Skip to content

[k2] implemented aes-128-gcm, aes-256-gcm + supported "no padding" in f$openssl_encrypt and f$openssl_decrypt builtins#1517

Open
T-y-c-o-o-n wants to merge 9 commits intomasterfrom
n.siniachenko/fix-unpad-error
Open

[k2] implemented aes-128-gcm, aes-256-gcm + supported "no padding" in f$openssl_encrypt and f$openssl_decrypt builtins#1517
T-y-c-o-o-n wants to merge 9 commits intomasterfrom
n.siniachenko/fix-unpad-error

Conversation

@T-y-c-o-o-n
Copy link
Contributor

@T-y-c-o-o-n T-y-c-o-o-n commented Feb 4, 2026

No description provided.

@T-y-c-o-o-n T-y-c-o-o-n changed the title supported NoPadding for f$openssl_encrypt and f$openssl_decrypt [k2] supported NoPadding for f$openssl_encrypt and f$openssl_decrypt Feb 4, 2026
apolyakov
apolyakov reviewed Feb 4, 2026
View reviewed changes
@apolyakov apolyakov added the k2 k2 related label Feb 8, 2026
@apolyakov apolyakov added this to the next milestone Feb 8, 2026
apolyakov
apolyakov requested changes Feb 9, 2026
View reviewed changes
Copy link
Contributor

@apolyakov apolyakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've decided to make these changes backward compatible, so this PR needs some changes

@T-y-c-o-o-n T-y-c-o-o-n changed the title [k2] supported NoPadding for f$openssl_encrypt and f$openssl_decrypt [k2] implemented aes-128-gcm, aes-256-gcm + supported "no padding" in aes-cbc Feb 11, 2026
@T-y-c-o-o-n T-y-c-o-o-n changed the title [k2] implemented aes-128-gcm, aes-256-gcm + supported "no padding" in aes-cbc [k2] implemented aes-128-gcm, aes-256-gcm + supported "no padding" in f$openssl_encrypt and f$openssl_decrypt builtins Feb 11, 2026
@T-y-c-o-o-n T-y-c-o-o-n force-pushed the n.siniachenko/fix-unpad-error branch from 71356ef to 9c32191 Compare February 16, 2026 15:21
apolyakov
apolyakov reviewed Feb 17, 2026
View reviewed changes
Copy link
Contributor

@apolyakov apolyakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment 1: Typo (line 301, 379)

"doesn not" → "does not"

Comment 2: Misleading variable names (lines 316, 391)

cbc_encrypt/cbc_decryptencrypt/decrypt (now handles both CBC and GCM)

Comment 3: Simplify AEAD validation (lines 292-302, 346-352)

Validation is scattered across the function. Consider consolidating into one block. Also, line 348's warning says "when using AEAD mode" but is reached when NOT in AEAD mode.

Comment 4: Add comment (line 234-238)

Consider adding a comment that IV length validation is handled by the crypto component (differs from legacy runtime).

Comment 5: Missing GCM in cipher methods (lines 268-272)

Add AES_128_GCM and AES_256_GCM to the return value.

@T-y-c-o-o-n T-y-c-o-o-n force-pushed the n.siniachenko/fix-unpad-error branch from bbfeb0f to 7fa4957 Compare February 17, 2026 16:04
@T-y-c-o-o-n
Copy link
Contributor Author

T-y-c-o-o-n commented Feb 24, 2026

Comment 1: Typo (line 301, 379)

"doesn not" → "does not"

Comment 2: Misleading variable names (lines 316, 391)

cbc_encrypt/cbc_decryptencrypt/decrypt (now handles both CBC and GCM)

Comment 3: Simplify AEAD validation (lines 292-302, 346-352)

Validation is scattered across the function. Consider consolidating into one block. Also, line 348's warning says "when using AEAD mode" but is reached when NOT in AEAD mode.

Comment 4: Add comment (line 234-238)

Consider adding a comment that IV length validation is handled by the crypto component (differs from legacy runtime).

Comment 5: Missing GCM in cipher methods (lines 268-272)

Add AES_128_GCM and AES_256_GCM to the return value.

@T-y-c-o-o-n T-y-c-o-o-n reopened this Feb 24, 2026
@T-y-c-o-o-n
Copy link
Contributor Author

T-y-c-o-o-n commented Feb 24, 2026

Comment 1: Typo (line 301, 379)

"doesn not" → "does not"

Comment 2: Misleading variable names (lines 316, 391)

cbc_encrypt/cbc_decryptencrypt/decrypt (now handles both CBC and GCM)

Comment 3: Simplify AEAD validation (lines 292-302, 346-352)

Validation is scattered across the function. Consider consolidating into one block. Also, line 348's warning says "when using AEAD mode" but is reached when NOT in AEAD mode.

Comment 4: Add comment (line 234-238)

Consider adding a comment that IV length validation is handled by the crypto component (differs from legacy runtime).

Comment 5: Missing GCM in cipher methods (lines 268-272)

Add AES_128_GCM and AES_256_GCM to the return value.

  1. fixed typos
  2. renamed
  3. removed tag validation after response receivement
  4. I don't see the point of adding this comment, because a lot of operations moved to crypto component, differently from the old runtime
  5. added

@T-y-c-o-o-n T-y-c-o-o-n force-pushed the n.siniachenko/fix-unpad-error branch from c286be0 to 4a16163 Compare February 25, 2026 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apolyakov apolyakov apolyakov requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@T-y-c-o-o-n T-y-c-o-o-n

Labels

k2 k2 related

Projects

None yet

Milestone

next

Development

Successfully merging this pull request may close these issues.

2 participants

@T-y-c-o-o-n @apolyakov