing access to hardware-backed keys via the `UnexportableKey`\ninterface. The files and corresponding classes are renamed to correctly\nreflect the extended support of different Apple platforms. This change\nalso enables unit tests for unexportable key on iOS. The key will be\nused by the\ncomponents/enterprise/client_certificates/core/unexportable_private_key_factory.cc\nas described in the DD.\n\nDD: go/cbe-cep-client-certs-bling-dd\nBug: 432304211\nBypass-Check-License: files were renamed\nChange-Id: I1ea11f5caacb204c9e4854e7980b4505fb162dc0\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7414587\nReviewed-by: Charlie Harrison \u003ccsharrison@chromium.org\u003e\nReviewed-by: Aliaksei Bahdzevich \u003cthelex@google.com\u003e\nCommit-Queue: Anatoli Hancharou \u003cantoli@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1569845}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: f768cb466b3c594a8b55175be114908f80786719\n" }, { "commit": "dfc9e3ae1ce6d381b589d4c015bdc0d4ff5c22c6", "tree": "880876ab265f2264cd9030e1bb54bb4e0a652f2c", "parents": [ "04b844d639b9868c2e214ad2dff9c635f00f531c" ], "author": { "name": "Joe Downing", "email": "joedow@google.com", "time": "Wed Jan 14 23:42:05 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Jan 14 23:44:23 2026" }, "message": "Fixing a typo in Aead class impl\n\nWhile reading through this code I noticed that the private\nAead::Open function was operating on \u0027plaintext\u0027 which seemed to be a\ntypo as I think it should actually be \u0027ciphertext\u0027 since the function\nis decrypting content, not encrypting plaintext.\n\nBug: NO_BUG\nChange-Id: I8e4b7bc313d6437236eb8d4327ef9fc9801a8e24\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7476077\nCommit-Queue: Joe Downing \u003cjoedow@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1569389}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 17ad315fbea7b8a8c782589cba53b5ba71241156\n" }, { "commit": "04b844d639b9868c2e214ad2dff9c635f00f531c", "tree": "0c1a77e750fc47e0e8278f5fdfbd2b392619fc1b", "parents": [ "99fa327435481403df07c475c7c90380b3ddb06d" ], "author": { "name": "David Bienvenu", "email": "davidbienvenu@chromium.org", "time": "Wed Jan 14 19:36:32 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Jan 14 19:38:51 2026" }, "message": "Fix UNSAFE_TODOs in winrt_storage_util.cc\n\nMake CreateIBufferFromData take a span, and make GetPointerToBufferData\nreturn a span, and fix all the call sites.\n\nBug: 42271176\nChange-Id: I67c83f0a2078fbf8c482dd4a76687f7c0b978dba\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7376792\nReviewed-by: Tom Sepez \u003ctsepez@chromium.org\u003e\nCommit-Queue: David Bienvenu \u003cdavidbienvenu@chromium.org\u003e\nReviewed-by: Matt Reynolds \u003cmattreynolds@chromium.org\u003e\nReviewed-by: Takashi Toyoshima \u003ctoyoshim@chromium.org\u003e\nReviewed-by: Robert Liao \u003crobliao@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1569200}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e4201a28397a3f897b5cad65b30a29095b201292\n" }, { "commit": "99fa327435481403df07c475c7c90380b3ddb06d", "tree": "ac13a1c4d4c710556aa8d295416196493e73deb8", "parents": [ "d01adf020bea39eeeecef838af25e33dcc8cf69f" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Wed Jan 14 18:40:01 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Jan 14 18:42:27 2026" }, "message": "[dbsc] Remove DeleteSigningKeySlowly\n\nThis method is redundant because `DeleteSigningKeysSlowly` can handle\nboth single and multiple keys. Removing the singular version simplifies\nthe `StatefulUnexportableKeyProvider` interface.\n\nThis CL removes `DeleteSigningKeySlowly` and updates all existing call\nsites to use `DeleteSigningKeysSlowly` with a single-element initializer\nlist. Unit tests and mocks are updated to reflect this API change.\n\nChange-Id: I3936bf1bd5e1b30e5780de203bf351e661b25275\nBug: 455538832\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7409291\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Slobodan Pejic \u003cslobodan@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1569187}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: ed5561b91ae47ea23f4c5cbe750a71970ec721b9\n" }, { "commit": "d01adf020bea39eeeecef838af25e33dcc8cf69f", "tree": "228e78738ba0b165d3c7b4499f4290cf8d000d80", "parents": [ "0335e72a9da78a802e5230fb1072928f61870561" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Wed Jan 14 10:30:31 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Jan 14 10:32:19 2026" }, "message": "[dbsc] Add batch key deletion to UnexportableKeyService\n\nImplement `DeleteKeysSlowlyAsync` in `UnexportableKeyService` and its\nbackend implementations to allow deleting multiple keys in a single\noperation. Update the Mojo interface, task manager, and metrics to\nsupport this new capability.\n\nIn the macOS implementation, `DeleteSigningKeysSlowly` queries for all\nkeys matching the configuration and filters them by the provided wrapped\nkeys before deletion. This approach ensures correct behavior when\napplication tags are used as prefixes.\n\nRefactor `UnexportableKeyServiceImpl` to extract key map cleanup logic\ninto a new `DeleteKeyFromMaps` helper method.\n\nBug: 455539044\nChange-Id: Ib42c80507a88b6a054cd78dcd5d6efe9ac35ffbb\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7269484\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1568999}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 7ec6152d812e45d4bd472e9997c5054a5aaa1118\n" }, { "commit": "0335e72a9da78a802e5230fb1072928f61870561", "tree": "0ff838d8912e0ee68db8ce1e9f1289042c3594e1", "parents": [ "06ebfeedbb04736b6fd76eb45eb2a2984e2be82e" ], "author": { "name": "Joe Downing", "email": "joedow@google.com", "time": "Tue Jan 13 23:55:50 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Jan 13 23:58:34 2026" }, "message": "Add a helper function to generate a shared secret for ECDH P384\n\nThis CL adds a helper function to generate a shared secret when\nusing ECDH P384 using the same underlying code as the existing\nEcdhP256 helper function.\n\nBug: NO_BUG\nChange-Id: I8b3a2022420f603e577fb96db18dd4c5c0bcc671\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7454822\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: Joe Downing \u003cjoedow@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1568782}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 918ee605eed737ad5a119a8763cfe112c4f88e36\n" }, { "commit": "06ebfeedbb04736b6fd76eb45eb2a2984e2be82e", "tree": "5c542212e3b57eb74086243eac01201c7391643f", "parents": [ "43903f178a64ef2848a6e0bb7c9651dfbad1b49d" ], "author": { "name": "Maya Warren", "email": "mayawarren@google.com", "time": "Tue Jan 13 21:18:27 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Jan 13 21:21:31 2026" }, "message": "Add Keychain V1 functionality to KeychainV2\n\nThis is the first step in removing the Keychain V1 API.\n\nThis change:\n\n1. Moves functions `FindGenericPassword` and `AddGenericPassword` into\nkeychainV2 and updates their functionality to use the SecItem wrappers\nin keychainV2.\n\n2. Adds FindGenericPassword and AddGenericPassword to fake_keychain so\nthat this functions can be mocked correctly in test.\n\nBug: 441317288\nChange-Id: Ife322fb23f24c1eb9f457bc96e359220f1b95f9d\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7404806\nReviewed-by: Avi Drissman \u003cavi@chromium.org\u003e\nCommit-Queue: Maya Warren \u003cmayawarren@google.com\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1568672}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 614a8ffdbf538ac483934c50711cd8fcc878c728\n" }, { "commit": "43903f178a64ef2848a6e0bb7c9651dfbad1b49d", "tree": "7d05774a28cb336ccd1b455621e5d5cfc7876555", "parents": [ "cc9ad2cc753938b291bc25af9b0ba5a5f4900519" ], "author": { "name": "Victor Hugo Vianna Silva", "email": "victorvianna@google.com", "time": "Tue Jan 13 16:35:21 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Jan 13 16:37:20 2026" }, "message": "Migrate base::Contains() to std::ranges::contains() in crypto\n\nbase::Contains() is an alias to std::ranges::contains() since\ncrrev.com/c/7415207, so this CL has no behavior change.