JNI/JCE: fix MessageDigest parameter validation, add RuntimeException unit tests

Author: cconlon

src/main/java/com/wolfssl/wolfcrypt/MessageDigest.java

@@ -162,17 +162,17 @@ public synchronized void update(ByteBuffer data)
      *
      * @throws WolfCryptException if native operation fails
      * @throws IllegalStateException object fails to initialize properly
+     * @throws RuntimeException if offset or length are invalid
      */
     public synchronized void update(byte[] data, int offset, int len)
         throws WolfCryptException, IllegalStateException {
 
         checkStateAndInitialize();
 
-        if (offset >= data.length || offset < 0 || len < 0)
-            return;
-
-        if (data.length - offset < len)
-            len = data.length - offset;
+        if (((offset + len) > data.length) || offset < 0 || len < 0) {
+            throw new RuntimeException(
+                "Invalid offset or length");
+        }
 
         native_update(data, offset, len);
     }

src/test/java/com/wolfssl/provider/jce/test/WolfCryptMessageDigestSha256Test.java

@@ -346,5 +346,53 @@ public void testSha256Threaded()
             }
         }
     }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithInvalidOffsetThrows()
+        throws NoSuchProviderException, NoSuchAlgorithmException {
+
+        MessageDigest sha256 =
+            MessageDigest.getInstance("SHA-256", "wolfJCE");
+        byte[] data = new byte[10];
+
+        /* Test with negative offset */
+        sha256.update(data, -1, 5);
+    }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithInvalidLengthThrows()
+        throws NoSuchProviderException, NoSuchAlgorithmException {
+
+        MessageDigest sha256 =
+            MessageDigest.getInstance("SHA-256", "wolfJCE");
+        byte[] data = new byte[10];
+
+        /* Test with negative length */
+        sha256.update(data, 0, -1);
+    }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithOffsetPlusLengthExceedingArraySizeThrows()
+        throws NoSuchProviderException, NoSuchAlgorithmException {
+
+        MessageDigest sha256 =
+            MessageDigest.getInstance("SHA-256", "wolfJCE");
+        byte[] data = new byte[10];
+
+        /* Test with offset + length > data.length */
+        sha256.update(data, 5, 6);
+    }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithOffsetEqualToArraySizeThrows()
+        throws NoSuchProviderException, NoSuchAlgorithmException {
+
+        MessageDigest sha256 =
+            MessageDigest.getInstance("SHA-256", "wolfJCE");
+        byte[] data = new byte[10];
+
+        /* Test with offset equal to array size */
+        sha256.update(data, 10, 1);
+    }
 }
 

src/test/java/com/wolfssl/wolfcrypt/test/Sha256Test.java

@@ -256,5 +256,41 @@ public void threadedHashTest() throws InterruptedException {
             }
         }
     }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithInvalidOffsetThrows() {
+        Sha256 sha = new Sha256();
+        byte[] data = new byte[10];
+
+        /* Test with negative offset */
+        sha.update(data, -1, 5);
+    }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithInvalidLengthThrows() {
+        Sha256 sha = new Sha256();
+        byte[] data = new byte[10];
+
+        /* Test with negative length */
+        sha.update(data, 0, -1);
+    }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithOffsetPlusLengthExceedingArraySizeThrows() {
+        Sha256 sha = new Sha256();
+        byte[] data = new byte[10];
+
+        /* Test with offset + length > data.length */
+        sha.update(data, 5, 6);
+    }
+
+    @Test(expected = RuntimeException.class)
+    public void testUpdateWithOffsetEqualToArraySizeThrows() {
+        Sha256 sha = new Sha256();
+        byte[] data = new byte[10];
+
+        /* Test with offset equal to array size */
+        sha.update(data, 10, 1);
+    }
 }