diff --git a/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java index a2afd88c3ba48..45511a8bbef5e 100644 --- a/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/DESKeySpec.java @@ -156,12 +156,12 @@ public DESKeySpec(byte[] key, int offset) throws InvalidKeyException { if (key == null) { throw new NullPointerException("null key"); } - if (key.length - offset < DES_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } this.key = new byte[DES_KEY_LEN]; System.arraycopy(key, offset, this.key, 0, DES_KEY_LEN); } @@ -198,12 +198,12 @@ public static boolean isParityAdjusted(byte[] key, int offset) if (key == null) { throw new InvalidKeyException("null key"); } - if (key.length - offset < DES_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } for (int i = 0; i < DES_KEY_LEN; i++) { int k = Integer.bitCount(key[offset++] & 0xff); if ((k & 1) == 0) { @@ -235,12 +235,12 @@ public static boolean isWeak(byte[] key, int offset) if (key == null) { throw new InvalidKeyException("null key"); } - if (key.length - offset < DES_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } for (int i = 0; i < WEAK_KEYS.length; i++) { boolean found = true; for (int j = 0; j < DES_KEY_LEN; j++) { diff --git a/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java b/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java index fb5a19b4a9b5d..9d93ea90bc926 100644 --- a/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java +++ b/src/java.base/share/classes/javax/crypto/spec/DESedeKeySpec.java @@ -86,12 +86,12 @@ public DESedeKeySpec(byte[] key, int offset) throws InvalidKeyException { if (key == null) { throw new NullPointerException("null key"); } - if (key.length - offset < DES_EDE_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_EDE_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } this.key = new byte[24]; System.arraycopy(key, offset, this.key, 0, DES_EDE_KEY_LEN); } @@ -126,12 +126,12 @@ public static boolean isParityAdjusted(byte[] key, int offset) if (key == null) { throw new InvalidKeyException("null key"); } - if (key.length - offset < DES_EDE_KEY_LEN) { - throw new InvalidKeyException("Wrong key size"); - } if (offset < 0) { throw new ArrayIndexOutOfBoundsException("offset is negative"); } + if (key.length - offset < DES_EDE_KEY_LEN) { + throw new InvalidKeyException("Wrong key size"); + } return DESKeySpec.isParityAdjusted(key, offset) && DESKeySpec.isParityAdjusted(key, offset + 8) && DESKeySpec.isParityAdjusted(key, offset + 16); diff --git a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java index c97bb819ba2c9..f0f4c149895d8 100644 --- a/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java +++ b/test/jdk/javax/crypto/spec/DESKeySpec/OffsetKey.java @@ -23,11 +23,9 @@ /* * @test - * @bug 8364121 - * @summary DESKeySpec.isWeak should throw aiobe exception if the offset is - * negative. + * @bug 8364121 8386473 + * @summary Test DES[ede]KeySpec for negative and integer overflow offsets */ -import java.security.InvalidKeyException; import javax.crypto.spec.DESedeKeySpec; import javax.crypto.spec.DESKeySpec; @@ -52,21 +50,46 @@ public static void main(String[] args) throws Exception { boolean weak = DESKeySpec.isWeak(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} - try{ + try { boolean parityAdjusted = DESKeySpec.isParityAdjusted(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} + try { + DESKeySpec desKey = new DESKeySpec(strongKey, Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + try { + boolean weak = DESKeySpec.isWeak(strongKey, Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + try { + boolean parityAdjusted = DESKeySpec.isParityAdjusted(strongKey, + Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + // Test triple-DES - try{ + try { DESedeKeySpec desEdeKey = new DESedeKeySpec(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} - try{ + try { boolean parityAdjusted = DESedeKeySpec.isParityAdjusted(strongKey, -1); throw new Exception("expected ArrayIndexOutOfBoundsException"); } catch (ArrayIndexOutOfBoundsException aiobe) {} + + try { + DESedeKeySpec desEdeKey = new DESedeKeySpec(strongKey, + Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} + try { + boolean parityAdjusted = DESedeKeySpec.isParityAdjusted(strongKey, + Integer.MIN_VALUE); + throw new Exception("expected ArrayIndexOutOfBoundsException"); + } catch (ArrayIndexOutOfBoundsException aiobe) {} } }