\n\nBug: 470391351\nChange-Id: I3117f1798550f62a12d148a19b37079485d7ed68\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7459682\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nAuto-Submit: Victor Vianna \u003cvictorvianna@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1568442}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 7470ddf76976fec43078be775a792009702cf01b\n" }, { "commit": "cc9ad2cc753938b291bc25af9b0ba5a5f4900519", "tree": "a65a294b227028379da78c177f11a302ff86d0c1", "parents": [ "793e01242deb48c7372a22468b9cd15e9a45c2c9" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Fri Jan 09 15:25:47 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Jan 09 15:28:40 2026" }, "message": "[dbsc] Log Secure Enclave key deletion errors\n\nThis patch adds metrics to track failures when deleting keys backed by\nthe Secure Enclave on macOS.\n\nIt introduces the `TPMOperation::kKeyDeletion` enum value and adds a\ncorresponding variant to the\n`Crypto.SecureEnclaveOperation.Mac.{Operation}.Error` histogram.\n\nThe implementation in `crypto/apple/unexportable_key_mac.mm` is updated\nto log errors in the following scenarios:\n* When the keychain `ItemDelete` operation fails in\n `DeleteSecureEnclaveKey`.\n* When querying for keys fails during `DeleteKey` or `DeleteAllKeys`.\n\nAdditionally, the `LogKeychainOperationError` helper functions are moved\nto the top of the file to ensure they are defined before use in the\ndeletion methods.\n\nBug: 455539044\nChange-Id: I9dd2b831cffb054c084e7c43556649dd43ad63bd\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7401573\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1566929}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: a6c114ba9d4d537d2220fc58fa898613ac96846d\n" }, { "commit": "793e01242deb48c7372a22468b9cd15e9a45c2c9", "tree": "125019bebf210144e40d521911b1e32016abde46", "parents": [ "2aea5f377be397294d949b2821e4b2064f97fadc" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu Jan 08 18:33:10 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Jan 08 18:36:02 2026" }, "message": "[dbsc] Support prefix matching in DeleteSigningKeySlowly\n\nRefactor `UnexportableKeyProviderMac` to use shared helper functions for\nquerying and filtering keychain items. This introduces `FindUnexportableKeys`\nand `FilterKeysByApplicationTag` to centralize keychain interactions.\n\nUpdate `DeleteSigningKeySlowly` to use these helpers, enabling it to\nidentify and delete keys based on an application tag prefix rather than\nrequiring an exact match. This aligns the deletion behavior with\nretrieval methods, which already supported prefix matching.\n\nUpdate `FromWrappedSigningKeySlowly`, `GetAllSigningKeysSlowly`, and\n`DeleteAllSigningKeysSlowly` to utilize the new infrastructure,\nreducing code duplication and simplifying maintenance.\n\nBug: 455539044\nChange-Id: I35a459e5f436701cd12c83b0fdc9deee6a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7367118\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1566412}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 45163bd44b5c70cc893d9a1ae04469462898be91\n" }, { "commit": "2aea5f377be397294d949b2821e4b2064f97fadc", "tree": "391de96733b199066a59e9edb57d9fcd6460f5be", "parents": [ "d5d935977d47eb3d585eb9b2034f5b6326d5592e" ], "author": { "name": "Victor Hugo Vianna Silva", "email": "victorvianna@google.com", "time": "Thu Jan 08 16:39:29 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Jan 08 16:42:02 2026" }, "message": "Migrate various base::Contains() to contains() in crypto\n\nBug: 470391351\nChange-Id: I69d2f3d86dc917014d1a5664659b2766a4a382c4\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7362193\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nAuto-Submit: Victor Vianna \u003cvictorvianna@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1566332}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: c3bb666941fd83e308fa68e0df72641341f3b0a3\n" }, { "commit": "d5d935977d47eb3d585eb9b2034f5b6326d5592e", "tree": "ef5d3cef2d6de26a1ecc7dc8e32520befed75cc6", "parents": [ "3726c72e3833f902e0fa737d2a405530afb4a8d9" ], "author": { "name": "Ernest Nguyen Hung", "email": "ernn@google.com", "time": "Wed Jan 07 10:14:16 2026" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Jan 07 10:17:44 2026" }, "message": "[crypto] Record `Crypto.TPMOperation.Win` uma on select alg errors\n\n`UnexportableKeyProviderWin::SelectAlgorithm` currently doesn\u0027t log any\nhistograms on errors making it hard to debug. It adds additional\nhistogram recording on select algorithm errors.\n\nBug: 470032205\nChange-Id: I5aef175bf9330b55aea50f3544766165e6e7d314\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7296230\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Ernest Nguyen Hung \u003cernn@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1565517}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 33fdf75161dfa94f567eb839999c121b341f82fc\n" }, { "commit": "3726c72e3833f902e0fa737d2a405530afb4a8d9", "tree": "edf4305757a1b8d83144fc4f607a6ed39e0394d6", "parents": [ "2b6e5f82d5f0cac64b8de776c9ba07bfbe32f046" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Mon Dec 15 19:54:37 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Dec 15 20:05:45 2025" }, "message": "[dbsc] Implement DeleteAllSigningKeys on Mac\n\nImplements `DeleteAllSigningKeysSlowly` in `UnexportableKeyProviderMac`.\nThe implementation queries the macOS Keychain for all EC keys within\nthe provider\u0027s access group.\n\nIt iterates through the results and filters them based on the\napplication tag. If the provider has a configured application tag, it\nperforms a prefix match. This allows a provider representing a broader\nscope to delete keys belonging to sub-scopes (e.g., a provider with tag\n\"com.example\" can delete keys tagged \"com.example.foo\").\n\nReturns the number of keys successfully deleted.\n\nBug: 455539044\nChange-Id: Ifa49846af42ce869c29593d7127b590b6a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7215949\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1558902}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: eb84b25e39bc19958c1d483e18d96865b09f28c0\n" }, { "commit": "2b6e5f82d5f0cac64b8de776c9ba07bfbe32f046", "tree": "17cefd734784420aa4a2b2d36c2fbae0b2a6ecc6", "parents": [ "08919b1578214d7a4c00d4ca93d764f8e31393f6" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Mon Dec 15 19:53:39 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Dec 15 19:56:35 2025" }, "message": "[dbsc] Add GetCreationTime to StatefulUnexportableSigningKey.\n\nThis change introduces a new method `GetCreationTime()` to the\n`StatefulUnexportableSigningKey` interface, allowing retrieval of the\ncreation time of a key.\n\nOn macOS, this time is read from the `kSecAttrCreationDate` attribute\nin the Keychain. The `UnexportableKeyService` and its Mojo proxy are\nupdated to expose this new property. Placeholder implementations are\nadded for other platforms and fakes.\n\nAn example usecase of this method is to perform safe garbage collection.\nDeletion operions can check the key\u0027s creation time to ensure no recent\nkeys will be deleted.\n\nBug: 455539044\nChange-Id: Idfa4c75bafa7b8c7fbd593fc5fea84087bc3a0c2\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7239132\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1558901}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 386685e3e67588d34a3e361f2da4f271bd82cd01\n" }, { "commit": "08919b1578214d7a4c00d4ca93d764f8e31393f6", "tree": "83a0ac2666fd6b16348046fb5ac06ff9be0d12cc", "parents": [ "67db053f37774dc5e74ba640905e77876428182b" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Mon Dec 15 19:53:23 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Dec 15 19:56:17 2025" }, "message": "[dbsc] Introduce StatefulUnexportableSigningKey and GetKeyTag\n\nThis change adds a new interface StatefulUnexportableSigningKey which\nextends UnexportableSigningKey with a GetKeyTag() method. This method\nreturns a platform-specific tag associated with the key.