Fix (unreachable) limit calculations

peterdettman · peterdettman · commit 0aa6f0a88ac2 · 2026-01-24T16:05:15.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java b/core/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
@@ -61,13 +61,8 @@ public int generateBytes(byte[] out, int outOff, int len)
         long oBytes = len;
         int outLen = digest.getDigestSize();
 
-        //
-        // this is at odds with the standard implementation, the
-        // maximum value should be hBits * (2^32 - 1) where hBits
-        // is the digest output size in bits. We can't have an
-        // array with a long index at the moment...
-        //
-        if (oBytes > ((2L << 32) - 1))
+        // NOTE: This limit isn't reachable for current array lengths
+        if (oBytes > ((1L << 32) - 1) * outLen)
         {
             throw new IllegalArgumentException("Output length too large");
         }
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/EthereumIESEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/EthereumIESEngine.java
@@ -559,13 +559,8 @@ public int generateBytes(byte[] out, int outOff, int len)
             long oBytes = len;
             int outLen = digest.getDigestSize();
 
-            //
-            // this is at odds with the standard implementation, the
-            // maximum value should be hBits * (2^32 - 1) where hBits
-            // is the digest output size in bits. We can't have an
-            // array with a long index at the moment...
-            //
-            if (oBytes > ((2L << 32) - 1))
+            // NOTE: This limit isn't reachable for current array lengths
+            if (oBytes > ((1L << 32) - 1) * outLen)
             {
                 throw new IllegalArgumentException("output length too large");
             }
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java
@@ -87,13 +87,8 @@ public int generateBytes(byte[] out, int outOff, int len) throws DataLengthExcep
         long oBytes = len;
         int outLen = digest.getDigestSize();
 
-        //
-        // this is at odds with the standard implementation, the
-        // maximum value should be hBits * (2^32 - 1) where hBits
-        // is the digest output size in bits. We can't have an
-        // array with a long index at the moment...
-        //
-        if (oBytes > ((2L << 32) - 1))
+        // NOTE: This limit isn't reachable for current array lengths
+        if (oBytes > ((1L << 32) - 1) * outLen)
         {
             throw new IllegalArgumentException("Output length too large");
         }
