[Webkit-unassigned] [Bug 211777] SubtleCrypto.decrypt() - Decrypting with wrong AES-CBC key succeeds instead throwing an error
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 12 22:35:03 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=211777
--- Comment #3 from Pavel Bednar <pavel.bednar at tescosw.cz> ---
I cannot agree, few months it was working as expected. I dont see why decrypt method should behave inconsistently based on selected algorithm. AES-GCM in same repro throws an error. All major browsers throws an error (tested in Chrome, Firefox, Opera, Edge). Documentation says it should throw an error. Only webkit started to fail silently but just only for this particular algorithm.
Unfortunately we are not able to upgrade AES-GCM or simply add HMAC since our custumers already have encrypted data in production and we have to maintain compatibility.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200513/e211d83b/attachment.htm>
More information about the webkit-unassigned
mailing list