\n\nThe UnexportableKeyService interface is updated to include a GetKeyTag()\nmethod, which is implemented by downcasting to\nStatefulUnexportableSigningKey where supported. The Mojo interface and\nits proxy are also updated to pass the key tag.\n\nCurrently, only the macOS Secure Enclave implementation provides a\nnon-empty key tag, derived from the application tag. Other platforms\nreturn an empty string or indicate that the operation is not supported.\n\nBug: 455539044\nChange-Id: I7f59920e33f8c50d31fb2e35c6d226e93a0d07d6\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7221131\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1558900}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: be32c0a59d26036a8de566df86724057ef1f6c98\n" }, { "commit": "67db053f37774dc5e74ba640905e77876428182b", "tree": "b5f76ca1b9140cca5ac9f1831ff7e2320c6a6e0b", "parents": [ "ca4b9fa0157219cea1774e8a5b3b9a5e883c72b6" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Mon Dec 15 19:30:57 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Dec 15 19:33:10 2025" }, "message": "[dbsc] Repair unexportable keys from other profiles\n\nUpdate `UnexportableKeyProviderMac::FromWrappedSigningKeySlowly` to\nsearch for all keychain items matching a wrapped key\u0027s label, instead\nof restricting the query to the current application tag.\n\nWhen a key is found under a different application tag but is missing\nfor the current provider, create a new keychain entry by copying the\nexisting item and updating its application tag. This ensures keys can\nbe shared or recovered across different profiles.\n\nChange-Id: I71b86401347414ea3659686d43e779153ce1b258\nBug: 455539044\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7239127\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1558876}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: c389a6436ce96e1d95ba43fb1493523017a81dd0\n" }, { "commit": "ca4b9fa0157219cea1774e8a5b3b9a5e883c72b6", "tree": "d9656e3a5e610ea1f3911e8e9166b6be232825b7", "parents": [ "2ff07777ff499aa8aa983fca5a061f3c436f3f11" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Mon Dec 15 16:46:56 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Dec 15 16:49:46 2025" }, "message": "crypto: remove old HMAC API\n\nIt is deprecated and its last clients are now gone. Yay!\n\nFixed: 453961766\nChange-Id: Ie558c3173cbef59ded36260436c791a83ed82947\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7254696\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1558761}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 06d7910fe8afca146c00314ed2ab064b2f17b304\n" }, { "commit": "2ff07777ff499aa8aa983fca5a061f3c436f3f11", "tree": "0b99c2ad91ff4bef20f2a4847c72ec5de341be0e", "parents": [ "afd524f984677359bd697037fb199a9f39bd709e" ], "author": { "name": "Nina Satragno", "email": "nsatragno@chromium.org", "time": "Tue Dec 09 17:25:27 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Dec 09 17:27:31 2025" }, "message": "[crypto] Clean up kIsHardwareBackedFixEnabled\n\nClean up kIsHardwareBackedFixEnabled. It\u0027s been enabled long enough.\n\nBug: 416731926\nChange-Id: I8f542b3338eb742d7c195d777bbdc033298b281e\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7238634\nAuto-Submit: Nina Satragno \u003cnsatragno@chromium.org\u003e\nCommit-Queue: Sébastien Lalancette \u003cseblalancette@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Sébastien Lalancette \u003cseblalancette@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1556205}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 0933e7d9b9fdac923fd5851366e715b6f1e53bcf\n" }, { "commit": "afd524f984677359bd697037fb199a9f39bd709e", "tree": "6a76c0e50fe1fad434491ab4fc9f4ad3af4cce80", "parents": [ "738d3997a922c026992f5a28419b4aa3629b7413" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Tue Dec 09 08:18:49 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Dec 09 08:25:40 2025" }, "message": "[dbsc] Enable prefix matching for application tags on macOS\n\nModify `GetAllSigningKeysSlowly` to support prefix matching for\napplication tags, rather than enforcing exact matches via the Keychain\nquery.\n\nPreviously, the query included `kSecAttrApplicationTag`, which\nrestricted results to exact matches. This change removes that attribute\nfrom the `SecItemCopyMatching` query and instead filters the returned\nresults in software. This allows the retrieval of keys that share a\ncommon prefix, which is required for DBSC key management.\n\nAdd a helper function `GetApplicationTag` to handle application tags\nreturned as either `CFStringRef` (legacy) or `CFDataRef`. Update the\nheader documentation to reflect this platform-specific behavior.\n\nBug: 455539044\nChange-Id: I1b4be291d294cefece792eab884efc726a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7224056\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1555945}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 9539fbb843ac3f1375d3cb6f760035cd605c1eed\n" }, { "commit": "738d3997a922c026992f5a28419b4aa3629b7413", "tree": "48e00c439601a5f982286dc59efa94f73f38b5f8", "parents": [ "f728f694ad6f2fb97f03d5d6c09ad94fb04f40c4" ], "author": { "name": "Lei Zhang", "email": "thestig@chromium.org", "time": "Mon Dec 08 19:48:38 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Dec 08 19:52:40 2025" }, "message": "Remove a superfluous include from crypto/process_bound_string.h\n\nThis header does not use crypto/features.h. Avoid transitively including\nit in 2000+ TUs.\n\nBug: 40318405\nChange-Id: I13194a893b66cb13ff2c2e08158f07ddeb391d45\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7234709\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Lei Zhang \u003cthestig@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1555640}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 942f2e4d066827fca95e51fd80151fc8542bec18\n" }, { "commit": "f728f694ad6f2fb97f03d5d6c09ad94fb04f40c4", "tree": "3a834ce09185a36e2b9db509a6a35b94bfddaf96", "parents": [ "a48e1c0bef5e8fdcce21196407852c14d1a74ca6" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Thu Dec 04 20:59:07 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Dec 04 21:03:06 2025" }, "message": "metrics: base/hash/sha1 -\u003e crypto/obsolete/sha1\n\nLogInfo uses SHA-1 for hashing log data for unsent logs. This is used to\nstore a hash of the log SHA-1 to catch errors from memory corruption\nwithin `unsent_log_store`. This gets written and restored from disk.\nSHA-1 is also being used for setting the kStabilitySavedSystemProfile\nhash within `environment_recorder.cc`.\n\nBecause these could affect retrieving prior user preference data and\nmetrics, this CL migrates to using the crypto/obsolete SHA-1 library.\nMechanical change, no expected behavior change.\n\nBug: 430344933\nChange-Id: Icc224caf4af32162a416c0fb0f62e524b507dbf1\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7159550\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: Alexei Svitkine \u003casvitkine@chromium.org\u003e\nCommit-Queue: Antonio Alphonse \u003calphonsea@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1554241}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: fe056840db0f047b59790e1db2b6813fd5e036f0\n" }, { "commit": "a48e1c0bef5e8fdcce21196407852c14d1a74ca6", "tree": "08e56a4e96c63dcd33aef9d98b8e9ad9007a6803", "parents": [ "d37bccfb8b9418a763cb22dfb25d0471eb8f7d40" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu Dec 04 19:59:18 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Dec 04 20:07:36 2025" }, "message": "[dbsc] Implement GetAllSigningKeys on Mac\n\nImplements `UnexportableKeyProviderMac::GetAllSigningKeysSlowly` using\n`SecItemCopyMatching`. This enables the retrieval of all available\nhardware-bound EC keys associated with the provider\u0027s configured\naccess group and application tag.