From 470e8a0fda5248f22e1cd90ed8064cdf04513c28 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Thu, 3 Jun 2021 22:42:55 +0000 Subject: [PATCH] 8266103: Better specified spec values Reviewed-by: mullan, rhalade, mschoene --- .../classes/javax/crypto/spec/IvParameterSpec.java | 11 +++++++---- .../classes/javax/crypto/spec/RC5ParameterSpec.java | 9 +++++++-- .../classes/javax/crypto/spec/SecretKeySpec.java | 9 ++++++--- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/src/java.base/share/classes/javax/crypto/spec/IvParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/IvParameterSpec.java index 243c848ff41..6a3d311eb14 100644 --- a/src/java.base/share/classes/javax/crypto/spec/IvParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/IvParameterSpec.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -76,13 +76,16 @@ public class IvParameterSpec implements AlgorithmParameterSpec { if (iv == null) { throw new IllegalArgumentException("IV missing"); } - if (iv.length - offset < len) { - throw new IllegalArgumentException - ("IV buffer too short for given offset/length combination"); + if (offset < 0) { + throw new ArrayIndexOutOfBoundsException("offset is negative"); } if (len < 0) { throw new ArrayIndexOutOfBoundsException("len is negative"); } + if (iv.length - offset < len) { + throw new IllegalArgumentException + ("IV buffer too short for given offset/length combination"); + } this.iv = new byte[len]; System.arraycopy(iv, offset, this.iv, 0, len); } diff --git a/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java index 22d1c6a7c58..ced87331bce 100644 --- a/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -114,7 +114,12 @@ public class RC5ParameterSpec implements AlgorithmParameterSpec { this.version = version; this.rounds = rounds; this.wordSize = wordSize; - if (iv == null) throw new IllegalArgumentException("IV missing"); + if (iv == null) { + throw new IllegalArgumentException("IV missing"); + } + if (offset < 0) { + throw new ArrayIndexOutOfBoundsException("offset is negative"); + } int blockSize = (wordSize / 8) * 2; if (iv.length - offset < blockSize) { throw new IllegalArgumentException("IV too short"); diff --git a/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java index de8245074d4..41d4acab748 100644 --- a/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java @@ -157,13 +157,16 @@ public class SecretKeySpec implements KeySpec, SecretKey { if (key.length == 0) { throw new IllegalArgumentException("Empty key"); } - if (key.length-offset < len) { - throw new IllegalArgumentException - ("Invalid offset/length combination"); + if (offset < 0) { + throw new ArrayIndexOutOfBoundsException("offset is negative"); } if (len < 0) { throw new ArrayIndexOutOfBoundsException("len is negative"); } + if (key.length - offset < len) { + throw new IllegalArgumentException + ("Invalid offset/length combination"); + } this.key = new byte[len]; System.arraycopy(key, offset, this.key, 0, len); this.algorithm = algorithm;