From 739782e37a6662fea379e7ef3ec89e851b04b46c Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 5 Jul 2017 07:06:45 +0000
Subject: * ext/openssl/ossl_cipher.c: remove the encryption key initialization
   from Cipher#initialize. This is effectively a revert of r32723   ("Avoid
 possible SEGV from AES encryption/decryption", 2011-07-28).   the patch is
 derived from
 https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062,
   written by Kazuki Yamaguchi.   [Backport #8221]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/openssl/test_cipher.rb | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

(limited to 'test')

diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index 89c176f4de..95058b5f19 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -81,6 +81,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
 
   def test_empty_data
     @c1.encrypt
+    @c1.random_key
     assert_raise(ArgumentError){ @c1.update("") }
   end
 
@@ -129,12 +130,10 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
       }
     end
 
-    def test_AES_crush
-      500.times do
-        assert_nothing_raised("[Bug #2768]") do
-          # it caused OpenSSL SEGV by uninitialized key
-          OpenSSL::Cipher::AES128.new("ECB").update "." * 17
-        end
+    def test_update_raise_if_key_not_set
+      assert_raise(OpenSSL::Cipher::CipherError) do
+        # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
+        OpenSSL::Cipher::AES128.new("ECB").update "." * 17
       end
     end
   end
@@ -236,6 +235,24 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
       end
     end
 
+    def test_aes_gcm_key_iv_order_issue
+      pt = "[ruby/openssl#49]"
+      cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
+      cipher.key = "x" * 16
+      cipher.iv = "a" * 12
+      ct1 = cipher.update(pt) << cipher.final
+      tag1 = cipher.auth_tag
+
+      cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
+      cipher.iv = "a" * 12
+      cipher.key = "x" * 16
+      ct2 = cipher.update(pt) << cipher.final
+      tag2 = cipher.auth_tag
+
+      assert_equal ct1, ct2
+      assert_equal tag1, tag2
+    end if has_cipher?("aes-128-gcm")
+
   end
 
   private
-- 
cgit v1.2.3