Merge branch 'topic/cipher-no-initialize-null-key'

* topic/cipher-no-initialize-null-key:
  cipher: don't set dummy encryption key in Cipher#initialize

1 files changed, 23 insertions, 6 deletions

diff --git a/test/test_cipher.rb b/test/test_cipher.rb
index 74c5394f..015bb561 100644
--- a/test/test_cipher.rb
+++ b/test/test_cipher.rb
@@ -90,6 +90,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
 
   def test_empty_data
     @c1.encrypt
+    @c1.random_key
     assert_raise(ArgumentError){ @c1.update("") }
   end
 
@@ -136,12 +137,10 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
     }
   end
 
-  def test_AES_crush
-    500.times do
-      assert_nothing_raised("[Bug #2768]") do
-        # it caused OpenSSL SEGV by uninitialized key
-        OpenSSL::Cipher::AES128.new("ECB").update "." * 17
-      end
+  def test_update_raise_if_key_not_set
+    assert_raise(OpenSSL::Cipher::CipherError) do
+      # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
+      OpenSSL::Cipher::AES128.new("ECB").update "." * 17
     end
   end
 
@@ -317,6 +316,24 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
     }
   end if has_cipher?("aes-128-ocb")
 
+  def test_aes_gcm_key_iv_order_issue
+    pt = "[ruby/openssl#49]"
+    cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
+    cipher.key = "x" * 16
+    cipher.iv = "a" * 12
+    ct1 = cipher.update(pt) << cipher.final
+    tag1 = cipher.auth_tag
+
+    cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
+    cipher.iv = "a" * 12
+    cipher.key = "x" * 16
+    ct2 = cipher.update(pt) << cipher.final
+    tag2 = cipher.auth_tag
+
+    assert_equal ct1, ct2
+    assert_equal tag1, tag2
+  end if has_cipher?("aes-128-gcm")
+
   private
 
   def new_encryptor(algo)