\n\nThe query specifically filters for `kSecAttrKeyTypeECSECPrimeRandom`.\nIf the keychain returns `errSecItemNotFound`, the method returns an\nempty vector instead of treating it as a failure.\n\nBug: 455539044\nChange-Id: I2cda3198957e41de7824d97de66665fc6a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7214812\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1554195}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: a506a1432c5fb6472f7d7790fbaa028d3bd292a2\n" }, { "commit": "d37bccfb8b9418a763cb22dfb25d0471eb8f7d40", "tree": "c757ba649f16c358a98d8751a006273728b60030", "parents": [ "03fb7f7d4edfb029ee462ed03717f1b91d1a2e19" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Tue Dec 02 21:29:29 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Dec 02 21:31:53 2025" }, "message": "net/cert: base/hash/sha1 -\u003e crypto/obsolete/sha1\n\nIn trust_store_nss.cc, SHA-1 is used to get the hash of a NSS\nCertificate in order to determine if the cert hash matches with the\nrequested trust object. In trust_store_win.cc, SHA-1 is used on a\ncertificate to determine what type of CertTrust is applied to it, which\nis done by searching for the certificate through three different stores.\nSince these cert stores seem to be stored externally, we should continue\nusing SHA-1, and migrate to using the crypto/obsolete API.\n\nSHA-1 is used to extract the SCTList from an OCSP response, deriving an\nissuer_key to check across using both SHA-256 and SHA-1. This is needed\nsince some issuers may still use SHA-1.\n\nRequired for backward compatibility with existing OCSP, NSS, and Win32\nAPIs. Migrate to the non-deprecated API. Mechanical change, no expected\nbehavior change.\n\nBug: 430344933\nChange-Id: Ic34e1e4c82e793a78a9eae1bd1a8000130bd4acb\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7170085\nCommit-Queue: Antonio Alphonse \u003calphonsea@google.com\u003e\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1553058}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: ded14d3cf112d3ae6296ae35ad548520edb761ec\n" }, { "commit": "03fb7f7d4edfb029ee462ed03717f1b91d1a2e19", "tree": "c88ef752e40084dcd5b24e66a0ab22e11456986d", "parents": [ "a0f3709c6ec880054aee7c22ab48cd8a68494163" ], "author": { "name": "Mark Cogan", "email": "marq@chromium.org", "time": "Mon Dec 01 18:47:00 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Dec 01 18:50:09 2025" }, "message": "[iOS] Extend keychain access migration to all use cases.\n\nContext: crrev.com/c/6455066 migrated password storage in\ncrypto/apple/keychain_secitem.mm to kSecAttrAccessibleAfterFirstUnlock\naccessibility from kSecAttrAccessibleWhenUnlocked on iOS, for better\ncompatibility with background app launches.\n\nIt turns out that two other code paths were writing keychain items with\nkSecAttrAccessibleWhenUnlocked accessibility, so this CL adds similar\ncode to migrate them. Common code for this process is factored into\nhelper methods in keychain_util.h/.mm.\n\nChange-Id: I1b17f5a8bfe0826dfe3d2c27be0630a956990a30\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7177648\nReviewed-by: Vasilii Sukhanov \u003cvasilii@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Tommy Martino \u003ctmartino@chromium.org\u003e\nCommit-Queue: Mark Cogan \u003cmarq@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1552273}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 085fdc7cb5b5cdf8f51413315b1576be9460aee2\n" }, { "commit": "a0f3709c6ec880054aee7c22ab48cd8a68494163", "tree": "4a2f3a5be0366561e2b0fcb5f510dd72a2622f8e", "parents": [ "285ada7f3fd687abef364d9c4a30fe0398d940a3" ], "author": { "name": "Lei Zhang", "email": "thestig@chromium.org", "time": "Tue Nov 25 22:13:57 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Nov 25 22:17:33 2025" }, "message": "Remove superfluous base/feature_list.h includes from various headers\n\nRemove base/feature_list.h includes from headers that do not reference\nbase::FeatureList, BASE_DECLARE_FEATURE, etc. Then do IWYU to fix the\nbuild.\n\nBug: 40318405\nChange-Id: Ic3246984e47519b41ee33b54805dcabe42782b87\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7190133\nReviewed-by: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCommit-Queue: Lei Zhang \u003cthestig@chromium.org\u003e\nOwners-Override: Daniel Cheng \u003cdcheng@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1550068}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: c550253dfa0571d25c979719865e0e3a93d7d0dc\n" }, { "commit": "285ada7f3fd687abef364d9c4a30fe0398d940a3", "tree": "bed921aa657a8e9622265d52713d2eb56529ee0d", "parents": [ "563cdad4f0333c70785872e87ff50fdee193bcc7" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Mon Nov 24 16:12:53 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Nov 24 16:15:27 2025" }, "message": "policy: base/hash/sha1 -\u003e crypto/obsolete/sha1\n\nRequired for backward compatibility with the client_id derived from\n/etc/machine-id, which is used as a filename for storing the DM token.\n\nDM tokens are associated by hashed client IDs, and are stored on-disk.\nChanging the hashing algorithm for the client id may break already\nexisting enrollments or create twin enrollments (that is, enrollments\nwith different client information, but the same DM token). This could\nlead to issues with fetching policies and providing browser status\nreports. Because of this, this change migrates to the non-deprecated\nAPI.\n\nThis should be a mechanical change, with no expected behavior change.\n\nBug: 430344933\nChange-Id: If847524a2c8bf30f5e251d07b77fd79d429cf561\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7142339\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nCommit-Queue: Antonio Alphonse \u003calphonsea@google.com\u003e\nReviewed-by: Christoph Schwering \u003cschwering@google.com\u003e\nReviewed-by: Igor \u003cigorcov@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1549215}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: d3e0c56cb033478007ac552d71ea0764c1b6e495\n" }, { "commit": "563cdad4f0333c70785872e87ff50fdee193bcc7", "tree": "f2565a0e774f86016814aac8193902414819e4f7", "parents": [ "372729c30078c39b9daa7836e394f2548cdded20" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Thu Nov 20 20:59:46 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Nov 20 21:01:58 2025" }, "message": "crypto/keypair: rename ToUncompressedForm to ToUncompressedX962Point\n\nThe new name is more precise. No functional change.\n\nFixed: 432219819\nChange-Id: Ie39b5f018eac77523b7da2f7408bd12e3e8a86b8\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7174004\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Peter Beverloo \u003cpeter@chromium.org\u003e\nReviewed-by: Martin Kreichgauer \u003cmartinkr@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Michael Ershov \u003cmiersh@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1548023}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: ad798170f561f7a05a64d60dd1889766b6b71f0d\n" }, { "commit": "372729c30078c39b9daa7836e394f2548cdded20", "tree": "b92563b4c66b5f6cdffee16a85758827d8f16523", "parents": [ "e1ced3aa90fa44ea0ada8776023bfa4a20b1733b" ], "author": { "name": "Elly", "email": "ellyjones@chromium.org", "time": "Thu Nov 20 16:23:51 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Nov 20 16:26:34 2025" }, "message": "crypto/sign: support more RSA signature schemes\n\nSpecifically:\n* PKCS1v1.5-SHA384\n* PKCS1v1.5-SHA512\n* PSS-SHA384\n* PSS-SHA512\n\nEach of these have at least a couple of users in Chromium, and\nsupporting them costs very little extra complexity.