289171 2025-03-05 08:42:26 -0800 REGRESSION (Safari 18.2): crypto.subtle.encrypt broken for 'AES-GCM' : OperationError 2025-03-12 13:49:25 -0700 1 1 1 Unclassified WebKit WebCore Misc. Safari 18 Mac (Apple Silicon) macOS 15 RESOLVED FIXED InRadar P2 Critical --- 1 kim.dunagan.78789 webkit-unassigned ap nitinmahendru pascoe webkit-bug-importer wilander oldest_to_newest 2100632 0 kim.dunagan.78789 2025-03-05 08:42:26 -0800 crypto.subtle.encrypt fails to encrypt safari 18.2 on macOS. Error message is "The operation failed for an operation-specific reason" AES-GCM encryption fails for the following steps. Tested in the dev console in safari on safari preview Release 209 (Safari 18.2, WebKit 19621.1.6) var key = await crypto.subtle.generateKey( { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt'] ); var iv = new TextEncoder() .encode('hi friends! Happy day to you') .slice(0, 11); var data = new TextEncoder().encode( 'Some random text' ); var failure = await crypto.subtle .encrypt( { name: 'AES-GCM', iv: iv }, key, data ); Error message in dev console: OperationError: The operation failed for an operation-specific reason { code: 0, message: "The operation failed for an operation-specific reason", name: "OperationError", stack: "" } 2100803 1 ap 2025-03-05 17:07:23 -0800 Thank you for the report! Just to clarify, when you say that this is happening in Safari 18.2, do you mean that it worked as expected earlier, or that this was the only version tested? 2100965 2 kim.dunagan.78789 2025-03-06 06:47:06 -0800 Versions tested * Successful encryption: Safari Version 17.4 (19618.1.15.11.12) (my mac's safari) (My mac is on Sonoma ) * Successful encryption: Safari Version 18.1 on Sequoia (Used remote desktop safari on BrowserStack) (Unfortunately, I can't get the exact version due to browser stack restrictions. The navigator.useragent is 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"' * Failed Encryption: Safari 18.2, WebKit 19621.1.6 2101001 3 webkit-bug-importer 2025-03-06 08:51:31 -0800 <rdar://problem/146395205> 2101023 4 nitinmahendru 2025-03-06 09:47:33 -0800 Thank you for the report! The problem is the iv length and the minimum length requirement was changed in 18.2 safari. Considering 18.2 has been out for some time and this is the first report we are hearing, I would request if you can use 12 byte or higher IVs ? If you change your iv generation code to the below, it will work. `var iv = new TextEncoder() .encode('hi friends! Happy day to you') .slice(0, 12); ` As per the recommendation here https://developer.mozilla.org/en-US/docs/Web/API/AesGcmParams, you should use 12 bytes(96 bits) or higher. 2101053 5 kim.dunagan.78789 2025-03-06 10:54:34 -0800 Thank you, and sorry for bothering you two. You're the best Nitin! Thank you as well Alexey! Have a wonderful day 2101054 6 kim.dunagan.78789 2025-03-06 10:55:08 -0800 oh, I guess I should say that I just tested using 12 bytes and it worked as expected on safari 18.2 2101102 7 nitinmahendru 2025-03-06 12:32:23 -0800 great to hear that! 2102094 8 nitinmahendru 2025-03-10 17:58:36 -0700 Will make a change so that we also allow < 12 byte IV. 2102376 9 ews-feeder 2025-03-11 16:15:32 -0700 Committed 291981@main (07989805db41): <https://commits.webkit.org/291981@main> Reviewed commits have been landed. Closing PR #42234 and removing active labels. 2102661 10 ews-feeder 2025-03-12 13:49:25 -0700 Committed 289651.270@safari-7621-branch (e7903dee80f9): <https://commits.webkit.org/289651.270@safari-7621-branch> Reviewed commits have been landed. Closing PR #2786 and removing active labels.