[fix] Cipher#reset when key not set (jruby/jruby#5776)

CRuby's reset calls EVP_CipherInit_ex with NULL key/IV which is a
no-op if no key was set. JRuby was calling doInitCipher unconditionally
which requires a key. Skip doInitCipher when key is null.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

Author: kares

src/main/java/org/jruby/ext/openssl/Cipher.java

@@ -942,7 +942,9 @@ public IRubyObject reset(final ThreadContext context) {
         checkCipherNotNull(runtime);
         if ( ! isStreamCipher() ) {
             this.realIV = orgIV;
-            doInitCipher(runtime);
+            // CRuby's reset calls EVP_CipherInit_ex with NULL key/IV which
+            // is a no-op if key hasn't been set yet. Match that behavior.
+            if ( key != null ) doInitCipher(runtime);
         }
         return this;
     }

src/test/ruby/test_cipher.rb

@@ -137,6 +137,27 @@ def test_aes_ecb_iv_len
   end
 
 
+  # jruby/jruby#5776: reset without key should not raise
+  def test_reset_without_key
+    c = OpenSSL::Cipher.new("AES-128-CBC")
+    c.reset # should not raise
+  end
+
+  def test_reset_produces_same_ciphertext
+    key = "0123456789abcdef"
+    iv = "fedcba9876543210"
+    data = "hello world!!!!!"
+
+    c = OpenSSL::Cipher.new("AES-128-CBC")
+    c.encrypt; c.key = key; c.iv = iv
+    ct1 = c.update(data) + c.final
+
+    c.reset; c.iv = iv
+    ct2 = c.update(data) + c.final
+
+    assert_equal ct1, ct2
+  end
+
   @@test_encrypt_decrypt_des_variations = nil
 
   def test_encrypt_decrypt_des_variations