RESOLVED FIXED289171
REGRESSION (Safari 18.2): crypto.subtle.encrypt broken for 'AES-GCM' : OperationError 
https://bugs.webkit.org/show_bug.cgi?id=289171
Summary REGRESSION (Safari 18.2): crypto.subtle.encrypt broken for 'AES-GCM' : Operat...
kim.dunagan.78789
Reported 2025-03-05 08:42:26 PST
crypto.subtle.encrypt fails to encrypt safari 18.2 on macOS. Error message is "The operation failed for an operation-specific reason" AES-GCM encryption fails for the following steps. Tested in the dev console in safari on safari preview Release 209 (Safari 18.2, WebKit 19621.1.6) var key = await crypto.subtle.generateKey( { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt'] ); var iv = new TextEncoder() .encode('hi friends! Happy day to you') .slice(0, 11); var data = new TextEncoder().encode( 'Some random text' ); var failure = await crypto.subtle .encrypt( { name: 'AES-GCM', iv: iv }, key, data ); Error message in dev console: OperationError: The operation failed for an operation-specific reason { code: 0, message: "The operation failed for an operation-specific reason", name: "OperationError", stack: "" }
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2025-03-05 17:07:23 PST
Thank you for the report! Just to clarify, when you say that this is happening in Safari 18.2, do you mean that it worked as expected earlier, or that this was the only version tested?
kim.dunagan.78789
Comment 2 2025-03-06 06:47:06 PST
Versions tested * Successful encryption: Safari Version 17.4 (19618.1.15.11.12) (my mac's safari) (My mac is on Sonoma ) * Successful encryption: Safari Version 18.1 on Sequoia (Used remote desktop safari on BrowserStack) (Unfortunately, I can't get the exact version due to browser stack restrictions. The navigator.useragent is 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"' * Failed Encryption: Safari 18.2, WebKit 19621.1.6
Radar WebKit Bug Importer
Comment 3 2025-03-06 08:51:31 PST
<rdar://problem/146395205>
Nitin Mahendru
Comment 4 2025-03-06 09:47:33 PST
Thank you for the report! The problem is the iv length and the minimum length requirement was changed in 18.2 safari. Considering 18.2 has been out for some time and this is the first report we are hearing, I would request if you can use 12 byte or higher IVs ? If you change your iv generation code to the below, it will work. `var iv = new TextEncoder() .encode('hi friends! Happy day to you') .slice(0, 12); ` As per the recommendation here https://developer.mozilla.org/en-US/docs/Web/API/AesGcmParams, you should use 12 bytes(96 bits) or higher.
kim.dunagan.78789
Comment 5 2025-03-06 10:54:34 PST
Thank you, and sorry for bothering you two. You're the best Nitin! Thank you as well Alexey! Have a wonderful day
kim.dunagan.78789
Comment 6 2025-03-06 10:55:08 PST
oh, I guess I should say that I just tested using 12 bytes and it worked as expected on safari 18.2
Nitin Mahendru
Comment 7 2025-03-06 12:32:23 PST
great to hear that!
Nitin Mahendru
Comment 8 2025-03-10 17:58:36 PDT
Will make a change so that we also allow < 12 byte IV.
EWS
Comment 9 2025-03-11 16:15:32 PDT
Committed 291981@main (07989805db41): <https://commits.webkit.org/291981@main> Reviewed commits have been landed. Closing PR #42234 and removing active labels.
EWS
Comment 10 2025-03-12 13:49:25 PDT
Committed 289651.270@safari-7621-branch (e7903dee80f9): <https://commits.webkit.org/289651.270@safari-7621-branch> Reviewed commits have been landed. Closing PR #2786 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.