[Webkit-unassigned] [Bug 211777] SubtleCrypto.decrypt() - Decrypting with wrong AES-CBC key succeeds instead throwing an error
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 13 11:43:55 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=211777
--- Comment #5 from Jiewen Tan <jiewen_tan at apple.com> ---
(In reply to Pavel Bednar from comment #3)
> I cannot agree, few months it was working as expected. I dont see why
> decrypt method should behave inconsistently based on selected algorithm.
> AES-GCM in same repro throws an error. All major browsers throws an error
> (tested in Chrome, Firefox, Opera, Edge). Documentation says it should throw
> an error. Only webkit started to fail silently but just only for this
> particular algorithm.
>
> Unfortunately we are not able to upgrade AES-GCM or simply add HMAC since
> our custumers already have encrypted data in production and we have to
> maintain compatibility.
BTW, MDM is not the spec. This is: https://www.w3.org/TR/WebCryptoAPI/#aes-cbc-operations. I don't think it suggests anything about throwing an error when decryptions fail.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200513/6f2c7984/attachment-0001.htm>
More information about the webkit-unassigned
mailing list