\n\nFixed: 434006732\nChange-Id: I2804b63d2ccf54d28d5fb12e67ff014308c74614\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7173689\nReviewed-by: Matt Mueller \u003cmattm@chromium.org\u003e\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1547853}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 08ff8521a9c62391406e7b29dd6ae7bc7fdd1255\n" }, { "commit": "e1ced3aa90fa44ea0ada8776023bfa4a20b1733b", "tree": "04b393a662f5fe851cba9731a2fa5403e4eb76d7", "parents": [ "63c3fcd00e53a3b6ef3f5ec7ab5cd0910e6f6657" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu Nov 20 14:24:35 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Nov 20 14:27:13 2025" }, "message": "[dbsc] Add DeleteAllSigningKeysSlowly to StatefulUnexportableKeyProvider.\n\nThis change introduces a new method, `DeleteAllSigningKeysSlowly`, to\nthe `StatefulUnexportableKeyProvider` interface. This method allows for\nthe deletion of all signing keys matching the provider\u0027s configuration.\nThe macOS implementation is currently a stub, and the mock and fake\nimplementations are updated to include this new method.\n\nBug: 455539044\nChange-Id: I0c7d657e2f91825c83712ae5c58512948e31e05c\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7159235\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1547783}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 39ac517416a6790f9f28802ec863ce91ea041fdb\n" }, { "commit": "63c3fcd00e53a3b6ef3f5ec7ab5cd0910e6f6657", "tree": "cddd88115d5c7143e979f6f7bac3cd526e151321", "parents": [ "984c146668917ea06d7adf8fb67af63db51756a4" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu Nov 20 14:00:46 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Nov 20 14:14:01 2025" }, "message": "[dbsc] Add GetAllSigningKeysSlowly to StatefulUnexportableKeyProvider.\n\nThis new method allows retrieving all previously stored unexportable\nsigning keys. It is marked \"Slowly\" because it may block and should not\nbe called on the UI thread. Implementations are added for mock and test\nclasses, and a stub is added for the macOS implementation.\n\nBug: 455539044\nChange-Id: Iec10bac89fdf1f6a0b82ca3ad4442f126a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7150845\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1547769}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: bdc660602d84e4962638d4eeb1cbe93c3d349eb5\n" }, { "commit": "984c146668917ea06d7adf8fb67af63db51756a4", "tree": "19452a36ee2f928cb43e0a5e413be0178f9e280a", "parents": [ "d55ba90b35b5c7464f6c4b2d887e0738a418d246" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Thu Nov 20 13:54:34 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Nov 20 14:03:23 2025" }, "message": "[dbsc] Refactor UnexportableKeyProvider to separate stateful operations.\n\nThis change introduces a new interface, StatefulUnexportableKeyProvider,\nwhich inherits from UnexportableKeyProvider. The DeleteSigningKeySlowly\nmethod is moved from UnexportableKeyProvider to\nStatefulUnexportableKeyProvider. Implementations that manage key state,\nsuch as UnexportableKeyProviderMac, now inherit from\nStatefulUnexportableKeyProvider. Stateless implementations, like the\nsoftware and Windows providers, do not. Callers wishing to delete keys\nmust now first check if the provider supports stateful operations by\ncalling AsStatefulUnexportableKeyProvider(), which returns a pointer to\nthe StatefulUnexportableKeyProvider interface if supported, or nullptr\notherwise.\n\nBug: 455539044\nChange-Id: I81a25abbd4664d70b8c11bbec066f33986e35059\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7170720\nReviewed-by: Alex Ilin \u003calexilin@chromium.org\u003e\nAuto-Submit: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1547767}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 0902192db070d92e265673e249d1da2f53296c00\n" }, { "commit": "d55ba90b35b5c7464f6c4b2d887e0738a418d246", "tree": "ddcafbaa71ae3530e348c55eaf42f9d0f5177fb3", "parents": [ "03f2fbb56ff57df11a22f3a667c5650d90d83a15" ], "author": { "name": "David Benjamin", "email": "davidben@chromium.org", "time": "Wed Nov 19 00:16:47 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Nov 19 00:27:33 2025" }, "message": "Switch to size_t-based and bounds-checked EVP_CIPHER APIs\n\nThe new APIs are size_t-based and pass in the output bounds explicitly,\nso we can avoid worrying about size_t vs int overflows and if we size\nthe buffers wrong, the function will just fail instead of going out of\nbounds.\n\nBug: 42290361\nChange-Id: Ia2c7874f64f4aceb939fb0b9ec8c834913273a75\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7159021\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Dale Curtis \u003cdalecurtis@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1546870}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e07db009e5897bf9e697a39512367698223ef7b4\n" }, { "commit": "03f2fbb56ff57df11a22f3a667c5650d90d83a15", "tree": "da58b10d8c25e230a6405005f8e0e0f91ac4cacc", "parents": [ "ad24bdefe2a05de63df110e1e62cdc45b35dc890" ], "author": { "name": "Maya Warren", "email": "mayawarren@google.com", "time": "Tue Nov 18 21:48:24 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Nov 18 21:50:35 2025" }, "message": "Move ScopedKeychainUserInteractionAllowed class into keychainV2.\n\nMoving this because of the plan to unify keychain.h and keychainV2.h and\ndeprecate keychain.h and any files associated with it.\n\nI ported this class with no changes for now, since this has been\ndeprecated by Apple\n\nhttps: //source.chromium.org/chromium/chromium/src/+/main:crypto/apple/keychain.cc;l\u003d26;drc\u003dd1a1796ce21c6dcd1e94fafb7a4a8ef10839b904.\nBug: 441317288\nChange-Id: I1fe1294ce868725b00158fafba375e68f22c12f4\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7118562\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Avi Drissman \u003cavi@chromium.org\u003e\nCommit-Queue: Maya Warren \u003cmayawarren@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1546790}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: cc1a44a0893dbb937eadcfea9c4bdd1691262e7c\n" }, { "commit": "ad24bdefe2a05de63df110e1e62cdc45b35dc890", "tree": "2584c5d33be2ac78c2d5ca61b4a64e0bfc0a9297", "parents": [ "1c1eaaf31c9cb5479b0cce8d01726c4f966049bb" ], "author": { "name": "Avi Drissman", "email": "avi@chromium.org", "time": "Fri Nov 14 22:26:41 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Nov 14 22:29:10 2025" }, "message": "Remove a helper function\n\nThe helper function CFDataToVec is replaceable by standard base::\nfunctionality, so do so.\n\nBug: none\nChange-Id: I072297534ea2a00a46f4a7aeaa9a93731b0987c8\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7157359\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Avi Drissman \u003cavi@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1545259}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 7bf112946f42a4c20971df9b96a0f3ba0a3f5d23\n" }, { "commit": "1c1eaaf31c9cb5479b0cce8d01726c4f966049bb", "tree": "af58aea2fdeeb13d7749f0621ab69a797aa1ff9a", "parents": [ "c71aafeaba69f7f155a3207cfd9346e09673437e" ], "author": { "name": "Arthur Sonzogni", "email": "arthursonzogni@chromium.org", "time": "Fri Nov 14 18:48:08 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Nov 14 18:50:36 2025" }, "message": "Convert to UNSAFE_TODO in crypto\n\nThis is an automated #cleanup patch using the [Script] below.\n\nWe are migrating from coarse-grained file-level suppression (#pragma\nallow_unsafe_buffers) to granular, expression-level markers\n(UNSAFE_TODO()). The pragma disables safety checks for an entire file,\nwhereas UNSAFE_TODO() isolates specific potentially unsafe operations, allowing\nthe rest of the file to be enforced as safe.\n\nThis CL was uploaded by an experimental version of git cl split\n(https://crbug.com/389069356).\n\nScript: https://docs.google.com/document/d/1ORQGBNn2R-CEvNbDTjRd-GrOBOFlCxIHdcvSUA_EhR4/edit?usp\u003dsharing\nAX-Relnotes: N/A\nCleanup: This is an automated #cleanup.