alopresto commented on a change in pull request #3844: NIFI-1474 Added
validation for p in scrypt
URL: https://github.com/apache/nifi/pull/3844#discussion_r338842726
##########
File path:
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/ScryptCipherProvider.java
##########
@@ -78,6 +79,17 @@ public ScryptCipherProvider(int n, int r, int p) {
if (p < DEFAULT_P) {
logger.warn("The provided parallelization factor {} is below the
recommended minimum {}", p, DEFAULT_P);
}
+
+ if (!isPValid(r, p)) {
+ logger.warn("Based on the provided block size {}, the provided
parallelization factor {} is out of bounds", r, p);
+ throw new IllegalArgumentException("Invalid p value exceeds p
boundary");
+ }
+ }
+
+ public static boolean isPValid(int r, int p) {
+ // Calculate p boundary
+ double pBoundary = ((Math.pow(2, 32)) - 1) * (32.0 / (r * 128));
Review comment:
I think we may need to validate that `r` is a positive integer as well,
because submitting a negative number or 0 here will cause problems.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
