8158534: DrbgParameters strength parameter is underspecified if < -1
Reviewed-by: xuelei
--- a/jdk/src/java.base/share/classes/java/security/DrbgParameters.java Sat Jun 11 18:33:53 2016 -0700
+++ b/jdk/src/java.base/share/classes/java/security/DrbgParameters.java Sun Jun 12 10:48:19 2016 +0800
@@ -383,6 +383,10 @@
private Instantiation(int strength, Capability capability,
byte[] personalizationString) {
+ if (strength < -1) {
+ throw new IllegalArgumentException(
+ "Illegal security strength: " + strength);
+ }
this.strength = strength;
this.capability = capability;
this.personalizationString = (personalizationString == null) ?
@@ -446,6 +450,10 @@
private NextBytes(int strength, boolean predictionResistance,
byte[] additionalInput) {
+ if (strength < -1) {
+ throw new IllegalArgumentException(
+ "Illegal security strength: " + strength);
+ }
this.strength = strength;
this.predictionResistance = predictionResistance;
this.additionalInput = (additionalInput == null) ?
@@ -502,6 +510,7 @@
* byte array will be copied.
* @return a new {@code Instantiation} object
* @throws NullPointerException if {@code capability} is {@code null}
+ * @throws IllegalArgumentException if {@code strength} is less than -1
*/
public static Instantiation instantiation(int strength,
Capability capability,
@@ -518,6 +527,7 @@
* @param predictionResistance prediction resistance requested
* @param additionalInput additional input, can be {@code null}.
* The content of this byte array will be copied.
+ * @throws IllegalArgumentException if {@code strength} is less than -1
* @return a new {@code NextBytes} object
*/
public static NextBytes nextBytes(int strength,
--- a/jdk/test/java/security/SecureRandom/ApiTest.java Sat Jun 11 18:33:53 2016 -0700
+++ b/jdk/test/java/security/SecureRandom/ApiTest.java Sun Jun 12 10:48:19 2016 +0800
@@ -105,7 +105,7 @@
private static void runForEachAlg(String mech, String alg)
throws Exception {
- for (int strength : new int[]{Integer.MIN_VALUE, -1, 0, 1, 223, 224,
+ for (int strength : new int[]{-1, 0, 1, 223, 224,
192, 255, 256}) {
for (Capability cp : Capability.values()) {
for (byte[] pr : new byte[][]{null, new byte[]{},
--- a/jdk/test/java/security/SecureRandom/DrbgParametersSpec.java Sat Jun 11 18:33:53 2016 -0700
+++ b/jdk/test/java/security/SecureRandom/DrbgParametersSpec.java Sun Jun 12 10:48:19 2016 +0800
@@ -22,7 +22,7 @@
*/
/* @test
- * @bug 8051408
+ * @bug 8051408 8158534
* @summary Make sure DrbgParameters coded as specified
* @library /test/lib/share/classes
*/
@@ -68,6 +68,9 @@
ins = DrbgParameters.instantiation(-1, NONE, null);
Asserts.assertNull(ins.getPersonalizationString());
+ iae(() -> DrbgParameters.instantiation(-2, NONE, null));
+ npe(() -> DrbgParameters.instantiation(-1, null, null));
+
// NextBytes
p = "NextBytes".getBytes();
DrbgParameters.NextBytes nb = DrbgParameters
@@ -85,6 +88,8 @@
np2 = nb.getAdditionalInput();
Asserts.assertTrue(Arrays.equals(np1, np2));
+ iae(() -> DrbgParameters.nextBytes(-2, false, null));
+
// Reseed
p = "Reseed".getBytes();
DrbgParameters.Reseed rs = DrbgParameters
@@ -101,4 +106,29 @@
np2 = rs.getAdditionalInput();
Asserts.assertTrue(Arrays.equals(np1, np2));
}
+
+ static void iae(RunnableWithException r) throws Exception {
+ checkException(r, IllegalArgumentException.class);
+ }
+
+ static void npe(RunnableWithException r) throws Exception {
+ checkException(r, NullPointerException.class);
+ }
+
+ interface RunnableWithException {
+ void run() throws Exception;
+ }
+
+ static void checkException(RunnableWithException r, Class ex)
+ throws Exception {
+ try {
+ r.run();
+ } catch (Exception e) {
+ if (ex.isAssignableFrom(e.getClass())) {
+ return;
+ }
+ throw e;
+ }
+ throw new Exception("No exception thrown");
+ }
}