\nBug: 409340989\nChange-Id: I22ab9e8b9f0198a6769243bc28d2b8e6013387ad\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7131801\nAuto-Submit: Arthur Sonzogni \u003carthursonzogni@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1545102}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: f11dcc490679aefc6e9bfd43ac4e926b4abf6c6a\n" }, { "commit": "c71aafeaba69f7f155a3207cfd9346e09673437e", "tree": "9678c3a843a9e1a642e11f839b4ca9cece8de123", "parents": [ "2a06a016af037b236ba7ba5850df0160938011c1" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Fri Nov 14 16:29:48 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Nov 14 16:40:38 2025" }, "message": "kcer: base/hash/sha1 -\u003e crypto/obsolete/sha1\n\nRequired for backward compatibility with how NSS generated CKA_ID for\nkeys. Migrate to the non-deprecated API. Mechanical change, no expected\nbehavior change.\n\nBug: 430344933\n\nChange-Id: I71bbde3c0b69ad957f1f81d68d089fe7314396b5\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7132639\nReviewed-by: Mitsuru Oshima \u003coshima@chromium.org\u003e\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nAuto-Submit: Antonio Alphonse \u003calphonsea@google.com\u003e\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1544990}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 7af7fa05d14fa62d7f174fea855d756a824d27f9\n" }, { "commit": "2a06a016af037b236ba7ba5850df0160938011c1", "tree": "d071610f1b1d92e69f6910d59ae49fda4efb108b", "parents": [ "7dddfafc1510a8b6b01766cb9735b4037eafcd8f" ], "author": { "name": "Jan Wilken Dörrie", "email": "jdoerrie@chromium.org", "time": "Wed Nov 12 20:51:27 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Nov 12 21:04:02 2025" }, "message": "[dbsc] Use application tag for key deletion\n\nPreviously, unexportable keys were deleted using only the\n`kSecAttrApplicationLabel` (credential ID).\n\nThis patch updates the key deletion logic to also use\n`kSecAttrApplicationTag` as an additional identifier.\n\nSpecifically:\n* `UnexportableKeyProvider` now sets `kSecAttrApplicationTag`\n when deleting a key from the keychain.\n* `FakeKeychainV2::ItemDelete` is modified to require both\n `kSecAttrApplicationTag` and `kSecAttrApplicationLabel` to\n match before deleting a keychain item.\n* A new `Matches` helper is added to `FakeKeychainV2` to\n simplify attribute matching logic.\n\nBug: 455539044\nChange-Id: I6398591eb61aef9530aa397a69e4dccf6a6a6964\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7141381\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: Jan Wilken Dörrie \u003cjdoerrie@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1543909}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 60f88a6c3888c0f0419f2d810193cad2b0a3b491\n" }, { "commit": "7dddfafc1510a8b6b01766cb9735b4037eafcd8f", "tree": "d53be2a1e06ee7f99a952f88fd41b017c6b3410c", "parents": [ "f96e49dc5aff53a4e5dbbf8a8c7ff5ee260a23f6" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Wed Nov 12 17:06:29 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Nov 12 17:11:07 2025" }, "message": "ash/arc: base/hash/sha1 -\u003e crypto/obsolete/sha1\n\nThis CL changes from using base/hash\u0027s SHA-1 interface for using\ncrypto/obsolete\u0027s. Both do the same SHA-1 hashing operation, just\ndifferent locations.\n\nThe change happening here affects when we set the\n`play_terms_of_service_hash` field within arc_support_host.cc. It is\nstated in the user_consent_types proto for ArcPlayTermsOfServiceConsent\nthat play_terms_of_service_hash uses a SHA-1 hashed string of the terms\nof service displayed. Since this field is used in files outside of only\njust arc_support_host.cc, it would be best to perform a full change to\nusing SHA-256 for this field in another set of CLs.\n\nBug: 430344933\nChange-Id: I739e14a54f954194221512a57c51eb7401056643\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7049121\nCommit-Queue: Kyle Horimoto \u003ckhorimoto@chromium.org\u003e\nAuto-Submit: Antonio Alphonse \u003calphonsea@google.com\u003e\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Kyle Horimoto \u003ckhorimoto@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1543782}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 8c8fdc579436b143ac165cd85460fdf2f5f8cdc6\n" }, { "commit": "f96e49dc5aff53a4e5dbbf8a8c7ff5ee260a23f6", "tree": "4d716644144ad1937491d025f7feaed5734a88aa", "parents": [ "b98c0647d6fb5bd3fe6ddc1c22b7e25668bde0b4" ], "author": { "name": "David Benjamin", "email": "davidben@chromium.org", "time": "Thu Nov 06 18:30:35 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Nov 06 18:36:48 2025" }, "message": "Migrate other code to HexEncodeLower\n\nBug: 456472080\nChange-Id: I259cf7681327e674de425284d1113b5fcdb92bb7\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7109151\nReviewed-by: Mitsuru Oshima \u003coshima@chromium.org\u003e\nReviewed-by: Jamie Walch \u003cjamiewalch@chromium.org\u003e\nReviewed-by: David Roger \u003cdroger@chromium.org\u003e\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1541309}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 0c1b535076e36622eec39515761eb72d81c04db0\n" }, { "commit": "b98c0647d6fb5bd3fe6ddc1c22b7e25668bde0b4", "tree": "eca473aef1713d64d02418b37a5a5a73c2665c37", "parents": [ "efd3ba7aaf1672c70f036482a1261ef45e239c14" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Thu Nov 06 00:25:42 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Nov 06 00:28:19 2025" }, "message": "ash/wallpaper: base/hash/sha1.h -\u003e crypto/obsolete/sha1.h\n\nSHA-1 is currently being used inside of HashWallpaperFilesIdStr to\ndefine a hashed id for wallpaper files. This function is meant to be a\nway to identify users\u0027 wallpaper files in the filesystem. Since changing\nthe hashing algorithm from SHA-1 to another may cause users\u0027 wallpapers\nto become lost, we should hold off on switching to SHA-256 (or another\nhashing method) for wallpaper file IDs.\n\nThis CL instead migrates to using crypto/obsolete/sha1.h instead of\nbase/hash/sha1.h. Both function the exact same, they\u0027re just in\ndifferent locations.\n\nBug: 430344933\nChange-Id: I4b85a014a35becc0daff1355369729fbdfeef843\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7119618\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nAuto-Submit: Antonio Alphonse \u003calphonsea@google.com\u003e\nCommit-Queue: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1540939}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 176786f25071c80b85f0ec5064b10c9d06490cec\n" }, { "commit": "efd3ba7aaf1672c70f036482a1261ef45e239c14", "tree": "828b272244f21f8e86799eed1e73206b59ee499a", "parents": [ "2d2990ee3f118db148852fadb217dff61fd271c9" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Mon Nov 03 17:44:25 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Nov 03 18:13:17 2025" }, "message": "spotlight: base/hash/md5 -\u003e crypto/obsolete/md5\n\nRequired for backward compatibility with existing on-device Spotlight\nindices. Migrate to the non-deprecated API.\n\nBug: 406729261, 456473948\nChange-Id: I949b1627f5fdc9c03680d81c975acfcb642a6273\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7101962\nReviewed-by: Olivier Robin \u003colivierrobin@chromium.org\u003e\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: Ameur Hosni \u003cameurhosni@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1539420}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 3e9543167938506985a9f178c6a5f9a46dff10dd\n" }, { "commit": "2d2990ee3f118db148852fadb217dff61fd271c9", "tree": "db9d35e1745cc56c39edb400838fa3b53d68adb4", "parents": [ "dcf18ccf05aaa400c3c258af776d90512226386e" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Mon Nov 03 17:43:38 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Nov 03 17:49:42 2025" }, "message": "hunspell: base/hash/md5 -\u003e crypto/obsolete/md5\n\nMD5 is required for backward compatibility with the existing BDict\nfile format (version 2.0+). Migrate to the non-deprecated API in\ncrypto/obsolete/md5.h.