Provide improved exception messages around bounds checks

src/com/amazon/corretto/crypto/provider/AccessibleByteArrayOutputStream.java

@@ -44,6 +44,7 @@ public AccessibleByteArrayOutputStream clone() {
 
   @Override
   public void write(final byte[] b, final int off, final int len) {
+    Utils.checkArrayLimits(b, off, len);
     growCapacity(count + len);
     System.arraycopy(b, off, buf, count, len);
     count += len;
@@ -54,6 +55,7 @@ public void write(final byte[] b, final int off, final int len) {
    * you know it would be the last time something needs to be written to the buffer.
    */
   void finalWrite(final byte[] b, final int off, final int len) {
+    Utils.checkArrayLimits(b, off, len);
     growCapacity(count + len, true);
     System.arraycopy(b, off, buf, count, len);
     count += len;
@@ -102,12 +104,9 @@ private void growCapacity(final int newCapacity) {
   }
 
   private void growCapacity(final int newCapacity, final boolean doNotAllocateMoreThanNeeded) {
-    if (newCapacity < 0) {
-      throw new OutOfMemoryError();
-    }
-    if (newCapacity > limit) {
+    if (newCapacity < 0 || newCapacity > limit) {
       throw new IllegalArgumentException(
-          String.format("Exceeded capacity limit %d. Requested %d", limit, newCapacity));
+          String.format("Invalid capacity. Limit: %d, Requested: %d.", limit, newCapacity));
     }
     if (newCapacity <= buf.length) {
       return;

src/com/amazon/corretto/crypto/provider/InputBuffer.java

@@ -256,6 +256,7 @@ public void update(final ByteBuffer src) {
   }
 
   public void update(final byte[] src, final int offset, final int length) {
+    Utils.checkArrayLimits(src, offset, length);
     if (fillBuffer(src, offset, length)) {
       return;
     }

tst/com/amazon/corretto/crypto/provider/test/AccessibleByteArrayOutputStreamTest.java

@@ -55,10 +55,10 @@ public void limitEnforced() throws Throwable {
   }
 
   @Test
-  public void outOfMemory() throws Throwable {
+  public void intMaxOverflow() throws Throwable {
     OutputStream instance = getInstance();
     instance.write(new byte[1024]);
-    assertThrows(OutOfMemoryError.class, () -> instance.write(null, 0, Integer.MAX_VALUE - 512));
+    assertThrows(IllegalArgumentException.class, () -> instance.write(null, 0, Integer.MAX_VALUE - 512));
   }
 
   @Test

tst/com/amazon/corretto/crypto/provider/test/InputBufferTest.java

@@ -47,6 +47,20 @@ public void requiresPositiveCapacity() throws Throwable {
         () -> sneakyConstruct(InputBuffer.class.getName(), Integer.valueOf(0)));
   }
 
+  @Test
+  public void testNegativeLength() throws Throwable {
+    assumeMinimumVersion("1.6.1", NATIVE_PROVIDER);
+    final InputBuffer<byte[], ByteBuffer, RuntimeException> buffer = getBuffer(4);
+    final byte[] data = new byte[32];
+    final int start = 0;
+    final int end = -31;
+
+    assertThrows(
+        IndexOutOfBoundsException.class,
+        () -> { buffer.update(data, start, end); }
+    );
+  }
+
   @Test
   public void minimalCase() {
     assumeMinimumVersion("1.6.1", NATIVE_PROVIDER);

tst/com/amazon/corretto/crypto/provider/test/SHA256Test.java

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 package com.amazon.corretto.crypto.provider.test;
 
+import static com.amazon.corretto.crypto.provider.test.TestUtil.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
@@ -29,6 +30,20 @@ private MessageDigest getDigest() throws Exception {
     return MessageDigest.getInstance(SHA_256, TestUtil.NATIVE_PROVIDER);
   }
 
+  @Test
+  public void testNegativeLength() throws Exception {
+    final byte[] data = new byte[32];
+    final int start = 0;
+    final int end = -31;
+
+    final MessageDigest digest = getDigest();
+
+    assertThrows(
+        IndexOutOfBoundsException.class,
+        () -> { digest.update(data, start, end); }
+    );
+  }
+
   @Test
   public void testNullDigest() throws Exception {
     MessageDigest digest = getDigest();