[Webkit-unassigned] [Bug 210910] New: crypto.subtle.decrypt generates garbage instead of an error on invalid key
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 23 05:55:34 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210910
Bug ID: 210910
Summary: crypto.subtle.decrypt generates garbage instead of an
error on invalid key
Product: WebKit
Version: Safari 13
Hardware: iPhone / iPad
OS: iOS 13
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: henning at stummerweb.de
Created attachment 397334
--> https://bugs.webkit.org/attachment.cgi?id=397334&action=review
Test file to reproduce decryption error
When you try to decrypt a file/string with an invalid key, the method returns an error - but mobile Safari just generates a garbage file/string.
You can reproduce it with the attached file:
- Load the attached HTML in a browser (or use this fiddle: https://jsfiddle.net/1pxwjo5d/ )
- Enter any text to be encrypted/decrypted
- Enter any passphrase
- Click on "Encrypt" encrypts the text
- Click on "Decrypt" decrypts the text (or displays an error if the passphrase is changed)
When you use an invalid passphrase for decryption, you'll see an error below the buttons. But on mobile Safari, there's no error, but instead you will get some garbage text. Programatically you can't see any difference if the decryption was successful or not.
Reproduced on: Safari 13.1, iOS 13.4, WebKit 605.1.15
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200423/c53be64e/attachment.htm>
More information about the webkit-unassigned
mailing list