\n\nBug: 406729261\nChange-Id: I1fdcbaa357f5b7a5d6bda7b354dfbf24feef377c\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7100903\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Darren Shen \u003cshend@chromium.org\u003e\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1539419}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 1f261833054746e1d0b16d17250fe782a48d1251\n" }, { "commit": "dcf18ccf05aaa400c3c258af776d90512226386e", "tree": "8d1848e104ef1e7e6eb9f53e1ebd1167b61e5ea1", "parents": [ "03705ef29243db879615f52eae914be84cb3aac1" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Mon Nov 03 16:37:54 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Nov 03 16:40:37 2025" }, "message": "net/websockets: base/hash -\u003e crypto/obsolete\n\nThis CL changes from using base/hash\u0027s SHA-1 interface for using\ncrypto/obsolete\u0027s. Both do the same SHA-1 hashing operation, just\ndifferent locations. This can\u0027t be currently migrated to another hashing\nfunction due to the outlined description under IETF\u0027s RFC6455 document\n(see https://www.rfc-editor.org/rfc/rfc6455#section-10.8).\n\nBug: 430344933\n\nChange-Id: I84d6b7ef36ab66d3c43b48de20673b214037279b\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7093397\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nAuto-Submit: Antonio Alphonse \u003calphonsea@google.com\u003e\nCr-Commit-Position: refs/heads/main@{#1539376}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 03388417211db7b014efc6e8189c5cce234ada36\n" }, { "commit": "03705ef29243db879615f52eae914be84cb3aac1", "tree": "0f378d28a6b4e20fd656324c4524cf2cce828773", "parents": [ "8c3a0cc9eaf6b72dbd157fb1617d235ec0087e86" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Thu Oct 30 20:43:23 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Oct 30 20:46:03 2025" }, "message": "components/cross_device/nearby: base/hash/md5 -\u003e crypto/obsolete/md5\n\nRequired for backward compatibility with Nearby library interface.\nMigrate to the non-deprecated API.\n\nBug: 406729261\nChange-Id: I371b2c55d264972500847ed48091c61d0c5cf2ac\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7084697\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: Ryan Hansberry \u003chansberry@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1538150}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 72aad353c303429dec50a7a1fe82d9e11fa7a595\n" }, { "commit": "8c3a0cc9eaf6b72dbd157fb1617d235ec0087e86", "tree": "d7a01a1ffaf33a5d21e18138ff635cdffc81a5df", "parents": [ "823fca279587a0a22c2808bef01570d9a9b6a933" ], "author": { "name": "Antonio Alphonse", "email": "alphonsea@google.com", "time": "Thu Oct 30 20:22:04 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Oct 30 20:24:27 2025" }, "message": "ash/login: base/hash -\u003e crypto/obsolete/sha1\n\nTo mirror what was discussed in the bug linked, we\u0027re moving from using\nbase/hash to using obsolete/sha1. Both have the same functionality, so\nthere should be no gaps. The new API (despite how it\u0027s named) isn\u0027t\ndeprecated.\n\nBug: 430344933\nChange-Id: I381cf5673d5dd071a07d61df332e205af210a9bd\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7049919\nReviewed-by: Osama Fathy \u003cosamafathy@google.com\u003e\nReviewed-by: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nCommit-Queue: Antonio Alphonse \u003calphonsea@google.com\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1538114}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: e38fe99a926de2d495def5aa88abf8eeef56495f\n" }, { "commit": "823fca279587a0a22c2808bef01570d9a9b6a933", "tree": "449b4b633cb2113aef92bad58ce181784ea7b8d8", "parents": [ "2d63ff0801f6ff27cebb66f871cae5a3b17c7b4c" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Thu Oct 30 17:41:11 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Oct 30 17:47:52 2025" }, "message": "content: base/hash/md5 -\u003e crypto/obsolete/md5 in web_test\n\nMigrate to the non-deprecated API.\n\nMD5 is permanently required here because many of these baselines are\npart of Web Platform Tests (WPT) and are shared with other browsers,\nmaking it infeasible to change the hashing algorithm unilaterally.\n\nThis CL renames the existing Md5OfPixelsAsHexForWebTests to\nMd5AsHexForWebTestPixels and moves its implementation to separate\nfile so that it can be used by the two clients in\n//content/web_test/\n\nBug: 406729261\nChange-Id: I06c997792894aa90aabb73b1c275eebbba09e0b6\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7096130\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Mike West \u003cmkwst@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1538047}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 170914bb1a04469bdc4a3056b96270a9c5a59c9a\n" }, { "commit": "2d63ff0801f6ff27cebb66f871cae5a3b17c7b4c", "tree": "0bc6b7256edfffd86126f0707355a904eb419a48", "parents": [ "1e3d45a6b66b4756744137312c6f70a2e56fa7ee" ], "author": { "name": "Stacy Gaikovaia", "email": "gaiko@google.com", "time": "Thu Oct 30 15:32:48 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Oct 30 15:34:52 2025" }, "message": "Revert \"components/bookmark_codec: stop writing md5\"\n\nThis reverts commit 82a1e08948042a0da715d30a5f221c97d63ddf79.\n\nReason for revert: Previous CL found to break things.\nBug: 456225717\n\nOriginal change\u0027s description:\n\u003e components/bookmark_codec: stop writing md5\n\u003e\n\u003e Stop reading and writing MD5 and remove killswitch\n\u003e EnableBookmarkCodecSHA256. This completes the migration from md5 to\n\u003e sha256.\n\u003e\n\u003e This cl is a follow-up of crrev.com/c/6710952.\n\u003e\n\u003e Fixed: 426243026\n\u003e Change-Id: I2ce54daee29bbef232a8a267878c410f364c5042\n\u003e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7087011\n\u003e Commit-Queue: Stacy Gaikovaia \u003cgaiko@google.com\u003e\n\u003e Reviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\n\u003e Reviewed-by: Sylvain Defresne \u003csdefresne@chromium.org\u003e\n\u003e Cr-Commit-Position: refs/heads/main@{#1537920}\n\nNo-Presubmit: true\nNo-Tree-Checks: true\nNo-Try: true\nChange-Id: I51058d5fc35953b714a0cfa235ab229e2aca1752\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7101063\nReviewed-by: Mikel Astiz \u003cmastiz@chromium.org\u003e\nOwners-Override: Srinivas Sista \u003csrinivassista@chromium.org\u003e\nBot-Commit: Rubber Stamper \u003crubber-stamper@appspot.gserviceaccount.com\u003e\nCommit-Queue: Srinivas Sista \u003csrinivassista@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1537959}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: d0103af92207f319ecdac989eb5d021da2dc2652\n" }, { "commit": "1e3d45a6b66b4756744137312c6f70a2e56fa7ee", "tree": "ec2faffb1a93af258ca5d6698306c48c56cbed43", "parents": [ "1096e3748814362b9a39ba592ae15e6120a72510" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Thu Oct 30 14:57:46 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Oct 30 15:04:25 2025" }, "message": "segmentation_platform: base/hash/md5 -\u003e crypto/obsolete/md5\n\nThere should be no change in behavior. The previous and new\nimplementations are equivalent.\n\nRequired for backward compatibility with existing on-disk data. Migrate\nto the non-deprecated API.\n\nThis could be migrated to a safer hash in the future with a proper\nmigration strategy.\n\nBug: 406729261, 455854083\nChange-Id: I3196de19adf47f5a8c8da64f4b3d48946a617102\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7091793\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: Siddhartha S \u003cssid@chromium.org\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1537933}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 179e905c4918e3582bb188d8a97417895c521ed4\n" }, { "commit": "1096e3748814362b9a39ba592ae15e6120a72510", "tree": "c3928aae0c538afcd7d4c791c51976d5fe111df0", "parents": [ "2f374c0c90116be76ba6c16ae494cd249be35b09" ], "author": { "name": "Stacy Gaikovaia", "email": "gaiko@google.com", "time": "Thu Oct 30 14:49:44 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Thu Oct 30 14:52:46 2025" }, "message": "components/bookmark_codec: stop writing md5\n\nStop reading and writing MD5 and remove killswitch\nEnableBookmarkCodecSHA256. This completes the migration from md5 to\nsha256.