fix(node/crypto): handle empty input in decipher final with auto_pad=false

[Copilot]

• Understand the issue - panic in DecipherContext::final when input is empty with auto_pad=false
• Reproduce the panic with the provided script
• Fix the cipher.rs code to handle empty input when auto_pad=false
• Handle invalid block lengths (not 16 bytes) by returning an error instead of panicking
• Use assert_block_len! macro for consistency
• Add tests for the fix (including invalid block length tests for all affected cipher modes)
• Run tests to verify the fix
• Run code review
• Run CodeQL security check

Summary

This PR fixes a panic in node:crypto that occurs when using createDecipheriv with setAutoPadding(false):

1. Empty input - now returns Ok(()) instead of panicking
2. Invalid block length (not 16 bytes) - now uses assert_block_len! macro to return DecipherError::InvalidFinalBlockLength instead of panicking

Changes:

• ext/node/ops/crypto/cipher.rs: Added empty input checks and block length validation using assert_block_len! macro for all affected cipher modes (Aes128Cbc, Aes128Ecb, Aes192Ecb, Aes256Ecb, Aes256Cbc) when auto_pad=false
• tests/unit_node/crypto/crypto_cipher_test.ts: Added regression tests for empty input and invalid block length scenarios for all affected cipher modes

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Panic in node:crypto</issue_title>
<issue_description>Backtrace:

============================================================
Deno has panicked. This is a bug in Deno. Please report this
at https://github.com/denoland/deno/issues/new.
If you can reliably reproduce this panic, include the
reproduction steps and re-run with the RUST_BACKTRACE=1 env
var set and include the backtrace in your report.

Platform: macos aarch64
Version: 2.6.6
Args: ["deno", "run", "deno_panic_repro.ts"]


thread 'main' (41349250) panicked at /Users/brew/Library/Caches/Homebrew/cargo_cache/registry/src/index.crates.io-1949cf8c6b5b557f/generic-array-0.14.7/src/lib.rs:572:9:
assertion `left == right` failed
  left: 0
 right: 16
stack backtrace:
   0: __rustc::rust_begin_unwind
   1: core::panicking::panic_fmt
   2: core::panicking::assert_failed_inner
   3: core::panicking::assert_failed
   4: deno_node::ops::crypto::cipher::DecipherContext::final
   5: deno_node::ops::crypto::op_node_decipheriv_final::op_node_decipheriv_final::slow_function_impl
   6: deno_node::ops::crypto::op_node_decipheriv_final::op_node_decipheriv_final::v8_fn_ptr
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

Script to reproduce:

import crypto from "node:crypto";
import { Buffer } from "node:buffer";

const decipher = crypto.createDecipheriv('aes-256-ecb', Buffer.alloc(32), '');
decipher.setAutoPadding(false);
decipher.end(Buffer.alloc(16));
```</issue_description>

<agent_instructions>Use the provided script to reproduce. After you change code build with `cargo build --bin deno` and try out with `target/debug/deno <path_to_script>`</agent_instructions>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

• Fixes node:crypto panics on createDecipheriv #31957

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[CLAassistant]

All committers have signed the CLA.

[littledivy]

This would still panic if input is not 16 bytes right?

[littledivy]

@copilot Can you also handle input that is not 16 bytes? This should error not panic.

[Copilot]

Added validation to return DecipherError::InvalidFinalBlockLength when input length is not 16 bytes (for non-empty inputs). Also added a test case for this scenario. Commit: b397507

[littledivy]

@copilot Just use assert_block_len?

[Copilot]

Updated to use assert_block_len! macro. Commit: 311c212