\n\nThis cl is a follow-up of crrev.com/c/6710952.\n\nFixed: 426243026\nChange-Id: I2ce54daee29bbef232a8a267878c410f364c5042\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7087011\nCommit-Queue: Stacy Gaikovaia \u003cgaiko@google.com\u003e\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Sylvain Defresne \u003csdefresne@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1537920}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 82a1e08948042a0da715d30a5f221c97d63ddf79\n" }, { "commit": "2f374c0c90116be76ba6c16ae494cd249be35b09", "tree": "7b394414a66ec23c0c78ab0476fb7f5b7913a5f9", "parents": [ "ad40e06b12ed53ad8cf1da44a40d24b0525399e1" ], "author": { "name": "Ali Hijazi", "email": "ahijazi@chromium.org", "time": "Wed Oct 29 21:10:16 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Wed Oct 29 21:16:40 2025" }, "message": "Record Crypto.TPMOperation.Win* on a failure to open a crypto provider\n\nChange-Id: I4187db36bdc57002cef578548fd0929c2dffd480\nBug: 454827183\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7079244\nCommit-Queue: Ali Hijazi \u003cahijazi@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1537520}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: 9220bdcc2368b2c3735f92b66dbf895e413e84a0\n" }, { "commit": "ad40e06b12ed53ad8cf1da44a40d24b0525399e1", "tree": "53d474d244b3b3cb881a304390470ee7c1a5c117", "parents": [ "f1e462b721c51ec7888dbce968e36879d23adb00" ], "author": { "name": "Arthur Sonzogni", "email": "arthursonzogni@chromium.org", "time": "Tue Oct 28 16:41:42 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Tue Oct 28 16:44:07 2025" }, "message": "Fix unsafe buffer usage in crypto/secure_hash.cc\n\nReplaced memcpy with a C++ copy constructor.\n\nInitial patchet generated by headless gemini-cli using:\n//agents/prompts/projects/spanification/run.py\n\nFixed: 455562490\nChange-Id: Ic11bfc61ad1db74eee6969d0b00910439b044e8c\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7080076\nCommit-Queue: David Benjamin \u003cdavidben@chromium.org\u003e\nAuto-Submit: Arthur Sonzogni \u003carthursonzogni@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1536734}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: b831d2c1879555f8e7099605a0680faf577d1425\n" }, { "commit": "f1e462b721c51ec7888dbce968e36879d23adb00", "tree": "0769734ab082faf262f52e383caca31167c847bf", "parents": [ "03cc40f7d4365533d99ae799a94a26e19559a3d3" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Mon Oct 27 20:03:13 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Oct 27 20:06:44 2025" }, "message": "content-suggestions: base/hash/md5 -\u003e crypto/obsolete/md5\n\nRequired for backward compatibility with existing on-disk favicon\ncaches. Migrate to the non-deprecated API.\n\nThis could be migrated to a secure hash (e.g. SHA-256) in the future\nwith a migration strategy that handles invalidating or migrating\nexisting on-disk caches.\n\nBug: 406729261\nChange-Id: Ibd266897c3374cd8c337e4136aac532e7a81e247\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7079267\nReviewed-by: Adam Arcaro \u003cadamta@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1536181}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: b5de0f6c470b7be32878822e047761b4168dc3e2\n" }, { "commit": "03cc40f7d4365533d99ae799a94a26e19559a3d3", "tree": "7273c6b6aee4b79680ead9de2da12de55c7e3b22", "parents": [ "644bcd3f788e976b6fb297dda0f7be7a9ba0d61e" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Mon Oct 27 18:13:18 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Oct 27 18:15:36 2025" }, "message": "top-sites: base/hash/md5 -\u003e crypto/obsolete/md5 for blocked URLs\n\nTopSitesImpl::GetURLHash() currently uses MD5 to hash URLs for the\n\u0027ntp.most_visited_blacklist\u0027 preference. We might be able to migrate\nwith the right migration strategy but for now, update usage of\nMD5 to the non-deprecated API.\n\nBug: 406729261\nChange-Id: Ia7a877cc6be5a73b78fc7f3ef9eb779b989f8b36\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7076436\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: Roman Arora \u003cromanarora@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1536102}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: f02e5af6f14384a11ebf034fdc3712c7f320aee8\n" }, { "commit": "644bcd3f788e976b6fb297dda0f7be7a9ba0d61e", "tree": "1ab4132a0ec110628f060c34a0d8658b351a668a", "parents": [ "e938d0ac19422f837b0407a812c76104fe958f6f" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Mon Oct 27 17:08:21 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon Oct 27 17:10:54 2025" }, "message": "reading-list: base/hash/md5 -\u003e crypto/obsolete/md5\n\nOfflineURLDirectoryID uses MD5 to hash URLs for directory names.\nChanging this would invalidate all existing offline pages stored on\ndisk. Migrate to the non-deprecated API to maintain backward\ncompatibility.\n\nThere should be no behavioral changes since the new implementation is\nequivalent to the old one.\n\nBug: 406729261\nChange-Id: I4f6f5eb10e3297b206d9d38dcdfa9d10a7d09d4c\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7079416\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Mikel Astiz \u003cmastiz@chromium.org\u003e\nReviewed-by: Olivier Robin \u003colivierrobin@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1536055}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: a0e2e877c8f55cfaf97cc672b67d3b1e90d99a3b\n" }, { "commit": "e938d0ac19422f837b0407a812c76104fe958f6f", "tree": "181cd7f0007801ac206c1b369091cd5d6eee9604", "parents": [ "23e72884ef379d8efa1cea3c0f51796ec6ce248c" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Fri Oct 24 21:16:30 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Oct 24 21:18:40 2025" }, "message": "performance-manager: base/hash/md5 -\u003e crypto/obsolete/md5\n\nLevelDBSiteDataStore uses MD5 to hash origins for keys in LevelDB.\nChanging this would invalidate all existing on-disk data for users.\nMigrate to the non-deprecated API to maintain backward compatibility.\n\nThis should be migrated to a more secure algorithm in the future.\n\nBug: 406729261\nChange-Id: Idbdd50e6982f92317910137de5bdd4383c1eb965\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7079212\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nReviewed-by: David Benjamin \u003cdavidben@chromium.org\u003e\nReviewed-by: Francois Pierre Doray \u003cfdoray@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1535311}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: b0d9c69918eb00f5c609e0fd0472b9c9d1db4b3a\n" }, { "commit": "23e72884ef379d8efa1cea3c0f51796ec6ce248c", "tree": "75535a5bf7d64d44762338167e6091afe3c12e91", "parents": [ "0d6f394ae4a5e91c62e4329e67df3a98c0c869dc" ], "author": { "name": "Giovanni Ortuño Urquidi", "email": "ortuno@chromium.org", "time": "Fri Oct 24 20:49:59 2025" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Fri Oct 24 20:52:27 2025" }, "message": "display: base/hash/md5 -\u003e crypto/obsolete/md5\n\nEdidParser uses MD5 to hash serial numbers for generating display IDs.\nChanging this would invalidate existing display IDs, which are used for\npersisting display preferences and reporting popularity metrics.\nMigrate to the non-deprecated API to maintain backward compatibility.\n\nBug: 406729261\nChange-Id: I6394579490769c6900f4546680cf33b2f52eb9be\nReviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7079312\nReviewed-by: Elly FJ \u003cellyjones@chromium.org\u003e\nReviewed-by: Daniel Nicoara \u003cdnicoara@chromium.org\u003e\nCommit-Queue: Giovanni Ortuno Urquidi \u003cortuno@chromium.org\u003e\nCr-Commit-Position: refs/heads/main@{#1535293}\nNOKEYCHECK\u003dTrue\nGitOrigin-RevId: c68ef2a30a10a55962218bf1f15fd9b7458459c7\n" } ], "next": "0d6f394ae4a5e91c62e4329e67df3a98c0c869dc" }